Jo-Philipp Wich
ad23dd94b6
firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course):
...
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
2011-05-02 12:54:31 +00:00
Jo-Philipp Wich
cc84e0672b
firewall: don't apply default udp/68 rule to ip6tables
...
SVN-Revision: 21509
2010-05-19 21:37:12 +00:00
Jo-Philipp Wich
3875f85110
firewall: add commented disable_ipv6 option to default config
...
SVN-Revision: 21505
2010-05-19 09:49:21 +00:00
Travis Kemen
431808b5bf
allow ping
...
SVN-Revision: 20261
2010-03-18 03:46:41 +00:00
Nicolas Thill
b3d3e5d752
firewall: fix MSS issue affection RELATED new connections ( closes : #5173 )
...
SVN-Revision: 17762
2009-09-27 13:57:09 +00:00
Jo-Philipp Wich
b44b066543
firewall: allow incoming udp/68 packets in the default configuration ( #4108 , #4781 )
...
SVN-Revision: 17238
2009-08-13 03:31:53 +00:00
Jo-Philipp Wich
97100e0248
firewall: enable /etc/firewall.user by default and install sample firewall.user file
...
SVN-Revision: 15221
2009-04-12 22:38:34 +00:00
Felix Fietkau
50be634a3c
re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
...
SVN-Revision: 14293
2009-01-31 02:14:27 +00:00
Felix Fietkau
359ce7f97e
disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
...
SVN-Revision: 13788
2008-12-31 19:02:03 +00:00
Felix Fietkau
aaf31c36f1
set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
...
SVN-Revision: 12766
2008-09-28 16:17:49 +00:00
Nicolas Thill
d7810ed63e
firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response ( closes : #3970 ) - cleanup syn_flood and remove logging
...
SVN-Revision: 12688
2008-09-24 15:10:16 +00:00
John Crispin
aa6c019c11
use proto instead of protocol in uci firewall
...
SVN-Revision: 12391
2008-08-26 07:23:29 +00:00
John Crispin
5627667654
uci firewall - make uci firewall default and remove old code - fix up dependencies
...
SVN-Revision: 12284
2008-08-11 22:27:36 +00:00