- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36871 3c298f89-4303-0410-b956-a3cf2f4a3e73
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36854 3c298f89-4303-0410-b956-a3cf2f4a3e73
- Fixes problems with reusing matches or targets from loadable extensions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36826 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Make the "best" address / prefix the first one being announced
* Only add the "best" address to the hosts-file
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36772 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Announce delegated prefixes using route info according to RFC 6204 L-3
* Enable hybrid stateless + stateful DHCPv6-mode as default
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36738 3c298f89-4303-0410-b956-a3cf2f4a3e73
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36736 3c298f89-4303-0410-b956-a3cf2f4a3e73
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36721 3c298f89-4303-0410-b956-a3cf2f4a3e73
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36698 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36689 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36686 3c298f89-4303-0410-b956-a3cf2f4a3e73
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36681 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Be more standards-compliant in stateful mode
* Handle hostnames from Windows-clients correctly
* Handle messages from DHCPv6-relays better
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36677 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Add management_level option (0: set O-flag, >=1: set M-flag)
* Add support for static DHCPv6-leases
* Various fixes for DHCPv6-PD
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36654 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Add interface option to set routing table for protocol routes
* Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36653 3c298f89-4303-0410-b956-a3cf2f4a3e73
Jo-Philipp Wich
Felix Fietkau
Steven Barth