07fd626a4e
[netfilter] fix ipt_ttl and ipt_TTL userspace library packaging
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30897 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-03-12 02:07:22 +00:00
47f5be9659
kernel: update module names and add new config symbols for linux 3.3
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29985 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-02-02 08:23:44 +00:00
96373832ca
add CT target and TTL/HL match+target
...
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 02:52:54 +00:00
43711bfa75
[netfilter] remove current RTSP support
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29643 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 00:29:29 +00:00
125e8da50a
[netfilter] package CT target
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29609 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-12-25 13:32:53 +00:00
f1d090bdc0
netfilter.mk: remove a few obsolete CompareKernelPatchVer calls
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-06-01 18:08:12 +00:00
55283cbc90
[netfilter] package u32 match and TEE target, patches by Maxim Uvarov
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-05-24 08:14:29 +00:00
b457e4cfc9
firewall: allow local redirection of ports
...
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-12 20:03:59 +00:00
37398c1ebe
iipt-debug: create bundle of netfilter modules for debugging
...
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-09 23:23:46 +00:00
632b914bba
[package] add kmod-ipt-led
...
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-03 18:30:37 +00:00
b7f394ff41
netfilter.mk: put ipv6 conntrack in the right package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-27 11:22:30 +00:00
99a3d0399e
netfilter: add missing modules for v6 conntrack (patch from #8940 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 15:50:01 +00:00
d2c91f7f90
move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 00:35:22 +00:00
d41be9f54b
kernel: remove imq support, refresh patches
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-21 02:06:51 +00:00
e71b93670e
[include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-12-19 16:47:30 +00:00
94d6c4e9ca
[include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-18 20:39:07 +00:00
4ecd145ce0
finalize r22241 fixes
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-17 08:50:19 +00:00
881cdcaf36
[netfilter] package TPROXY target and module infrastructure
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-22 22:39:22 +00:00
15bd904bc2
include/netfilter.mk fix typo on r21795
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:51:51 +00:00
8c377e08fc
include/netfilter.mk: add 2.6.35 kernel support
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:44:27 +00:00
fbb04a3462
netfilter: extension fixes (partially closes : #7045 )
...
* add missing xt_owner (2.6)
* enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables
* add missing ipt_nat_tftp (2.4)
* add missing nf_nat_amanda (2.6)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 12:35:06 +00:00
b163b3fcbc
[cosmectic] include/netfilter.mk: move ebtables definitions at the end
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 03:43:13 +00:00
b3439cb770
[netfilter] properly package xt_comment.ko ( #6742 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-26 00:23:39 +00:00
7fc4138b4d
[generic-2.4] netfilter: add support for raw table and NOTRACK target ( #5504 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-19 01:36:47 +00:00
fd7b3cd30d
[package] iptables: add comment match to the core package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 20:52:58 +00:00
a8542007a6
[kernel] netfilter: remove IPset leftovers missed from [17844]
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 14:08:31 +00:00
e23971a4cf
[ipset] Update ipset to version 3.2
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 15:03:41 +00:00
1c310fffc4
[package] split ebtables packages and modules into ebtables ipv4/6 and watchers ( #5001 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-25 19:47:48 +00:00
3fade8b75b
[package] fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 ( #5568 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 11:52:30 +00:00
01835c1b09
netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:33 +00:00
76ea3a9194
[netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 19:01:38 +00:00
baa285c07c
[include] adept netfilter.mk to updated imq
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-07 03:16:36 +00:00
5bdd866100
get rid of $Id$ - it has never helped us and it has broken too many patches ;)
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-17 14:09:46 +00:00
c1760010a5
move iptable_raw to the conntrack-extra package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-09 19:42:52 +00:00
9e612ac3d5
[kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-06 19:00:20 +00:00
e24e542063
remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-21 16:30:44 +00:00
ecf9b8d37d
[kernel] netfilter: remove CHAOS, TARPIT and DELUDE references
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-09 13:27:39 +00:00
0ecdf5bae7
defrag needs to be loaded before conntrack_ipv4
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 18:44:46 +00:00
f95dbee83f
fix conntrack on 2.6.28
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 16:00:04 +00:00
af6c34ae44
make the whole iptables/netfiter modular ( closes : #3871 , #3527 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
02b5de5e81
Package ip6t_limit and ip6t_frag for 2.4 kernels ( #3760 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12276 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 06:38:48 +00:00
076b3f4b98
cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11073 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-05-08 11:32:46 +00:00
9fe27ff705
[package] kmod-ipt-iprange: fix build error on .25
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10992 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-30 15:42:10 +00:00
fd3378f1e1
update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10843 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-15 06:11:23 +00:00
2b186b56e3
layer7 filtering module is now xt_layer7 ( #3268 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10674 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-03-27 18:24:13 +00:00
9c08fe97f0
[kernel] netfilter/ipset cleanups
...
* rename patches to follow our naming conventions
* update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom]
* add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs
* add ip_set_iptreemap to include/netfilter.mk
* update kmod-ipt-ipset module description
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9269 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-12 14:58:35 +00:00
6958bdb20a
add TARPIT support to netfilter/iptables
...
* netfilter: add the xt_TARPIT target module required by xt_CHAOS
* include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE
* iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number
* original patchset can be found [http://tinyurl.com/2mjk2kx here]
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9178 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-07 17:17:04 +00:00
34e8faefa1
add ipv6 conntrack support ( closes : #2192 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8984 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-23 17:22:17 +00:00
effa8fa4fd
add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ( closes : #2297 , thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8955 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-22 18:37:24 +00:00
1458e2b378
cosmetic cleanup before more deep changes
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8870 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-20 10:48:54 +00:00
Jo-Philipp Wich
Jonas Gorski
Felix Fietkau
Hauke Mehrtens
Florian Fainelli
Alexandros C. Couloumbis
Nicolas Thill
Gabor Juhos
Imre Kaloz