- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
- add support for fwmark matches and mark setting targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36521 3c298f89-4303-0410-b956-a3cf2f4a3e73
This fixes working behind another router which gives out ULAs.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36416 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fix a memory corruption when updating IPv6 prefixes
* Fix route sorting order (nbd)
* Add support for ip rules (jow)
* Implement support for route / route6 table attribute (jow)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36196 3c298f89-4303-0410-b956-a3cf2f4a3e73
* fixes parsing of src/dest '*'
* fixes parsing of proto 'all'
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36111 3c298f89-4303-0410-b956-a3cf2f4a3e73
* fixes reload handling of zones and ipsets that are still running but already deleted from the config
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36092 3c298f89-4303-0410-b956-a3cf2f4a3e73
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197)
- do not allow src_mac option for SNAT rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36090 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36009 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35998 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35969 3c298f89-4303-0410-b956-a3cf2f4a3e73
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35738 3c298f89-4303-0410-b956-a3cf2f4a3e73
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35484 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fix reloading of ula-prefixes
* Added support for temporary addresses and routes
* Added support for offlink addresses
* Improved status-output for assigned prefixes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35420 3c298f89-4303-0410-b956-a3cf2f4a3e73
fixes DNS servers on reload (#12910)
fixes ubus object race on reload or down/up (#12612)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35383 3c298f89-4303-0410-b956-a3cf2f4a3e73
This prevents private traffic from leaking out to the internet
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35012 3c298f89-4303-0410-b956-a3cf2f4a3e73
Jo-Philipp Wich
Felix Fietkau
Steven Barth
John Crispin