Commit Graph

11 Commits (2109fcb7bea20c9c7c13c94fe5e6c4fe7686494f)

Author SHA1 Message Date
Jo-Philipp Wich fb5527b8db firewall: allow routed lan<->lan traffic by default
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37171 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich 0f0fb56719 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36838 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich 484c42a934 Drop legacy firewall package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36837 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-06-04 12:21:44 +00:00
Steven Barth ac82d7ad0a firewall: Remove obsoleted ULA-border rule
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36622 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich e249d2a240 firewall: fix logging rule regression (#12999)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35745 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich 292b4e42b3 firewall: various enhancements
- reduce mssfix related log spam (#10681)
	- separate src and dest terminal chains (#11453, #12945)
	- disable per-zone custom chains by default, they're rarely used

Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35484 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-02-04 14:38:33 +00:00
Jo-Philipp Wich 1b4e6e5e76 firewall: flush conntrack table after changing interface rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35348 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-01-28 15:53:44 +00:00
Steven Barth d2072402f7 firewall: Add ULA site border for IPv6 traffic
This prevents private traffic from leaking out to the internet

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35012 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-01-04 15:59:28 +00:00
Jo-Philipp Wich 1309ba379e firewall: fix typo in reflection hotplug script
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34569 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-07 13:08:28 +00:00
Jo-Philipp Wich b0ab057b72 firewall: extend nat reflection support
- use comment match to keep track of per-network rules
	- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
	- delete per-network reflection rules if network is brought down

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34472 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-04 15:24:21 +00:00
Felix Fietkau abe70b1494 packages: sort network related packages into package/network/
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33688 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-10-10 12:32:29 +00:00