Steven Barth
4973dc1153
Fix IPv6 NAT breaking older kernels
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37891 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-09-03 06:29:46 +00:00
Steven Barth
47c281f29c
netfilter: Add IPv6-NAT support for kernel and ipt
...
Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37866 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-09-01 17:59:48 +00:00
Luka Perkov
a946458c8b
netfilter: fix typo
...
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37821 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-08-21 23:17:08 +00:00
Felix Fietkau
d44bd53ed9
netfilter: remove use of obsolete compatibility config symbols for mark and connmark
...
fixes duplication of xt_mark and xt_connmark module entries
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37344 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-07-15 13:08:20 +00:00
Jo-Philipp Wich
2952cc9bc7
netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36683 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-05-21 12:58:15 +00:00
Steven Barth
d32fdeb4c0
netfilter: Fix typo in last commit
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35899 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-03-07 09:30:52 +00:00
Steven Barth
b15a62570b
iptables: Add missing IPv6 builtin modules
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35898 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-03-07 08:48:41 +00:00
Gabor Juhos
3b3c72413c
package/kernel: xt_NOTRACK has been removed in 3.7-rc1
...
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35475 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-02-04 10:02:52 +00:00
Jo-Philipp Wich
16345d0356
netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra)
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35155 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-01-14 16:12:56 +00:00
Florian Fainelli
4cfd926697
netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3
...
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35087 3c298f89-4303-0410-b956-a3cf2f4a3e73
2013-01-10 17:20:29 +00:00
John Crispin
78b7242642
[netfilter] fix ipv4 nat on 3.7 by adding missing iptables modules
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34841 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-22 10:17:29 +00:00
Gabor Juhos
be30c6ff99
netfilter: fix module list for 3.7 kernel
...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-18 14:50:42 +00:00
Jo-Philipp Wich
af0c735653
netfilter.mk: extend nf_add macro to take a version dependency expression
...
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
- fixes xt_LOG.ko packaging with Linux 3.6.0 and later
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34681 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-15 00:05:35 +00:00
Jo-Philipp Wich
491ecb8358
netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.x
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34625 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-11 09:53:50 +00:00
Hauke Mehrtens
43c79d519d
kernel: fix loading of nf_nat_irc
...
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34251 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-11-18 21:18:37 +00:00
Imre Kaloz
43d2eb64cc
[generic]: add 3.7-rc6 support (patch 820 still has to be fixed)
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34247 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-11-18 18:52:38 +00:00
Felix Fietkau
ec4446db90
include/netfilter.mk: remove a few obsolete lines
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33518 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-09-23 08:25:32 +00:00
Felix Fietkau
7f0ce50d3c
kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.ko
...
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko
if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:
[ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32434 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-06-18 23:30:48 +00:00
Felix Fietkau
f86dd79d2e
include/netfilter.mk: clean up, remove junk for old kernel versions
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32114 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-06-07 16:30:48 +00:00
Jo-Philipp Wich
07fd626a4e
[netfilter] fix ipt_ttl and ipt_TTL userspace library packaging
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30897 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-03-12 02:07:22 +00:00
Jonas Gorski
47f5be9659
kernel: update module names and add new config symbols for linux 3.3
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29985 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-02-02 08:23:44 +00:00
Jo-Philipp Wich
96373832ca
add CT target and TTL/HL match+target
...
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 02:52:54 +00:00
Jo-Philipp Wich
43711bfa75
[netfilter] remove current RTSP support
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29643 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 00:29:29 +00:00
Jo-Philipp Wich
125e8da50a
[netfilter] package CT target
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29609 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-12-25 13:32:53 +00:00
Felix Fietkau
f1d090bdc0
netfilter.mk: remove a few obsolete CompareKernelPatchVer calls
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-06-01 18:08:12 +00:00
Jo-Philipp Wich
55283cbc90
[netfilter] package u32 match and TEE target, patches by Maxim Uvarov
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-05-24 08:14:29 +00:00
Jo-Philipp Wich
b457e4cfc9
firewall: allow local redirection of ports
...
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-12 20:03:59 +00:00
Hauke Mehrtens
37398c1ebe
iipt-debug: create bundle of netfilter modules for debugging
...
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-09 23:23:46 +00:00
Florian Fainelli
632b914bba
[package] add kmod-ipt-led
...
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-03 18:30:37 +00:00
Felix Fietkau
b7f394ff41
netfilter.mk: put ipv6 conntrack in the right package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-27 11:22:30 +00:00
Felix Fietkau
99a3d0399e
netfilter: add missing modules for v6 conntrack (patch from #8940 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 15:50:01 +00:00
Felix Fietkau
d2c91f7f90
move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 00:35:22 +00:00
Felix Fietkau
d41be9f54b
kernel: remove imq support, refresh patches
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-21 02:06:51 +00:00
Jo-Philipp Wich
e71b93670e
[include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-12-19 16:47:30 +00:00
Jo-Philipp Wich
94d6c4e9ca
[include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-18 20:39:07 +00:00
Alexandros C. Couloumbis
4ecd145ce0
finalize r22241 fixes
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-17 08:50:19 +00:00
Jo-Philipp Wich
881cdcaf36
[netfilter] package TPROXY target and module infrastructure
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-22 22:39:22 +00:00
Alexandros C. Couloumbis
15bd904bc2
include/netfilter.mk fix typo on r21795
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:51:51 +00:00
Alexandros C. Couloumbis
8c377e08fc
include/netfilter.mk: add 2.6.35 kernel support
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:44:27 +00:00
Nicolas Thill
fbb04a3462
netfilter: extension fixes (partially closes : #7045 )
...
* add missing xt_owner (2.6)
* enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables
* add missing ipt_nat_tftp (2.4)
* add missing nf_nat_amanda (2.6)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 12:35:06 +00:00
Nicolas Thill
b163b3fcbc
[cosmectic] include/netfilter.mk: move ebtables definitions at the end
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 03:43:13 +00:00
Jo-Philipp Wich
b3439cb770
[netfilter] properly package xt_comment.ko ( #6742 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-26 00:23:39 +00:00
Jo-Philipp Wich
7fc4138b4d
[generic-2.4] netfilter: add support for raw table and NOTRACK target ( #5504 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-19 01:36:47 +00:00
Jo-Philipp Wich
fd7b3cd30d
[package] iptables: add comment match to the core package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 20:52:58 +00:00
Nicolas Thill
a8542007a6
[kernel] netfilter: remove IPset leftovers missed from [17844]
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 14:08:31 +00:00
Hauke Mehrtens
e23971a4cf
[ipset] Update ipset to version 3.2
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 15:03:41 +00:00
Florian Fainelli
1c310fffc4
[package] split ebtables packages and modules into ebtables ipv4/6 and watchers ( #5001 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-25 19:47:48 +00:00
Florian Fainelli
3fade8b75b
[package] fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 ( #5568 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 11:52:30 +00:00
Felix Fietkau
01835c1b09
netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:33 +00:00
Hauke Mehrtens
76ea3a9194
[netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 19:01:38 +00:00