Jo-Philipp Wich
7eaaebd00a
[package] firewall: properly unset position for delete command, fixes rule removal in ifdown
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21378 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-05 15:50:21 +00:00
Jo-Philipp Wich
5c30b827f2
[package] firewall: fix bug in iface hotplug handler
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21360 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-05 01:43:08 +00:00
Jo-Philipp Wich
64175a0ded
[package] firewall:
...
- replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz
- bump version to 2
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-01 18:22:01 +00:00
Travis Kemen
70209c3b33
allow ping
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20261 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-03-18 03:46:41 +00:00
Jo-Philipp Wich
ef66d316b2
[package] firewall: insert rules at the beginning of chains again while maintaining non reversed order, fixes wrong ordering introduced by r18015
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19946 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-03-02 11:02:24 +00:00
Jo-Philipp Wich
fad5d4222b
[package] firewall: fix bad number error in fw_redirect() ( #6704 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19765 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-20 03:39:55 +00:00
Travis Kemen
bc79d644e6
Add destination ip of the wan adapter useful if you have multiple ip addresses.
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19574 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-11 02:33:34 +00:00
Jo-Philipp Wich
1739b7427a
[package] firewall: fix a race condition preventing interfaces from being added to the firewall on boot
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19232 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-01-19 23:02:11 +00:00
Felix Fietkau
d46ae9ced2
firewall: fix fallout from r18716 ( fixes #6338 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18733 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-10 18:18:37 +00:00
Felix Fietkau
4476454249
firewall: get rid of recursive shell script inclusion to improve hush compatibility
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18716 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-09 14:04:37 +00:00
Felix Fietkau
b561f00181
adjust dependencies of firewall and qos-scripts, so that these packages are visible even when iptables is not selected
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18714 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-09 13:36:39 +00:00
Jo-Philipp Wich
6c70ebe4d5
[package] firewall: initialize dest_port with src_dport if omitted in redirect sections to narrow
...
down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249 )
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-01 22:31:10 +00:00
Felix Fietkau
b83fd240a2
firewall: fix zone defaults
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18028 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 02:42:22 +00:00
Felix Fietkau
a0071bba09
firewall: do not process rules in reverse
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18015 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-10 18:08:26 +00:00
Nicolas Thill
f935a18907
[package] firewall: fix MSS issue affection RELATED new connections ( closes : #5173 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17762 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 13:57:09 +00:00
Felix Fietkau
5584cbac07
firewall: add sanity checks to zone default rules (patch from #5459 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17713 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-24 21:59:16 +00:00
Jo-Philipp Wich
1e6ac8639e
[package] firewall: move the config_get out of the loop, no need to call it multiple times
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17581 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-14 15:18:48 +00:00
Jo-Philipp Wich
c148764357
[package] firewall: properly dispatch delif events if the network has a different name then the corresponding zone
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17580 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-14 14:47:43 +00:00
Andy Boyett
fd376111a2
[package] bump some revisions and update copyrights
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17554 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-10 10:07:04 +00:00
Felix Fietkau
13e7d00b5c
firewall: emit hotplug events for interface add/remove
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17415 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-26 22:46:24 +00:00
Jo-Philipp Wich
0af2a7d056
[package] firewall: allow incoming udp/68 packets in the default configuration ( #4108 , #4781 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17238 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-13 03:31:53 +00:00
Jo-Philipp Wich
5c4b352bf5
[package] firewall: add icmp_type option to specify the icmp type in rule sections, bump pkg revision ( #5554 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17115 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-03 22:24:48 +00:00
Florian Fainelli
0962dfabb8
[package] set PKGARCH to all for packages in trunk containing only arch-neutral files ( #5572 )
...
Signed-off-by: Malte S. Stretz <mss@apache.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16966 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 12:08:01 +00:00
Florian Fainelli
4008fffa25
[package] fix typo in the uci firewall script
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16076 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-26 10:51:01 +00:00
Felix Fietkau
d81b224aec
firewall: automatically set up NOTRACK rules to disable connection tracking for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15855 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:38 +00:00
Jo-Philipp Wich
d7d055321a
[package] firewall: actually copy firewall.user to image
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15286 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-19 21:14:47 +00:00
Jo-Philipp Wich
1c368aad4c
[package] firewall: process custom rules after forwardings and redirects, this actually allows blocking traffic to certain hosts and other rules
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15278 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-19 20:39:02 +00:00
Jo-Philipp Wich
53c1991114
[package] firewall: enable /etc/firewall.user by default and install sample firewall.user file
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15221 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-12 22:38:34 +00:00
Felix Fietkau
f8d52e2dbc
re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14293 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-31 02:14:27 +00:00
Felix Fietkau
f9279ae206
firewall: don't clear the mangle table at startup or stop - it doesn't use it and clearing it breaks qos
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14114 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-20 13:07:30 +00:00
Jo-Philipp Wich
053133c343
firewall: introduce drop_invalid option to allow disabling the invalid state match
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14061 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-16 18:09:19 +00:00
Felix Fietkau
28722a2ec0
firewall: allow multiple interfaces to be part of one zone, fix the sanity checks for that
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14058 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-16 17:39:03 +00:00
Felix Fietkau
3863a62c91
firewall: clear the MSSFIX rules
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13826 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-02 21:58:58 +00:00
Steven Barth
79d4a6ac4a
Unify portrange-support in firewall rule generator
...
fixes #4404
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13791 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-01 13:05:16 +00:00
Felix Fietkau
1907e1587a
disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13788 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-31 19:02:03 +00:00
John Crispin
b4b461e666
fixes firewall for trunk, custom chains were never reched, as policies apply beforehand
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12978 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-10-14 10:53:55 +00:00
John Crispin
3f4018d1b5
fixes firewall rule generation. forwarding rules were inserted in input chains, fixes #4028
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12768 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 17:40:09 +00:00
John Crispin
1e14eeaa9f
custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12767 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 17:06:39 +00:00
Felix Fietkau
7f0d2f2042
set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12766 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 16:17:49 +00:00
Felix Fietkau
9ba765af49
firewall: fix default policies, add a check for duplicate defaults sections and make custom chains more generic
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12765 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 16:17:37 +00:00
Nicolas Thill
6ae3247115
firewall changes:
...
- implement a REJECT policy and enable it by default, reject packets with approriate response (closes : #3970 )
- cleanup syn_flood and remove logging
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12688 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-24 15:10:16 +00:00
Nicolas Thill
af6c34ae44
make the whole iptables/netfiter modular ( closes : #3871 , #3527 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
Steven Barth
a7fb86ba05
Fixed a typo in the firewall scripts
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12616 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-16 22:01:14 +00:00
Steven Barth
7f56337ca4
Fixed a typo in firewall scripts, closes #4000
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12613 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-15 18:57:39 +00:00
John Crispin
81f3bf9bcc
make uci firewall backwards compatible to the old firewall.user
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12408 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 19:16:54 +00:00
John Crispin
e5dc30a7f7
add proto tcpudp to firewall
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12407 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 18:54:52 +00:00
John Crispin
44382e0f8b
fix device duplication in firewall if the balancing of ifup and ifdown is broken
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12404 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 18:31:34 +00:00
John Crispin
1392ad82ec
make sure uci firewall reverts its states when stopped
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12403 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 16:48:54 +00:00
John Crispin
66c129b027
fixes uci firewall init order, Signed-off-by: Roberto Riggio
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12402 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 15:55:21 +00:00
Steven Barth
350ebaa373
firewall: Added support for port-ranges as firstPort-lastPort to redirect sections
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12396 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 14:04:52 +00:00