- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37082 3c298f89-4303-0410-b956-a3cf2f4a3e73
- properly process intermediate "!" options in argument list (fixes negated ipsets)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36935 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fixes handling of reject target for rule sections with specific destination zone
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36933 3c298f89-4303-0410-b956-a3cf2f4a3e73
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36883 3c298f89-4303-0410-b956-a3cf2f4a3e73
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36871 3c298f89-4303-0410-b956-a3cf2f4a3e73
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36854 3c298f89-4303-0410-b956-a3cf2f4a3e73
- Fixes problems with reusing matches or targets from loadable extensions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36826 3c298f89-4303-0410-b956-a3cf2f4a3e73
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36736 3c298f89-4303-0410-b956-a3cf2f4a3e73
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36721 3c298f89-4303-0410-b956-a3cf2f4a3e73
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36698 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36689 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36686 3c298f89-4303-0410-b956-a3cf2f4a3e73
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36681 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Add interface option to set routing table for protocol routes
* Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36653 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Add support for IP-in-IPv6 tunnels (DS-Lite)
* Use source-based routing for IPv6 to allow multi-wan
* Various smaller tunnel setup improvements
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36627 3c298f89-4303-0410-b956-a3cf2f4a3e73
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
- add support for fwmark matches and mark setting targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36521 3c298f89-4303-0410-b956-a3cf2f4a3e73
This fixes working behind another router which gives out ULAs.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36416 3c298f89-4303-0410-b956-a3cf2f4a3e73
Felix Fietkau
John Crispin
Jo-Philipp Wich
Steven Barth
Jonas Gorski