1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-23 19:44:05 +02:00
Commit Graph

93 Commits

Author SHA1 Message Date
blogic
26bf467fae [netfilter] fix ipv4 nat on 3.7 by adding missing iptables modules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34841 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-22 10:17:29 +00:00
juhosg
6d81a07a81 netfilter: fix module list for 3.7 kernel
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-18 14:50:42 +00:00
jow
1971309ae5 netfilter.mk: extend nf_add macro to take a version dependency expression
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
	- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
	- fixes xt_LOG.ko packaging with Linux 3.6.0 and later

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34681 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-15 00:05:35 +00:00
jow
6553643c12 netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.x
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34625 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-12-11 09:53:50 +00:00
hauke
2ca063d6c1 kernel: fix loading of nf_nat_irc
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34251 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-11-18 21:18:37 +00:00
kaloz
a50e0e7076 [generic]: add 3.7-rc6 support (patch 820 still has to be fixed)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34247 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-11-18 18:52:38 +00:00
nbd
e126bc2385 include/netfilter.mk: remove a few obsolete lines
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33518 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-09-23 08:25:32 +00:00
nbd
8a25c3c9d3 kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.ko
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko

if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:

[   44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[   44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)

Signed-off-by: Peter Wagner <tripolar@gmx.at>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32434 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-06-18 23:30:48 +00:00
nbd
7bd3c3f626 include/netfilter.mk: clean up, remove junk for old kernel versions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32114 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-06-07 16:30:48 +00:00
jow
a33e79fbcb [netfilter] fix ipt_ttl and ipt_TTL userspace library packaging
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30897 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-03-12 02:07:22 +00:00
jogo
8ae6c0c835 kernel: update module names and add new config symbols for linux 3.3
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29985 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-02-02 08:23:44 +00:00
jow
66aeab36ac add CT target and TTL/HL match+target
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 02:52:54 +00:00
jow
8b51caf859 [netfilter] remove current RTSP support
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29643 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-01-04 00:29:29 +00:00
jow
bf87646c6c [netfilter] package CT target
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29609 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-12-25 13:32:53 +00:00
nbd
8f120f03ef netfilter.mk: remove a few obsolete CompareKernelPatchVer calls
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-06-01 18:08:12 +00:00
jow
36715e604f [netfilter] package u32 match and TEE target, patches by Maxim Uvarov
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-05-24 08:14:29 +00:00
jow
0874d00715 firewall: allow local redirection of ports
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-12 20:03:59 +00:00
hauke
76cd9d7bc5 iipt-debug: create bundle of netfilter modules for debugging
Add a bundle for including commonly useful modules for IPtables debugging and development.

For now, it just contains xt_TRACE.ko

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-09 23:23:46 +00:00
florian
9444af102a [package] add kmod-ipt-led
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.

LED target requires iptables 1.4.9 or higher

Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-03 18:30:37 +00:00
nbd
648bae0258 netfilter.mk: put ipv6 conntrack in the right package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-27 11:22:30 +00:00
nbd
e99b8fd1b6 netfilter: add missing modules for v6 conntrack (patch from #8940)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 15:50:01 +00:00
nbd
031c5bb6cb move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 00:35:22 +00:00
nbd
55664ae04b kernel: remove imq support, refresh patches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-21 02:06:51 +00:00
jow
4a7b97de79 [include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-12-19 16:47:30 +00:00
jow
9630e2ad94 [include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-18 20:39:07 +00:00
acoul
7fe3810101 finalize r22241 fixes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-17 08:50:19 +00:00
jow
86b9c1df64 [netfilter] package TPROXY target and module infrastructure
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-22 22:39:22 +00:00
acoul
67e7e39726 include/netfilter.mk fix typo on r21795
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:51:51 +00:00
acoul
e878a31bb7 include/netfilter.mk: add 2.6.35 kernel support
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:44:27 +00:00
nico
7dc731ea21 netfilter: extension fixes (partially closes: #7045)
* add missing xt_owner (2.6)
 * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables
 * add missing ipt_nat_tftp (2.4)
 * add missing nf_nat_amanda (2.6)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 12:35:06 +00:00
nico
d7cba3c5fb [cosmectic] include/netfilter.mk: move ebtables definitions at the end
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 03:43:13 +00:00
jow
0d6701800b [netfilter] properly package xt_comment.ko (#6742)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-26 00:23:39 +00:00
jow
f082191aa5 [generic-2.4] netfilter: add support for raw table and NOTRACK target (#5504)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-19 01:36:47 +00:00
jow
38155e5737 [package] iptables: add comment match to the core package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 20:52:58 +00:00
nico
b06dc645db [kernel] netfilter: remove IPset leftovers missed from [17844]
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 14:08:31 +00:00
hauke
e0cf13bf5a [ipset] Update ipset to version 3.2
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 15:03:41 +00:00
florian
a46f3b0df9 [package] split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-25 19:47:48 +00:00
florian
c24342582e [package] fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 (#5568)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 11:52:30 +00:00
nbd
935dfb67aa netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:33 +00:00
hauke
b94eefee0f [netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 19:01:38 +00:00
jow
d2e0fc9c6b [include] adept netfilter.mk to updated imq
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-07 03:16:36 +00:00
nbd
796a9d1091 get rid of $Id$ - it has never helped us and it has broken too many patches ;)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-17 14:09:46 +00:00
nbd
5d6d962eb8 move iptable_raw to the conntrack-extra package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-09 19:42:52 +00:00
nico
68de2a32c8 [kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-06 19:00:20 +00:00
nbd
0c51cabddd remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-21 16:30:44 +00:00
juhosg
75d621a3c5 [kernel] netfilter: remove CHAOS, TARPIT and DELUDE references
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-09 13:27:39 +00:00
kaloz
51b7495ea0 defrag needs to be loaded before conntrack_ipv4
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 18:44:46 +00:00
kaloz
344d413fa7 fix conntrack on 2.6.28
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 16:00:04 +00:00
nico
3a25b868c7 make the whole iptables/netfiter modular (closes: #3871, #3527)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
florian
9a935f099a Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12276 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 06:38:48 +00:00