qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-05 15:18:05 +02:00
Code
18,360 Commits 13 Branches 0 Tags 117 MiB
3d98699ef3
Commit Graph

10 Commits

Author SHA1 Message Date
jow
3d98699ef3 [package] firewall: protect iptables invocations with locks in interface ops, it might run concurrently due to hotplug invocations on network restart 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23090 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-09-19 15:01:47 +00:00
jow
ac32f8a93b [package] firewall: deliver remove hotplug events for all active zones/networks when restarting the firewall 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23062 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-09-14 23:11:12 +00:00
jow
c653713313 [package] firewall: 
- simplify masquerade rule setup
	- remove various subshell invocations
	- speedup fw() by not relying on xargs and pipes
	- rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-09-11 20:04:34 +00:00
jow
291f78f21a [package] firewall: 
- handle NAT reflection in firewall hotplug, solves synchronizing issues on boot
	- introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-09-04 15:49:13 +00:00
jow
94c817eadb [package] firewall: 
- fix processing of rules with an ip family option
	- append interface rules at the end of internal zone chains, simplifies injecting user or addon rules
	- support simple file logging (option log + option log_limit per zone)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22847 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-08-31 01:54:08 +00:00
jow
3b07b2b809 [package] firewall: 
- support alias ifnames different from parent ifname
	- properly handle multiple subnets per alias (v4+v6)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21656 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-06-02 00:59:35 +00:00
jow
2c25f7e70c [package] firewall: Initial alias interface support. This allows to define zones covering alias interfaces and associated entries like rules and forwardings. 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21653 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-06-01 21:58:48 +00:00
jow
24931686cd [package] firewall: 
- fix ip6tables rules when icmp_type option is set
	- add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-05-19 21:35:23 +00:00
jow
389232eaac [package] firewall (#7355) 
- partially revert r21486, start firewall on init again
	- skip iface hotplug events if base fw is not up yet
	- get ifname and up state with uci_get_state() in iface setup
	  since the values gathered by scan_interfaces() may be outdated
	  when iface coldplugging happens (observed with pptp)
	- ignore up state when bringing down interfaces because ifdown
	  reverts state vars before dispatching the iface event
	- bump package revision


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21502 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-05-19 00:50:14 +00:00
jow
e8be3016c9 [package] firewall: 
- replace uci firewall with a modular dual stack implementation	developed by Malte S. Stretz
	- bump version to 2


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
 2010-05-01 18:22:01 +00:00