1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-18 21:22:27 +02:00
Commit Graph

98 Commits

Author SHA1 Message Date
nbd
71394ccb5e firewall: do not process rules in reverse
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18015 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-10 18:08:26 +00:00
nico
dc1a20a020 [package] firewall: fix MSS issue affection RELATED new connections (closes: #5173)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17762 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 13:57:09 +00:00
nbd
7c52bc2d37 firewall: add sanity checks to zone default rules (patch from #5459)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17713 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-24 21:59:16 +00:00
jow
0228176586 [package] firewall: move the config_get out of the loop, no need to call it multiple times
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17581 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-14 15:18:48 +00:00
jow
f71b9d11f6 [package] firewall: properly dispatch delif events if the network has a different name then the corresponding zone
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17580 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-14 14:47:43 +00:00
agb
fcf2c28149 [package] bump some revisions and update copyrights
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17554 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-10 10:07:04 +00:00
nbd
d268e4037b firewall: emit hotplug events for interface add/remove
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17415 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-26 22:46:24 +00:00
jow
930ebf26f0 [package] firewall: allow incoming udp/68 packets in the default configuration (#4108, #4781)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17238 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-13 03:31:53 +00:00
jow
f0250152da [package] firewall: add icmp_type option to specify the icmp type in rule sections, bump pkg revision (#5554)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17115 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-08-03 22:24:48 +00:00
florian
d76c921c8c [package] set PKGARCH to all for packages in trunk containing only arch-neutral files (#5572)
Signed-off-by: Malte S. Stretz <mss@apache.org>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16966 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 12:08:01 +00:00
florian
e56f132e78 [package] fix typo in the uci firewall script
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16076 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-26 10:51:01 +00:00
nbd
0d3ad9cfd0 firewall: automatically set up NOTRACK rules to disable connection tracking for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15855 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:38 +00:00
jow
46e50210bd [package] firewall: actually copy firewall.user to image
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15286 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-19 21:14:47 +00:00
jow
3a5c4c82ff [package] firewall: process custom rules after forwardings and redirects, this actually allows blocking traffic to certain hosts and other rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15278 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-19 20:39:02 +00:00
jow
4ed7156513 [package] firewall: enable /etc/firewall.user by default and install sample firewall.user file
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15221 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-12 22:38:34 +00:00
nbd
759aaf7754 re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14293 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-31 02:14:27 +00:00
nbd
da25c6a4cb firewall: don't clear the mangle table at startup or stop - it doesn't use it and clearing it breaks qos
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14114 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-20 13:07:30 +00:00
jow
9a3973d64e firewall: introduce drop_invalid option to allow disabling the invalid state match
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14061 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-16 18:09:19 +00:00
nbd
312627976e firewall: allow multiple interfaces to be part of one zone, fix the sanity checks for that
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14058 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-16 17:39:03 +00:00
nbd
8db97c0089 firewall: clear the MSSFIX rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13826 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-02 21:58:58 +00:00
cyrus
e1ee5624c2 Unify portrange-support in firewall rule generator
fixes #4404

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13791 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-01-01 13:05:16 +00:00
nbd
e8530f33a9 disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13788 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-31 19:02:03 +00:00
blogic
e9ded9eef5 fixes firewall for trunk, custom chains were never reched, as policies apply beforehand
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12978 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-10-14 10:53:55 +00:00
blogic
23ab7d24d7 fixes firewall rule generation. forwarding rules were inserted in input chains, fixes #4028
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12768 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 17:40:09 +00:00
blogic
1d1f04a661 custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12767 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 17:06:39 +00:00
nbd
740dc63d5f set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12766 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 16:17:49 +00:00
nbd
3056e3c10b firewall: fix default policies, add a check for duplicate defaults sections and make custom chains more generic
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12765 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-28 16:17:37 +00:00
nico
1fa1f8e7d8 firewall changes:
- implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970)
 - cleanup syn_flood and remove logging


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12688 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-24 15:10:16 +00:00
nico
3a25b868c7 make the whole iptables/netfiter modular (closes: #3871, #3527)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
cyrus
40b17025ed Fixed a typo in the firewall scripts
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12616 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-16 22:01:14 +00:00
cyrus
e81a77ae5d Fixed a typo in firewall scripts, closes #4000
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12613 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-15 18:57:39 +00:00
blogic
1818023bf0 make uci firewall backwards compatible to the old firewall.user
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12408 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 19:16:54 +00:00
blogic
41ac8d9c29 add proto tcpudp to firewall
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12407 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 18:54:52 +00:00
blogic
e3073ce270 fix device duplication in firewall if the balancing of ifup and ifdown is broken
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12404 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 18:31:34 +00:00
blogic
5d9144f606 make sure uci firewall reverts its states when stopped
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12403 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 16:48:54 +00:00
blogic
b3bb348939 fixes uci firewall init order, Signed-off-by: Roberto Riggio
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12402 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 15:55:21 +00:00
cyrus
101992b80b firewall: Added support for port-ranges as firstPort-lastPort to redirect sections
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12396 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 14:04:52 +00:00
blogic
4927575ba5 adds 5 new chains to the uci firewall that can be used to hook custom rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12395 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-27 12:03:48 +00:00
blogic
60197a65d9 adds more sanity checks to uci firewall
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12392 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-26 11:07:04 +00:00
blogic
6a94232068 use proto instead of protocol in uci firewall
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12391 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-26 07:23:29 +00:00
nbd
b8fc6bb720 fix some firewall script typos (patch from #3897)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12332 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-17 12:01:01 +00:00
thepeople
3de484921c fix typo, proto should be protocol
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12318 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-16 06:33:22 +00:00
blogic
b4667d52b0 trigger error if dport is used when no proto is defined
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12317 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-15 20:18:13 +00:00
blogic
fc95e15a63 fixes firewall makefile description
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12285 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 22:28:52 +00:00
blogic
aa954c1c5d uci firewall
- make uci firewall default and remove old code
- fix up dependencies


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12284 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 22:27:36 +00:00
blogic
05edc29f3a uci_firewall
- fixes hotplug.d script



git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12282 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 20:51:51 +00:00
blogic
4905eac3af uci firewall
- remove implicit creation of zones, based on network interfaces


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12281 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 20:46:17 +00:00
blogic
8e2cf077d0 adds a new uci firewall
- iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default
- there are some examples in the file /etc/config/firewall
- iptables-save/restore are still missing
- hotplug takes care of adding/removing netdevs during runtime
- misisng features ? wishes ? let me know ...



git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12089 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-04 11:51:58 +00:00