jow
0874d00715
firewall: allow local redirection of ports
...
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-12 20:03:59 +00:00
hauke
76cd9d7bc5
iipt-debug: create bundle of netfilter modules for debugging
...
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-09 23:23:46 +00:00
florian
9444af102a
[package] add kmod-ipt-led
...
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-03 18:30:37 +00:00
nbd
648bae0258
netfilter.mk: put ipv6 conntrack in the right package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-27 11:22:30 +00:00
nbd
e99b8fd1b6
netfilter: add missing modules for v6 conntrack (patch from #8940 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 15:50:01 +00:00
nbd
031c5bb6cb
move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 00:35:22 +00:00
nbd
55664ae04b
kernel: remove imq support, refresh patches
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-21 02:06:51 +00:00
jow
4a7b97de79
[include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-12-19 16:47:30 +00:00
jow
9630e2ad94
[include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-18 20:39:07 +00:00
acoul
7fe3810101
finalize r22241 fixes
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-17 08:50:19 +00:00
jow
86b9c1df64
[netfilter] package TPROXY target and module infrastructure
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-22 22:39:22 +00:00
acoul
67e7e39726
include/netfilter.mk fix typo on r21795
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:51:51 +00:00
acoul
e878a31bb7
include/netfilter.mk: add 2.6.35 kernel support
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:44:27 +00:00
nico
7dc731ea21
netfilter: extension fixes (partially closes : #7045 )
...
* add missing xt_owner (2.6)
* enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables
* add missing ipt_nat_tftp (2.4)
* add missing nf_nat_amanda (2.6)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 12:35:06 +00:00
nico
d7cba3c5fb
[cosmectic] include/netfilter.mk: move ebtables definitions at the end
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 03:43:13 +00:00
jow
0d6701800b
[netfilter] properly package xt_comment.ko ( #6742 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-26 00:23:39 +00:00
jow
f082191aa5
[generic-2.4] netfilter: add support for raw table and NOTRACK target ( #5504 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-19 01:36:47 +00:00
jow
38155e5737
[package] iptables: add comment match to the core package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 20:52:58 +00:00
nico
b06dc645db
[kernel] netfilter: remove IPset leftovers missed from [17844]
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 14:08:31 +00:00
hauke
e0cf13bf5a
[ipset] Update ipset to version 3.2
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 15:03:41 +00:00
florian
a46f3b0df9
[package] split ebtables packages and modules into ebtables ipv4/6 and watchers ( #5001 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-25 19:47:48 +00:00
florian
c24342582e
[package] fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 ( #5568 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 11:52:30 +00:00
nbd
935dfb67aa
netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:33 +00:00
hauke
b94eefee0f
[netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 19:01:38 +00:00
jow
d2e0fc9c6b
[include] adept netfilter.mk to updated imq
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-07 03:16:36 +00:00
nbd
796a9d1091
get rid of $Id$ - it has never helped us and it has broken too many patches ;)
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-17 14:09:46 +00:00
nbd
5d6d962eb8
move iptable_raw to the conntrack-extra package
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-09 19:42:52 +00:00
nico
68de2a32c8
[kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-06 19:00:20 +00:00
nbd
0c51cabddd
remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-21 16:30:44 +00:00
juhosg
75d621a3c5
[kernel] netfilter: remove CHAOS, TARPIT and DELUDE references
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-09 13:27:39 +00:00
kaloz
51b7495ea0
defrag needs to be loaded before conntrack_ipv4
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 18:44:46 +00:00
kaloz
344d413fa7
fix conntrack on 2.6.28
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 16:00:04 +00:00
nico
3a25b868c7
make the whole iptables/netfiter modular ( closes : #3871 , #3527 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
florian
9a935f099a
Package ip6t_limit and ip6t_frag for 2.4 kernels ( #3760 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12276 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 06:38:48 +00:00
nico
4a75cb1933
cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11073 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-05-08 11:32:46 +00:00
juhosg
4ada9dfdba
[package] kmod-ipt-iprange: fix build error on .25
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10992 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-30 15:42:10 +00:00
juhosg
a58eaf210a
update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10843 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-15 06:11:23 +00:00
florian
c6a90ed8a4
layer7 filtering module is now xt_layer7 ( #3268 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10674 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-03-27 18:24:13 +00:00
juhosg
1fe9314a6d
[kernel] netfilter/ipset cleanups
...
* rename patches to follow our naming conventions
* update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom]
* add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs
* add ip_set_iptreemap to include/netfilter.mk
* update kmod-ipt-ipset module description
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9269 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-12 14:58:35 +00:00
juhosg
f29e1c9edb
add TARPIT support to netfilter/iptables
...
* netfilter: add the xt_TARPIT target module required by xt_CHAOS
* include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE
* iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number
* original patchset can be found [http://tinyurl.com/2mjk2kx here]
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9178 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-07 17:17:04 +00:00
nico
45d02992d9
add ipv6 conntrack support ( closes : #2192 )
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8984 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-23 17:22:17 +00:00
nico
937629f197
add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ( closes : #2297 , thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8955 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-22 18:37:24 +00:00
nico
9a08ed9ab3
cosmetic cleanup before more deep changes
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8870 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-20 10:48:54 +00:00
nico
339b3093c8
fix typo again (do i need some sleep?)
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8822 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-17 01:51:57 +00:00
nico
15b77c664f
oops, fix typo
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8816 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-16 22:41:24 +00:00
nico
d1020e0c94
revert CONFIG_* symbols set m enforcement introduced in [8591], it can't work when symbols from different kernel versions are mixed in KCONFIG
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8798 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-16 16:10:37 +00:00
nico
f4321239b7
prevent include/netfilter.mk from being included multiple times
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8781 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-15 16:19:26 +00:00
florian
f4824bc14d
Package the statistics module for netfilter
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8716 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-09 18:32:06 +00:00
nico
9a571e2771
require all CONFIG_* symbols listed in its KCONFIG to be set to m in order to actually build a kmod package, tweak and fix kernel package definitions.
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8591 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-03 08:58:14 +00:00
nico
0e03ee56fd
revert [8473] (see [8055])
...
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8499 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-08-27 02:04:35 +00:00