1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 10:11:33 +02:00
Commit Graph

77 Commits

Author SHA1 Message Date
jow
0874d00715 firewall: allow local redirection of ports
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-12 20:03:59 +00:00
hauke
76cd9d7bc5 iipt-debug: create bundle of netfilter modules for debugging
Add a bundle for including commonly useful modules for IPtables debugging and development.

For now, it just contains xt_TRACE.ko

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-09 23:23:46 +00:00
florian
9444af102a [package] add kmod-ipt-led
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.

LED target requires iptables 1.4.9 or higher

Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-04-03 18:30:37 +00:00
nbd
648bae0258 netfilter.mk: put ipv6 conntrack in the right package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-27 11:22:30 +00:00
nbd
e99b8fd1b6 netfilter: add missing modules for v6 conntrack (patch from #8940)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 15:50:01 +00:00
nbd
031c5bb6cb move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-26 00:35:22 +00:00
nbd
55664ae04b kernel: remove imq support, refresh patches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-02-21 02:06:51 +00:00
jow
4a7b97de79 [include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-12-19 16:47:30 +00:00
jow
9630e2ad94 [include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-18 20:39:07 +00:00
acoul
7fe3810101 finalize r22241 fixes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-17 08:50:19 +00:00
jow
86b9c1df64 [netfilter] package TPROXY target and module infrastructure
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-22 22:39:22 +00:00
acoul
67e7e39726 include/netfilter.mk fix typo on r21795
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:51:51 +00:00
acoul
e878a31bb7 include/netfilter.mk: add 2.6.35 kernel support
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-14 14:44:27 +00:00
nico
7dc731ea21 netfilter: extension fixes (partially closes: #7045)
* add missing xt_owner (2.6)
 * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables
 * add missing ipt_nat_tftp (2.4)
 * add missing nf_nat_amanda (2.6)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 12:35:06 +00:00
nico
d7cba3c5fb [cosmectic] include/netfilter.mk: move ebtables definitions at the end
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-04-04 03:43:13 +00:00
jow
0d6701800b [netfilter] properly package xt_comment.ko (#6742)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-26 00:23:39 +00:00
jow
f082191aa5 [generic-2.4] netfilter: add support for raw table and NOTRACK target (#5504)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-19 01:36:47 +00:00
jow
38155e5737 [package] iptables: add comment match to the core package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 20:52:58 +00:00
nico
b06dc645db [kernel] netfilter: remove IPset leftovers missed from [17844]
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11 14:08:31 +00:00
hauke
e0cf13bf5a [ipset] Update ipset to version 3.2
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-09-27 15:03:41 +00:00
florian
a46f3b0df9 [package] split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-25 19:47:48 +00:00
florian
c24342582e [package] fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 (#5568)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-07-24 11:52:30 +00:00
nbd
935dfb67aa netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 21:46:33 +00:00
hauke
b94eefee0f [netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-14 19:01:38 +00:00
jow
d2e0fc9c6b [include] adept netfilter.mk to updated imq
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-05-07 03:16:36 +00:00
nbd
796a9d1091 get rid of $Id$ - it has never helped us and it has broken too many patches ;)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-17 14:09:46 +00:00
nbd
5d6d962eb8 move iptable_raw to the conntrack-extra package
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-09 19:42:52 +00:00
nico
68de2a32c8 [kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-04-06 19:00:20 +00:00
nbd
0c51cabddd remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-21 16:30:44 +00:00
juhosg
75d621a3c5 [kernel] netfilter: remove CHAOS, TARPIT and DELUDE references
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-02-09 13:27:39 +00:00
kaloz
51b7495ea0 defrag needs to be loaded before conntrack_ipv4
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 18:44:46 +00:00
kaloz
344d413fa7 fix conntrack on 2.6.28
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-12-10 16:00:04 +00:00
nico
3a25b868c7 make the whole iptables/netfiter modular (closes: #3871, #3527)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-09-22 15:19:59 +00:00
florian
9a935f099a Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12276 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-08-11 06:38:48 +00:00
nico
4a75cb1933 cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11073 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-05-08 11:32:46 +00:00
juhosg
4ada9dfdba [package] kmod-ipt-iprange: fix build error on .25
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10992 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-30 15:42:10 +00:00
juhosg
a58eaf210a update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10843 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-04-15 06:11:23 +00:00
florian
c6a90ed8a4 layer7 filtering module is now xt_layer7 (#3268)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10674 3c298f89-4303-0410-b956-a3cf2f4a3e73
2008-03-27 18:24:13 +00:00
juhosg
1fe9314a6d [kernel] netfilter/ipset cleanups
* rename patches to follow our naming conventions
 * update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom]
 * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs
 * add ip_set_iptreemap to include/netfilter.mk
 * update kmod-ipt-ipset module description

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9269 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-12 14:58:35 +00:00
juhosg
f29e1c9edb add TARPIT support to netfilter/iptables
* netfilter: add the xt_TARPIT target module required by xt_CHAOS
 * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE
 * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number
 * original patchset can be found [http://tinyurl.com/2mjk2kx here]

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9178 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-10-07 17:17:04 +00:00
nico
45d02992d9 add ipv6 conntrack support (closes: #2192)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8984 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-23 17:22:17 +00:00
nico
937629f197 add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8955 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-22 18:37:24 +00:00
nico
9a08ed9ab3 cosmetic cleanup before more deep changes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8870 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-20 10:48:54 +00:00
nico
339b3093c8 fix typo again (do i need some sleep?)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8822 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-17 01:51:57 +00:00
nico
15b77c664f oops, fix typo
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8816 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-16 22:41:24 +00:00
nico
d1020e0c94 revert CONFIG_* symbols set m enforcement introduced in [8591], it can't work when symbols from different kernel versions are mixed in KCONFIG
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8798 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-16 16:10:37 +00:00
nico
f4321239b7 prevent include/netfilter.mk from being included multiple times
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8781 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-15 16:19:26 +00:00
florian
f4824bc14d Package the statistics module for netfilter
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8716 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-09 18:32:06 +00:00
nico
9a571e2771 require all CONFIG_* symbols listed in its KCONFIG to be set to m in order to actually build a kmod package, tweak and fix kernel package definitions.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8591 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-09-03 08:58:14 +00:00
nico
0e03ee56fd revert [8473] (see [8055])
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8499 3c298f89-4303-0410-b956-a3cf2f4a3e73
2007-08-27 02:04:35 +00:00