15 Commits

Author	SHA1	Message	Date
jow	45960666c5	[package] firewall: also set up nat reflection rules for redirects with proto all and/or no src_dport set ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32652 3c298f89-4303-0410-b956-a3cf2f4a3e73	2012-07-09 12:23:36 +00:00
jow	e1df4ecd68	[packages] firewall: fix nat reflection after netifd status format change ... - use /lib/functions/network.sh - simplify nat reflection code git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31936 3c298f89-4303-0410-b956-a3cf2f4a3e73	2012-05-28 03:15:05 +00:00
jow	b8351c325d	[package] firewall: rework interface address determination to skip ipv6 addresses ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31755 3c298f89-4303-0410-b956-a3cf2f4a3e73	2012-05-16 13:37:49 +00:00
jow	0945d8e239	[package] firewall: fix nat reflection after netifd switch (#11460) ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31754 3c298f89-4303-0410-b956-a3cf2f4a3e73	2012-05-16 13:03:54 +00:00
jow	f80fb45dc2	[package] firewall: further tune ICMPv6 default rules according to RFC4890 (#9893) ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27979 3c298f89-4303-0410-b956-a3cf2f4a3e73	2011-08-14 00:33:29 +00:00
jow	8a804d8a62	[package] firewall: fix port range quirk in previous commit ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27335 3c298f89-4303-0410-b956-a3cf2f4a3e73	2011-07-01 11:50:48 +00:00
jow	9179216cd8	[package] firewall: properly handle negated ports in nat reflection ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27334 3c298f89-4303-0410-b956-a3cf2f4a3e73	2011-07-01 11:48:14 +00:00
jow	87281df903	[package] firewall: ... - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73	2011-06-30 01:31:23 +00:00
jow	b592e5c373	[package] firewall: also establish forward rules when setting up nat reflection, back out early if reflection is disabled ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23201 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-10-03 18:11:59 +00:00
jow	889cf1f8c3	[package] firewall: don't setup nat reflection if negations are used ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23142 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-09-28 11:11:11 +00:00
jow	750dead792	[package] firewall: introduce SNAT support for redirect sections ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22937 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-09-05 19:03:17 +00:00
jow	c6d4a05eeb	[package] firewall: add option to disable NAT reflection ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22908 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-09-04 17:49:14 +00:00
jow	291f78f21a	[package] firewall: ... - handle NAT reflection in firewall hotplug, solves synchronizing issues on boot - introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-09-04 15:49:13 +00:00
jow	4fbc2d59b9	[package] firwall: fix nat reflection for zones covering multiple networks ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22442 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-07-31 13:25:56 +00:00
jow	da83ad5b95	[package] firewall: add basic NAT reflection/NAT loopback support ... git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22441 3c298f89-4303-0410-b956-a3cf2f4a3e73	2010-07-31 13:06:14 +00:00