| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
- do not insert duplicate rules when setting up reflection to a zone containing multiple interfaces
- set up reflection for any protocol, not just TCP and UDP
SVN-Revision: 38361
|
|
|
|
|
|
|
| |
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
- fixes support for rule sections with target "NOTRACK"
SVN-Revision: 37777
|
|
|
|
|
|
| |
- handles redirects as port relocations if the dest_ip points to the router itself
SVN-Revision: 37374
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37224
|
|
|
|
| |
SVN-Revision: 37171
|
|
|
|
|
|
| |
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
SVN-Revision: 37082
|
|
|
|
|
|
| |
- fixes misprocessing of unknown symbolic protocol names
SVN-Revision: 36963
|
|
|
|
|
|
| |
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
|
|
|
|
|
|
| |
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
|
|
|
|
|
|
| |
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
|
|
|
|
|
|
|
|
|
| |
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
|
|
|
|
|
|
| |
solves problem with colliding CONFIG_IPV6 symbols
SVN-Revision: 36868
|
|
|
|
|
|
|
| |
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
|
|
|
|
| |
SVN-Revision: 36840
|
|
|
|
| |
SVN-Revision: 36839
|
|
|
|
|
|
| |
head with compatibility fixes for AA
SVN-Revision: 36838
|
|
|
|
| |
SVN-Revision: 36837
|
|
|
|
| |
SVN-Revision: 36622
|
|
|
|
| |
SVN-Revision: 35745
|
|
|
|
|
|
|
|
|
|
|
|
| |
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
|
|
|
|
| |
SVN-Revision: 35348
|
|
|
|
|
|
| |
from leaking out to the internet
SVN-Revision: 35012
|
|
|
|
| |
SVN-Revision: 34569
|
|
|
|
|
|
|
|
| |
- use comment match to keep track of per-network rules
- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
- delete per-network reflection rules if network is brought down
SVN-Revision: 34472
|
|
SVN-Revision: 33688
|