Jo-Philipp Wich
db3013852a
firewall: small improvements in nat reflection
...
- do not insert duplicate rules when setting up reflection to a zone containing multiple interfaces
- set up reflection for any protocol, not just TCP and UDP
SVN-Revision: 38361
2013-10-10 18:15:10 +00:00
Felix Fietkau
e96695df10
netifd: update to latest version, adds macvlan support
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38299
2013-10-03 14:51:34 +00:00
Steven Barth
1d485c737e
netifd: don't remove & readd addresses that only have a changed lifetime
...
SVN-Revision: 38269
2013-10-01 17:30:05 +00:00
John Crispin
f874094402
procd: convert various packages to procd style init.d scripts
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 38023
2013-09-17 21:45:30 +00:00
Felix Fietkau
7fc90889d5
netifd: update to the latest version, fixes a bridge handling corner case on config reload
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37856
2013-08-29 22:20:36 +00:00
Jo-Philipp Wich
2864fb107f
firewall: update to git head
...
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
- fixes support for rule sections with target "NOTRACK"
SVN-Revision: 37777
2013-08-14 15:40:38 +00:00
Jo-Philipp Wich
d6e8047f83
firewall: update to git head
...
- handles redirects as port relocations if the dest_ip points to the router itself
SVN-Revision: 37374
2013-07-16 14:04:59 +00:00
Steven Barth
54ae5ce507
netifd: Fix IPv6-prefix assignment with continuous hints
...
SVN-Revision: 37371
2013-07-16 12:07:11 +00:00
Luka Perkov
1a963355b0
netifd: update to latest version, add bridge_empty option
...
with this option enabled it's possible to create empty bridges
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37318
2013-07-14 18:50:04 +00:00
John Crispin
7d7c2ff5f9
swconfig: fix dependency bug introduced by [37304]
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37316
2013-07-14 18:16:42 +00:00
Hauke Mehrtens
f8d55e7541
brcm47xx: use b53 phy driver for the switch in kernel 3.10
...
This makes it possible to use swconfig to controll the switch.
This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.
SVN-Revision: 37304
2013-07-14 14:11:17 +00:00
Felix Fietkau
f98f69adc9
firewall: add missing dependencies
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37224
2013-07-10 11:33:48 +00:00
John Crispin
fc40051569
lantiq: move dsl tools to package/network/config
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37198
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich
4aa82d07a6
firewall: allow routed lan<->lan traffic by default
...
SVN-Revision: 37171
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich
2d506f46fb
firewall: update to git head
...
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
SVN-Revision: 37082
2013-06-29 13:28:27 +00:00
Steven Barth
d8051a8814
netifd: fix typo in dhcp script
...
SVN-Revision: 37051
2013-06-28 04:19:21 +00:00
Felix Fietkau
b4babf9f81
netifd: update to latest version, fixes a NULL pointer deref bug
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36965
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich
65f82e2311
firewall: update to git head
...
- fixes misprocessing of unknown symbolic protocol names
SVN-Revision: 36963
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich
37ae268729
firewall: update to git head
...
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
2013-06-18 14:14:35 +00:00
Steven Barth
9f1899242c
netifd: IPv6: Fix sorting order in last commit.
...
SVN-Revision: 36952
2013-06-17 21:29:14 +00:00
Steven Barth
213269a8f7
netifd: Satisfy IPv6 assignments ordered by prefix length
...
SVN-Revision: 36950
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich
36d3fafd77
firewall: update to git head
...
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich
0db38adf1c
firewall: update to git head
...
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
2013-06-13 12:49:00 +00:00
Felix Fietkau
9fb5bf176e
netifd: update to latest version, uses the new uci/blob code from libuci
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36909
2013-06-10 12:42:30 +00:00
Steven Barth
491deaed2c
netifd: improve reloading behaviour
...
SVN-Revision: 36903
2013-06-10 10:42:15 +00:00
Steven Barth
f995c90329
netifd: Improve IPv6 source-routing policies
...
SVN-Revision: 36884
2013-06-08 13:26:33 +00:00
Jonas Gorski
b9de8ca7f5
netifd: bring wifi down before shutting down
...
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 36883
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich
e7b15446a8
firewall: udpate to git head ( #13652 , #13654 , #13658 )
...
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich
5cf06bd17b
firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
...
SVN-Revision: 36868
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich
ecc95dcba8
firewall: update to git head ( #13652 )
...
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3
firewall3: fix accidentally changed install directive
...
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88
firewall: fix git source url
...
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221
firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
...
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09
Drop legacy firewall package
...
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257
firewall3: update to git head ( #13641 )
...
* Fixes wrong chain used for zone forward policy
SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e
firewall3: update to git head
...
- Fixes problems with reusing matches or targets from loadable extensions
SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich
3bb397c997
firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
...
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
519f27cd33
netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
...
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Steven Barth
439fdd4d65
netifd: fix IPv6-addresses disappearing due to lifetime-overflows
...
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich
63603ee478
firewall3: update to git head
...
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1
firewall3: update to git head
...
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich
90887b5fb3
firewall3: update to git head
...
- fixes linking issues with some toolchains
SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich
c1ff8cd9bb
firewall3: update to git head
...
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Steven Barth
32c6ffb5a1
firewall3: Remove abandonend include
...
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259
firewall3: update to git head
...
- fix build on Linux < 3.7
- limit zone names to 14 bytes
SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich
c12189b379
firewall3: update to git head
...
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich
dd83e87ab0
firewall3: update to git head
...
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
9b6c31d4cc
firewall3: move libext*.a copying to compile phase
...
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
e8050c6c35
firewall3: update to git head
...
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Steven Barth
0f1be4425f
netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
...
Based on a patch by Kristian Evensen. Thank You.
SVN-Revision: 36653
2013-05-17 14:44:02 +00:00