Commit graph

58 commits

Author SHA1 Message Date
Steven Barth
4cb9d9715c firewall: Remove obsoleted ULA-border rule
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
92062542e2 firewall: fix logging rule regression (#12999)
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
e106f25ee7 firewall: various enhancements
- reduce mssfix related log spam (#10681)
	- separate src and dest terminal chains (#11453, #12945)
	- disable per-zone custom chains by default, they're rarely used

Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.

SVN-Revision: 35484
2013-02-04 14:38:33 +00:00
Jo-Philipp Wich
839f3ab0e7 firewall: flush conntrack table after changing interface rules
SVN-Revision: 35348
2013-01-28 15:53:44 +00:00
Steven Barth
b077480a59 firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
2013-01-04 15:59:28 +00:00
Jo-Philipp Wich
16d0957a4e firewall: fix typo in reflection hotplug script
SVN-Revision: 34569
2012-12-07 13:08:28 +00:00
Jo-Philipp Wich
6504b268b3 firewall: extend nat reflection support
- use comment match to keep track of per-network rules
	- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
	- delete per-network reflection rules if network is brought down

SVN-Revision: 34472
2012-12-04 15:24:21 +00:00
Felix Fietkau
405e21d167 packages: sort network related packages into package/network/
SVN-Revision: 33688
2012-10-10 12:32:29 +00:00
Renamed from package/firewall/Makefile (Browse further)