firewall: optimize DNAT rules and skip invalid rules and redirects (#14485)

- instead of writing one (or more) ACCEPT rules in the filter table
	  for each redirect install a global ctstate DNAT accept rule per zone

	- discard rules and redirects which have invalid options set instead
	  of silently skipping the invalid values

SVN-Revision: 38849
This commit is contained in:
Jo-Philipp Wich 2013-11-18 11:59:27 +00:00
parent 82e6242798
commit bc9043cc53

View file

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=firewall PKG_NAME:=firewall
PKG_VERSION:=2013-10-23 PKG_VERSION:=2013-11-18
PKG_RELEASE:=$(PKG_SOURCE_VERSION) PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=git://nbd.name/firewall3.git PKG_SOURCE_URL:=git://nbd.name/firewall3.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=c25922c05ae594c4c35fa65f27fd21c3a033f4ec PKG_SOURCE_VERSION:=fa3386a7054aa9541decd68c8cf8de1e0d6f8832
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>