Commit graph

63 commits

Author SHA1 Message Date
Jo-Philipp Wich
ecc95dcba8 firewall: update to git head (#13652)
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
  - uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones

SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3 firewall3: fix accidentally changed install directive
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88 firewall: fix git source url
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221 firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09 Drop legacy firewall package
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Steven Barth
4cb9d9715c firewall: Remove obsoleted ULA-border rule
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
92062542e2 firewall: fix logging rule regression (#12999)
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
e106f25ee7 firewall: various enhancements
- reduce mssfix related log spam (#10681)
	- separate src and dest terminal chains (#11453, #12945)
	- disable per-zone custom chains by default, they're rarely used

Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.

SVN-Revision: 35484
2013-02-04 14:38:33 +00:00
Jo-Philipp Wich
839f3ab0e7 firewall: flush conntrack table after changing interface rules
SVN-Revision: 35348
2013-01-28 15:53:44 +00:00
Steven Barth
b077480a59 firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
SVN-Revision: 35012
2013-01-04 15:59:28 +00:00
Jo-Philipp Wich
16d0957a4e firewall: fix typo in reflection hotplug script
SVN-Revision: 34569
2012-12-07 13:08:28 +00:00
Jo-Philipp Wich
6504b268b3 firewall: extend nat reflection support
- use comment match to keep track of per-network rules
	- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
	- delete per-network reflection rules if network is brought down

SVN-Revision: 34472
2012-12-04 15:24:21 +00:00
Felix Fietkau
405e21d167 packages: sort network related packages into package/network/
SVN-Revision: 33688
2012-10-10 12:32:29 +00:00