Commit graph

1005 commits

Author SHA1 Message Date
Jo-Philipp Wich
a9977eca91 firewall: allow local redirection of ports
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26617
2011-04-12 20:03:59 +00:00
Jo-Philipp Wich
a65b43a46f autotools.mk: disable autoreconf recursion if more than one dir is given in PKG_AUTOMAKE_PATHS
SVN-Revision: 26589
2011-04-11 14:18:55 +00:00
Jo-Philipp Wich
0f13d0a068 cmake.mk: don't assume toolchain binaries in .../bin/ if an external toolchain is used, rely on which instead
SVN-Revision: 26584
2011-04-11 02:11:11 +00:00
Hauke Mehrtens
24c1caef5f iipt-debug: create bundle of netfilter modules for debugging
Add a bundle for including commonly useful modules for IPtables debugging and development.

For now, it just contains xt_TRACE.ko

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26567
2011-04-09 23:23:46 +00:00
Felix Fietkau
2238b949f1 build: log package dump failures to logs to avoid forcing user to write cryptic commands to figure out what's going on
SVN-Revision: 26499
2011-04-06 14:48:59 +00:00
Felix Fietkau
caf4747f0c build: clean up handling of the kernel config
- support kernel config overlays in env/
- allow overriding the target kernel config with CONFIG_TARGET=platform|subtarget|env

SVN-Revision: 26498
2011-04-06 14:48:55 +00:00
Felix Fietkau
459762ace2 add a new package metadata variable MDEPENDS for specifying local menuconfig dependencies that do not propagate to other packages
SVN-Revision: 26491
2011-04-05 19:03:51 +00:00
Felix Fietkau
fcc570d999 site: set ac_cv_sizeof_off_t=8 to fix autoconf applications using it for detecting largefile support (#8376, #5681)
SVN-Revision: 26471
2011-04-04 12:11:43 +00:00
Felix Fietkau
d637ae2fc8 make the build system a bit more silent without V=99
SVN-Revision: 26460
2011-04-04 00:54:37 +00:00
Felix Fietkau
c4b8294c2d toplevel: add a warning about .config being out of sync after an update
SVN-Revision: 26459
2011-04-04 00:54:33 +00:00
Florian Fainelli
5959cd2850 add kmod-ipt-led
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.

LED target requires iptables 1.4.9 or higher

Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

SVN-Revision: 26451
2011-04-03 18:30:37 +00:00
Hauke Mehrtens
87f98f8b09 kernel: add md5sum of kernel
This was missing in r26441

SVN-Revision: 26442
2011-04-03 14:54:37 +00:00
Felix Fietkau
61485f6491 build: reduce the amount of generated make code for the initial prereq scan - makes it about 20% faster
SVN-Revision: 26436
2011-04-03 03:40:09 +00:00
Felix Fietkau
314ce66b86 build: use a conditional @ sign before silenced targets instead of .SILENT - makes prereq checks more than twice as fast
SVN-Revision: 26435
2011-04-03 03:40:04 +00:00
Felix Fietkau
33cde6b296 build: undefine debug helper templates used by subdir.mk if the DEBUG variable is empty, speeds up "make prereq" by 25% when lots of packages are installed
SVN-Revision: 26434
2011-04-03 03:40:01 +00:00
Felix Fietkau
8a0d981006 build: move the SH_FUNC eval to the beginning of the opkg control file build command chain, not in front of every single command
SVN-Revision: 26432
2011-04-03 02:10:32 +00:00
Felix Fietkau
f6a0d67e7c build: do not use shell calls to export empty opkg control files, speeds up package build and fixes some "Argument list too long" errors Patch by Thomas Langer from #8450
SVN-Revision: 26431
2011-04-03 02:07:59 +00:00
Felix Fietkau
e6aa1cab00 tools/squashfs4: update to version 4.2 (adds support for xz compression)
Based on a patch by Jonas Gorski

SVN-Revision: 26422
2011-04-03 01:02:00 +00:00
Michael Büsch
371bccb4c0 Update 2.6.38 to 2.6.38.2
SVN-Revision: 26332
2011-03-28 15:44:03 +00:00
Felix Fietkau
335877a2b3 global cflags: remove -funit-at-a-time, it is ignored by recent compilers. instead add -fno-caller-saves, which improves compression ratio for generated code with no apparent negative effects on performance
SVN-Revision: 26300
2011-03-26 01:07:12 +00:00
Jo-Philipp Wich
d005251cc4 target.mk: don't enable coreutils by default, it does not even exist anymore... fixes the Image Builder
SVN-Revision: 26269
2011-03-22 18:06:12 +00:00
Felix Fietkau
b568a64f8c add support for md5sum checks for mirrored tarballs of packages with version control source urls
SVN-Revision: 26260
2011-03-21 23:02:06 +00:00
Jo-Philipp Wich
48c8a8ddb0 image.mk: only upgrade permissions instead of overwriting, utilize tar -p flag for targz image targets (#7667)
SVN-Revision: 26259
2011-03-21 17:38:15 +00:00
Imre Kaloz
b8430e7427 update to 2.6.32.33 and 2.6.37.4
SVN-Revision: 26226
2011-03-18 13:25:32 +00:00
Imre Kaloz
7df8322519 add 2.6.38 md5sum
SVN-Revision: 26221
2011-03-18 12:56:19 +00:00
Felix Fietkau
73c1dd9473 build: move the CCACHE_DIR to the build targets so that it doesn't interfere with a host ccache setup
SVN-Revision: 26181
2011-03-15 19:58:32 +00:00
Felix Fietkau
fd0deca65d download.mk: properly quote download urls
SVN-Revision: 26129
2011-03-13 18:38:43 +00:00
Hauke Mehrtens
4226f1d373 kernel: update to kernel version 2.6.37.3
SVN-Revision: 26126
2011-03-13 17:14:08 +00:00
Hauke Mehrtens
425bf41b23 kernel: update to kernel version 2.6.34.8
SVN-Revision: 26125
2011-03-13 17:13:11 +00:00
Hauke Mehrtens
b78210955c kernel: update to kernel version 2.6.32.32
SVN-Revision: 26124
2011-03-13 17:12:20 +00:00
Daniel Dickinson
0f93d4c3c4 target: Added coreutils to list of default packages. It doesn't build or install anything (0 bytes, 0 dependencies) and it prevents other packages from appearing in the package list if it is not selected
SVN-Revision: 26026
2011-03-11 08:57:37 +00:00
Felix Fietkau
f67f66bb89 Revert "[include] provide mipsel-openwrt-linux-uclibcgnueabi site script, fixes the majority of configure problems"
SVN-Revision: 25970
2011-03-09 11:37:55 +00:00
Jo-Philipp Wich
fb53b99f8c provide mipsel-openwrt-linux-uclibcgnueabi site script, fixes the majority of configure problems
SVN-Revision: 25968
2011-03-09 10:13:56 +00:00
Jo-Philipp Wich
ff1f0be710 site: cache ac_cv_func_malloc_0_nonnull and ac_cv_func_realloc_0_nonnull
SVN-Revision: 25946
2011-03-08 06:00:56 +00:00
Imre Kaloz
b74308c433 only support EABI on ARM targets
SVN-Revision: 25928
2011-03-07 12:59:19 +00:00
Felix Fietkau
504eda0da9 hotplug2: replace udevtrigger from the udev-106 source with a much smaller self-contained, stripped-down version
SVN-Revision: 25920
2011-03-07 02:49:24 +00:00
Jo-Philipp Wich
dcb66b0593 deploy .ipk archives with --force-maintainer to ensure that configs are kept up-to-date in case they exist already for various reasons
SVN-Revision: 25915
2011-03-06 23:52:13 +00:00
Michael Büsch
9e7801b913 cmake: Fix ccache
SVN-Revision: 25878
2011-03-05 10:36:52 +00:00
Felix Fietkau
de4fdd0ce6 add a stamp that can forcibly disable autorebuild for a specific package - useful for testing changes to packages with extremely long recompilation times
SVN-Revision: 25838
2011-03-03 00:17:08 +00:00
Jo-Philipp Wich
073c5e0e74 add config.rpath and link it in autotools.mk if missing, some packages might need it, especially users of lib-link.m4 or iconv.m4
SVN-Revision: 25753
2011-02-27 15:39:27 +00:00
Felix Fietkau
c864843cbf netfilter.mk: put ipv6 conntrack in the right package
SVN-Revision: 25750
2011-02-27 11:22:30 +00:00
Felix Fietkau
2d14f4e2f8 netfilter: add missing modules for v6 conntrack (patch from #8940)
SVN-Revision: 25731
2011-02-26 15:50:01 +00:00
Felix Fietkau
831e597d7c move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
SVN-Revision: 25722
2011-02-26 00:35:22 +00:00
Felix Fietkau
9dad83362d kernel: remove imq support, refresh patches
SVN-Revision: 25641
2011-02-21 02:06:51 +00:00
Jo-Philipp Wich
d56fe0cf53 toplevel.mk: remove quotes from the release name, its up to its users to ensure proper quoting
SVN-Revision: 25596
2011-02-19 22:15:17 +00:00
Florian Fainelli
d3c2b87213 update to 2.6.32.29
SVN-Revision: 25583
2011-02-19 12:44:23 +00:00
Florian Fainelli
31709b2c76 update to 2.6.35.11
SVN-Revision: 25582
2011-02-19 12:44:16 +00:00
Florian Fainelli
45c9f5e75e update to kernel 2.6.36.4
SVN-Revision: 25580
2011-02-19 12:44:07 +00:00
Florian Fainelli
3cd87d2d81 update to 2.6.37.1
SVN-Revision: 25577
2011-02-19 12:43:59 +00:00
Florian Fainelli
beb132b140 add git (git-core) as a prerequisite (#8866)
SVN-Revision: 25536
2011-02-14 15:06:11 +00:00