Commit graph

9 commits

Author SHA1 Message Date
Jo-Philipp Wich
a43f5b5038 firewall: insert SNAT and DNAT rules according to the order of the configuration file (#8052)
SVN-Revision: 23318
2010-10-08 12:11:55 +00:00
Jo-Philipp Wich
1a0d7a3612 firewall: fix chain selection logic, option dest must be ignored for notrack targets
SVN-Revision: 23143
2010-09-28 11:38:31 +00:00
Jo-Philipp Wich
6a335579b8 fireall: - support negations for src_ip, dest_ip, src_dip options in rules and redirects - add NOTRACK target to rule sections, allows to define fine grained notrack rules
SVN-Revision: 23141
2010-09-28 10:42:56 +00:00
Jo-Philipp Wich
f3dd8278bb firewall: - simplify masquerade rule setup - remove various subshell invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source
SVN-Revision: 23024
2010-09-11 20:04:34 +00:00
Jo-Philipp Wich
07b571a239 firewall: Initial alias interface support. This allows to define zones covering alias interfaces and associated entries like rules and forwardings.
SVN-Revision: 21653
2010-06-01 21:58:48 +00:00
Jo-Philipp Wich
e25fbfccdf firewall: fix support for netranges in redirect and rule sections
SVN-Revision: 21640
2010-05-30 23:49:47 +00:00
Jo-Philipp Wich
409edb1b8e firewall: count rules per chain and family, fix wrong order of ip6tables rules when ipv4 only or dual family rules are defined
SVN-Revision: 21533
2010-05-22 02:01:19 +00:00
Jo-Philipp Wich
40ad9defcc firewall: - fix ip6tables rules when icmp_type option is set - add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
SVN-Revision: 21508
2010-05-19 21:35:23 +00:00
Jo-Philipp Wich
c284cb51c0 firewall: - replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz - bump version to 2
SVN-Revision: 21286
2010-05-01 18:22:01 +00:00