firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA

SVN-Revision: 36838

4 files changed, 0 insertions, 219 deletions

diff --git a/package/network/config/firewall3/files/firewall.config b/package/network/config/firewall3/files/firewall.config
deleted file mode 100644
index acfb5e5..0000000
--- a/package/network/config/firewall3/files/firewall.config
+++ /dev/null
@@ -1,177 +0,0 @@
-config defaults
-	option syn_flood	1
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		REJECT
-# Uncomment this line to disable ipv6 rules
-#	option disable_ipv6	1
-
-config zone
-	option name		lan
-	list   network		'lan'
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		REJECT
-
-config zone
-	option name		wan
-	list   network		'wan'
-	list   network		'wan6'
-	option input		REJECT
-	option output		ACCEPT
-	option forward		REJECT
-	option masq		1
-	option mtu_fix		1
-
-config forwarding
-	option src		lan
-	option dest		wan
-
-# We need to accept udp packets on port 68,
-# see https://dev.openwrt.org/ticket/4108
-config rule
-	option name		Allow-DHCP-Renew
-	option src		wan
-	option proto		udp
-	option dest_port	68
-	option target		ACCEPT
-	option family		ipv4
-
-# Allow IPv4 ping
-config rule
-	option name		Allow-Ping
-	option src		wan
-	option proto		icmp
-	option icmp_type	echo-request
-	option family		ipv4
-	option target		ACCEPT
-
-# Allow DHCPv6 replies
-# see https://dev.openwrt.org/ticket/10381
-config rule
-	option name		Allow-DHCPv6
-	option src		wan
-	option proto		udp
-	option src_ip		fe80::/10
-	option src_port		547
-	option dest_ip		fe80::/10
-	option dest_port	546
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential incoming IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Input
-	option src		wan
-	option proto	icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	list icmp_type		router-solicitation
-	list icmp_type		neighbour-solicitation
-	list icmp_type		router-advertisement
-	list icmp_type		neighbour-advertisement
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential forwarded IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Forward
-	option src		wan
-	option dest		*
-	option proto		icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-# include a file with users custom iptables rules
-config include
-	option path /etc/firewall.user
-
-
-### EXAMPLE CONFIG SECTIONS
-# do not allow a specific ip to access wan
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option dest		wan
-#	option proto	tcp
-#	option target	REJECT
-
-# block a specific mac on wan
-#config rule
-#	option dest		wan
-#	option src_mac	00:11:22:33:44:66
-#	option target	REJECT
-
-# block incoming ICMP traffic on a zone
-#config rule
-#	option src		lan
-#	option proto	ICMP
-#	option target	DROP
-
-# port redirect port coming in on wan to lan
-#config redirect
-#	option src			wan
-#	option src_dport	80
-#	option dest			lan
-#	option dest_ip		192.168.16.235
-#	option dest_port	80
-#	option proto		tcp
-
-# port redirect of remapped ssh port (22001) on wan
-#config redirect
-#	option src		wan
-#	option src_dport	22001
-#	option dest		lan
-#	option dest_port	22
-#	option proto		tcp
-
-# allow IPsec/ESP and ISAKMP passthrough
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option protocol		esp
-#	option target		ACCEPT
-
-#config rule
-#	option src		wan
-#	option dest		lan
-#	option src_port		500
-#	option dest_port	500
-#	option proto		udp
-#	option target		ACCEPT
-
-### FULL CONFIG SECTIONS
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port	80
-#	option dest		wan
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
-#	option target	REJECT
-
-#config redirect
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port		1024
-#	option src_dport	80
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
diff --git a/package/network/config/firewall3/files/firewall.hotplug b/package/network/config/firewall3/files/firewall.hotplug
deleted file mode 100644
index 34f3afe..0000000
--- a/package/network/config/firewall3/files/firewall.hotplug
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-[ "$ACTION" = ifup ] || exit 0
-
-/etc/init.d/firewall enabled || exit 0
-
-fw3 -q network "$INTERFACE" >/dev/null || exit 0
-
-logger -t firewall "Reloading firewall due to ifup of $INTERFACE ($DEVICE)"
-fw3 -q reload
diff --git a/package/network/config/firewall3/files/firewall.init b/package/network/config/firewall3/files/firewall.init
deleted file mode 100755
index 64e3a8c..0000000
--- a/package/network/config/firewall3/files/firewall.init
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=19
-
-boot() {
-	# Be silent on boot, firewall might be started by hotplug already,
-	# so don't complain in syslog.
-	fw3 -q start
-}
-
-start() {
-	fw3 start
-}
-
-stop() {
-	fw3 flush
-}
-
-restart() {
-	fw3 restart
-}
-
-reload() {
-	fw3 reload
-}
diff --git a/package/network/config/firewall3/files/firewall.user b/package/network/config/firewall3/files/firewall.user
deleted file mode 100644
index 6f79906..0000000
--- a/package/network/config/firewall3/files/firewall.user
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file is interpreted as shell script.
-# Put your custom iptables rules here, they will
-# be executed with each firewall (re-)start.
-
-# Internal uci firewall chains are flushed and recreated on reload, so
-# put custom rules into the root chains e.g. INPUT or FORWARD or into the
-# special user chains, e.g. input_wan_rule or postrouting_lan_rule.