| Commit message (Expand) | Author | Age | Files | Lines |
* | firewall: allow ICMPv6 type 129 (echo reply) - this fixes basic ICMPv6 in cas... | Jo-Philipp Wich | 2012-02-25 | 1 | -0/+2 |
* | firewall: bail out if uci is used in firewall include files | Jo-Philipp Wich | 2012-02-23 | 1 | -1/+7 |
* | firewall: don't filter IPv4 ICMP types (#10928) | Jo-Philipp Wich | 2012-02-07 | 1 | -4/+1 |
* | firewall: add support for "local" port forwards which target an internal addr... | Jo-Philipp Wich | 2012-01-08 | 1 | -2/+13 |
* | firewall: - introduce per-section "option enabled" which defaults to "1" - us... | Jo-Philipp Wich | 2011-12-20 | 2 | -1/+10 |
* | firewall: add DHCPv6 default rule (#10381) | Jo-Philipp Wich | 2011-11-09 | 1 | -0/+12 |
* | firewall: relocate TCPMSS rules into mangle table, add code to selectively cl... | Jo-Philipp Wich | 2011-10-29 | 3 | -6/+20 |
* | firewall: do not produce 0.0.0.0/0 if a symbolic masq_src or masq_dest is giv... | Jo-Philipp Wich | 2011-10-27 | 2 | -3/+6 |
* | firewall: prevent ip6tables -t nat rules (#10265) | Jo-Philipp Wich | 2011-10-23 | 1 | -1/+2 |
* | firewall: fix another instance of unquoted "*" | Jo-Philipp Wich | 2011-10-22 | 1 | -1/+1 |
* | firewall: fix possible expansion of "*" when rules with "option src *" are pr... | Jo-Philipp Wich | 2011-10-22 | 1 | -5/+10 |
* | firewall: do not check for module availability, let iptables fail if a featur... | Jo-Philipp Wich | 2011-10-22 | 1 | -15/+1 |
* | firewall: make ESTABLISHED,RELATED rules match before INVALID, use conntrack ... | Jo-Philipp Wich | 2011-09-01 | 1 | -8/+8 |
* | firewall: further tune ICMPv6 default rules according to RFC4890 (#9893) | Jo-Philipp Wich | 2011-08-14 | 2 | -1/+17 |
* | firewall: prevent redundant rules if multiple ports and multiple icmp types a... | Jo-Philipp Wich | 2011-07-26 | 1 | -7/+16 |
* | firewall: fix serious bug in state var handling (#9746) | Jo-Philipp Wich | 2011-07-20 | 1 | -2/+2 |
* | firewall: rework state variable handling, use uci_toggle_state() where applic... | Jo-Philipp Wich | 2011-07-15 | 1 | -17/+24 |
* | firewall: make sure that -m mac is used with --mac-source, follow up to r27508 | Jo-Philipp Wich | 2011-07-07 | 1 | -1/+1 |
* | firewall: also correct another variable missed in previous commit | Daniel Dickinson | 2011-07-07 | 1 | -1/+1 |
* | firewall: fix wrong variable names for protocol command line parameter - were... | Daniel Dickinson | 2011-07-07 | 1 | -2/+2 |
* | firewall: - solve scoping issues when multiple values are used, thanks Daniel... | Jo-Philipp Wich | 2011-07-06 | 3 | -29/+25 |
* | firewall: fix udp rules for tcpudp proto rules using src_port and dest_port a... | Daniel Dickinson | 2011-07-06 | 1 | -0/+7 |
* | firewall: fix port range quirk in previous commit | Jo-Philipp Wich | 2011-07-01 | 1 | -2/+2 |
* | firewall: properly handle negated ports in nat reflection | Jo-Philipp Wich | 2011-07-01 | 1 | -4/+12 |
* | firewall: refine default ICMPv6 rules to better conform with RFC4890, do not ... | Jo-Philipp Wich | 2011-06-30 | 1 | -13/+2 |
* | firewall: restore local port relocation ability from r26617 | Jo-Philipp Wich | 2011-06-30 | 1 | -3/+3 |
* | firewall: - allow multiple ports, protocols, macs, icmp types per rule - impl... | Jo-Philipp Wich | 2011-06-30 | 5 | -73/+219 |
* | firewall: ensure that fw_get_subnet4() sets an empty value if no (valid) IPv4... | Jo-Philipp Wich | 2011-06-16 | 1 | -0/+1 |
* | firewall: allow symbolic names of interfaces and aliases in masq_src and masq... | Jo-Philipp Wich | 2011-06-16 | 2 | -2/+27 |
* | firewall: explictely mention network in default configuration, makes it less ... | Jo-Philipp Wich | 2011-05-20 | 1 | -0/+2 |
* | firewall: revert accidential committed changes from r26805 | Jo-Philipp Wich | 2011-05-02 | 1 | -39/+11 |
* | firewall: provide examples of ssh port relocation on firewall and IPsec passt... | Jo-Philipp Wich | 2011-05-02 | 2 | -11/+61 |
* | firewall: prevent excessive uci state data aggregation (#9152) | Jo-Philipp Wich | 2011-04-20 | 1 | -0/+2 |
* | firewall: allow local redirection of ports | Jo-Philipp Wich | 2011-04-12 | 1 | -3/+2 |
* | firewall: prevent duplicate values in interface state vars | Jo-Philipp Wich | 2011-03-30 | 1 | -1/+4 |
* | Keep firewall.user during sysupgrades | Travis Kemen | 2011-03-20 | 1 | -0/+1 |
* | firewall: move include sourcing into a subshell, this makes the firewall init... | Jo-Philipp Wich | 2011-03-02 | 1 | -2/+4 |
* | firewall: fix rule generation for v4 or v6 only zones (#8955) | Jo-Philipp Wich | 2011-03-01 | 1 | -0/+3 |
* | firewall: fix wrong rule order if multiple protocols are used | Jo-Philipp Wich | 2011-01-27 | 1 | -3/+3 |
* | firewall: insert SNAT and DNAT rules according to the order of the configurat... | Jo-Philipp Wich | 2010-10-08 | 2 | -2/+5 |
* | firewall: also establish forward rules when setting up nat reflection, back o... | Jo-Philipp Wich | 2010-10-03 | 1 | -6/+15 |
* | firewall: fix chain selection logic, option dest must be ignored for notrack ... | Jo-Philipp Wich | 2010-09-28 | 1 | -6/+5 |
* | firewall: don't setup nat reflection if negations are used | Jo-Philipp Wich | 2010-09-28 | 1 | -0/+3 |
* | fireall: - support negations for src_ip, dest_ip, src_dip options in rules an... | Jo-Philipp Wich | 2010-09-28 | 4 | -27/+41 |
* | firewall: protect iptables invocations with locks in interface ops, it might ... | Jo-Philipp Wich | 2010-09-19 | 1 | -0/+4 |
* | firewall: make invalid redirects and duplicate zones non-fatal, print a notic... | Jo-Philipp Wich | 2010-09-16 | 3 | -9/+11 |
* | firewall: run ifdown hotplug events synchronized, fixes a racecondition on "i... | Jo-Philipp Wich | 2010-09-15 | 2 | -9/+7 |
* | firewall: deliver remove hotplug events for all active zones/networks when re... | Jo-Philipp Wich | 2010-09-14 | 2 | -2/+41 |
* | firewall: - simplify masquerade rule setup - remove various subshell invocati... | Jo-Philipp Wich | 2010-09-11 | 6 | -93/+113 |
* | firewall: - fix possible endless loop when the family option is used for forw... | Jo-Philipp Wich | 2010-09-05 | 2 | -4/+6 |