summaryrefslogtreecommitdiff
path: root/package/network/config/firewall/files/firewall.config
Commit message (Collapse)AuthorAgeFilesLines
* firewall: document rules for IPSec ESP/ISAKMP with 'name' optionYousong Zhou2017-03-281-14/+15
| | | | | | | | | | These are recommended practices by REC-22 and REC-24 of RFC6092: "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service" Fixes FS#640 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* firewall: allow DHCPv6 traffic to/from fc00::/6 instead of fe80::/10Jo-Philipp Wich2015-09-251-2/+2
| | | | | | | | | | There is no RFC requirement that DHCPv6 servers must reply with a link local address and some ISP servers in the wild appear to using addresses in the ULA range to send DHCPv6 offers. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 47048
* firewall: Remove src_port from firewall.config to receive dhcpv6 repliesSteven Barth2015-09-111-1/+0
| | | | | | | | | | Seems like my second try was again whitespace broken. Sorry for the noise. Remove src_port from firewall.config to receive dhcpv6 replies. Fixes #20295. Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de> SVN-Revision: 46842
* firewall: fix typo in ESP ruleSteven Barth2015-07-271-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46506
* firewall: comply with REC-22, REC-24 of RFC 6092Steven Barth2015-07-241-12/+11
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46478
* firewall: Allow IGMP and MLD input on WANSteven Barth2015-05-051-0/+19
| | | | | | | | | | | | The WAN port should at least respond to IGMP and MLD queries as otherwise a snooping bridge/switch might drop traffic. RFC4890 recommends to leave IGMP and MLD unfiltered as they are always link-scoped anyways. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> SVN-Revision: 45613
* firewall: allow routed lan<->lan traffic by defaultJo-Philipp Wich2013-07-041-1/+1
| | | | SVN-Revision: 37171
* firewall3: rename to firewall, move into base system menu, update to git ↵Jo-Philipp Wich2013-06-041-0/+177
| | | | | | head with compatibility fixes for AA SVN-Revision: 36838
* Drop legacy firewall packageJo-Philipp Wich2013-06-041-176/+0
| | | | SVN-Revision: 36837
* firewall: Remove obsoleted ULA-border ruleSteven Barth2013-05-131-19/+0
| | | | SVN-Revision: 36622
* firewall: Add ULA site border for IPv6 traffic This prevents private traffic ↵Steven Barth2013-01-041-0/+19
| | | | | | from leaking out to the internet SVN-Revision: 35012
* packages: sort network related packages into package/network/Felix Fietkau2012-10-101-0/+176
SVN-Revision: 33688
generated by cgit v1.1 at 2025-03-14 01:48:26 +0000