| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
There is no RFC requirement that DHCPv6 servers must reply with a link local
address and some ISP servers in the wild appear to using addresses in the ULA
range to send DHCPv6 offers.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47048
|
| |
|
|
|
|
|
|
|
|
| |
Seems like my second try was again whitespace broken. Sorry for the noise.
Remove src_port from firewall.config to receive dhcpv6 replies. Fixes #20295.
Signed-off-by: Anselm Eberhardt <a.eberhardt@cygnusnetworks.de>
SVN-Revision: 46842
|
| |
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46506
|
| |
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46478
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
|
| |
|
|
|
|
|
|
| |
https://dev.openwrt.org/ticket/17593
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42233
|
| |
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 39649
|
| |
|
|
|
|
|
|
| |
add validation data
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 39617
|
| |
|
|
|
|
|
| |
This fixes packet loss due to reloading firewall every minute with IPv6
implementation of certain ISPs.
SVN-Revision: 39332
|
| |
|
|
|
|
| |
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 39300
|
| |
|
|
|
|
|
|
|
|
| |
* Use network.interface dump call instead of individual status calls
to reduce overall netifd lookups and invokes to 1 per fw3 process.
* Allow protocol handlers to assign a firewall zone for an interface
in the data section to allow for dynamic firewall zone assignment.
SVN-Revision: 38504
|
| |
|
|
| |
SVN-Revision: 37171
|
| |
|
|
|
|
| |
head with compatibility fixes for AA
SVN-Revision: 36838
|
| |
|
|
| |
SVN-Revision: 36837
|
| |
|
|
| |
SVN-Revision: 36622
|
| |
|
|
| |
SVN-Revision: 35745
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
|
| |
|
|
| |
SVN-Revision: 35348
|
| |
|
|
|
|
| |
from leaking out to the internet
SVN-Revision: 35012
|
| |
|
|
| |
SVN-Revision: 34569
|
| |
|
|
|
|
|
|
| |
- use comment match to keep track of per-network rules
- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
- delete per-network reflection rules if network is brought down
SVN-Revision: 34472
|
|
|
SVN-Revision: 33688
|
