Felix Fietkau
f98f69adc9
firewall: add missing dependencies
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37224
2013-07-10 11:33:48 +00:00
John Crispin
fc40051569
lantiq: move dsl tools to package/network/config
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37198
2013-07-08 09:01:38 +00:00
Jo-Philipp Wich
4aa82d07a6
firewall: allow routed lan<->lan traffic by default
...
SVN-Revision: 37171
2013-07-04 18:10:36 +00:00
Jo-Philipp Wich
2d506f46fb
firewall: update to git head
...
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
SVN-Revision: 37082
2013-06-29 13:28:27 +00:00
Steven Barth
d8051a8814
netifd: fix typo in dhcp script
...
SVN-Revision: 37051
2013-06-28 04:19:21 +00:00
Felix Fietkau
b4babf9f81
netifd: update to latest version, fixes a NULL pointer deref bug
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36965
2013-06-18 16:24:48 +00:00
Jo-Philipp Wich
65f82e2311
firewall: update to git head
...
- fixes misprocessing of unknown symbolic protocol names
SVN-Revision: 36963
2013-06-18 14:30:51 +00:00
Jo-Philipp Wich
37ae268729
firewall: update to git head
...
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
2013-06-18 14:14:35 +00:00
Steven Barth
9f1899242c
netifd: IPv6: Fix sorting order in last commit.
...
SVN-Revision: 36952
2013-06-17 21:29:14 +00:00
Steven Barth
213269a8f7
netifd: Satisfy IPv6 assignments ordered by prefix length
...
SVN-Revision: 36950
2013-06-17 21:16:22 +00:00
Jo-Philipp Wich
36d3fafd77
firewall: update to git head
...
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
2013-06-13 18:54:49 +00:00
Jo-Philipp Wich
0db38adf1c
firewall: update to git head
...
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
2013-06-13 12:49:00 +00:00
Felix Fietkau
9fb5bf176e
netifd: update to latest version, uses the new uci/blob code from libuci
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36909
2013-06-10 12:42:30 +00:00
Steven Barth
491deaed2c
netifd: improve reloading behaviour
...
SVN-Revision: 36903
2013-06-10 10:42:15 +00:00
Steven Barth
f995c90329
netifd: Improve IPv6 source-routing policies
...
SVN-Revision: 36884
2013-06-08 13:26:33 +00:00
Jonas Gorski
b9de8ca7f5
netifd: bring wifi down before shutting down
...
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 36883
2013-06-08 11:44:12 +00:00
Jo-Philipp Wich
e7b15446a8
firewall: udpate to git head ( #13652 , #13654 , #13658 )
...
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
2013-06-06 14:12:02 +00:00
Jo-Philipp Wich
5cf06bd17b
firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
...
SVN-Revision: 36868
2013-06-06 14:02:29 +00:00
Jo-Philipp Wich
ecc95dcba8
firewall: update to git head ( #13652 )
...
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
2013-06-05 11:40:40 +00:00
Jo-Philipp Wich
0a74d9d5c3
firewall3: fix accidentally changed install directive
...
SVN-Revision: 36840
2013-06-04 12:30:50 +00:00
Jo-Philipp Wich
07a3110e88
firewall: fix git source url
...
SVN-Revision: 36839
2013-06-04 12:23:47 +00:00
Jo-Philipp Wich
b721c92221
firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
...
SVN-Revision: 36838
2013-06-04 12:21:52 +00:00
Jo-Philipp Wich
0dd6753c09
Drop legacy firewall package
...
SVN-Revision: 36837
2013-06-04 12:21:44 +00:00
Jo-Philipp Wich
6f60308257
firewall3: update to git head ( #13641 )
...
* Fixes wrong chain used for zone forward policy
SVN-Revision: 36830
2013-06-04 10:26:49 +00:00
Jo-Philipp Wich
6eeca5176e
firewall3: update to git head
...
- Fixes problems with reusing matches or targets from loadable extensions
SVN-Revision: 36826
2013-06-03 16:38:29 +00:00
Jo-Philipp Wich
3bb397c997
firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
...
SVN-Revision: 36806
2013-05-31 13:23:23 +00:00
Steven Barth
519f27cd33
netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
...
SVN-Revision: 36771
2013-05-30 15:42:25 +00:00
Steven Barth
439fdd4d65
netifd: fix IPv6-addresses disappearing due to lifetime-overflows
...
SVN-Revision: 36748
2013-05-28 18:32:01 +00:00
Jo-Philipp Wich
63603ee478
firewall3: update to git head
...
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
SVN-Revision: 36736
2013-05-27 15:13:19 +00:00
Jo-Philipp Wich
e4f8c38ed1
firewall3: update to git head
...
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
SVN-Revision: 36721
2013-05-26 15:48:04 +00:00
Jo-Philipp Wich
90887b5fb3
firewall3: update to git head
...
- fixes linking issues with some toolchains
SVN-Revision: 36703
2013-05-24 12:49:06 +00:00
Jo-Philipp Wich
c1ff8cd9bb
firewall3: update to git head
...
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
SVN-Revision: 36698
2013-05-23 13:07:44 +00:00
Steven Barth
32c6ffb5a1
firewall3: Remove abandonend include
...
SVN-Revision: 36692
2013-05-23 06:38:25 +00:00
Jo-Philipp Wich
b757ca2259
firewall3: update to git head
...
- fix build on Linux < 3.7
- limit zone names to 14 bytes
SVN-Revision: 36691
2013-05-22 14:15:53 +00:00
Jo-Philipp Wich
c12189b379
firewall3: update to git head
...
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
SVN-Revision: 36689
2013-05-22 11:37:41 +00:00
Jo-Philipp Wich
dd83e87ab0
firewall3: update to git head
...
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
SVN-Revision: 36686
2013-05-21 14:49:37 +00:00
Jo-Philipp Wich
9b6c31d4cc
firewall3: move libext*.a copying to compile phase
...
SVN-Revision: 36684
2013-05-21 12:58:36 +00:00
Jo-Philipp Wich
e8050c6c35
firewall3: update to git head
...
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
SVN-Revision: 36681
2013-05-21 10:15:14 +00:00
Steven Barth
0f1be4425f
netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
...
Based on a patch by Kristian Evensen. Thank You.
SVN-Revision: 36653
2013-05-17 14:44:02 +00:00
Steven Barth
5ce135ed87
netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
...
SVN-Revision: 36627
2013-05-13 17:12:34 +00:00
Steven Barth
ea71678b09
netifd: added support for setting up 6rd from DHCP
...
SVN-Revision: 36626
2013-05-13 17:12:30 +00:00
Steven Barth
973dad61b0
firewall3: Remove obsoleted ULA-border
...
SVN-Revision: 36624
2013-05-13 17:12:20 +00:00
Steven Barth
07d99b62b7
firewall3: add wan6 interface to wan-zone by default
...
SVN-Revision: 36623
2013-05-13 17:12:15 +00:00
Steven Barth
4cb9d9715c
firewall: Remove obsoleted ULA-border rule
...
SVN-Revision: 36622
2013-05-13 17:12:10 +00:00
Jo-Philipp Wich
4bba31b64c
firewall3: update to git head
...
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422 , #13386 )
- add support for fwmark matches and mark setting targets
SVN-Revision: 36521
2013-05-02 13:42:20 +00:00
Jo-Philipp Wich
f1497ccf4f
netifd: update to git head - disables multicast snooping by default on bridges
...
SVN-Revision: 36463
2013-04-27 09:28:40 +00:00
Felix Fietkau
5062838fa5
netifd: update to the latest version, fixes interface reload issues when removing the ifname option
...
SVN-Revision: 36424
2013-04-25 16:28:19 +00:00
Steven Barth
2c78c1457b
firewall3: Make IPv6 ULA-Border generation dynamic
...
This fixes working behind another router which gives out ULAs.
SVN-Revision: 36416
2013-04-24 14:17:24 +00:00
Steven Barth
17b8c0c7b8
netifd: Improve IPv6-ULA assignment handling
...
SVN-Revision: 36383
2013-04-22 19:40:06 +00:00
Felix Fietkau
099e3d8183
netifd: update to latest version, fixes some device handling crashes
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36336
2013-04-15 14:21:45 +00:00
Felix Fietkau
88c418bc75
qos-scripts: add queue length and quantum limit, suggested by dtaht
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36294
2013-04-09 14:59:10 +00:00
John Crispin
04dcd12c91
add portmap support to userland
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36284
2013-04-09 14:19:13 +00:00
John Crispin
f13ae9965c
add "swconfig list" support
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36282
2013-04-09 14:19:05 +00:00
Jo-Philipp Wich
f90f025f20
netifd: fix route / route6 regression ( #13303 )
...
SVN-Revision: 36281
2013-04-09 12:21:12 +00:00
Steven Barth
3abc915522
Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
...
SVN-Revision: 36280
2013-04-09 12:12:30 +00:00
Steven Barth
35d716fbbb
netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
...
SVN-Revision: 36196
2013-04-05 12:28:06 +00:00
Steven Barth
0393e52623
netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
...
SVN-Revision: 36193
2013-04-03 17:08:21 +00:00
Jo-Philipp Wich
6fa1b5346e
firewall3: update to git head
...
* fixes parsing of src/dest '*'
* fixes parsing of proto 'all'
SVN-Revision: 36111
2013-03-22 14:10:29 +00:00
Jo-Philipp Wich
76d1c0a067
firewall3: update to git head
...
* fixes port remapping rules (#13217 )
SVN-Revision: 36100
2013-03-21 14:25:17 +00:00
Steven Barth
261be7b8f3
netifd: Fix adding IPv6 DNS-servers to resolv.conf
...
In some cases IPv6 DNS-servers were not added correctly.
SVN-Revision: 36095
2013-03-20 13:49:39 +00:00
Jo-Philipp Wich
6fbd824e9b
firewall3: update to git head
...
* fixes reload handling of zones and ipsets that are still running but already deleted from the config
SVN-Revision: 36092
2013-03-19 16:18:05 +00:00
Jo-Philipp Wich
03cb7986fc
firewall3: update to git head
...
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197 )
- do not allow src_mac option for SNAT rules
SVN-Revision: 36090
2013-03-19 13:54:34 +00:00
Jo-Philipp Wich
54f9f47a28
firewall3: update to git head
...
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
SVN-Revision: 36009
2013-03-14 15:29:43 +00:00
Jo-Philipp Wich
9faa312dbb
firewall3: update to git head
...
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
SVN-Revision: 35998
2013-03-13 15:46:30 +00:00
Jo-Philipp Wich
8c7ed1cb7b
firewall3: update to git head
...
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
SVN-Revision: 35969
2013-03-11 20:52:20 +00:00
Jo-Philipp Wich
e259ecad7e
Revert "firewall3: update to git head"
...
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.
SVN-Revision: 35904
2013-03-08 19:52:18 +00:00
Jo-Philipp Wich
50213fc354
firewall3: update to git head
...
- introduce per-zone user chains
- support legacy "tcpudp" protocol notation
SVN-Revision: 35903
2013-03-08 15:27:33 +00:00
Jo-Philipp Wich
d75c632de6
firewall3: add default config and firewall.user
...
SVN-Revision: 35889
2013-03-05 13:45:09 +00:00
Jo-Philipp Wich
89be702bff
firewall3: update to git head, introduces support for "enabled" option
...
SVN-Revision: 35845
2013-03-02 17:09:33 +00:00
Jo-Philipp Wich
557c047f71
firewall3: clear contnrack table on flush, set policies to drop during rule reload
...
SVN-Revision: 35820
2013-02-27 14:09:37 +00:00
Jo-Philipp Wich
92062542e2
firewall: fix logging rule regression ( #12999 )
...
SVN-Revision: 35745
2013-02-22 13:45:20 +00:00
Jo-Philipp Wich
4fb2cd18c1
firewall3: add support for shell script and iptables-restore style includes
...
SVN-Revision: 35744
2013-02-22 12:45:38 +00:00
Steven Barth
a7b262dc0a
netifd: only update resolv.conf.auto if changed This avoids logspam under certain conditions.
...
SVN-Revision: 35743
2013-02-22 08:56:29 +00:00
Jo-Philipp Wich
7d7d88b580
firewall3: update to git head
...
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')
SVN-Revision: 35738
2013-02-21 22:33:44 +00:00
Jo-Philipp Wich
02b0c62f33
firewall3 - a C implementation of the current firewall scripts
...
SVN-Revision: 35643
2013-02-17 19:26:52 +00:00
Jo-Philipp Wich
e106f25ee7
firewall: various enhancements
...
- reduce mssfix related log spam (#10681 )
- separate src and dest terminal chains (#11453 , #12945 )
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
2013-02-04 14:38:33 +00:00
Steven Barth
6a43437908
netifd: Improved IPv6 featureset * Fix reloading of ula-prefixes * Added support for temporary addresses and routes * Added support for offlink addresses * Improved status-output for assigned prefixes
...
SVN-Revision: 35420
2013-02-01 12:28:43 +00:00
Felix Fietkau
65657fb585
netifd: update to latest version
...
fixes DNS servers on reload (#12910 )
fixes ubus object race on reload or down/up (#12612 )
SVN-Revision: 35383
2013-01-29 14:40:04 +00:00
Steven Barth
777f7b30ae
netifd: implement IPv6 prefix deprecation according to RFC 6204
...
SVN-Revision: 35377
2013-01-29 11:05:22 +00:00
Steven Barth
fac1ed35ac
netifd: remove IPv6 forwarding-sysctl workaround
...
SVN-Revision: 35369
2013-01-29 10:13:39 +00:00
Felix Fietkau
6ea9abadeb
netifd: update to latest version, fixes setting addresses/routes on alias interfaces
...
SVN-Revision: 35362
2013-01-28 20:35:55 +00:00
Jo-Philipp Wich
839f3ab0e7
firewall: flush conntrack table after changing interface rules
...
SVN-Revision: 35348
2013-01-28 15:53:44 +00:00
Steven Barth
ec41a6a08c
netifd: IPv6 sysctl, restart IPv6 in static mode to send RS
...
SVN-Revision: 35347
2013-01-28 14:07:27 +00:00
Steven Barth
75b06607db
netifd: add SLAAC ipv6 value for static-proto
...
SVN-Revision: 35346
2013-01-28 13:53:48 +00:00
Felix Fietkau
55eab5ac44
netifd: update to latest version, adds another fix for interface aliases
...
SVN-Revision: 35297
2013-01-22 16:05:59 +00:00
Steven Barth
5859fc7a39
netifd: Fix a segfault when globals.ula_prefix is empty
...
SVN-Revision: 35296
2013-01-22 15:49:42 +00:00
Steven Barth
f129c6786e
netifd: Fix segfaults in IPv6 prefix handling
...
SVN-Revision: 35259
2013-01-21 09:21:30 +00:00
Felix Fietkau
5bc6555e08
netifd: update to latest version, fixes alias support
...
SVN-Revision: 35251
2013-01-20 15:47:09 +00:00
Jo-Philipp Wich
f2766239ea
netifd: add a band-aid fix for the wifi setup vs. netifd init race by increasing the wait time to five seconds
...
SVN-Revision: 35240
2013-01-19 10:13:14 +00:00
Steven Barth
1ecc744583
netifd: @aliases use layer 3 devices instead of main devices Fixes dhcpv6 protocol alias
...
SVN-Revision: 35187
2013-01-17 08:28:51 +00:00
Steven Barth
06890959d1
netifd: Introduce native IPv6 prefix-handling
...
SVN-Revision: 35167
2013-01-15 13:07:41 +00:00
Jo-Philipp Wich
e5548b03e5
netifd: update to git head, adds 64bit counters
...
SVN-Revision: 35140
2013-01-13 19:48:52 +00:00
Steven Barth
b077480a59
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
...
SVN-Revision: 35012
2013-01-04 15:59:28 +00:00
Felix Fietkau
bf34eeaea4
netifd: update to latest version, fixes interface error reporting for shell proto handlers
...
SVN-Revision: 34741
2012-12-17 22:24:31 +00:00
Felix Fietkau
14281559e1
netifd: update to latest version, no longer needs the removed jshn_append() shell function
...
SVN-Revision: 34734
2012-12-17 14:57:15 +00:00
Felix Fietkau
860c2e8116
netifd: call /etc/udhcp.user from the netifd dhcp.script
...
This was done previously when dhcp was handled by the network scripts.
So netifd should behave the same.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 34704
2012-12-15 17:19:24 +00:00
John Crispin
06c9170a7c
move ltq-adsl-tool
...
SVN-Revision: 34694
2012-12-15 02:00:39 +00:00
Gabor Juhos
86cd825c1f
package/swconfig: don't use kernel headers
...
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34679
2012-12-14 12:11:50 +00:00
Felix Fietkau
b85c8a6361
netifd: update to latest version, fixes purging old resolv.conf entries after ifdown
...
SVN-Revision: 34664
2012-12-13 16:14:41 +00:00
Jo-Philipp Wich
16d0957a4e
firewall: fix typo in reflection hotplug script
...
SVN-Revision: 34569
2012-12-07 13:08:28 +00:00