| 2018-05-19 |
Jo-Philipp Wich | zones: add interface/subnet bound LOG rules
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-05-16 |
Jo-Philipp Wich | options: treat time strings as UTC times
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-03-13 |
Jo-Philipp Wich | Reword rule comments
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-03-13 |
Jo-Philipp Wich | defaults: add support for xt_FLOWOFFLOAD rule
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-03-10 |
Jo-Philipp Wich | ipsets: add support for specifying entries
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-03-02 |
Jo-Philipp Wich | iptables: fix possible NULL pointer access on constructing...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-02-20 |
Jo-Philipp Wich | helpers: implement explicit CT helper assignment support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-02-13 |
Jo-Philipp Wich | zones: disable masq when resolving of all masq_src...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-02-13 |
Jo-Philipp Wich | options: emit an empty address item when resolving...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2018-02-13 |
Jo-Philipp Wich | ubus: let fw3_ubus_address() return the number of resolved...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-05-27 |
Jo-Philipp Wich | options: remove stray continue statement
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-05-26 |
Jo-Philipp Wich | options: improve handling of negations when parsing...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-05-26 |
Jo-Philipp Wich | iptables: support -i, -o, -s and -d in option extra
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-05-12 |
Jo-Philipp Wich | iptables: add exception handling
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-04-27 |
Jo-Philipp Wich | zones: drop outgoing invalid traffic in masqueraded...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-04-27 |
Jo-Philipp Wich | rules: fix UCI context in error reporting
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-02-22 |
Jo-Philipp Wich | firewall3: fix handling of UTC times
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-02-07 |
Jo-Philipp Wich | iptables: support xtables API > 11
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2017-01-13 |
Jo-Philipp Wich | zones: do not check conntrack state in zone_*_dest_ACCEPT...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-29 |
Jo-Philipp Wich | global: remove automatic notrack rules
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-07 |
Jo-Philipp Wich | forwards: properly propagate conntrack flag
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-06 |
Jo-Philipp Wich | iptables: move includes into iptables.c to avoid kernel...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-06 |
Jo-Philipp Wich | iptables: remove usage of xt_id
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-06 |
Jo-Philipp Wich | main: make failing ubus connection nonfatal
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-06 |
Jo-Philipp Wich | iptables: rework extension loader
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-06 |
Jo-Philipp Wich | iptables: declare _GNU_SOURCE to define RTLD_NEXT
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-01 |
Jo-Philipp Wich | zones: properly handle multiple masq_src / masq_dest...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-11-01 |
Jo-Philipp Wich | iptables: use different approach for managing loadable...
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-08-08 |
Jo-Philipp Wich | zones: allow untracked traffic as well
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-08-08 |
Jo-Philipp Wich | defaults: disable drop_invalid by default
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-08-08 |
Jo-Philipp Wich | zones: restrict default ACCEPT rules to NEW ctstate
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-06-07 |
Jo-Philipp Wich | treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
commit | commitdiff | tree |
| 2016-01-29 |
Jo-Philipp Wich | defaults: emit ctstate INVALID drop rules by default
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2016-01-24 |
Jo-Philipp Wich | Remove commented code
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2016-01-24 |
Jo-Philipp Wich | Use xt_id match to track own rules
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-05-26 |
Jo-Philipp Wich | redirects: only emit REDIRECT rules if dest_ip is unset
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-05-26 |
Jo-Philipp Wich | Rework match initialization
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-05-26 |
Jo-Philipp Wich | Link libext dynamically
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-05-22 |
Jo-Philipp Wich | iptables: initialize multiport match
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-05-21 |
Jo-Philipp Wich | ubus: allow proto handlers to override device in announced...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-04-18 |
Jo-Philipp Wich | ubus: print rule name when reporting errors
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-04-18 |
Jo-Philipp Wich | ubus: store rule origin as comment
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-01-13 |
Jo-Philipp Wich | redirects: fix possible null pointer access
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2015-01-08 |
Jo-Philipp Wich | redirects: respect src_dip option for reflection rules
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-09-19 |
Jo-Philipp Wich | options: allow '*' as value for protocols and families
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-09-18 |
Jo-Philipp Wich | utils: rework fw3_bitlen2netmask() IPv6 mask calculation
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-09-17 |
Jo-Philipp Wich | redirect: emit -j REDIRECT rules for local port forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-09-17 |
Jo-Philipp Wich | utils: fix invalid memory access in fw3_bitlen2netmask()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-08-11 |
Jo-Philipp Wich | utils: ifa_addr may be NULL, skip such entries
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-08-11 |
Jo-Philipp Wich | Selectively flush conntrack
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-21 |
Jo-Philipp Wich | zones: make forward policy destination bound
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-19 |
Jo-Philipp Wich | options: fix logic flaw when parsing ipaddr/mask notation
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-19 |
Jo-Philipp Wich | Use netmasks instead of prefix lengths internally
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-10 |
Jo-Philipp Wich | ubus: handle attribute access after NULL check in parse_subn...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-10 |
Jo-Philipp Wich | ubus: fix fw3_ubus_address()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-10 |
Jo-Philipp Wich | ubus: fix fw3_ubus_device() to only return a pointer...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-07-03 |
Jo-Philipp Wich | options: fix fw3_parse_network() when destination pointer...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-04-11 |
Jo-Philipp Wich | Reapply SNAT/MASQUERADE rules on firewall reloads
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2014-04-06 |
Jo-Philipp Wich | Initial support for "config nat" rules - this allows...
|
commit | commitdiff | tree |
| 2014-02-21 |
Jo-Philipp Wich | Several ipset bugfixes
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
| 2013-12-17 |
Jo-Philipp Wich | Change set_default() to take value as integer, required...
|
commit | commitdiff | tree |
| 2013-12-17 |
Jo-Philipp Wich | Treat option tcp_ecn as integer, not bool
|
commit | commitdiff | tree |
| 2013-12-17 |
Jo-Philipp Wich | Properly check strtol() results when paring values...
|
commit | commitdiff | tree |
| 2013-11-18 |
Jo-Philipp Wich | Clean up dead code
|
commit | commitdiff | tree |
| 2013-11-18 |
Jo-Philipp Wich | Skip redirects with invalid options
|
commit | commitdiff | tree |
| 2013-11-18 |
Jo-Philipp Wich | Skip rules with invalid options
|
commit | commitdiff | tree |
| 2013-11-18 |
Jo-Philipp Wich | Change fw3_parse_options() to indicate whether all...
|
commit | commitdiff | tree |
| 2013-11-07 |
Jo-Philipp Wich | Use a global -m conntrack --ctstate DNAT rule to accept...
|
commit | commitdiff | tree |
| 2013-10-10 |
Jo-Philipp Wich | Use fw3_ipt_rule_replace() when setting up zone interface...
|
commit | commitdiff | tree |
| 2013-10-10 |
Jo-Philipp Wich | Use fw3_ipt_rule_replace() when setting up reflection
|
commit | commitdiff | tree |
| 2013-10-10 |
Jo-Philipp Wich | Allow any protocol for reflection rules
|
commit | commitdiff | tree |
| 2013-08-14 |
Jo-Philipp Wich | Reorganize chain layout for raw/NOTRACK rules to fix...
|
commit | commitdiff | tree |
| 2013-08-14 |
Jo-Philipp Wich | Use "-j CT --notrack" instead of deprecated "-j NOTRACK"
|
commit | commitdiff | tree |
| 2013-08-14 |
Jo-Philipp Wich | Revert "Make sure that NOTRACK is linked into firewall3...
|
commit | commitdiff | tree |
| 2013-08-14 |
Jo-Philipp Wich | Make sure that NOTRACK is linked into firewall3 if...
|
commit | commitdiff | tree |
| 2013-07-16 |
Jo-Philipp Wich | Treat redirects as port redirections if the specified...
|
commit | commitdiff | tree |
| 2013-06-29 |
Jo-Philipp Wich | Properly dereference struct ether_addr
|
commit | commitdiff | tree |
| 2013-06-29 |
Jo-Philipp Wich | Do not rely on ether_ntoa() when formatting mac addresses.
|
commit | commitdiff | tree |
| 2013-06-18 |
Jo-Philipp Wich | Don't mistreat unknown protocol names as "any protocol"
|
commit | commitdiff | tree |
| 2013-06-18 |
Jo-Philipp Wich | Fix processing of CIDRs with mask 0
|
commit | commitdiff | tree |
| 2013-06-13 |
Jo-Philipp Wich | Fix processing of negated options
|
commit | commitdiff | tree |
| 2013-06-13 |
Jo-Philipp Wich | Properly handle reject target in rules with specific...
|
commit | commitdiff | tree |
| 2013-06-06 |
Jo-Philipp Wich | Keep all basic chains on reload and only flush them...
|
commit | commitdiff | tree |
| 2013-06-06 |
Jo-Philipp Wich | Fix endian issue in compare_addr(), solves auto detection...
|
commit | commitdiff | tree |
| 2013-06-06 |
Jo-Philipp Wich | For ingress rules, only jump into zone_name_src_ACTION...
|
commit | commitdiff | tree |
| 2013-06-06 |
Jo-Philipp Wich | Implement limit and limit_burst options for rules.
|
commit | commitdiff | tree |
| 2013-06-05 |
Jo-Philipp Wich | Use zone_name_src_ACTION chain for input rules with...
|
commit | commitdiff | tree |
| 2013-06-05 |
Jo-Philipp Wich | Extend ipset option syntax to support specifying directions...
|
commit | commitdiff | tree |
| 2013-06-04 |
Jo-Philipp Wich | Fix wrong signature of fw3_xt_print_matches()
|
commit | commitdiff | tree |
| 2013-06-04 |
Jo-Philipp Wich | Add abstract fw3_xt_print_matches() and fw3_xt_print_target...
|
commit | commitdiff | tree |
| 2013-06-04 |
Jo-Philipp Wich | Fix wrong chain emitted for zone forward policy, the...
|
commit | commitdiff | tree |
| 2013-06-03 |
Jo-Philipp Wich | Decouple handle destroying from committing, add fw3_ipt_clos...
|
commit | commitdiff | tree |
| 2013-06-03 |
Jo-Philipp Wich | Do not let libxtables implicitely load extensions,...
|
commit | commitdiff | tree |
| 2013-05-27 |
Jo-Philipp Wich | Make IPv6 support optional
|
commit | commitdiff | tree |
| 2013-05-27 |
Jo-Philipp Wich | Add abstract fw3_xt_reset() implementation
|
commit | commitdiff | tree |
| 2013-05-27 |
Jo-Philipp Wich | Dynamically create rules for available libext*.a libraries...
|
commit | commitdiff | tree |
| 2013-05-27 |
Jo-Philipp Wich | Fix compatibility with older libiptc/libip6tc
|
commit | commitdiff | tree |
| 2013-05-26 |
Jo-Philipp Wich | Only emit different ip family warnings if the ip wasn...
|
commit | commitdiff | tree |
| 2013-05-26 |
Jo-Philipp Wich | Mark fw3_address objects that got resolved by fw3_parse_netw...
|
commit | commitdiff | tree |
| 2013-05-26 |
Jo-Philipp Wich | Change wording of inferred destination warning for...
|
commit | commitdiff | tree |
| next |
projects / project / firewall3.git / search