2014-04-14 |
Steven Barth | snat: add support for connlimiting port-range SNAT |
commit | commitdiff | tree | snapshot |
2014-04-14 |
Steven Barth | Fix building with newer toolchains |
commit | commitdiff | tree | snapshot |
2014-04-14 |
Steven Barth | snat: ICMP can be port-natted as well |
commit | commitdiff | tree | snapshot |
2014-04-14 |
Steven Barth | nat: allow ACCEPT-target to explicitely disable NAT |
commit | commitdiff | tree | snapshot |
2014-04-11 |
Jo-Philipp... | Reapply SNAT/MASQUERADE rules on firewall reloads |
commit | commitdiff | tree | snapshot |
2014-04-06 |
Jo-Philipp... | Initial support for "config nat" rules - this allows... |
commit | commitdiff | tree | snapshot |
2014-03-20 |
Felix Fietkau | utils: define _GNU_SOURCE to get clearenv() |
commit | commitdiff | tree | snapshot |
2014-02-21 |
Jo-Philipp... | Several ipset bugfixes |
commit | commitdiff | tree | snapshot |
2013-12-17 |
Jo-Philipp... | Change set_default() to take value as integer, required... |
commit | commitdiff | tree | snapshot |
2013-12-17 |
Jo-Philipp... | Treat option tcp_ecn as integer, not bool |
commit | commitdiff | tree | snapshot |
2013-12-17 |
Jo-Philipp... | Properly check strtol() results when paring values... |
commit | commitdiff | tree | snapshot |
2013-11-18 |
Jo-Philipp... | Clean up dead code |
commit | commitdiff | tree | snapshot |
2013-11-18 |
Jo-Philipp... | Skip redirects with invalid options |
commit | commitdiff | tree | snapshot |
2013-11-18 |
Jo-Philipp... | Skip rules with invalid options |
commit | commitdiff | tree | snapshot |
2013-11-18 |
Jo-Philipp... | Change fw3_parse_options() to indicate whether all... |
commit | commitdiff | tree | snapshot |
2013-11-07 |
Jo-Philipp... | Use a global -m conntrack --ctstate DNAT rule to accept... |
commit | commitdiff | tree | snapshot |
2013-10-23 |
Steven Barth | Improve ubus support |
commit | commitdiff | tree | snapshot |
2013-10-10 |
Jo-Philipp... | Use fw3_ipt_rule_replace() when setting up zone interfa... |
commit | commitdiff | tree | snapshot |
2013-10-10 |
Jo-Philipp... | Use fw3_ipt_rule_replace() when setting up reflection |
commit | commitdiff | tree | snapshot |
2013-10-10 |
Jo-Philipp... | Allow any protocol for reflection rules |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Reorganize chain layout for raw/NOTRACK rules to fix... |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Use "-j CT --notrack" instead of deprecated "-j NOTRACK" |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Revert "Make sure that NOTRACK is linked into firewall3... |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Make sure that NOTRACK is linked into firewall3 if... |
commit | commitdiff | tree | snapshot |
2013-07-16 |
Jo-Philipp... | Treat redirects as port redirections if the specified... |
commit | commitdiff | tree | snapshot |
2013-06-29 |
Jo-Philipp... | Properly dereference struct ether_addr |
commit | commitdiff | tree | snapshot |
2013-06-29 |
Jo-Philipp... | Do not rely on ether_ntoa() when formatting mac addresses. |
commit | commitdiff | tree | snapshot |
2013-06-18 |
Jo-Philipp... | Don't mistreat unknown protocol names as "any protocol" |
commit | commitdiff | tree | snapshot |
2013-06-18 |
Jo-Philipp... | Fix processing of CIDRs with mask 0 |
commit | commitdiff | tree | snapshot |
2013-06-13 |
Jo-Philipp... | Fix processing of negated options |
commit | commitdiff | tree | snapshot |
2013-06-13 |
Jo-Philipp... | Properly handle reject target in rules with specific... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Keep all basic chains on reload and only flush them... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Fix endian issue in compare_addr(), solves auto detecti... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | For ingress rules, only jump into zone_name_src_ACTION... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Implement limit and limit_burst options for rules. |
commit | commitdiff | tree | snapshot |
2013-06-05 |
Jo-Philipp... | Use zone_name_src_ACTION chain for input rules with... |
commit | commitdiff | tree | snapshot |
2013-06-05 |
Jo-Philipp... | Extend ipset option syntax to support specifying direct... |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Fix wrong signature of fw3_xt_print_matches() |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Add abstract fw3_xt_print_matches() and fw3_xt_print_ta... |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Fix wrong chain emitted for zone forward policy, the... |
commit | commitdiff | tree | snapshot |
2013-06-03 |
Jo-Philipp... | Decouple handle destroying from committing, add fw3_ipt... |
commit | commitdiff | tree | snapshot |
2013-06-03 |
Jo-Philipp... | Do not let libxtables implicitely load extensions,... |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Make IPv6 support optional |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Add abstract fw3_xt_reset() implementation |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Dynamically create rules for available libext*.a librar... |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Fix compatibility with older libiptc/libip6tc |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Only emit different ip family warnings if the ip wasn... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Mark fw3_address objects that got resolved by fw3_parse... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Change wording of inferred destination warning for... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Replace fw3_free_zone() with the generic implementation |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Avoid segfault when freeing rules whose target could... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Infer destination zone of DNAT redirects from dest_ip... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Add fw3_resolve_zone_addresses() helper to obtain a... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Remove fw3_ubus_address_free() and use fw3_free_list... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Add fw3_free_list() helper |
commit | commitdiff | tree | snapshot |
2013-05-25 |
Jo-Philipp... | Fix output rules with "option dest *" |
commit | commitdiff | tree | snapshot |
2013-05-25 |
Jo-Philipp... | Allow devices for src_ip, src_dip and dest_ip options |
commit | commitdiff | tree | snapshot |
2013-05-24 |
Jo-Philipp... | Pass -Wl,--whole-archive and -Wl,--no-whole-archive... |
commit | commitdiff | tree | snapshot |
2013-05-23 |
Jo-Philipp... | Don't leak memory when encountering unknown match or... |
commit | commitdiff | tree | snapshot |
2013-05-23 |
Jo-Philipp... | Use weak function pointers to call extension init funct... |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Limit zone names to 14 bytes |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Add required ipset declarations for kernels < 3.7 |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Further fixes for zone reloads |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Only perform selective reload if firewall was already... |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Fix another crash bug if ipsets are supported but none... |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Fix rules for custom filter chains |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Do not print to pipe or close command if nothing was... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Add missing libip6t_REJECT initialization |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Only initialize extensions we actually use |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Wait for ipsets to appear before continuing |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Restore iptables-save include functionality |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Also add comments for unnamed rules |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Only process selected family for print |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Include iptables command and table name in iptables... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Add debug prints for policy setting, don't commit rules... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Rename struct fw3_rule_spec to struct fw3_chain_spec... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Remove now unused fw3_pr_rulespec() |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Remove now unused fw3_format_*() functions |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Drop iptables-restore and create rules through libiptc... |
commit | commitdiff | tree | snapshot |
2013-05-13 |
Jo-Philipp... | Use libiptc to clear current ruleset |
commit | commitdiff | tree | snapshot |
2013-05-08 |
Jo-Philipp... | Force fsync() after writing statefile |
commit | commitdiff | tree | snapshot |
2013-05-08 |
Jo-Philipp... | Make reload atomic |
commit | commitdiff | tree | snapshot |
2013-05-06 |
Jo-Philipp... | Family "any" is not applicable to ipsets, default to... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Simplify ipset external checks and optionally initializ... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Check whether ipset exists before referencing it in... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Record device-network relation in state file, fix zone... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Record default policies in state file |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Store ipset storage method and matches in state file... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Send quit comment in fw3_destroy_ipsets() and initializ... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Don't track family of ipsets |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Fix parsing of ipset datatypes |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Track ipsets in state file |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Write statefile flags in hexadecimal format |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Allow hex notation in int type options |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Add common fw3_address_to_string() helper function |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove referenced to unused FW3_FLAG_DELETED flag |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove unused "running" argument form fw3_lookup_ipset() |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove unused "running" argument form fw3_lookup_zone() |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Split runtime and config states, store runtime state... |
commit | commitdiff | tree | snapshot |
2013-04-09 |
Jo-Philipp... | Add support for fwmark matches and targets |
commit | commitdiff | tree | snapshot |
next |