2015-01-13 |
Jo-Philipp Wich | redirects: fix possible null pointer access Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2015-01-08 |
Ulrich Weber | firewall3: fix left shift on 64 bit systems in fw3_bitlen2ne...
|
commit | commitdiff | tree |
2015-01-08 |
Jo-Philipp Wich | redirects: respect src_dip option for reflection rules Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-09-19 |
Jo-Philipp Wich | options: allow '*' as value for protocols and families Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-09-18 |
Jo-Philipp Wich | utils: rework fw3_bitlen2netmask() IPv6 mask calculation Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-09-17 |
Jo-Philipp Wich | redirect: emit -j REDIRECT rules for local port forwards Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-09-17 |
Jo-Philipp Wich | utils: fix invalid memory access in fw3_bitlen2netmask() Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-08-11 |
Jo-Philipp Wich | utils: ifa_addr may be NULL, skip such entries Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-08-11 |
Jo-Philipp Wich | Selectively flush conntrack Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-21 |
Jo-Philipp Wich | zones: make forward policy destination bound Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-19 |
Jo-Philipp Wich | options: fix logic flaw when parsing ipaddr/mask notation Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-19 |
Jo-Philipp Wich | Use netmasks instead of prefix lengths internally Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-10 |
Jo-Philipp Wich | ubus: handle attribute access after NULL check in parse_subn... Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-10 |
Jo-Philipp Wich | ubus: fix fw3_ubus_address() Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-10 |
Jo-Philipp Wich | ubus: fix fw3_ubus_device() to only return a pointer... Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-07-03 |
Jo-Philipp Wich | options: fix fw3_parse_network() when destination pointer... Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-04-11 |
Jo-Philipp Wich | Reapply SNAT/MASQUERADE rules on firewall reloads Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2014-04-06 |
Jo-Philipp Wich | Initial support for "config nat" rules - this allows...
|
commit | commitdiff | tree |
2014-02-21 |
Jo-Philipp Wich | Several ipset bugfixes Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
commit | commitdiff | tree |
2013-12-17 |
Jo-Philipp Wich | Change set_default() to take value as integer, required...
|
commit | commitdiff | tree |
2013-12-17 |
Jo-Philipp Wich | Treat option tcp_ecn as integer, not bool
|
commit | commitdiff | tree |
2013-12-17 |
Jo-Philipp Wich | Properly check strtol() results when paring values...
|
commit | commitdiff | tree |
2013-11-18 |
Jo-Philipp Wich | Clean up dead code
|
commit | commitdiff | tree |
2013-11-18 |
Jo-Philipp Wich | Skip redirects with invalid options
|
commit | commitdiff | tree |
2013-11-18 |
Jo-Philipp Wich | Skip rules with invalid options
|
commit | commitdiff | tree |
2013-11-18 |
Jo-Philipp Wich | Change fw3_parse_options() to indicate whether all...
|
commit | commitdiff | tree |
2013-11-07 |
Jo-Philipp Wich | Use a global -m conntrack --ctstate DNAT rule to accept...
|
commit | commitdiff | tree |
2013-10-23 |
Steven Barth | Improve ubus support
|
commit | commitdiff | tree |
2013-10-10 |
Jo-Philipp Wich | Use fw3_ipt_rule_replace() when setting up zone interface...
|
commit | commitdiff | tree |
2013-10-10 |
Jo-Philipp Wich | Use fw3_ipt_rule_replace() when setting up reflection
|
commit | commitdiff | tree |
2013-10-10 |
Jo-Philipp Wich | Allow any protocol for reflection rules
|
commit | commitdiff | tree |
2013-08-14 |
Jo-Philipp Wich | Reorganize chain layout for raw/NOTRACK rules to fix...
|
commit | commitdiff | tree |
2013-08-14 |
Jo-Philipp Wich | Use "-j CT --notrack" instead of deprecated "-j NOTRACK"
|
commit | commitdiff | tree |
2013-08-14 |
Jo-Philipp Wich | Revert "Make sure that NOTRACK is linked into firewall3...
|
commit | commitdiff | tree |
2013-08-14 |
Jo-Philipp Wich | Make sure that NOTRACK is linked into firewall3 if...
|
commit | commitdiff | tree |
2013-07-16 |
Jo-Philipp Wich | Treat redirects as port redirections if the specified...
|
commit | commitdiff | tree |
2013-06-29 |
Jo-Philipp Wich | Properly dereference struct ether_addr
|
commit | commitdiff | tree |
2013-06-29 |
Jo-Philipp Wich | Do not rely on ether_ntoa() when formatting mac addresses.
|
commit | commitdiff | tree |
2013-06-18 |
Jo-Philipp Wich | Don't mistreat unknown protocol names as "any protocol"
|
commit | commitdiff | tree |
2013-06-18 |
Jo-Philipp Wich | Fix processing of CIDRs with mask 0
|
commit | commitdiff | tree |
2013-06-13 |
Jo-Philipp Wich | Fix processing of negated options
|
commit | commitdiff | tree |
2013-06-13 |
Jo-Philipp Wich | Properly handle reject target in rules with specific...
|
commit | commitdiff | tree |
2013-06-06 |
Jo-Philipp Wich | Keep all basic chains on reload and only flush them...
|
commit | commitdiff | tree |
2013-06-06 |
Jo-Philipp Wich | Fix endian issue in compare_addr(), solves auto detection...
|
commit | commitdiff | tree |
2013-06-06 |
Jo-Philipp Wich | For ingress rules, only jump into zone_name_src_ACTION...
|
commit | commitdiff | tree |
2013-06-06 |
Jo-Philipp Wich | Implement limit and limit_burst options for rules.
|
commit | commitdiff | tree |
2013-06-05 |
Jo-Philipp Wich | Use zone_name_src_ACTION chain for input rules with...
|
commit | commitdiff | tree |
2013-06-05 |
Jo-Philipp Wich | Extend ipset option syntax to support specifying directions...
|
commit | commitdiff | tree |
2013-06-04 |
Jo-Philipp Wich | Fix wrong signature of fw3_xt_print_matches()
|
commit | commitdiff | tree |
2013-06-04 |
Jo-Philipp Wich | Add abstract fw3_xt_print_matches() and fw3_xt_print_target...
|
commit | commitdiff | tree |
2013-06-04 |
Jo-Philipp Wich | Fix wrong chain emitted for zone forward policy, the...
|
commit | commitdiff | tree |
2013-06-03 |
Jo-Philipp Wich | Decouple handle destroying from committing, add fw3_ipt_clos...
|
commit | commitdiff | tree |
2013-06-03 |
Jo-Philipp Wich | Do not let libxtables implicitely load extensions,...
|
commit | commitdiff | tree |
2013-05-27 |
Jo-Philipp Wich | Make IPv6 support optional
|
commit | commitdiff | tree |
2013-05-27 |
Jo-Philipp Wich | Add abstract fw3_xt_reset() implementation
|
commit | commitdiff | tree |
2013-05-27 |
Jo-Philipp Wich | Dynamically create rules for available libext*.a libraries...
|
commit | commitdiff | tree |
2013-05-27 |
Jo-Philipp Wich | Fix compatibility with older libiptc/libip6tc
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Only emit different ip family warnings if the ip wasn...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Mark fw3_address objects that got resolved by fw3_parse_netw...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Change wording of inferred destination warning for...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Replace fw3_free_zone() with the generic implementation
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Avoid segfault when freeing rules whose target could...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Infer destination zone of DNAT redirects from dest_ip...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Add fw3_resolve_zone_addresses() helper to obtain a...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Remove fw3_ubus_address_free() and use fw3_free_list...
|
commit | commitdiff | tree |
2013-05-26 |
Jo-Philipp Wich | Add fw3_free_list() helper
|
commit | commitdiff | tree |
2013-05-25 |
Jo-Philipp Wich | Fix output rules with "option dest *"
|
commit | commitdiff | tree |
2013-05-25 |
Jo-Philipp Wich | Allow devices for src_ip, src_dip and dest_ip options
|
commit | commitdiff | tree |
2013-05-24 |
Jo-Philipp Wich | Pass -Wl,--whole-archive and -Wl,--no-whole-archive...
|
commit | commitdiff | tree |
2013-05-23 |
Jo-Philipp Wich | Don't leak memory when encountering unknown match or...
|
commit | commitdiff | tree |
2013-05-23 |
Jo-Philipp Wich | Use weak function pointers to call extension init functions...
|
commit | commitdiff | tree |
2013-05-22 |
Jo-Philipp Wich | Limit zone names to 14 bytes
|
commit | commitdiff | tree |
2013-05-22 |
Jo-Philipp Wich | Add required ipset declarations for kernels < 3.7
|
commit | commitdiff | tree |
2013-05-22 |
Jo-Philipp Wich | Further fixes for zone reloads
|
commit | commitdiff | tree |
2013-05-22 |
Jo-Philipp Wich | Only perform selective reload if firewall was already...
|
commit | commitdiff | tree |
2013-05-21 |
Jo-Philipp Wich | Fix another crash bug if ipsets are supported but none...
|
commit | commitdiff | tree |
2013-05-21 |
Jo-Philipp Wich | Fix rules for custom filter chains
|
commit | commitdiff | tree |
2013-05-21 |
Jo-Philipp Wich | Do not print to pipe or close command if nothing was...
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Add missing libip6t_REJECT initialization
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Only initialize extensions we actually use
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Wait for ipsets to appear before continuing
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Restore iptables-save include functionality
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Also add comments for unnamed rules
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Only process selected family for print
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Include iptables command and table name in iptables...
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Add debug prints for policy setting, don't commit ruleset...
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Rename struct fw3_rule_spec to struct fw3_chain_spec...
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Remove now unused fw3_pr_rulespec()
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Remove now unused fw3_format_*() functions
|
commit | commitdiff | tree |
2013-05-17 |
Jo-Philipp Wich | Drop iptables-restore and create rules through libiptc...
|
commit | commitdiff | tree |
2013-05-13 |
Jo-Philipp Wich | Use libiptc to clear current ruleset
|
commit | commitdiff | tree |
2013-05-08 |
Jo-Philipp Wich | Force fsync() after writing statefile
|
commit | commitdiff | tree |
2013-05-08 |
Jo-Philipp Wich | Make reload atomic
|
commit | commitdiff | tree |
2013-05-06 |
Jo-Philipp Wich | Family "any" is not applicable to ipsets, default to...
|
commit | commitdiff | tree |
2013-05-02 |
Jo-Philipp Wich | Simplify ipset external checks and optionally initialize...
|
commit | commitdiff | tree |
2013-05-02 |
Jo-Philipp Wich | Check whether ipset exists before referencing it in...
|
commit | commitdiff | tree |
2013-05-02 |
Jo-Philipp Wich | Record device-network relation in state file, fix zone...
|
commit | commitdiff | tree |
2013-04-30 |
Jo-Philipp Wich | Record default policies in state file
|
commit | commitdiff | tree |
2013-04-30 |
Jo-Philipp Wich | Store ipset storage method and matches in state file...
|
commit | commitdiff | tree |
2013-04-30 |
Jo-Philipp Wich | Send quit comment in fw3_destroy_ipsets() and initialize...
|
commit | commitdiff | tree |
next |