summaryrefslogtreecommitdiffstats
AgeCommit message (Expand)Author
2015-01-08firewall3: fix left shift on 64 bit systems in fw3_bitlen2netmaskUlrich Weber
2015-01-08redirects: respect src_dip option for reflection rulesJo-Philipp Wich
2014-09-19options: allow '*' as value for protocols and familiesJo-Philipp Wich
2014-09-18utils: rework fw3_bitlen2netmask() IPv6 mask calculationJo-Philipp Wich
2014-09-17redirect: emit -j REDIRECT rules for local port forwardsJo-Philipp Wich
2014-09-17utils: fix invalid memory access in fw3_bitlen2netmask()Jo-Philipp Wich
2014-08-11utils: ifa_addr may be NULL, skip such entriesJo-Philipp Wich
2014-08-11Selectively flush conntrackJo-Philipp Wich
2014-07-21zones: make forward policy destination boundJo-Philipp Wich
2014-07-19options: fix logic flaw when parsing ipaddr/mask notationJo-Philipp Wich
2014-07-19Use netmasks instead of prefix lengths internallyJo-Philipp Wich
2014-07-10ubus: handle attribute access after NULL check in parse_subnets()Jo-Philipp Wich
2014-07-10ubus: fix fw3_ubus_address()Jo-Philipp Wich
2014-07-10ubus: fix fw3_ubus_device() to only return a pointer if a device was foundJo-Philipp Wich
2014-07-03options: fix fw3_parse_network() when destination pointer is not a listJo-Philipp Wich
2014-07-02ubus: add support for fetching firewall rules from procdFelix Fietkau
2014-06-30ubus: use blobmsg_parse to validate device attributes and decouple the found device name from the order in which elements appearFelix Fietkau
2014-06-30make fw3_ubus_address take a list_head * argument instead of allocating & returning oneFelix Fietkau
2014-06-30use calloc instead of malloc+memsetFelix Fietkau
2014-06-30ubus: use blobmsg_parse to validate data from network.interface:dumpFelix Fietkau
2014-06-26Add fw3 zone call to list devices in a zoneSteven Barth
2014-04-14Add support for netifd-generated rulesSteven Barth
2014-04-14Add support for device and direction parametersSteven Barth
2014-04-14snat: add support for connlimiting port-range SNATSteven Barth
2014-04-14Fix building with newer toolchainsSteven Barth
2014-04-14snat: ICMP can be port-natted as wellSteven Barth
2014-04-14nat: allow ACCEPT-target to explicitely disable NATSteven Barth
2014-04-11Reapply SNAT/MASQUERADE rules on firewall reloadsJo-Philipp Wich
2014-04-06Initial support for "config nat" rules - this allows configuring zone-independant SNAT and MASQUERADE rulesJo-Philipp Wich
2014-03-20utils: define _GNU_SOURCE to get clearenv()Felix Fietkau
2014-02-21Several ipset bugfixesJo-Philipp Wich
2013-12-17Change set_default() to take value as integer, required for tcp_ecn > 1Jo-Philipp Wich
2013-12-17Treat option tcp_ecn as integer, not boolJo-Philipp Wich
2013-12-17Properly check strtol() results when paring values as integersJo-Philipp Wich
2013-11-18Clean up dead codeJo-Philipp Wich
2013-11-18Skip redirects with invalid optionsJo-Philipp Wich
2013-11-18Skip rules with invalid optionsJo-Philipp Wich
2013-11-18Change fw3_parse_options() to indicate whether all options where parsed successfullyJo-Philipp Wich
2013-11-07Use a global -m conntrack --ctstate DNAT rule to accept all port forwards of a given zone in filterJo-Philipp Wich
2013-10-23Improve ubus supportSteven Barth
2013-10-10Use fw3_ipt_rule_replace() when setting up zone interface rulesJo-Philipp Wich
2013-10-10Use fw3_ipt_rule_replace() when setting up reflectionJo-Philipp Wich
2013-10-10Allow any protocol for reflection rulesJo-Philipp Wich
2013-08-14Reorganize chain layout for raw/NOTRACK rules to fix support for custom rules with target "NOTRACK"Jo-Philipp Wich
2013-08-14Use "-j CT --notrack" instead of deprecated "-j NOTRACK"Jo-Philipp Wich
2013-08-14Revert "Make sure that NOTRACK is linked into firewall3 if it is part of libext*.a"Jo-Philipp Wich
2013-08-14Make sure that NOTRACK is linked into firewall3 if it is part of libext*.aJo-Philipp Wich
2013-07-16Treat redirects as port redirections if the specified dest_ip belongs to the router itself, this is a compatibility fix to firewall2.Jo-Philipp Wich
2013-06-29Properly dereference struct ether_addrJo-Philipp Wich
2013-06-29Do not rely on ether_ntoa() when formatting mac addresses.Jo-Philipp Wich
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-21 10:15:44 +0000