projects
/
project
/
firewall3.git
/ search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
zones: do not check conntrack state in zone_*_dest_ACCEPT chains
2017-01-13
Jo-Philipp Wich
zones: do not check conntrack state in zone_*_dest_ACCEPT...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-29
Jo-Philipp Wich
global: remove automatic notrack rules
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-07
Jo-Philipp Wich
forwards: properly propagate conntrack flag
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: move includes into iptables.c to avoid kernel...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Ralph Sennhauser
musl-compat: avoid kernel header conflicts
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: remove usage of xt_id
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
main: make failing ubus connection nonfatal
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: rework extension loader
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: declare _GNU_SOURCE to define RTLD_NEXT
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Ralph Sennhauser
iptables: optional loading of static extensions
[
Jo-Philipp Wich
: stub init_extensions*() instead...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-05
Ralph Sennhauser
iptables: fix loading standard target
[
Jo-Philipp Wich
: minor code style change to if...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-04
Ralph Sennhauser
iptables: add support for version 1.6.0
commit
|
commitdiff
|
tree
2016-11-01
Jo-Philipp Wich
zones: properly handle multiple masq_src / masq_dest...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-01
Jo-Philipp Wich
iptables: use different approach for managing loadable...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
zones: allow untracked traffic as well
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
defaults: disable drop_invalid by default
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
zones: restrict default ACCEPT rules to NEW ctstate
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-06-07
Jo-Philipp Wich
treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-05-02
Alin Năstac
load running state after lock is acquired
commit
|
commitdiff
|
tree
2016-04-28
Daniel Golle
set mark for locally generated traffic in OUTPUT chain
commit
|
commitdiff
|
tree
2016-04-27
Alexandru Ardelean
defaults.c: remove toplevel_rule struct
commit
|
commitdiff
|
tree
2016-01-29
Jo-Philipp Wich
defaults: emit ctstate INVALID drop rules by default
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2016-01-29
Len White
iptables: fix inversion flags
commit
|
commitdiff
|
tree
2016-01-24
Jo-Philipp Wich
Remove commented code
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2016-01-24
Jo-Philipp Wich
Use xt_id match to track own rules
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
redirects: only emit REDIRECT rules if dest_ip is unset
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
Rework match initialization
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
Link libext dynamically
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-22
Jo-Philipp Wich
iptables: initialize multiport match
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-21
Jo-Philipp Wich
ubus: allow proto handlers to override device in announced...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-04-18
Jo-Philipp Wich
ubus: print rule name when reporting errors
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-04-18
Jo-Philipp Wich
ubus: store rule origin as comment
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-01-13
Jo-Philipp Wich
redirects: fix possible null pointer access
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-01-08
Ulrich Weber
firewall3: fix left shift on 64 bit systems in fw3_bitlen2ne...
commit
|
commitdiff
|
tree
2015-01-08
Jo-Philipp Wich
redirects: respect src_dip option for reflection rules
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-19
Jo-Philipp Wich
options: allow '*' as value for protocols and families
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-18
Jo-Philipp Wich
utils: rework fw3_bitlen2netmask() IPv6 mask calculation
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-17
Jo-Philipp Wich
redirect: emit -j REDIRECT rules for local port forwards
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-17
Jo-Philipp Wich
utils: fix invalid memory access in fw3_bitlen2netmask()
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-08-11
Jo-Philipp Wich
utils: ifa_addr may be NULL, skip such entries
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-08-11
Jo-Philipp Wich
Selectively flush conntrack
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-21
Jo-Philipp Wich
zones: make forward policy destination bound
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-19
Jo-Philipp Wich
options: fix logic flaw when parsing ipaddr/mask notation
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-19
Jo-Philipp Wich
Use netmasks instead of prefix lengths internally
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: handle attribute access after NULL check in parse_subn...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: fix fw3_ubus_address()
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: fix fw3_ubus_device() to only return a pointer...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-03
Jo-Philipp Wich
options: fix fw3_parse_network() when destination pointer...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-04-11
Jo-Philipp Wich
Reapply SNAT/MASQUERADE rules on firewall reloads
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-04-06
Jo-Philipp Wich
Initial support for "config nat" rules - this allows...
commit
|
commitdiff
|
tree
2014-02-21
Jo-Philipp Wich
Several ipset bugfixes
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Change set_default() to take value as integer, required...
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Treat option tcp_ecn as integer, not bool
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Properly check strtol() results when paring values...
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Clean up dead code
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Skip redirects with invalid options
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Skip rules with invalid options
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Change fw3_parse_options() to indicate whether all...
commit
|
commitdiff
|
tree
2013-11-07
Jo-Philipp Wich
Use a global -m conntrack --ctstate DNAT rule to accept...
commit
|
commitdiff
|
tree
2013-10-23
Steven Barth
Improve ubus support
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Use fw3_ipt_rule_replace() when setting up zone interface...
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Use fw3_ipt_rule_replace() when setting up reflection
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Allow any protocol for reflection rules
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Reorganize chain layout for raw/NOTRACK rules to fix...
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Use "-j CT --notrack" instead of deprecated "-j NOTRACK"
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Revert "Make sure that NOTRACK is linked into firewall3...
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Make sure that NOTRACK is linked into firewall3 if...
commit
|
commitdiff
|
tree
2013-07-16
Jo-Philipp Wich
Treat redirects as port redirections if the specified...
commit
|
commitdiff
|
tree
2013-06-29
Jo-Philipp Wich
Properly dereference struct ether_addr
commit
|
commitdiff
|
tree
2013-06-29
Jo-Philipp Wich
Do not rely on ether_ntoa() when formatting mac addresses.
commit
|
commitdiff
|
tree
2013-06-18
Jo-Philipp Wich
Don't mistreat unknown protocol names as "any protocol"
commit
|
commitdiff
|
tree
2013-06-18
Jo-Philipp Wich
Fix processing of CIDRs with mask 0
commit
|
commitdiff
|
tree
2013-06-13
Jo-Philipp Wich
Fix processing of negated options
commit
|
commitdiff
|
tree
2013-06-13
Jo-Philipp Wich
Properly handle reject target in rules with specific...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Keep all basic chains on reload and only flush them...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Fix endian issue in compare_addr(), solves auto detection...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
For ingress rules, only jump into zone_name_src_ACTION...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Implement limit and limit_burst options for rules.
commit
|
commitdiff
|
tree
2013-06-05
Jo-Philipp Wich
Use zone_name_src_ACTION chain for input rules with...
commit
|
commitdiff
|
tree
2013-06-05
Jo-Philipp Wich
Extend ipset option syntax to support specifying directions...
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Fix wrong signature of fw3_xt_print_matches()
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Add abstract fw3_xt_print_matches() and fw3_xt_print_target...
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Fix wrong chain emitted for zone forward policy, the...
commit
|
commitdiff
|
tree
2013-06-03
Jo-Philipp Wich
Decouple handle destroying from committing, add fw3_ipt_clos...
commit
|
commitdiff
|
tree
2013-06-03
Jo-Philipp Wich
Do not let libxtables implicitely load extensions,...
commit
|
commitdiff
|
tree
2013-05-27
Jo-Philipp Wich
Make IPv6 support optional
commit
|
commitdiff
|
tree
2013-05-27
Jo-Philipp Wich
Add abstract fw3_xt_reset() implementation
commit
|
commitdiff
|
tree
2013-05-27
Jo-Philipp Wich
Dynamically create rules for available libext*.a libraries...
commit
|
commitdiff
|
tree
2013-05-27
Jo-Philipp Wich
Fix compatibility with older libiptc/libip6tc
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Only emit different ip family warnings if the ip wasn...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Mark fw3_address objects that got resolved by fw3_parse_netw...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Change wording of inferred destination warning for...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Replace fw3_free_zone() with the generic implementation
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Avoid segfault when freeing rules whose target could...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Infer destination zone of DNAT redirects from dest_ip...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Add fw3_resolve_zone_addresses() helper to obtain a...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Remove fw3_ubus_address_free() and use fw3_free_list...
commit
|
commitdiff
|
tree
2013-05-26
Jo-Philipp Wich
Add fw3_free_list() helper
commit
|
commitdiff
|
tree
2013-05-25
Jo-Philipp Wich
Fix output rules with "option dest *"
commit
|
commitdiff
|
tree
2013-05-25
Jo-Philipp Wich
Allow devices for src_ip, src_dip and dest_ip options
commit
|
commitdiff
|
tree
next