projects
/
project
/
firewall3.git
/ search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
rules: fix device and chain usage for DSCP/MARK targets
2020-12-06
Jo-Philipp Wich
iptables: fix serializing multiple weekdays
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2020-06-03
Jo-Philipp Wich
treewide: replace unsafe string functions
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2020-06-02
Jo-Philipp Wich
improve reload logic
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2019-11-22
Jo-Philipp Wich
utils: persist effective extra_src and extra_dest options...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2019-11-22
Jo-Philipp Wich
zones: fix emitting match rules for zones with only...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2019-09-18
Jo-Philipp Wich
ubus: do not overwrite ipset name attribute
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-08-13
Jo-Philipp Wich
defaults: fix check_kmod() function
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-08-03
Jo-Philipp Wich
Add support for DSCP matches and target
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-07-26
Jo-Philipp Wich
ubus: avoid dumping interface state with NULL message
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-05-19
Jo-Philipp Wich
zones: add interface/subnet bound LOG rules
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-05-16
Jo-Philipp Wich
options: treat time strings as UTC times
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-03-13
Jo-Philipp Wich
Reword rule comments
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-03-13
Jo-Philipp Wich
defaults: add support for xt_FLOWOFFLOAD rule
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-03-10
Jo-Philipp Wich
ipsets: add support for specifying entries
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-03-02
Jo-Philipp Wich
iptables: fix possible NULL pointer access on constructing...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-02-20
Jo-Philipp Wich
helpers: implement explicit CT helper assignment support
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-02-13
Jo-Philipp Wich
zones: disable masq when resolving of all masq_src...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-02-13
Jo-Philipp Wich
options: emit an empty address item when resolving...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2018-02-13
Jo-Philipp Wich
ubus: let fw3_ubus_address() return the number of resolved...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-05-27
Jo-Philipp Wich
options: remove stray continue statement
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-05-26
Jo-Philipp Wich
options: improve handling of negations when parsing...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-05-26
Jo-Philipp Wich
iptables: support -i, -o, -s and -d in option extra
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-05-12
Jo-Philipp Wich
iptables: add exception handling
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-04-27
Jo-Philipp Wich
zones: drop outgoing invalid traffic in masqueraded...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-04-27
Jo-Philipp Wich
rules: fix UCI context in error reporting
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-02-22
Jo-Philipp Wich
firewall3: fix handling of UTC times
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-02-07
Jo-Philipp Wich
iptables: support xtables API > 11
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2017-01-13
Jo-Philipp Wich
zones: do not check conntrack state in zone_*_dest_ACCEPT...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-29
Jo-Philipp Wich
global: remove automatic notrack rules
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-07
Jo-Philipp Wich
forwards: properly propagate conntrack flag
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: move includes into iptables.c to avoid kernel...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: remove usage of xt_id
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
main: make failing ubus connection nonfatal
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: rework extension loader
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-06
Jo-Philipp Wich
iptables: declare _GNU_SOURCE to define RTLD_NEXT
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-01
Jo-Philipp Wich
zones: properly handle multiple masq_src / masq_dest...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-11-01
Jo-Philipp Wich
iptables: use different approach for managing loadable...
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
zones: allow untracked traffic as well
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
defaults: disable drop_invalid by default
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-08-08
Jo-Philipp Wich
zones: restrict default ACCEPT rules to NEW ctstate
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-06-07
Jo-Philipp Wich
treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by:
Jo-Philipp Wich
<jo@mein.io>
commit
|
commitdiff
|
tree
2016-01-29
Jo-Philipp Wich
defaults: emit ctstate INVALID drop rules by default
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2016-01-24
Jo-Philipp Wich
Remove commented code
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2016-01-24
Jo-Philipp Wich
Use xt_id match to track own rules
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
redirects: only emit REDIRECT rules if dest_ip is unset
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
Rework match initialization
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-26
Jo-Philipp Wich
Link libext dynamically
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-22
Jo-Philipp Wich
iptables: initialize multiport match
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-05-21
Jo-Philipp Wich
ubus: allow proto handlers to override device in announced...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-04-18
Jo-Philipp Wich
ubus: print rule name when reporting errors
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-04-18
Jo-Philipp Wich
ubus: store rule origin as comment
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-01-13
Jo-Philipp Wich
redirects: fix possible null pointer access
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2015-01-08
Jo-Philipp Wich
redirects: respect src_dip option for reflection rules
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-19
Jo-Philipp Wich
options: allow '*' as value for protocols and families
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-18
Jo-Philipp Wich
utils: rework fw3_bitlen2netmask() IPv6 mask calculation
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-17
Jo-Philipp Wich
redirect: emit -j REDIRECT rules for local port forwards
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-09-17
Jo-Philipp Wich
utils: fix invalid memory access in fw3_bitlen2netmask()
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-08-11
Jo-Philipp Wich
utils: ifa_addr may be NULL, skip such entries
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-08-11
Jo-Philipp Wich
Selectively flush conntrack
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-21
Jo-Philipp Wich
zones: make forward policy destination bound
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-19
Jo-Philipp Wich
options: fix logic flaw when parsing ipaddr/mask notation
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-19
Jo-Philipp Wich
Use netmasks instead of prefix lengths internally
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: handle attribute access after NULL check in parse_subn...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: fix fw3_ubus_address()
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-10
Jo-Philipp Wich
ubus: fix fw3_ubus_device() to only return a pointer...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-07-03
Jo-Philipp Wich
options: fix fw3_parse_network() when destination pointer...
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-04-11
Jo-Philipp Wich
Reapply SNAT/MASQUERADE rules on firewall reloads
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2014-04-06
Jo-Philipp Wich
Initial support for "config nat" rules - this allows...
commit
|
commitdiff
|
tree
2014-02-21
Jo-Philipp Wich
Several ipset bugfixes
Signed-off-by:
Jo-Philipp Wich
<jow@openwrt.org>
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Change set_default() to take value as integer, required...
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Treat option tcp_ecn as integer, not bool
commit
|
commitdiff
|
tree
2013-12-17
Jo-Philipp Wich
Properly check strtol() results when paring values...
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Clean up dead code
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Skip redirects with invalid options
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Skip rules with invalid options
commit
|
commitdiff
|
tree
2013-11-18
Jo-Philipp Wich
Change fw3_parse_options() to indicate whether all...
commit
|
commitdiff
|
tree
2013-11-07
Jo-Philipp Wich
Use a global -m conntrack --ctstate DNAT rule to accept...
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Use fw3_ipt_rule_replace() when setting up zone interface...
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Use fw3_ipt_rule_replace() when setting up reflection
commit
|
commitdiff
|
tree
2013-10-10
Jo-Philipp Wich
Allow any protocol for reflection rules
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Reorganize chain layout for raw/NOTRACK rules to fix...
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Use "-j CT --notrack" instead of deprecated "-j NOTRACK"
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Revert "Make sure that NOTRACK is linked into firewall3...
commit
|
commitdiff
|
tree
2013-08-14
Jo-Philipp Wich
Make sure that NOTRACK is linked into firewall3 if...
commit
|
commitdiff
|
tree
2013-07-16
Jo-Philipp Wich
Treat redirects as port redirections if the specified...
commit
|
commitdiff
|
tree
2013-06-29
Jo-Philipp Wich
Properly dereference struct ether_addr
commit
|
commitdiff
|
tree
2013-06-29
Jo-Philipp Wich
Do not rely on ether_ntoa() when formatting mac addresses.
commit
|
commitdiff
|
tree
2013-06-18
Jo-Philipp Wich
Don't mistreat unknown protocol names as "any protocol"
commit
|
commitdiff
|
tree
2013-06-18
Jo-Philipp Wich
Fix processing of CIDRs with mask 0
commit
|
commitdiff
|
tree
2013-06-13
Jo-Philipp Wich
Fix processing of negated options
commit
|
commitdiff
|
tree
2013-06-13
Jo-Philipp Wich
Properly handle reject target in rules with specific...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Keep all basic chains on reload and only flush them...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Fix endian issue in compare_addr(), solves auto detection...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
For ingress rules, only jump into zone_name_src_ACTION...
commit
|
commitdiff
|
tree
2013-06-06
Jo-Philipp Wich
Implement limit and limit_burst options for rules.
commit
|
commitdiff
|
tree
2013-06-05
Jo-Philipp Wich
Use zone_name_src_ACTION chain for input rules with...
commit
|
commitdiff
|
tree
2013-06-05
Jo-Philipp Wich
Extend ipset option syntax to support specifying directions...
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Fix wrong signature of fw3_xt_print_matches()
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Add abstract fw3_xt_print_matches() and fw3_xt_print_target...
commit
|
commitdiff
|
tree
2013-06-04
Jo-Philipp Wich
Fix wrong chain emitted for zone forward policy, the...
commit
|
commitdiff
|
tree
next