projects
/
project
/
firewall4.git
/ search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
ruleset: dispatch ct states using verdict map
2023-11-03
User User-User
ruleset: dispatch ct states using verdict map
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-11-03
Luiz Angelo Daros...
fw4: add log_limit to rules and redirects
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-11-03
Luiz Angelo Daros...
fw4: add support for zone log_limit
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-11-03
Luiz Angelo Daros...
fw4: pass zone to templates whenever possible
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-10-12
Jo-Philipp Wich
fw4: perform strict validation of zone and set names
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-08-11
Jo-Philipp Wich
fw4: fix another instance of invalid rule jump targets
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-08-04
Jo-Philipp Wich
fw4: avoid emitting invalid rule jump targets
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-05-30
Jo-Philipp Wich
tests: fix expected test output
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-02-03
Jo-Philipp Wich
fw4: fix syntax errors in ICMP type declarations
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-02-03
Jo-Philipp Wich
tests: add testcase for automatic includes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-02-03
Paul D
fw4: add further symbolic ICMP type declarations
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2023-02-03
Jo-Philipp Wich
fw4: fix handling the ipset "comment" option
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-11-29
Jo-Philipp Wich
fw4: prevent null access when no ipsets are defined
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-26
Jo-Philipp Wich
ruleset: drop ctstate invalid traffic for masq-enabled...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-18
Jo-Philipp Wich
fw4: gracefully handle `null` return values from `fd...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-14
Jo-Philipp Wich
ruleset.uc: log forwarded traffic not matched by zone...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-14
Jo-Philipp Wich
main.uc: reintroduce set reload restriction
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-14
Jo-Philipp Wich
ruleset: fix emitting set_mark/set_xmark rules with...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-05
Jo-Philipp Wich
ruleset: properly handle zone names starting with a...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-05
Jo-Philipp Wich
fw4: fix formatting of default log prefix
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-05
Jo-Philipp Wich
main.uc: remove uneeded/wrong set reload restrictions
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-10-03
Jo-Philipp Wich
tests: fix testcases
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-09-08
Jo-Philipp Wich
fw4: recognize `option log` and `option counter` in...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-09-08
Jo-Philipp Wich
fw4: fall back to device if l3_device is not available...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-09-01
Jo-Philipp Wich
cli: introduce test mode and refuse firewall restart...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-09-01
Jo-Philipp Wich
fw4: fix cosmetic issue with per-ruleset and per-table...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-09-01
Jo-Philipp Wich
doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-08-12
Jo-Philipp Wich
fw4: support automatic includes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-08-08
Jo-Philipp Wich
fw4: honour enabled option of include sections
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-08-08
Jo-Philipp Wich
tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-15
Jo-Philipp Wich
tests: add test coverage for firewall includes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-15
Jo-Philipp Wich
fw4: add support for configurable includes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Jo-Philipp Wich
fw4: fix crash in parse_cthelper() if no helpers are...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Jo-Philipp Wich
fw4: simplify `is_loopback_dev()`
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Jo-Philipp Wich
fw4: fix skipping invalid IPv6 ipset entries
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Jo-Philipp Wich
ruleset: reorder declarations & output tweaks
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Jo-Philipp Wich
ruleset: reuse zone-jump.uc template for notrack and...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-06-14
Stijn Tintel
ruleset: fix conntrack helpers
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-31
Jo-Philipp Wich
fw4: prefer /dev/stdin if available
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-31
Jo-Philipp Wich
fw4: make `fw4 restart` behavior more robust
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
ruleset: emit time ranges when both start and stop...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
fw4: fix datetime parsing
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
ruleset: correct mangle_output chain type
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
fw4: fix logic flaw in testing hw flow offloading support
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
fw4: ensure that negative bitcounts are properly translated
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-30
Jo-Philipp Wich
fw4: fix typo in emitted set types
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-20
Jo-Philipp Wich
fw4: support negative CIDR bit notation
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-20
Jo-Philipp Wich
hotplug: reliably handle interfaces with ubus zone...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-20
Jo-Philipp Wich
fw4: store zone associations from ubus in statefile...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-09
Jo-Philipp Wich
fw4: filter non hw-offload capable devices when resolving...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-09
Jo-Philipp Wich
fw4: always resolve lower flowtable devices
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-09
Jo-Philipp Wich
tests: fix mocked `fd.read("line")` api
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-05-04
Tiago Gaspar
config: remove restictions on DHCPv6 allow rule
commit
|
commitdiff
|
tree
2022-04-29
Jo-Philipp Wich
fw4: refactor family selection for forwarding rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-29
Jo-Philipp Wich
treewide: use modern syntax
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-29
Jo-Philipp Wich
fw4: fix emitting device jump rules for family restricted...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-28
Jo-Philipp Wich
fw4: fix family auto-selection for config nat rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-26
Jo-Philipp Wich
ruleset: ensure that family-agnostic ICMP rules cover...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-21
Jo-Philipp Wich
tests: add test coverage for zone family selection...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-21
Jo-Philipp Wich
ruleset: set auto-merge directive for interval sets
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-21
Jo-Philipp Wich
fw4: fix skipping invalid ipset entries
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-13
Jo-Philipp Wich
fw4: fix applying zone flags for source bound rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-02
Jo-Philipp Wich
fw4: fix emitting family specific redirect rules without...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-04-02
Jo-Philipp Wich
fw4: bracketize IPv6 addresses in dnat addr:port notation
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-03-30
Jo-Philipp Wich
fw4: ensure to capitalize weekday names
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-03-22
Jo-Philipp Wich
treewide: forward compatibility changes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-12
Jo-Philipp Wich
fw4: resolve zone layer 2 devices for hw flow offloading
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-12
Jo-Philipp Wich
fw4: rework and fix family inheritance logic
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-12
Jo-Philipp Wich
tests: mocklib: fix infinite recursion in wrapped print()
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-12
Jo-Philipp Wich
tests: change mocked wan interface type to PPPoE
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-11
Jo-Philipp Wich
tests: mocklib: forward compatibility change
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-10
Jo-Philipp Wich
fw4: only stage reflection rules if all required addrs...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-10
Jo-Philipp Wich
fw4: add device iifname/oifname matches to DSCP and...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-08
Jo-Philipp Wich
tests: adjust 01_ruleset test case to latest changes
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-07
Jo-Philipp Wich
fw4: gracefully handle unsupported hardware offloading
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-07
Jo-Philipp Wich
init: fix boot action in init script
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-07
Jo-Philipp Wich
fw4: parse traffic rules before forwarding rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-05
Jo-Philipp Wich
fw4: consolidate helper code
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-05
Jo-Philipp Wich
fw4: fix applying zone family restrictions to forwardings
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-05
Jo-Philipp Wich
tests: implement fs.opendir() mock interface
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-05
Jo-Philipp Wich
tests: fix mocked fs.popen() trace log
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-04
Jo-Philipp Wich
fw4: improve flowtable handling
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-03
Jo-Philipp Wich
fw4: disable "flow_offloading_hw" option for now
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-02-03
Jo-Philipp Wich
fw4: fix enabling NAT reflection rules for DNATs without...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
ruleset: fix undeclared variable access uncovered by...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
tests: run testcases in strict mode
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
ruleset: remove redundant syn check
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
tests: add test coverage for redirect rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-28
Jo-Philipp Wich
fw4: fix address selection logic for DNAT reflection...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
fw4: fix redirect destination zone resolving
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
fw4: fix potential crashes when parsing invalid redirect...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
ruleset: support non-contiguous address masks
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
tests: update interface dump mock data
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
fw4: fix family selection logic for redirect rules
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-27
Jo-Philipp Wich
ruleset: properly render redirect targets without port
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-26
Jo-Philipp Wich
fw4: consolidate device grouping logic
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-26
Jo-Philipp Wich
ruleset: consolidate zone matches for raw_prerouting...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-26
Jo-Philipp Wich
fw4: fix wrong `parse_network()` return value on `parse_subn...
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
2022-01-26
Jo-Philipp Wich
fw4: fix parsing inverted numeric DSCP values
Signed-off-by: Jo-Philipp Wich <
jo@mein.io
>
commit
|
commitdiff
|
tree
next