| Age | Commit message (Expand) | Author |
|---|
| 2014-07-03 | options: fix fw3_parse_network() when destination pointer is not a list | Jo-Philipp Wich |
| 2014-07-02 | ubus: add support for fetching firewall rules from procd | Felix Fietkau |
| 2014-06-30 | ubus: use blobmsg_parse to validate device attributes and decouple the found device name from the order in which elements appear | Felix Fietkau |
| 2014-06-30 | make fw3_ubus_address take a list_head * argument instead of allocating & returning one | Felix Fietkau |
| 2014-06-30 | use calloc instead of malloc+memset | Felix Fietkau |
| 2014-06-30 | ubus: use blobmsg_parse to validate data from network.interface:dump | Felix Fietkau |
| 2014-06-26 | Add fw3 zone call to list devices in a zone | Steven Barth |
| 2014-04-14 | Add support for netifd-generated rules | Steven Barth |
| 2014-04-14 | Add support for device and direction parameters | Steven Barth |
| 2014-04-14 | snat: add support for connlimiting port-range SNAT | Steven Barth |
| 2014-04-14 | Fix building with newer toolchains | Steven Barth |
| 2014-04-14 | snat: ICMP can be port-natted as well | Steven Barth |
| 2014-04-14 | nat: allow ACCEPT-target to explicitely disable NAT | Steven Barth |
| 2014-04-11 | Reapply SNAT/MASQUERADE rules on firewall reloads | Jo-Philipp Wich |
| 2014-04-06 | Initial support for "config nat" rules - this allows configuring zone-independant SNAT and MASQUERADE rules | Jo-Philipp Wich |
| 2014-03-20 | utils: define _GNU_SOURCE to get clearenv() | Felix Fietkau |
| 2014-02-21 | Several ipset bugfixes | Jo-Philipp Wich |
| 2013-12-17 | Change set_default() to take value as integer, required for tcp_ecn > 1 | Jo-Philipp Wich |
| 2013-12-17 | Treat option tcp_ecn as integer, not bool | Jo-Philipp Wich |
| 2013-12-17 | Properly check strtol() results when paring values as integers | Jo-Philipp Wich |
| 2013-11-18 | Clean up dead code | Jo-Philipp Wich |
| 2013-11-18 | Skip redirects with invalid options | Jo-Philipp Wich |
| 2013-11-18 | Skip rules with invalid options | Jo-Philipp Wich |
| 2013-11-18 | Change fw3_parse_options() to indicate whether all options where parsed successfully | Jo-Philipp Wich |
| 2013-11-07 | Use a global -m conntrack --ctstate DNAT rule to accept all port forwards of a given zone in filter | Jo-Philipp Wich |
| 2013-10-23 | Improve ubus support | Steven Barth |
| 2013-10-10 | Use fw3_ipt_rule_replace() when setting up zone interface rules | Jo-Philipp Wich |
| 2013-10-10 | Use fw3_ipt_rule_replace() when setting up reflection | Jo-Philipp Wich |
| 2013-10-10 | Allow any protocol for reflection rules | Jo-Philipp Wich |
| 2013-08-14 | Reorganize chain layout for raw/NOTRACK rules to fix support for custom rules with target "NOTRACK" | Jo-Philipp Wich |
| 2013-08-14 | Use "-j CT --notrack" instead of deprecated "-j NOTRACK" | Jo-Philipp Wich |
| 2013-08-14 | Revert "Make sure that NOTRACK is linked into firewall3 if it is part of libext*.a" | Jo-Philipp Wich |
| 2013-08-14 | Make sure that NOTRACK is linked into firewall3 if it is part of libext*.a | Jo-Philipp Wich |
| 2013-07-16 | Treat redirects as port redirections if the specified dest_ip belongs to the router itself, this is a compatibility fix to firewall2. | Jo-Philipp Wich |
| 2013-06-29 | Properly dereference struct ether_addr | Jo-Philipp Wich |
| 2013-06-29 | Do not rely on ether_ntoa() when formatting mac addresses. | Jo-Philipp Wich |
| 2013-06-18 | Don't mistreat unknown protocol names as "any protocol" | Jo-Philipp Wich |
| 2013-06-18 | Fix processing of CIDRs with mask 0 | Jo-Philipp Wich |
| 2013-06-13 | Fix processing of negated options | Jo-Philipp Wich |
| 2013-06-13 | Properly handle reject target in rules with specific destination | Jo-Philipp Wich |
| 2013-06-06 | Keep all basic chains on reload and only flush them, this allows user rules to jump to targets like "reject" or "notrack" | Jo-Philipp Wich |
| 2013-06-06 | Fix endian issue in compare_addr(), solves auto detection of "option dest" for redirects on little endian systems | Jo-Philipp Wich |
| 2013-06-06 | For ingress rules, only jump into zone_name_src_ACTION chains if the target is not ACCEPT and if logging is enabled in the src zone, this cuts some overhead | Jo-Philipp Wich |
| 2013-06-06 | Implement limit and limit_burst options for rules. | Jo-Philipp Wich |
| 2013-06-05 | Use zone_name_src_ACTION chain for input rules with non-wildcard source | Jo-Philipp Wich |
| 2013-06-05 | Extend ipset option syntax to support specifying directions inplace. | Jo-Philipp Wich |
| 2013-06-04 | Fix wrong signature of fw3_xt_print_matches() | Jo-Philipp Wich |
| 2013-06-04 | Add abstract fw3_xt_print_matches() and fw3_xt_print_target() functions since the output of ->save differs between xtables 5 and 10... sigh | Jo-Philipp Wich |
| 2013-06-04 | Fix wrong chain emitted for zone forward policy, the terminal chain is source, not destination bound. | Jo-Philipp Wich |
| 2013-06-03 | Decouple handle destroying from committing, add fw3_ipt_close() instead | Jo-Philipp Wich |
