dumalogiya
/
openwrt
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
48,539 Commits
2 Branches
0 Tags
653 MiB
v19.07.3_mercusys_ac12_duma
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4a6795409d'
${ noResults }
Commit Graph

155 Commits (4a6795409d1520fd3da3e909a8bcf9d7fd0927bb)

Author SHA1 Message Date
Steven Barth e4e5c31f87 Reorganize netfilter kernel modules and package nftables kernel support 
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42596
 10 years ago
Steven Barth 9f2a17103f iptables: NFLOG and NFQUEUE targets' full support 
NFLOG and NFQUEUE targets' full support for iptables.

Includes all needed kernel modules (Xtables's and Netlink's)
 and userspace libraries.
All added kernel modules can be individually disabled,
 all other new libraries get their own individual packages.

Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>

SVN-Revision: 42022
 10 years ago
Jo-Philipp Wich baa7c211f5 netfilter: introduce xt_id match 
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 41945
 10 years ago
Felix Fietkau 4b241e9827 netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage) 
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40983
 10 years ago
Steven Barth 97ea9e3c2a iptables/netfilter: add connlimit to conntrack-extra 
SVN-Revision: 39878
 10 years ago
Steven Barth 2e2c4c2dd3 Fix IPv6 NAT breaking older kernels 
SVN-Revision: 37891
 11 years ago
Steven Barth 0a85c59040 netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration 
SVN-Revision: 37866
 11 years ago
Luka Perkov e5e83478a9 netfilter: fix typo 
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 37821
 11 years ago
Felix Fietkau c404cd5bfa netfilter: remove use of obsolete compatibility config symbols for mark and connmark 
fixes duplication of xt_mark and xt_connmark module entries

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37344
 11 years ago
Jo-Philipp Wich 8df6cd005c netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset 
SVN-Revision: 36683
 11 years ago
Steven Barth ed083586aa netfilter: Fix typo in last commit 
SVN-Revision: 35899
 11 years ago
Steven Barth 62ea398cd8 iptables: Add missing IPv6 builtin modules 
SVN-Revision: 35898
 11 years ago
Gabor Juhos b20cb26ed7 package/kernel: xt_NOTRACK has been removed in 3.7-rc1 
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

SVN-Revision: 35475
 11 years ago
Jo-Philipp Wich 03a50b9087 netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra) 
SVN-Revision: 35155
 11 years ago
Florian Fainelli 3a57cd4929 netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3 
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35087
 12 years ago
John Crispin b21458709a fix ipv4 nat on 3.7 by adding missing iptables modules 
SVN-Revision: 34841
 12 years ago
Gabor Juhos cfc6489579 netfilter: fix module list for 3.7 kernel 
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>

SVN-Revision: 34750
 12 years ago
Jo-Philipp Wich 5ba9873914 netfilter.mk: extend nf_add macro to take a version dependency expression 
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
	- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
	- fixes xt_LOG.ko packaging with Linux 3.6.0 and later

SVN-Revision: 34681
 12 years ago
Jo-Philipp Wich 8420783407 netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.x 
SVN-Revision: 34625
 12 years ago
Hauke Mehrtens d648dad7fa kernel: fix loading of nf_nat_irc 
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.

SVN-Revision: 34251
 12 years ago
Imre Kaloz 935ca3f3eb add 3.7-rc6 support (patch 820 still has to be fixed) 
SVN-Revision: 34247
 12 years ago
Felix Fietkau d406a5208f include/netfilter.mk: remove a few obsolete lines 
SVN-Revision: 33518
 12 years ago
Felix Fietkau cfe79471d1 kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.ko 
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko

if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:

[   44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[   44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 32434
 12 years ago
Felix Fietkau b4b60ab62f include/netfilter.mk: clean up, remove junk for old kernel versions 
SVN-Revision: 32114
 12 years ago
Jo-Philipp Wich e6af9d374a fix ipt_ttl and ipt_TTL userspace library packaging 
SVN-Revision: 30897
 12 years ago
Jonas Gorski c336de3d85 kernel: update module names and add new config symbols for linux 3.3 
SVN-Revision: 29985
 12 years ago
Jo-Philipp Wich a529e3f09e add CT target and TTL/HL match+target 
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.

SVN-Revision: 29645
 13 years ago
Jo-Philipp Wich a788f199c9 remove current RTSP support 
SVN-Revision: 29643
 13 years ago
Jo-Philipp Wich 2ad90a1ec3 package CT target 
SVN-Revision: 29609
 13 years ago
Felix Fietkau 1027d262ef netfilter.mk: remove a few obsolete CompareKernelPatchVer calls 
SVN-Revision: 27086
 13 years ago
Jo-Philipp Wich be906f6be5 package u32 match and TEE target, patches by Maxim Uvarov 
SVN-Revision: 26977
 13 years ago
Jo-Philipp Wich a9977eca91 firewall: allow local redirection of ports 
Allow a redirect like:

config redirect
        option src 'wan'
        option dest 'lan'
        option src_dport '22001'
        option dest_port '22'
        option proto 'tcp'

note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.

This patch makes three changes:

(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
    connections.

In the above example,

ssh -p 22 root@myrouter

would fail from the outside, but:

ssh -p 22001 root@myrouter

would succeed.  This is handy if:

(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
    still want to allow firewall access from outside.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26617
 13 years ago
Hauke Mehrtens 24c1caef5f iipt-debug: create bundle of netfilter modules for debugging 
Add a bundle for including commonly useful modules for IPtables debugging and development.

For now, it just contains xt_TRACE.ko

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26567
 13 years ago
Florian Fainelli 5959cd2850 add kmod-ipt-led 
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.

LED target requires iptables 1.4.9 or higher

Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>

SVN-Revision: 26451
 13 years ago
Felix Fietkau c864843cbf netfilter.mk: put ipv6 conntrack in the right package 
SVN-Revision: 25750
 13 years ago
Felix Fietkau 2d14f4e2f8 netfilter: add missing modules for v6 conntrack (patch from #8940) 
SVN-Revision: 25731
 13 years ago
Felix Fietkau 831e597d7c move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this 
SVN-Revision: 25722
 13 years ago
Felix Fietkau 9dad83362d kernel: remove imq support, refresh patches 
SVN-Revision: 25641
 13 years ago
Jo-Philipp Wich d2d990e41e netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich 
SVN-Revision: 24729
 14 years ago
Jo-Philipp Wich c32a125607 netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later 
SVN-Revision: 23521
 14 years ago
Alexandros C. Couloumbis 57d2e57b02 finalize r22241 fixes 
SVN-Revision: 22242
 14 years ago
Jo-Philipp Wich 91468dcf4f package TPROXY target and module infrastructure 
SVN-Revision: 21883
 14 years ago
Alexandros C. Couloumbis b6e28298fe include/netfilter.mk fix typo on r21795 
SVN-Revision: 21796
 14 years ago
Alexandros C. Couloumbis e491939c70 include/netfilter.mk: add 2.6.35 kernel support 
SVN-Revision: 21795
 14 years ago
Nicolas Thill aa8e2e8685 netfilter: extension fixes (partially closes: #7045) * add missing xt_owner (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) 
SVN-Revision: 20693
 14 years ago
Nicolas Thill 1b0a9b51c4 include/netfilter.mk: move ebtables definitions at the end 
SVN-Revision: 20690
 14 years ago
Jo-Philipp Wich 42e453a2e3 properly package xt_comment.ko (#6742) 
SVN-Revision: 19861
 14 years ago
Jo-Philipp Wich 15c4e22d31 netfilter: add support for raw table and NOTRACK target (#5504) 
SVN-Revision: 19721
 14 years ago
Jo-Philipp Wich e830181f47 iptables: add comment match to the core package 
SVN-Revision: 18706
 15 years ago
Nicolas Thill 72dbf7cdca netfilter: remove IPset leftovers missed from [17844] 
SVN-Revision: 18032
 15 years ago
Hauke Mehrtens e014faf13f Update ipset to version 3.2 
SVN-Revision: 17764
 15 years ago
Florian Fainelli 0e783dde14 split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001) 
SVN-Revision: 16980
 15 years ago
Florian Fainelli a06b20f5b3 fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 (#5568) 
SVN-Revision: 16964
 15 years ago
Felix Fietkau 11b33255ed netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack 
SVN-Revision: 15854
 15 years ago
Hauke Mehrtens 73cfaa0f2b ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30 
SVN-Revision: 15851
 15 years ago
Jo-Philipp Wich f3dd32d6fd adept netfilter.mk to updated imq 
SVN-Revision: 15656
 15 years ago
Felix Fietkau 34939cad39 get rid of $Id$ - it has never helped us and it has broken too many patches ;) 
SVN-Revision: 15242
 15 years ago
Felix Fietkau e744c3130a move iptable_raw to the conntrack-extra package 
SVN-Revision: 15175
 15 years ago
Nicolas Thill 3b53bd7ef3 accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled 
SVN-Revision: 15123
 15 years ago
Felix Fietkau 68d73be80c remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS 
SVN-Revision: 14596
 15 years ago
Gabor Juhos e5c9f00637 netfilter: remove CHAOS, TARPIT and DELUDE references 
SVN-Revision: 14461
 15 years ago
Imre Kaloz 24e299f95d defrag needs to be loaded before conntrack_ipv4 
SVN-Revision: 13585
 16 years ago
Imre Kaloz a7cac1dc31 fix conntrack on 2.6.28 
SVN-Revision: 13582
 16 years ago
Nicolas Thill 2c8010b2dc make the whole iptables/netfiter modular (closes: #3871, #3527) 
SVN-Revision: 12649
 16 years ago
Florian Fainelli 5cf0db54c6 Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760) 
SVN-Revision: 12276
 16 years ago
Nicolas Thill a7b3ffc182 cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names 
SVN-Revision: 11073
 16 years ago
Gabor Juhos 3c05234962 kmod-ipt-iprange: fix build error on .25 
SVN-Revision: 10992
 16 years ago
Gabor Juhos d80f43d15f update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches 
SVN-Revision: 10843
 16 years ago
Florian Fainelli 30f8862033 layer7 filtering module is now xt_layer7 (#3268) 
SVN-Revision: 10674
 16 years ago
Gabor Juhos 4e05416c39 netfilter/ipset cleanups * rename patches to follow our naming conventions * update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description 
SVN-Revision: 9269
 17 years ago
Gabor Juhos 8309e3dff2 add TARPIT support to netfilter/iptables * netfilter: add the xt_TARPIT target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [http://tinyurl.com/2mjk2kx here] 
SVN-Revision: 9178
 17 years ago
Nicolas Thill 0bf90f2a0d add ipv6 conntrack support (closes: #2192) 
SVN-Revision: 8984
 17 years ago
Nicolas Thill fec4d9ee3c add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs. 
SVN-Revision: 8955
 17 years ago
Nicolas Thill f5f47e1fbd cosmetic cleanup before more deep changes 
SVN-Revision: 8870
 17 years ago
Nicolas Thill f6197eabda fix typo again (do i need some sleep?) 
SVN-Revision: 8822
 17 years ago
Nicolas Thill dcf795770c oops, fix typo 
SVN-Revision: 8816
 17 years ago
Nicolas Thill 892b16a352 revert CONFIG_* symbols set m enforcement introduced in [8591], it can't work when symbols from different kernel versions are mixed in KCONFIG 
SVN-Revision: 8798
 17 years ago
Nicolas Thill 5011d6129c prevent include/netfilter.mk from being included multiple times 
SVN-Revision: 8781
 17 years ago
Florian Fainelli 6a06ccf9b6 Package the statistics module for netfilter 
SVN-Revision: 8716
 17 years ago
Nicolas Thill 8dc7ced4d4 require all CONFIG_* symbols listed in its KCONFIG to be set to m in order to actually build a kmod package, tweak and fix kernel package definitions. 
SVN-Revision: 8591
 17 years ago
Nicolas Thill bfa6ac2eab revert [8473] (see [8055]) 
SVN-Revision: 8499
 17 years ago
Nicolas Thill 1ad12c1eeb fix netfilter quota module 
SVN-Revision: 8479
 17 years ago
Florian Fainelli 3c5ed20fd0 Fix the error on the quota extension (#2080) 
SVN-Revision: 8472
 17 years ago
Florian Fainelli 6741194c15 Add back physdev (#2216) 
SVN-Revision: 8466
 17 years ago
Felix Fietkau 291ff1fd7e do dynamic kernel config changes for netfilter as well 
SVN-Revision: 8119
 17 years ago
Felix Fietkau 075883e85b reorder, xt_CHAOS depends on xt_DELUDE 
SVN-Revision: 8084
 17 years ago
Florian Fainelli e5520b8853 Add ipt_random module 
SVN-Revision: 8014
 17 years ago
Felix Fietkau a817b45169 reorganize netfilter modules, get rid of the iptables-mod-extra dependency in qos-scripts 
SVN-Revision: 7912
 17 years ago
Felix Fietkau 8cff3db999 add nat module fix from #1772 
SVN-Revision: 7727
 17 years ago
Felix Fietkau 7ca5a975fe fix a typo 
SVN-Revision: 7587
 17 years ago
Tim Yardley 35d1063a75 package ipset for use 
SVN-Revision: 7517
 17 years ago
Florian Fainelli 908b616d8e Add iprange (#1799) 
SVN-Revision: 7462
 17 years ago
Felix Fietkau 3e8bdad848 fix typo introduced in last commit 
SVN-Revision: 7416
 17 years ago
Mike Baker 0a79809ba1 fix typo 
SVN-Revision: 7415
 17 years ago
Felix Fietkau fb2abbee4b fix typo 
SVN-Revision: 7414
 17 years ago
Felix Fietkau ea3fc57b08 netfilter dscp target/match is now in xtables 
SVN-Revision: 7407
 17 years ago
Felix Fietkau a6b90ed0a4 fix up tcpmss for the new kernel version 
SVN-Revision: 7345
 17 years ago
Florian Fainelli cd65230eea Add raw and NOTRACK targets (#1583) 
SVN-Revision: 6945
 17 years ago
Florian Fainelli 780712e30e Add ipt_CLASSIFY target for 2.4 kernels (#1338) 
SVN-Revision: 6424
 17 years ago
Felix Fietkau 04da86494a fix multiport netfilter module installation (patch from #1280) 
SVN-Revision: 6295
 18 years ago