77dda8d67a
firewall: - introduce per-section "option enabled" which defaults to "1" - useful to disable rules or zones without having to delete them - annotate default traffic rules with names - bump version
...
SVN-Revision: 29577
13 years ago
10f199d832
firewall: add DHCPv6 default rule ( #10381 )
...
SVN-Revision: 28874
13 years ago
f1e7045d30
firewall: further tune ICMPv6 default rules according to RFC4890 ( #9893 )
...
SVN-Revision: 27979
13 years ago
07abf4a81e
firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem
...
SVN-Revision: 27321
13 years ago
68a1c8e1e3
firewall: - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration
...
SVN-Revision: 27317
13 years ago
f2b7c81d46
firewall: explictely mention network in default configuration, makes it less confusing
...
SVN-Revision: 26961
13 years ago
ad23dd94b6
firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course):
...
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
13 years ago
cc84e0672b
firewall: don't apply default udp/68 rule to ip6tables
...
SVN-Revision: 21509
14 years ago
3875f85110
firewall: add commented disable_ipv6 option to default config
...
SVN-Revision: 21505
14 years ago
431808b5bf
allow ping
...
SVN-Revision: 20261
14 years ago
b3d3e5d752
firewall: fix MSS issue affection RELATED new connections ( closes : #5173 )
...
SVN-Revision: 17762
15 years ago
b44b066543
firewall: allow incoming udp/68 packets in the default configuration ( #4108 , #4781 )
...
SVN-Revision: 17238
15 years ago
97100e0248
firewall: enable /etc/firewall.user by default and install sample firewall.user file
...
SVN-Revision: 15221
15 years ago
50be634a3c
re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
...
SVN-Revision: 14293
16 years ago
359ce7f97e
disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
...
SVN-Revision: 13788
16 years ago
aaf31c36f1
set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
...
SVN-Revision: 12766
16 years ago
d7810ed63e
firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response ( closes : #3970 ) - cleanup syn_flood and remove logging
...
SVN-Revision: 12688
16 years ago
aa6c019c11
use proto instead of protocol in uci firewall
...
SVN-Revision: 12391
16 years ago
5627667654
uci firewall - make uci firewall default and remove old code - fix up dependencies
...
SVN-Revision: 12284
16 years ago
Jo-Philipp Wich
Travis Kemen
Nicolas Thill
Felix Fietkau
John Crispin