hurricos/openwrt-mirror
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2025-10-31 05:54:26 -04:00
Code Issues Projects Releases Wiki Activity
20,848 Commits 10 Branches 85 Tags 262 MiB
0b5da2e16e
Commit Graph

22 Commits

Author SHA1 Message Date
Jo-Philipp Wich
15189a628a firewall: allow incoming ICMPv6 router-advertisement and neighbor-advertisement, thanks swalker 
SVN-Revision: 32127
 2012-06-08 14:20:34 +00:00
Mirko Vogt
075618c6e3 minor change: adjust formatting of firewall.config 
- remove trailing whitespaces (s/\ $//g)
 - replace spaces with tabs between options and values

SVN-Revision: 31427
 2012-04-21 19:42:28 +00:00
Jo-Philipp Wich
9aaca7f1b1 firewall: allow ICMPv6 type 129 (echo reply) - this fixes basic ICMPv6 in case no connection tracking is used 
SVN-Revision: 30727
 2012-02-25 21:00:23 +00:00
Jo-Philipp Wich
77dda8d67a firewall: - introduce per-section "option enabled" which defaults to "1" - useful to disable rules or zones without having to delete them - annotate default traffic rules with names - bump version 
SVN-Revision: 29577
 2011-12-20 01:10:15 +00:00
Jo-Philipp Wich
10f199d832 firewall: add DHCPv6 default rule (#10381) 
SVN-Revision: 28874
 2011-11-09 11:10:37 +00:00
Jo-Philipp Wich
f1e7045d30 firewall: further tune ICMPv6 default rules according to RFC4890 (#9893) 
SVN-Revision: 27979
 2011-08-14 00:33:29 +00:00
Jo-Philipp Wich
07abf4a81e firewall: refine default ICMPv6 rules to better conform with RFC4890, do not forward link local ICMP message types, allow parameter problem 
SVN-Revision: 27321
 2011-06-30 12:22:05 +00:00
Jo-Philipp Wich
68a1c8e1e3 firewall: - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration 
SVN-Revision: 27317
 2011-06-30 01:31:23 +00:00
Jo-Philipp Wich
f2b7c81d46 firewall: explictely mention network in default configuration, makes it less confusing 
SVN-Revision: 26961
 2011-05-20 13:45:40 +00:00
Jo-Philipp Wich
ad23dd94b6 firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course): 
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.

(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

SVN-Revision: 26805
 2011-05-02 12:54:31 +00:00
Jo-Philipp Wich
cc84e0672b firewall: don't apply default udp/68 rule to ip6tables 
SVN-Revision: 21509
 2010-05-19 21:37:12 +00:00
Jo-Philipp Wich
3875f85110 firewall: add commented disable_ipv6 option to default config 
SVN-Revision: 21505
 2010-05-19 09:49:21 +00:00
Travis Kemen
431808b5bf allow ping 
SVN-Revision: 20261
 2010-03-18 03:46:41 +00:00
Nicolas Thill
b3d3e5d752 firewall: fix MSS issue affection RELATED new connections (closes: #5173) 
SVN-Revision: 17762
 2009-09-27 13:57:09 +00:00
Jo-Philipp Wich
b44b066543 firewall: allow incoming udp/68 packets in the default configuration (#4108, #4781) 
SVN-Revision: 17238
 2009-08-13 03:31:53 +00:00
Jo-Philipp Wich
97100e0248 firewall: enable /etc/firewall.user by default and install sample firewall.user file 
SVN-Revision: 15221
 2009-04-12 22:38:34 +00:00
Felix Fietkau
50be634a3c re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information 
SVN-Revision: 14293
 2009-01-31 02:14:27 +00:00
Felix Fietkau
359ce7f97e disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs 
SVN-Revision: 13788
 2008-12-31 19:02:03 +00:00
Felix Fietkau
aaf31c36f1 set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions 
SVN-Revision: 12766
 2008-09-28 16:17:49 +00:00
Nicolas Thill
d7810ed63e firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging 
SVN-Revision: 12688
 2008-09-24 15:10:16 +00:00
John Crispin
aa6c019c11 use proto instead of protocol in uci firewall 
SVN-Revision: 12391
 2008-08-26 07:23:29 +00:00
John Crispin
5627667654 uci firewall - make uci firewall default and remove old code - fix up dependencies 
SVN-Revision: 12284
 2008-08-11 22:27:36 +00:00