Rui Salvaterra
|
4cd7d4f36b
Revert "firewall3: support table load on access on Linux 5.15+"
|
2 jaren geleden |
Wenli Looi
|
50979cc9c3
firewall3: remove unnecessary fw3_has_table
|
3 jaren geleden |
Ansuel Smith
|
3624c37866
firewall3: support table load on access on Linux 5.15+
|
2 jaren geleden |
Kristian Evensen
|
bf29c1e7e9
firewall3: ipset: Handle reload_set properly
|
5 jaren geleden |
Kristian Evensen
|
509e673dab
firewall3: Improve ipset support
|
5 jaren geleden |
Jo-Philipp Wich
|
f50a524847
helpers: implement explicit CT helper assignment support
|
6 jaren geleden |
Pierre Lebleu
|
53ef9f11d4
firewall3: add UBUS support for include scripts
|
7 jaren geleden |
Pierre Lebleu
|
5cd4af49ac
firewall3: add UBUS support for ipset sections
|
7 jaren geleden |
Pierre Lebleu
|
02d68323ec
firewall3: add UBUS support for forwarding sections
|
7 jaren geleden |
Pierre Lebleu
|
0a7d36d8cf
firewall3: add UBUS support for redirect sections
|
7 jaren geleden |
Jo-Philipp Wich
|
c520966c2a
main: make failing ubus connection nonfatal
|
8 jaren geleden |
Jo-Philipp Wich
|
be8ead27f6
treewide: replace jow@openwrt.org with jo@mein.io
|
8 jaren geleden |
Alin Năstac
|
6cccf1ba7f
load running state after lock is acquired
|
8 jaren geleden |
Jo-Philipp Wich
|
410cff5e62
Use xt_id match to track own rules
|
8 jaren geleden |
Jo-Philipp Wich
|
2807cc26b8
Selectively flush conntrack
|
10 jaren geleden |
Felix Fietkau
|
a9c694d5b6
use calloc instead of malloc+memset
|
10 jaren geleden |
Steven Barth
|
b99104d3ab
Add fw3 zone call to list devices in a zone
|
10 jaren geleden |
Steven Barth
|
e678dcbf03
Add support for netifd-generated rules
|
10 jaren geleden |
Steven Barth
|
6661ec5058
Fix building with newer toolchains
|
10 jaren geleden |
Jo-Philipp Wich
|
d1a450f7f2
Reapply SNAT/MASQUERADE rules on firewall reloads
|
10 jaren geleden |
Jo-Philipp Wich
|
31456301f5
Initial support for "config nat" rules - this allows configuring zone-independant SNAT and MASQUERADE rules
|
10 jaren geleden |
Jo-Philipp Wich
|
cecf523b7b
Decouple handle destroying from committing, add fw3_ipt_close() instead
|
11 jaren geleden |
Jo-Philipp Wich
|
73805dcc03
Make IPv6 support optional
|
11 jaren geleden |
Jo-Philipp Wich
|
8e3a8634b0
Only perform selective reload if firewall was already running, else do a normal start.
|
11 jaren geleden |
Jo-Philipp Wich
|
28df94a5e0
Wait for ipsets to appear before continuing
|
11 jaren geleden |
Jo-Philipp Wich
|
294f209f64
Restore iptables-save include functionality
|
11 jaren geleden |
Jo-Philipp Wich
|
b3c483a8cd
Only process selected family for print
|
11 jaren geleden |
Jo-Philipp Wich
|
781916efb7
Add debug prints for policy setting, don't commit ruleset in print mode
|
11 jaren geleden |
Jo-Philipp Wich
|
6b27a6665c
Drop iptables-restore and create rules through libiptc and libxtables
|
11 jaren geleden |
Jo-Philipp Wich
|
b610915765
Use libiptc to clear current ruleset
|
11 jaren geleden |