2013-10-10 |
Jo-Philipp... | Use fw3_ipt_rule_replace() when setting up reflection |
commit | commitdiff | tree | snapshot |
2013-10-10 |
Jo-Philipp... | Allow any protocol for reflection rules |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Reorganize chain layout for raw/NOTRACK rules to fix... |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Use "-j CT --notrack" instead of deprecated "-j NOTRACK" |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Revert "Make sure that NOTRACK is linked into firewall3... |
commit | commitdiff | tree | snapshot |
2013-08-14 |
Jo-Philipp... | Make sure that NOTRACK is linked into firewall3 if... |
commit | commitdiff | tree | snapshot |
2013-07-16 |
Jo-Philipp... | Treat redirects as port redirections if the specified... |
commit | commitdiff | tree | snapshot |
2013-06-29 |
Jo-Philipp... | Properly dereference struct ether_addr |
commit | commitdiff | tree | snapshot |
2013-06-29 |
Jo-Philipp... | Do not rely on ether_ntoa() when formatting mac addresses. |
commit | commitdiff | tree | snapshot |
2013-06-18 |
Jo-Philipp... | Don't mistreat unknown protocol names as "any protocol" |
commit | commitdiff | tree | snapshot |
2013-06-18 |
Jo-Philipp... | Fix processing of CIDRs with mask 0 |
commit | commitdiff | tree | snapshot |
2013-06-13 |
Jo-Philipp... | Fix processing of negated options |
commit | commitdiff | tree | snapshot |
2013-06-13 |
Jo-Philipp... | Properly handle reject target in rules with specific... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Keep all basic chains on reload and only flush them... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Fix endian issue in compare_addr(), solves auto detecti... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | For ingress rules, only jump into zone_name_src_ACTION... |
commit | commitdiff | tree | snapshot |
2013-06-06 |
Jo-Philipp... | Implement limit and limit_burst options for rules. |
commit | commitdiff | tree | snapshot |
2013-06-05 |
Jo-Philipp... | Use zone_name_src_ACTION chain for input rules with... |
commit | commitdiff | tree | snapshot |
2013-06-05 |
Jo-Philipp... | Extend ipset option syntax to support specifying direct... |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Fix wrong signature of fw3_xt_print_matches() |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Add abstract fw3_xt_print_matches() and fw3_xt_print_ta... |
commit | commitdiff | tree | snapshot |
2013-06-04 |
Jo-Philipp... | Fix wrong chain emitted for zone forward policy, the... |
commit | commitdiff | tree | snapshot |
2013-06-03 |
Jo-Philipp... | Decouple handle destroying from committing, add fw3_ipt... |
commit | commitdiff | tree | snapshot |
2013-06-03 |
Jo-Philipp... | Do not let libxtables implicitely load extensions,... |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Make IPv6 support optional |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Add abstract fw3_xt_reset() implementation |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Dynamically create rules for available libext*.a librar... |
commit | commitdiff | tree | snapshot |
2013-05-27 |
Jo-Philipp... | Fix compatibility with older libiptc/libip6tc |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Only emit different ip family warnings if the ip wasn... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Mark fw3_address objects that got resolved by fw3_parse... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Change wording of inferred destination warning for... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Replace fw3_free_zone() with the generic implementation |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Avoid segfault when freeing rules whose target could... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Infer destination zone of DNAT redirects from dest_ip... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Add fw3_resolve_zone_addresses() helper to obtain a... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Remove fw3_ubus_address_free() and use fw3_free_list... |
commit | commitdiff | tree | snapshot |
2013-05-26 |
Jo-Philipp... | Add fw3_free_list() helper |
commit | commitdiff | tree | snapshot |
2013-05-25 |
Jo-Philipp... | Fix output rules with "option dest *" |
commit | commitdiff | tree | snapshot |
2013-05-25 |
Jo-Philipp... | Allow devices for src_ip, src_dip and dest_ip options |
commit | commitdiff | tree | snapshot |
2013-05-24 |
Jo-Philipp... | Pass -Wl,--whole-archive and -Wl,--no-whole-archive... |
commit | commitdiff | tree | snapshot |
2013-05-23 |
Jo-Philipp... | Don't leak memory when encountering unknown match or... |
commit | commitdiff | tree | snapshot |
2013-05-23 |
Jo-Philipp... | Use weak function pointers to call extension init funct... |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Limit zone names to 14 bytes |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Add required ipset declarations for kernels < 3.7 |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Further fixes for zone reloads |
commit | commitdiff | tree | snapshot |
2013-05-22 |
Jo-Philipp... | Only perform selective reload if firewall was already... |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Fix another crash bug if ipsets are supported but none... |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Fix rules for custom filter chains |
commit | commitdiff | tree | snapshot |
2013-05-21 |
Jo-Philipp... | Do not print to pipe or close command if nothing was... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Add missing libip6t_REJECT initialization |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Only initialize extensions we actually use |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Wait for ipsets to appear before continuing |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Restore iptables-save include functionality |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Also add comments for unnamed rules |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Only process selected family for print |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Include iptables command and table name in iptables... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Add debug prints for policy setting, don't commit rules... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Rename struct fw3_rule_spec to struct fw3_chain_spec... |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Remove now unused fw3_pr_rulespec() |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Remove now unused fw3_format_*() functions |
commit | commitdiff | tree | snapshot |
2013-05-17 |
Jo-Philipp... | Drop iptables-restore and create rules through libiptc... |
commit | commitdiff | tree | snapshot |
2013-05-13 |
Jo-Philipp... | Use libiptc to clear current ruleset |
commit | commitdiff | tree | snapshot |
2013-05-08 |
Jo-Philipp... | Force fsync() after writing statefile |
commit | commitdiff | tree | snapshot |
2013-05-08 |
Jo-Philipp... | Make reload atomic |
commit | commitdiff | tree | snapshot |
2013-05-06 |
Jo-Philipp... | Family "any" is not applicable to ipsets, default to... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Simplify ipset external checks and optionally initializ... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Check whether ipset exists before referencing it in... |
commit | commitdiff | tree | snapshot |
2013-05-02 |
Jo-Philipp... | Record device-network relation in state file, fix zone... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Record default policies in state file |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Store ipset storage method and matches in state file... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Send quit comment in fw3_destroy_ipsets() and initializ... |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Don't track family of ipsets |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Fix parsing of ipset datatypes |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Track ipsets in state file |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Write statefile flags in hexadecimal format |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Allow hex notation in int type options |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Add common fw3_address_to_string() helper function |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove referenced to unused FW3_FLAG_DELETED flag |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove unused "running" argument form fw3_lookup_ipset() |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Remove unused "running" argument form fw3_lookup_zone() |
commit | commitdiff | tree | snapshot |
2013-04-30 |
Jo-Philipp... | Split runtime and config states, store runtime state... |
commit | commitdiff | tree | snapshot |
2013-04-09 |
Jo-Philipp... | Add support for fwmark matches and targets |
commit | commitdiff | tree | snapshot |
2013-03-22 |
Jo-Philipp... | Increase compatibility to old firewall by initializing... |
commit | commitdiff | tree | snapshot |
2013-03-22 |
Jo-Philipp... | Fix parsing of '*' device and 'all' protocol value |
commit | commitdiff | tree | snapshot |
2013-03-21 |
Jo-Philipp... | Fix DNAT port remapping rules by not emitting 0.0.0... |
commit | commitdiff | tree | snapshot |
2013-03-19 |
Jo-Philipp... | Properly handle deleted zones and ipsets on restarts |
commit | commitdiff | tree | snapshot |
2013-03-19 |
Jo-Philipp... | Accept network names in per-zone subnet option |
commit | commitdiff | tree | snapshot |
2013-03-19 |
Jo-Philipp... | Also read addresses from "ipv6-prefix-assignment" ifsta... |
commit | commitdiff | tree | snapshot |
2013-03-19 |
Jo-Philipp... | Rework option parsing to support emitting multiple... |
commit | commitdiff | tree | snapshot |
2013-03-19 |
Jo-Philipp... | Implement support for "network" datatype and use it... |
commit | commitdiff | tree | snapshot |
2013-03-18 |
Jo-Philipp... | Do not accept option src_mac for SNAT rules |
commit | commitdiff | tree | snapshot |
2013-03-14 |
Jo-Philipp... | Consolidate and unify argument order for functions |
commit | commitdiff | tree | snapshot |
2013-03-14 |
Jo-Philipp... | Only perform locking for start, stop, restart, reload... |
commit | commitdiff | tree | snapshot |
2013-03-14 |
Jo-Philipp... | Implement reload option for includes to decide whether... |
commit | commitdiff | tree | snapshot |
2013-03-13 |
Jo-Philipp... | Make nat reflection src address configurable by introdu... |
commit | commitdiff | tree | snapshot |
2013-03-13 |
Jo-Philipp... | Emit hotplug calls when flushing / creating zone chains |
commit | commitdiff | tree | snapshot |
2013-03-13 |
Jo-Philipp... | Unify fw3_default and fw3_target enums |
commit | commitdiff | tree | snapshot |
2013-03-12 |
Jo-Philipp... | Track used networks and devices in state file |
commit | commitdiff | tree | snapshot |
2013-03-12 |
Jo-Philipp... | Unify print_chains() implementations in utils.c fw3_pr_... |
commit | commitdiff | tree | snapshot |
2013-03-11 |
Jo-Philipp... | Include limits.h to fix compilation against eglibc |
commit | commitdiff | tree | snapshot |
next |