fa80fefe22
* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s) * the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly * block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly * it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445' * filter/convert possible windows line endings of external feeds during processing * the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation * set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150) * update readme * a couple of bugfixes & performance improvements * removed abandoned feeds: darklist, ipblackhole * added new feeds: becyber, ipsum, pallebone, debl (changed URL) * requires a LuCI frontend update as well (separate PR/commit) Signed-off-by: Dirk Brenken <dev@brenken.org> |
||
---|---|---|
.circleci | ||
.github | ||
.keys | ||
admin | ||
devel | ||
fonts/dejavu-fonts-ttf | ||
ipv6 | ||
kernel | ||
lang | ||
libs | ||
multimedia | ||
net | ||
sound | ||
utils | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md |
README.md
OpenWrt packages feed
Description
This is the OpenWrt "packages"-feed containing community-maintained build scripts, options and patches for applications, modules and libraries used within OpenWrt.
Installation of pre-built packages is handled directly by the opkg utility within your running OpenWrt system or by using the OpenWrt SDK on a build system.
Usage
This repository is intended to be layered on-top of an OpenWrt buildroot. If you do not have an OpenWrt buildroot installed, see the documentation at: OpenWrt Buildroot – Installation on the OpenWrt support site.
This feed is enabled by default. To install all its package definitions, run:
./scripts/feeds update packages
./scripts/feeds install -a -p packages
License
See LICENSE file.
Package Guidelines
See CONTRIBUTING.md file.