Jo-Philipp Wich
b2f666d098
include: netfilter: fix packaging of LOG target for Linux >= 3.16 ( #19031 )
...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44488
2015-02-18 13:28:28 +00:00
Jo-Philipp Wich
634e9fe920
netfilter: add missing symbols and modules for Linux 3.18+
...
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44187
2015-01-29 10:22:17 +00:00
Imre Kaloz
d26694243a
generic: add preliminary 3.19 support
...
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 44126
2015-01-25 15:20:39 +00:00
Imre Kaloz
3a9e3dfa95
netfilter: handle NFT_MASQ_IPV6
...
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 43966
2015-01-14 08:53:11 +00:00
Imre Kaloz
c3c00c4286
netfilter: handle nft_masq and nft_masq_ipv4
...
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 43950
2015-01-12 20:16:36 +00:00
Felix Fietkau
27f36718d3
kernel: add a patch to make netfilter conntrack cache routing information
...
Significantly improves routing / NAT performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43587
2014-12-09 11:01:49 +00:00
John Crispin
6521f53c65
keernel: Fixed dependencies in netfilter modules introduced with 3.18 kernel
...
Building current trunk with 3.18 kernel fired some errors like 'missed
dependancy of module XXX from library kmod_YYY.ko'. These patch fixes 3
of such issues which are critical to have a successful build.
Signed-off-by: Alexey N Vinogradov <a.n.vinogradov@gmail.com>
SVN-Revision: 43318
2014-11-19 14:09:01 +00:00
Steven Barth
25a6d37e23
kernel: 3.18: Fix kmod-ipt-nat
...
The 3.18 kernel introduced new Kconfig options for the xt_nat and iptable_nat
kernel modules, that both belong to the ipt_nat kernel package.
Enable this new options.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
SVN-Revision: 43212
2014-11-08 12:17:14 +00:00
Felix Fietkau
9a2cf10c33
netfilter: Enable compiling iptables match cluster
...
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
2014-11-03 22:01:45 +00:00
Steven Barth
a294c670e5
netfilter: unbreak kmod-ipt-nat for <3.7
...
SVN-Revision: 42696
2014-09-29 05:24:32 +00:00
Steven Barth
aba8e9ceef
netfilter: fix a typo in TTL-match module
...
SVN-Revision: 42611
2014-09-18 14:53:26 +00:00
Steven Barth
0e0efd4771
netfilter: remove redundant CONFIG_IP_NF_IPTABLES
...
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42599
2014-09-17 12:17:01 +00:00
Steven Barth
e4e5c31f87
Reorganize netfilter kernel modules and package nftables kernel support
...
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42596
2014-09-17 12:10:44 +00:00
Steven Barth
9f2a17103f
iptables: NFLOG and NFQUEUE targets' full support
...
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
2014-08-07 04:42:22 +00:00
Jo-Philipp Wich
baa7c211f5
netfilter: introduce xt_id match
...
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
2014-08-01 22:49:47 +00:00
Felix Fietkau
4b241e9827
netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage)
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40983
2014-06-02 18:13:38 +00:00
Steven Barth
97ea9e3c2a
iptables/netfilter: add connlimit to conntrack-extra
...
SVN-Revision: 39878
2014-03-11 14:58:00 +00:00
Steven Barth
2e2c4c2dd3
Fix IPv6 NAT breaking older kernels
...
SVN-Revision: 37891
2013-09-03 06:29:46 +00:00
Steven Barth
0a85c59040
netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration
...
SVN-Revision: 37866
2013-09-01 17:59:48 +00:00
Luka Perkov
e5e83478a9
netfilter: fix typo
...
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37821
2013-08-21 23:17:08 +00:00
Felix Fietkau
c404cd5bfa
netfilter: remove use of obsolete compatibility config symbols for mark and connmark
...
fixes duplication of xt_mark and xt_connmark module entries
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37344
2013-07-15 13:08:20 +00:00
Jo-Philipp Wich
8df6cd005c
netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset
...
SVN-Revision: 36683
2013-05-21 12:58:15 +00:00
Steven Barth
ed083586aa
netfilter: Fix typo in last commit
...
SVN-Revision: 35899
2013-03-07 09:30:52 +00:00
Steven Barth
62ea398cd8
iptables: Add missing IPv6 builtin modules
...
SVN-Revision: 35898
2013-03-07 08:48:41 +00:00
Gabor Juhos
b20cb26ed7
package/kernel: xt_NOTRACK has been removed in 3.7-rc1
...
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 35475
2013-02-04 10:02:52 +00:00
Jo-Philipp Wich
03a50b9087
netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra)
...
SVN-Revision: 35155
2013-01-14 16:12:56 +00:00
Florian Fainelli
3a57cd4929
netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3
...
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 35087
2013-01-10 17:20:29 +00:00
John Crispin
b21458709a
fix ipv4 nat on 3.7 by adding missing iptables modules
...
SVN-Revision: 34841
2012-12-22 10:17:29 +00:00
Gabor Juhos
cfc6489579
netfilter: fix module list for 3.7 kernel
...
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34750
2012-12-18 14:50:42 +00:00
Jo-Philipp Wich
5ba9873914
netfilter.mk: extend nf_add macro to take a version dependency expression
...
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
- fixes xt_LOG.ko packaging with Linux 3.6.0 and later
SVN-Revision: 34681
2012-12-15 00:05:35 +00:00
Jo-Philipp Wich
8420783407
netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.x
...
SVN-Revision: 34625
2012-12-11 09:53:50 +00:00
Hauke Mehrtens
d648dad7fa
kernel: fix loading of nf_nat_irc
...
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.
SVN-Revision: 34251
2012-11-18 21:18:37 +00:00
Imre Kaloz
935ca3f3eb
add 3.7-rc6 support (patch 820 still has to be fixed)
...
SVN-Revision: 34247
2012-11-18 18:52:38 +00:00
Felix Fietkau
d406a5208f
include/netfilter.mk: remove a few obsolete lines
...
SVN-Revision: 33518
2012-09-23 08:25:32 +00:00
Felix Fietkau
cfe79471d1
kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.ko
...
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko
if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:
[ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 32434
2012-06-18 23:30:48 +00:00
Felix Fietkau
b4b60ab62f
include/netfilter.mk: clean up, remove junk for old kernel versions
...
SVN-Revision: 32114
2012-06-07 16:30:48 +00:00
Jo-Philipp Wich
e6af9d374a
fix ipt_ttl and ipt_TTL userspace library packaging
...
SVN-Revision: 30897
2012-03-12 02:07:22 +00:00
Jonas Gorski
c336de3d85
kernel: update module names and add new config symbols for linux 3.3
...
SVN-Revision: 29985
2012-02-02 08:23:44 +00:00
Jo-Philipp Wich
a529e3f09e
add CT target and TTL/HL match+target
...
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
SVN-Revision: 29645
2012-01-04 02:52:54 +00:00
Jo-Philipp Wich
a788f199c9
remove current RTSP support
...
SVN-Revision: 29643
2012-01-04 00:29:29 +00:00
Jo-Philipp Wich
2ad90a1ec3
package CT target
...
SVN-Revision: 29609
2011-12-25 13:32:53 +00:00
Felix Fietkau
1027d262ef
netfilter.mk: remove a few obsolete CompareKernelPatchVer calls
...
SVN-Revision: 27086
2011-06-01 18:08:12 +00:00
Jo-Philipp Wich
be906f6be5
package u32 match and TEE target, patches by Maxim Uvarov
...
SVN-Revision: 26977
2011-05-24 08:14:29 +00:00
Jo-Philipp Wich
a9977eca91
firewall: allow local redirection of ports
...
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
2011-04-12 20:03:59 +00:00
Hauke Mehrtens
24c1caef5f
iipt-debug: create bundle of netfilter modules for debugging
...
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
2011-04-09 23:23:46 +00:00
Florian Fainelli
5959cd2850
add kmod-ipt-led
...
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
SVN-Revision: 26451
2011-04-03 18:30:37 +00:00
Felix Fietkau
c864843cbf
netfilter.mk: put ipv6 conntrack in the right package
...
SVN-Revision: 25750
2011-02-27 11:22:30 +00:00
Felix Fietkau
2d14f4e2f8
netfilter: add missing modules for v6 conntrack (patch from #8940 )
...
SVN-Revision: 25731
2011-02-26 15:50:01 +00:00
Felix Fietkau
831e597d7c
move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
...
SVN-Revision: 25722
2011-02-26 00:35:22 +00:00
Felix Fietkau
9dad83362d
kernel: remove imq support, refresh patches
...
SVN-Revision: 25641
2011-02-21 02:06:51 +00:00
Jo-Philipp Wich
d2d990e41e
netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
...
SVN-Revision: 24729
2010-12-19 16:47:30 +00:00
Jo-Philipp Wich
c32a125607
netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
...
SVN-Revision: 23521
2010-10-18 20:39:07 +00:00
Alexandros C. Couloumbis
57d2e57b02
finalize r22241 fixes
...
SVN-Revision: 22242
2010-07-17 08:50:19 +00:00
Jo-Philipp Wich
91468dcf4f
package TPROXY target and module infrastructure
...
SVN-Revision: 21883
2010-06-22 22:39:22 +00:00
Alexandros C. Couloumbis
b6e28298fe
include/netfilter.mk fix typo on r21795
...
SVN-Revision: 21796
2010-06-14 14:51:51 +00:00
Alexandros C. Couloumbis
e491939c70
include/netfilter.mk: add 2.6.35 kernel support
...
SVN-Revision: 21795
2010-06-14 14:44:27 +00:00
Nicolas Thill
aa8e2e8685
netfilter: extension fixes (partially closes : #7045 ) * add missing xt_owner (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6)
...
SVN-Revision: 20693
2010-04-04 12:35:06 +00:00
Nicolas Thill
1b0a9b51c4
include/netfilter.mk: move ebtables definitions at the end
...
SVN-Revision: 20690
2010-04-04 03:43:13 +00:00
Jo-Philipp Wich
42e453a2e3
properly package xt_comment.ko ( #6742 )
...
SVN-Revision: 19861
2010-02-26 00:23:39 +00:00
Jo-Philipp Wich
15c4e22d31
netfilter: add support for raw table and NOTRACK target ( #5504 )
...
SVN-Revision: 19721
2010-02-19 01:36:47 +00:00
Jo-Philipp Wich
e830181f47
iptables: add comment match to the core package
...
SVN-Revision: 18706
2009-12-08 20:52:58 +00:00
Nicolas Thill
72dbf7cdca
netfilter: remove IPset leftovers missed from [17844]
...
SVN-Revision: 18032
2009-10-11 14:08:31 +00:00
Hauke Mehrtens
e014faf13f
Update ipset to version 3.2
...
SVN-Revision: 17764
2009-09-27 15:03:41 +00:00
Florian Fainelli
0e783dde14
split ebtables packages and modules into ebtables ipv4/6 and watchers ( #5001 )
...
SVN-Revision: 16980
2009-07-25 19:47:48 +00:00
Florian Fainelli
a06b20f5b3
fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 ( #5568 )
...
SVN-Revision: 16964
2009-07-24 11:52:30 +00:00
Felix Fietkau
11b33255ed
netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
...
SVN-Revision: 15854
2009-05-14 21:46:33 +00:00
Hauke Mehrtens
73cfaa0f2b
ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
...
SVN-Revision: 15851
2009-05-14 19:01:38 +00:00
Jo-Philipp Wich
f3dd32d6fd
adept netfilter.mk to updated imq
...
SVN-Revision: 15656
2009-05-07 03:16:36 +00:00
Felix Fietkau
34939cad39
get rid of $Id$ - it has never helped us and it has broken too many patches ;)
...
SVN-Revision: 15242
2009-04-17 14:09:46 +00:00
Felix Fietkau
e744c3130a
move iptable_raw to the conntrack-extra package
...
SVN-Revision: 15175
2009-04-09 19:42:52 +00:00
Nicolas Thill
3b53bd7ef3
accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
...
SVN-Revision: 15123
2009-04-06 19:00:20 +00:00
Felix Fietkau
68d73be80c
remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
...
SVN-Revision: 14596
2009-02-21 16:30:44 +00:00
Gabor Juhos
e5c9f00637
netfilter: remove CHAOS, TARPIT and DELUDE references
...
SVN-Revision: 14461
2009-02-09 13:27:39 +00:00
Imre Kaloz
24e299f95d
defrag needs to be loaded before conntrack_ipv4
...
SVN-Revision: 13585
2008-12-10 18:44:46 +00:00
Imre Kaloz
a7cac1dc31
fix conntrack on 2.6.28
...
SVN-Revision: 13582
2008-12-10 16:00:04 +00:00
Nicolas Thill
2c8010b2dc
make the whole iptables/netfiter modular ( closes : #3871 , #3527 )
...
SVN-Revision: 12649
2008-09-22 15:19:59 +00:00
Florian Fainelli
5cf0db54c6
Package ip6t_limit and ip6t_frag for 2.4 kernels ( #3760 )
...
SVN-Revision: 12276
2008-08-11 06:38:48 +00:00
Nicolas Thill
a7b3ffc182
cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names
...
SVN-Revision: 11073
2008-05-08 11:32:46 +00:00
Gabor Juhos
3c05234962
kmod-ipt-iprange: fix build error on .25
...
SVN-Revision: 10992
2008-04-30 15:42:10 +00:00
Gabor Juhos
d80f43d15f
update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches
...
SVN-Revision: 10843
2008-04-15 06:11:23 +00:00
Florian Fainelli
30f8862033
layer7 filtering module is now xt_layer7 ( #3268 )
...
SVN-Revision: 10674
2008-03-27 18:24:13 +00:00
Gabor Juhos
4e05416c39
netfilter/ipset cleanups * rename patches to follow our naming conventions * update ipset patches with revision 7096 of [ https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description
...
SVN-Revision: 9269
2007-10-12 14:58:35 +00:00
Gabor Juhos
8309e3dff2
add TARPIT support to netfilter/iptables * netfilter: add the xt_TARPIT target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [ http://tinyurl.com/2mjk2kx here]
...
SVN-Revision: 9178
2007-10-07 17:17:04 +00:00
Nicolas Thill
0bf90f2a0d
add ipv6 conntrack support ( closes : #2192 )
...
SVN-Revision: 8984
2007-09-23 17:22:17 +00:00
Nicolas Thill
fec4d9ee3c
add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ( closes : #2297 , thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.
...
SVN-Revision: 8955
2007-09-22 18:37:24 +00:00
Nicolas Thill
f5f47e1fbd
cosmetic cleanup before more deep changes
...
SVN-Revision: 8870
2007-09-20 10:48:54 +00:00
Nicolas Thill
f6197eabda
fix typo again (do i need some sleep?)
...
SVN-Revision: 8822
2007-09-17 01:51:57 +00:00
Nicolas Thill
dcf795770c
oops, fix typo
...
SVN-Revision: 8816
2007-09-16 22:41:24 +00:00
Nicolas Thill
892b16a352
revert CONFIG_* symbols set m enforcement introduced in [8591], it can't work when symbols from different kernel versions are mixed in KCONFIG
...
SVN-Revision: 8798
2007-09-16 16:10:37 +00:00
Nicolas Thill
5011d6129c
prevent include/netfilter.mk from being included multiple times
...
SVN-Revision: 8781
2007-09-15 16:19:26 +00:00
Florian Fainelli
6a06ccf9b6
Package the statistics module for netfilter
...
SVN-Revision: 8716
2007-09-09 18:32:06 +00:00
Nicolas Thill
8dc7ced4d4
require all CONFIG_* symbols listed in its KCONFIG to be set to m in order to actually build a kmod package, tweak and fix kernel package definitions.
...
SVN-Revision: 8591
2007-09-03 08:58:14 +00:00
Nicolas Thill
bfa6ac2eab
revert [8473] (see [8055])
...
SVN-Revision: 8499
2007-08-27 02:04:35 +00:00
Nicolas Thill
1ad12c1eeb
fix netfilter quota module
...
SVN-Revision: 8479
2007-08-24 12:23:52 +00:00
Florian Fainelli
3c5ed20fd0
Fix the error on the quota extension ( #2080 )
...
SVN-Revision: 8472
2007-08-23 16:14:17 +00:00
Florian Fainelli
6741194c15
Add back physdev ( #2216 )
...
SVN-Revision: 8466
2007-08-23 15:21:22 +00:00
Felix Fietkau
291ff1fd7e
do dynamic kernel config changes for netfilter as well
...
SVN-Revision: 8119
2007-07-23 03:23:46 +00:00
Felix Fietkau
075883e85b
reorder, xt_CHAOS depends on xt_DELUDE
...
SVN-Revision: 8084
2007-07-20 20:54:54 +00:00
Florian Fainelli
e5520b8853
Add ipt_random module
...
SVN-Revision: 8014
2007-07-17 08:47:44 +00:00
Felix Fietkau
a817b45169
reorganize netfilter modules, get rid of the iptables-mod-extra dependency in qos-scripts
...
SVN-Revision: 7912
2007-07-11 06:47:33 +00:00