* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36009 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35998 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35969 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Don't prematurely send RENEW / REBIND when T1 or T2 is > 1 day
* Add "norelease" option to not send a RELEASE when stopping
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35902 3c298f89-4303-0410-b956-a3cf2f4a3e73
Spurious errors when receiving netlink-messages lead to unhandled errors
which caused SIGBUS. Thanks to tdavis for debugging
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35836 3c298f89-4303-0410-b956-a3cf2f4a3e73
cap preferred and valid lifetimes at more reasonable limits
decrease memory usage (remove unnecessary book-keeping)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35835 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Announce ULA as deprecated if other addresses are available
* Allow the announced DNS-server to be overwritten
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35803 3c298f89-4303-0410-b956-a3cf2f4a3e73
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35738 3c298f89-4303-0410-b956-a3cf2f4a3e73
Spotted by doing an ARM hard float build.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35685 3c298f89-4303-0410-b956-a3cf2f4a3e73
Based on a patch from НКВД. Closes#12962.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35610 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Don't send undesired suggestions for preferred and valid lifetimes
* Be less verbose in logging
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35553 3c298f89-4303-0410-b956-a3cf2f4a3e73
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35484 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fix reloading of ula-prefixes
* Added support for temporary addresses and routes
* Added support for offlink addresses
* Improved status-output for assigned prefixes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35420 3c298f89-4303-0410-b956-a3cf2f4a3e73
