Building current trunk with 3.18 kernel fired some errors like 'missed
dependancy of module XXX from library kmod_YYY.ko'. These patch fixes 3
of such issues which are critical to have a successful build.
Signed-off-by: Alexey N Vinogradov <a.n.vinogradov@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43318 3c298f89-4303-0410-b956-a3cf2f4a3e73
The 3.18 kernel introduced new Kconfig options for the xt_nat and iptable_nat
kernel modules, that both belong to the ipt_nat kernel package.
Enable this new options.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43212 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43174 3c298f89-4303-0410-b956-a3cf2f4a3e73
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42022 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41945 3c298f89-4303-0410-b956-a3cf2f4a3e73
Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37866 3c298f89-4303-0410-b956-a3cf2f4a3e73
fixes duplication of xt_mark and xt_connmark module entries
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37344 3c298f89-4303-0410-b956-a3cf2f4a3e73
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
- fixes xt_LOG.ko packaging with Linux 3.6.0 and later
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34681 3c298f89-4303-0410-b956-a3cf2f4a3e73
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34251 3c298f89-4303-0410-b956-a3cf2f4a3e73
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko
if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:
[ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32434 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
