fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,995 Commits 6 Branches 17 Tags 782 MiB
2411859afe
Commit Graph

25 Commits

Author SHA1 Message Date
David Bauer
61ff4a04f8
firewall: bump to latest HEAD 
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes

Signed-off-by: David Bauer <mail@david-bauer.net>
 2020-09-06 13:18:19 +08:00
Hauke Mehrtens
c9a3b5d9c1 firewall: Fix PKG_MIRROR_HASH 
Fixes: 6c57fb7aa9 ("firewall: bump to version 2020-07-05")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-08-25 12:20:28 +08:00
Yousong Zhou
7e1bb30fe9
firewall: bump to version 2020-07-05 
Changes since last source version

  e9b90df zones: apply tcp mss clamping also on ingress path
  050816a redirects: fix segmentation fault
  f62a52b treewide: replace unsafe string functions
  23cc543 improve reload logic
  9d7f49d redurects: add support to define multiple zones for dnat reflection rules
  f87d0b0 firewall3: defaults: fix uci flow_offloading option
  fe9602c rules: fix typo
  7cc2a84 defaults: robustify flow table detection.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 2020-07-27 19:41:19 +08:00
Philip Prindeville
afc9f6ec52
firewall: add rule for traceroute support 
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
 2020-05-23 19:17:18 +08:00
CN_SZTL
a68db5f2df
treewide: sync with upstream source 2020-03-28 23:37:17 +08:00
CN_SZTL
6f1aeacab7
Merge Lean's source 2020-02-04 02:10:48 +08:00
coolsnowwolf
8b05d9f36d firewall: bump to new version 2020-02-04 01:00:39 +08:00
CN_SZTL
d74a5ae4f7
firewall: bump to 2019-09-23 2019-11-09 10:00:03 +08:00
CN_SZTL
9f00ef69ae
fix permission 2019-09-30 14:27:46 +08:00
CN_SZTL
76a3cd7f74
fix & merge 2019-09-30 13:21:19 +08:00
CN_SZTL
5dd5f80ec8
Merge pull request #2 from coolsnowwolf/master 
merge newest source from lean
 2019-05-27 12:04:38 +08:00
LEAN-ESX
91bdd6b3e0 firewall: add Fullcone-NAT option 2019-05-26 10:26:57 -07:00
CN_SZTL
ce8ed9121b
add luci-app-haproxy & luci-app-udpspeederv2 2019-05-25 21:05:51 +08:00
coolsnowwolf
d2eafde1a2 firewall: update to latest git HEAD 2019-01-04 13:24:10 +08:00
coolsnowwolf
fcff889b0e firewall: bump to new version 2019-01-03 20:38:08 +08:00
coolsnowwolf
347daa04b2 Merge branch master of https://github.com/coolsnowwolf/lede 2019-01-03 19:29:28 +08:00
coolsnowwolf
0f4c3eb2d5 default enable fullconenat in fw3 2018-09-22 18:31:40 +08:00
coolsnowwolf
806f5db174 sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00
coolsnowwolf
9ba04fd0d7 sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00
coolsnowwolf
a4af6b9325 firewall: update to latest git HEAD 2018-06-16 12:12:47 +08:00
coolsnowwolf
85c231621c firewall: update to the latest version, adds hardware flow offload support 2018-04-08 16:57:27 +08:00
coolsnowwolf
20f7e75789 update to R7.5.4 2018-01-15 18:26:41 +08:00
coolsnowwolf
b0f643aa87 update to R7.5.3 stable to fix firewall freeze 2018-01-10 20:55:06 +08:00
coolsnowwolf
229cde62a4 Merge branch 'master' of https://github.com/lede-project/source 2018-01-09 14:38:15 +08:00
coolsnowwolf
97a4ffcc12 update source 2017-09-06 19:19:45 +08:00