| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Relax WAN input rulesHEADmaster | Himbeer | 2025-04-05 | 1 | -6/+87 |
| | | | | | | | | This has the purpose of ensuring that DS-Lite works correctly and reliably, even if the exact headers differ from the expectations. All ports that are bound to are still blocked, using a denylist instead of an allowlist. | ||||
| * | Enable NPT for internal VPN-to-GUA traffic | Himbeer | 2024-09-04 | 1 | -8/+7 |
| | | | | | | | | Previously it was impossible to access local services using their GUAs through the VPNs. This commit enables NPT for any outbound packets with a destination address in the 2000::/3 (GUA) range as well as for any inbound packets to VPN prefixes. | ||||
| * | Implement dynamic NPT for VPNs | Himbeer | 2024-08-20 | 2 | -6/+295 |
| | | |||||
| * | Add rules for the exposed VPN | Himbeer | 2024-08-20 | 1 | -0/+48 |
| | | |||||
| * | Allow VPN access from everywhere (including WAN, excluding Isolated) | Himbeer | 2024-08-17 | 1 | -0/+9 |
| | | |||||
| * | Allow VoIP access Exposed -> Trusted | Himbeer | 2024-08-17 | 1 | -9/+7 |
| | | |||||
| * | Revert "Make firewall rules for server-to-internal-clients-VoIP less ↵ | Himbeer | 2024-08-17 | 1 | -4/+6 |
| | | | | | | | restrictive" This reverts commit 644dacf844a094a513a00255f9717f16faac22c5. | ||||
| * | Make firewall rules for server-to-internal-clients-VoIP less restrictive | Himbeer | 2024-08-17 | 1 | -6/+4 |
| | | | | | Internal VoIP now works without a VPN connection when physically on-site. | ||||
| * | Add VPN rules | Himbeer | 2024-08-17 | 1 | -0/+45 |
| | | |||||
| * | allow mgmt / trusted traffic to modem0.5.1 | HimbeerserverDE | 2023-08-14 | 1 | -0/+9 |
| | | |||||
| * | apply nat to modem traffic | HimbeerserverDE | 2023-08-14 | 2 | -2/+12 |
| | | |||||
| * | add dslite ruleset0.5.0 | HimbeerserverDE | 2023-08-14 | 1 | -0/+44 |
| | | |||||
| * | update ruleset for native ipv60.4.0 | HimbeerserverDE | 2023-08-13 | 1 | -28/+34 |
| | | |||||
| * | pppoe2 compatibility: rename wan rsppp0 -> ppp00.3.2 | HimbeerserverDE | 2023-07-30 | 1 | -14/+16 |
| | | |||||
| * | general update0.3.1 | HimbeerserverDE | 2023-06-03 | 1 | -4/+4 |
| | | |||||
| * | perform mss clamping on he 6in4 IPv6 traffic | HimbeerserverDE | 2023-05-07 | 1 | -4/+18 |
| | | |||||
| * | complete ipv6 ruleset | HimbeerserverDE | 2023-05-07 | 1 | -0/+27 |
| | | |||||
| * | allow inbound 6in4 traffic | HimbeerserverDE | 2023-05-06 | 1 | -0/+3 |
| | | |||||
| * | switch from manual to auto mss clamping | HimbeerserverDE | 2023-05-06 | 1 | -2/+2 |
| | | |||||
| * | implement mss clamping in the firewall0.1.1 | HimbeerserverDE | 2023-05-03 | 1 | -0/+14 |
| | | |||||
| * | allow management (unifi) to contact the outside world | HimbeerserverDE | 2023-04-29 | 1 | -0/+6 |
| | | |||||
| * | voip port forwarding | HimbeerserverDE | 2023-04-14 | 2 | -0/+34 |
| | | |||||
| * | add input chain | HimbeerserverDE | 2023-03-30 | 1 | -5/+58 |
| | | | | | fixes #1 | ||||
| * | make sure no communication into the isolated vlan is possible either | HimbeerserverDE | 2023-03-30 | 1 | -0/+3 |
| | | |||||
| * | prevent isolated vlan from accessing anything, particularly the exposed vlan | HimbeerserverDE | 2023-03-30 | 1 | -0/+3 |
| | | |||||
| * | add basic packet filtering focused on ipv4 | HimbeerserverDE | 2023-03-30 | 1 | -2/+68 |
| | | |||||
| * | log success | HimbeerserverDE | 2023-03-24 | 1 | -1/+4 |
| | | |||||
| * | use rustables to write correct nftables ruleset | HimbeerserverDE | 2023-03-21 | 3 | -5/+33 |
| | | |||||
| * | enable NAT | HimbeerserverDE | 2023-03-21 | 1 | -2/+8 |
| | | |||||
| * | initial commit | HimbeerserverDE | 2023-03-21 | 1 | -0/+3 |
 |
index : rsdsl/netfilterd.git | |
| NAT / ACL configuration service for the rsdsl project | himbeer |
| aboutsummaryrefslogtreecommitdiff |