e49d44f700
miniupnpd: set SNAT to support bidirectional mapping
...
we cannot expect that iport == eport on all the case in firewall.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-21 07:41:58 +08:00
07abee862c
miniupnpd: Fix "IGD2 Port Triggering" in update_portmapping()
2020-04-20 23:37:24 +02:00
7662088603
miniupnpd: fix typo
...
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-20 15:05:13 +08:00
93c89c209c
miniupnpd: update snat rules on update_portmapping
...
We forget to update the snat rule when update the
portmapping.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-04-20 15:05:00 +08:00
5eaf3ec0fe
Correct typo
2020-03-05 22:46:01 +09:00
6317e73342
iptpinhole.c: fix ressource leak in ip6tc_init_verify_append()
...
fixes #393
2019-08-24 10:55:33 +02:00
a77d1ff9d3
iptcrdr.c: memory allocation fix in get_portmappings_in_range()
...
fixes #394
2019-08-24 10:54:46 +02:00
2d873ce908
miniupnpd_functions.sh parsing fix.
...
both MINIUPNPD and MINIUPNPD-PREROUTING were matched by
/$CHAIN/.
2019-03-22 15:35:23 +01:00
476974ab52
use iptables -I instead of -A to add rules
...
So the rules are added at the head of the chains, taking
priority over the preloaded rules.
should fix #354
2019-03-22 15:33:57 +01:00
c3f752db4a
miniupnpd/netfilter: fix iptables_init.sh for postrouting chain
...
should fix #334
2019-03-09 16:16:00 +01:00
f7d65cdaad
miniupnpd/netfilter/ipctcrdr.c: conditionnaly use NFC_UNKNOWN as well
...
fix #346
2019-02-03 19:04:44 +01:00
6106111972
miniupnpd/netfilter: build with linux kernel 5.0
...
should fix #346
2019-02-03 13:26:27 +01:00
6e5a88098d
fix file headers (=>2018)
...
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-07-06 14:16:49 +02:00
810cb665c2
Merge branch 'pr_307'
...
see #307
2018-07-06 13:40:18 +02:00
72005ce86a
add -w option to iptables.
...
see https://miniupnp.tuxfamily.org/forum/viewtopic.php?p=5113
Signed-off-by: Thomas Bernard <miniupnp@free.fr>
2018-05-29 12:26:33 +02:00
cd7284785b
miniupnpd: Add function delete_filter_rule() also for PF and Linux Netfilter
...
It is needed for STUN implementation.
2018-05-19 13:31:02 +02:00
5dcd40aece
netfilter/iptpinhole.c: remove warning: implicit declaration of function 'upnp_time'
...
fixes ef94635100
2018-04-22 21:24:30 +02:00
82ec7bc3df
miniupnpd: Add options for netfilter scripts
2018-03-16 23:57:39 +08:00
ef94635100
miniupnpd: time() => upnp_time()
...
I had forgotten some
see #288
2018-03-14 00:09:42 +01:00
b4ed41eae8
add -w parameter to iptables for locking
...
fixes #232
2017-03-13 13:07:22 +01:00
da64fd85cb
pass ext_if_name arg to add_pinhole()
...
should fix #228
2017-03-13 11:47:21 +01:00
688b13586c
netfilter/iptcrdr.c: do not add MASQUERADE rule if iport==eport
...
fixes #193
2016-03-08 10:29:47 +01:00
9c28a0745f
remove warning
2016-02-12 15:31:21 +01:00
ff4b9c5d75
netfilter/iptcrdr.c: improve debug output
2016-02-12 15:02:44 +01:00
bdac007771
add update_portmapping() / update_portmapping_desc_timestamp() functions
2016-02-12 15:01:30 +01:00
34f80a011f
Add light version of iptables_display.sh script
2016-02-12 14:56:10 +01:00
8bad6cd338
netfilter/iptcrdr.c: remove old USE_INDEX_FROM_DESC_LIST code
2016-02-12 14:55:09 +01:00
dd9bf47c68
iptcrdr.c: add iptc_init() check in init_redirect()
2016-02-12 14:51:59 +01:00
06049f1e7d
add ENABLE_PORT_TRIGGERING macro in config.h
...
enabled by default. Will allow people to disable the code :)
2016-02-09 10:09:19 +01:00
3284d113c7
remove ifname arg from addmasqueraderule()
...
also improve comment and remove useless log :)
2016-01-28 22:16:07 +01:00
141e861c3a
remove call to addpeernatrule() ...
2016-01-26 18:17:05 +01:00
9059966122
netfilter/iptcrdr.c: improve comments
...
give which iptables command is equivalent for adding the rule
2016-01-26 18:16:23 +01:00
1ba4362910
MINIUPNPD-PCP-PEER => MINIUPNPD-POSTROUTING
...
renamed
miniupnpd_peer_chain = "MINIUPNPD-PCP-PEER"
to
miniupnpd_nat_postrouting_chain = "MINIUPNPD-POSTROUTING";
2016-01-26 16:50:48 +01:00
ba91c4ec23
add addmasqueraderule()
...
see issue #166
http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=1820
iptables -t nat -I POSTROUTING -o <extif> -s <iaddr> -p UDP --sport <iport> -j MASQUERADE --to-ports <eport>
2016-01-26 16:38:32 +01:00
f4324d45e5
fix netfilter/Makefile dependencies, fix iptables_display.sh
2016-01-26 16:38:32 +01:00
55cf34a101
fix iptc_init_verify_and_append() calls
2016-01-26 16:38:32 +01:00
f1ce2301da
shutdown_iptpinhole() frees memory
2016-01-19 10:53:14 +01:00
6f8951d40d
find_pinhole() return -2 if not found
2016-01-19 10:52:36 +01:00
e252acef88
PCP: check pinhole before adding in CreatePCPMap_FW()
...
fixes #188
2016-01-18 20:16:06 +01:00
a8ab2149f4
Remove some bugs in DeletePCPPeer and DeletePCPMap
2016-01-13 13:26:20 +03:00
e405f78b89
Fix output specifier
2016-01-04 12:13:00 +08:00
3b472b59e0
Fix get_portmappings_in_range() in non-expand case.
...
In get_portmappings_in_range(), array[] is not updated when
realloc() is not called, hence get_portmappings_in_range() is
always null. This fix changes to fill array[].
2015-03-09 17:33:10 +09:00
6e5d8ce954
miniupnpd: Allow wildcard (empty string) remote host for AddPinhole()
2015-02-10 16:04:10 +01:00
5df35db6ab
fix c7d7efd230
2015-02-08 10:46:13 +01:00
c7d7efd230
fix realloc failure issues detected thanks to cppcheck
2015-02-08 10:23:22 +01:00
4cbcdc34d2
UPNP pinholing: add missing sys/types.h include
...
sys/types.h is necessary to declare u_int64_t for some c libraries, so include it.
Signed-off-by: Steven Barth <cyrus@openwrt.org>
2014-10-21 15:54:02 +02:00
3eb71223b4
For some reason, rules without ipv6.flags set (and proto set?) do not match at all at least on Linux 3.10. So with this patch, they do (and it took me a while to find out, sigh)
2014-05-29 17:56:48 +03:00
7c7407099e
Added Linux get_pinhole_uid_by_index.
2014-05-15 11:45:37 +02:00
3e03562b77
miniupnpd: Added ENABLE_UPNPPINHOLE macro
...
using ENABLE_UPNPPINHOLE to compile in the support for IPv6 Firewall pinholes.
It is enabled by either ENABLE_6CF_SERVICE or ENABLE_PCP + ENABLE_IPV6.
2014-05-15 11:26:54 +02:00
9e3547cdec
miniupnpd/netfilter/iptables_*.sh: less usage of deprecated net-tools. Use iproute2 instead.
2014-04-15 15:57:10 +04:00
Chen Minqiang
Thomas Bernard
HanJong Jang
Pali Rohár
yangfl
vvsvic
Chocobo1
Tomofumi Hayashi
sbyx
Markus Stenberg
Dmitry Mostovenko