Thomas Bernard
ef5a1e1abc
testnftnlrdr.c: comments + debug output
2024-03-13 00:14:27 +01:00
Thomas Bernard
1bde68cc9e
nftpinhole.c: fix get_pinhole_info() to return the description
...
see #663
2024-03-13 00:14:27 +01:00
Thomas Bernard
358f430924
nftpinhole.c: update_pinhole() uses strchr() instead of strsep
2024-03-13 00:14:27 +01:00
Thomas Bernard
c3f1a2cb30
always nul terminate string after strncpy()
...
see #663
2024-03-13 00:14:27 +01:00
Thomas Bernard
215091b546
nftpinhole.c: fix get_pinhole_info() and log inet_ntop() errors
2024-03-13 00:14:26 +01:00
Thomas Bernard
90fb7801eb
netfilter_nft: rule_t: have src/dst/nat addresses and ports
...
instead of guessing if it is remote host / external or internal address...
2024-03-13 00:14:20 +01:00
Thomas Bernard
25206a7a3f
testnftpinhole: call init_redirect() / shutdown_redirect()
2024-03-13 00:12:52 +01:00
Thomas Bernard
b3b5dd16d2
more tests in testnftpinhole.c
2024-03-13 00:12:52 +01:00
Thomas Bernard
80d628fa59
netfilter_nft: improve testnftpinhole.c to test find_pinhole()
2024-03-13 00:12:51 +01:00
Thomas Bernard
2e7bfb1e31
netfilter_nft: change debug output for add_pinhole()
2024-03-13 00:12:51 +01:00
Thomas Bernard
e2be9e1571
add comments to rule_set_filter6() and rule_set_filter_common()
2024-03-13 00:12:51 +01:00
Thomas Bernard
4c68985304
netfilter_nft/nftnlrdr_misc.c: comments and warning in parse_rule_payload()
2024-03-13 00:12:51 +01:00
Thomas Bernard
424f5c259f
fix find_pinhole()
...
see #663
2024-03-13 00:12:51 +01:00
Thomas Bernard
025f0f502b
NFT: check inet_pton() errors in find_pinhole()
2024-03-13 00:12:50 +01:00
Thomas Bernard
4dda6d8820
update (c) lines
2024-03-12 00:37:21 +01:00
Sven Auhagen
2c9a645b10
NFTables: Add backwards compatibility for IPv4 NAT
...
NFtables uses the INET table for NAT which combines IPv4 and IPv6.
Older systems might not have this option and use the ip table instead.
This adds a flag to fall back to the ip table style.
Signed-Off-By: Sven Auhagen <sven.auhagen@voleatech.de>
2024-03-04 06:18:41 +01:00
yangfl
2c0c73a081
Quote paths in nft scripts to prevent word splitting.
2023-08-07 05:30:41 +08:00
Thomas Bernard
a1ade4532e
fix get_portmappings_in_range()
2023-06-27 01:50:31 +02:00
Thomas Bernard
904dda47ed
nftnlrdr_misc.c: replace nftnl_rule_get_data() usage with specific nftnl_rule_get_*() functions
...
nftnl_rule_get_u32()
nftnl_rule_get_u64()
nftnl_rule_get_str()
closes #641
should fix #582
2023-01-14 19:18:37 +01:00
Thomas Bernard
67ea8c8bc3
nftnlrdr_misc.c: debug message about proto_min_reg/proto_min_val
2023-01-14 19:16:40 +01:00
Thomas Bernard
61127ca0be
nftnlrdr_misc.c: expr_set_reg_val_u16() has uint16_t arg
2022-10-10 02:33:04 +02:00
Thomas Bernard
890e4ec218
nftnlrdr_misc.c: fix parse_rule_immediate()
...
so it works correctly on both little endian and big endian CPUs
should fix #628
2022-10-10 02:32:58 +02:00
Thomas Bernard
8bbe1c1339
remove useless UNUSED()
2022-10-10 01:23:26 +02:00
Thomas Bernard
a6ca2b14c5
miniupnpd/nftnldr.c: init local var in update_portmapping()
...
see https://github.com/miniupnp/miniupnp/pull/607
rhost is not currently in use, but it might be some day.
2022-04-21 00:19:45 +02:00
Brian John
87776e8345
Split "NAT" and "TABLE" for consistency
2022-01-01 16:58:55 -06:00
Brian John
8d061ecf65
Fix typo: should check for `$NAT_TABLE`
2022-01-01 16:17:31 -06:00
Brian John
69f01ffcc8
Spelling fix: routeing --> routing
2022-01-01 16:15:54 -06:00
Thomas Bernard
78823d762e
README.md: updated. fix titles
2021-12-16 00:29:39 +01:00
Thomas Bernard
2bfed34e8c
README.md: reformat chain/tables setup
...
fix 3129683cb3
2021-12-16 00:27:57 +01:00
Thomas Bernard
1a5cdc0a13
remove space before eol
2021-12-02 00:35:51 +01:00
Sven Auhagen
3129683cb3
NFTables use scripts to create tables and chains
...
To hardcode table and chain creation and deletion makes it impossible
for existing firewall infrastructures to integrate miniupnpd.
NFTables will either reevaluate packets through miniupnpd or
it will delete existing tables when there are already custom chains in it.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-28 08:08:37 +01:00
Sven Auhagen
0b3f3e4029
NFTables make tables name configurable
...
Right now the table names are hardcoded and do not integrate with an overall
firewall strategy.
NFTables has restrictions on how packets are evaluated against chains.
For example if multiple forward chains are evaluated with different prioity,
all packets that pass the first one will be reevaluated again in the second chain.
To have an overall firewall concept with miniupnpd it is necessary to use existing
tables and hence to configure them in miniupnpd.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-11-27 21:49:21 +01:00
Thomas BERNARD
9a5215c54a
Merge pull request #562 from svenauhagen/feature/nftablesnat
...
NFTables use nat chain for inet (instead of specific IPv4 chain)
2021-11-17 12:36:19 +01:00
Thomas Bernard
92cf5c2f95
nftnlrdr_misc.c: 2021
2021-08-21 10:26:31 +02:00
Sven Auhagen
acc3bcb0a3
NFTables use inet nat chain
...
NFTables supports inet in the nat chain as well.
Use it instead of IPv4 chain so it is consistent with the filter chain.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech.de>
2021-08-18 16:58:50 +01:00
Thomas Bernard
97b7ec1ad2
normalize use of __STDC_VERSION__
2021-06-17 09:25:26 +02:00
Thomas Bernard
f50f00b5ea
errno.h not sys/errno.h
2020-11-11 13:24:48 +01:00
Thomas Bernard
5e7f8b5183
netfilter_nft/nftnlrdr_misc.h: comment
2020-10-22 21:39:41 +02:00
Thomas Bernard
3a17dea056
pass rule type to the private arg of mnl_cb_run() callback
...
should fix #481
2020-10-17 23:20:29 +02:00
Thomas Bernard
2595275eb5
netfilter_nft: build testing
2020-10-17 22:52:34 +02:00
Thomas Bernard
992565201b
fix testnftnlrdr.c
2020-09-29 01:00:29 +02:00
BERNARD Thomas
91ff44c9d2
netfilter_nft: fix test stuff
2020-09-29 00:43:55 +02:00
Thomas Bernard
11dec5b25c
fix log
2020-09-29 00:17:58 +02:00
Thomas Bernard
61d4aecb6e
fix warning
2020-09-28 21:58:08 +02:00
Thomas Bernard
7db8ef0921
fix c9f6ddd
2020-09-28 21:57:50 +02:00
Thomas Bernard
c9f6ddd102
miniupnpd/netfilter_nft: more logs in set_rdr_name()
...
see #481
2020-09-26 17:42:26 +02:00
Thomas Bernard
d7b40010d5
nftnlrdr_misc.c: add log in case of send_batch() failure
...
useful for #481
2020-07-09 11:16:47 +02:00
Thomas Bernard
86b6aad797
ido not use depreacted nftnl_rule_set() and nftnl_chain_set()
...
now uses nftnl_rule_set_str() and nftnl_chain_set_str()
fixes #476
2020-06-10 11:55:42 +02:00
Thomas Bernard
92ec4d05ab
nftnlrdr_misc.c: fix a memory leak in table_cb()
2020-06-08 10:08:44 +02:00
Thomas Bernard
5f66d1852d
rewrite send_batch() for clarity
2020-06-07 21:43:03 +02:00