git.openwrt.org Git - project/firewall4.git/commit

projects / project / firewall4.git / commit

author	User User-User <user@localhost>
	Thu, 7 Sep 2023 19:04:35 +0000 (22:04 +0300)
committer	Jo-Philipp Wich <jo@mein.io>
	Fri, 3 Nov 2023 13:04:39 +0000 (14:04 +0100)
commit	785798c8fd72ff3c4c8940922173290bb25bc18e
tree	bd4e6144b9d6759d6df147fe32d14fe3437306f0	tree \| snapshot
parent	187405075911d408fa48e97ce343e76a2a30ef12	commit \| diff

ruleset: dispatch ct states using verdict map

In case the dropping of invalid conntrack states is enabled, using a verdict
map allows us to use only one rule instead of two, lowering the initial rule
match overhead.

Signed-off-by: Andris PE <neandris@gmail.com>
[whitespace cleanup, rebase, extend commit subject and message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

31 files changed:

root/usr/share/firewall4/templates/ruleset.uc		diff \| blob \| history
tests/01_configuration/01_ruleset		diff \| blob \| history
tests/01_configuration/02_rule_order		diff \| blob \| history
tests/02_zones/01_policies		diff \| blob \| history
tests/02_zones/02_masq		diff \| blob \| history
tests/02_zones/03_masq_src_dest_restrictions		diff \| blob \| history
tests/02_zones/04_masq_allow_invalid		diff \| blob \| history
tests/02_zones/04_wildcard_devices		diff \| blob \| history
tests/02_zones/05_subnet_mask_matches		diff \| blob \| history
tests/02_zones/06_family_selections		diff \| blob \| history
tests/02_zones/07_helpers		diff \| blob \| history
tests/02_zones/08_log_limit		diff \| blob \| history
tests/03_rules/01_direction		diff \| blob \| history
tests/03_rules/02_enabled		diff \| blob \| history
tests/03_rules/03_constraints		diff \| blob \| history
tests/03_rules/04_icmp		diff \| blob \| history
tests/03_rules/05_mangle		diff \| blob \| history
tests/03_rules/06_subnet_mask_matches		diff \| blob \| history
tests/03_rules/07_redirect		diff \| blob \| history
tests/03_rules/08_family_inheritance		diff \| blob \| history
tests/03_rules/09_time		diff \| blob \| history
tests/03_rules/10_notrack		diff \| blob \| history
tests/03_rules/11_log		diff \| blob \| history
tests/03_rules/12_mark		diff \| blob \| history
tests/04_forwardings/01_family_selections		diff \| blob \| history
tests/05_ipsets/01_declaration		diff \| blob \| history
tests/05_ipsets/02_usage		diff \| blob \| history
tests/06_includes/01_nft_includes		diff \| blob \| history
tests/06_includes/02_firewall.user_include		diff \| blob \| history
tests/06_includes/04_disabled_include		diff \| blob \| history
tests/06_includes/05_automatic_includes		diff \| blob \| history

OpenWrt nftables firewall

RSS Atom