Git-Mirrors/qubes-mirage-firewall
1
0
Fork 0
mirror of https://github.com/mirage/qubes-mirage-firewall.git synced 2024-06-26 06:02:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
30 Commits 1 Branch 18 Tags 1 MiB
e05a92da50
Commit Graph

12 Commits

Author SHA1 Message Date
Thomas Leonard
e05a92da50 Update to new Logs API 
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
 2016-01-08 11:40:11 +00:00
Thomas Leonard
13138dc636 Fix OOM check when adding NAT entries 2016-01-05 16:43:07 +00:00
Thomas Leonard
ea7c10ce58 Handle Out_of_memory adding NAT entries 
Because hash tables resize in big steps, this can happen even if we have
a fair chunk of free memory.
 2016-01-03 17:10:02 +00:00
Thomas Leonard
491dbd9323 Calculate checksums even for Accept action 
If packet has been NAT'd then we certainly need to recalculate the checksum,
but even for direct pass-through it might have been received with an invalid
checksum due to checksum offload. For now, recalculate full checksum in all
cases.

See #1.
 2016-01-03 14:14:00 +00:00
Thomas Leonard
96bc12c591 Log correct destination for redirected packets 
Before, we always said it was going to "NetVM".
 2016-01-02 20:38:38 +00:00
Thomas Leonard
0e8e142337 If we can't find a free port, reset the NAT table 2016-01-02 16:50:16 +00:00
Thomas Leonard
425ba26286 Reset NAT table if memory gets low 2016-01-02 15:50:05 +00:00
Thomas Leonard
aee124338a Minor cleanup 2016-01-01 13:03:18 +00:00
Thomas Leonard
1da8775814 Provide same actions to client and NetVM rules 2016-01-01 12:54:44 +00:00
Thomas Leonard
2002126b8b Rationalised firewall rules syntax 
Added explicit NAT target, allowing NAT even within client net and
making it clear that NAT is used externally.

Changed Redirect_to_netvm to NAT_to, and allow specifying any target
host.
 2016-01-01 11:32:57 +00:00
Thomas Leonard
ac0444f1c1 Log packet details when dropping 2015-12-31 09:56:58 +00:00
Thomas Leonard
cd69ce5a86 Move NAT code to router and add DNS redirects 2015-12-30 19:34:04 +00:00