Re: [LEDE-DEV] firewall question

2017-12-15 Thread e9hack
Am 15.12.2017 um 18:03 schrieb Eric Romano: > The "input" option of your LAN zone is set to ACCEPT. This means that > any traffic to the interface ip address(es) of that zone will be > allowed unless otherwise blocked by a rule. > > It's not obvious but zone forwarding rules only for traffic

[LEDE-DEV] firewall question

2017-12-15 Thread e9hack
Hi, I did set-up a openvpn server on my router. /etc/config/network contains the interface definition: config interface 'vpn' option proto 'none' option ifname 'tun1' In /etc/config/firewall, I've the following definitions related to vpn, lan and wan: config zone

[LEDE-DEV] [PATCH fstools] overlay: fix race condition when switching to jffs2

2017-12-15 Thread Roman Yeryomin
There is a race between `cp -a /tmp/root/* /rom/overlay` from libfstools/overlay.c and a process creating new file(s) before pivot(/rom, /mnt) occured. That is a process can create a file and it will not be copied. To workaround this, do additional copy after jffs2 is ready. This doesn't

Re: [LEDE-DEV] [PATCH] kernel: bump 4.4 to 4.4.105 for 17.01

2017-12-15 Thread FOSS
Run-tested on: ar71xx, x86/64, ramips/mt7621. Tested-by: Stijn Segers ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH v1 1/2] kmod-sched-cake: bump to latest bake of cake

2017-12-15 Thread Kevin Darbyshire-Bryant
There has been recent significant activity with the cake qdisc of late but in the cobalt branch. Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. Relevant feature changes: ingress mode: Instead of only counting packets that make it past

[LEDE-DEV] [PATCH v1 2/2] iproute2: cake: support new operating modes

2017-12-15 Thread Kevin Darbyshire-Bryant
There has been recent significant activity with the cake qdisc of late Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. This commit teaches tc how to activate and interprete the latest cake operating modes, namely: ingress mode: Instead

[LEDE-DEV] [PATCH v1 0/2] update to the latest cake bake

2017-12-15 Thread Kevin Darbyshire-Bryant
There has been recent significant activity with the cake qdisc of late Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. This commit series updates cake and iproute's tc to include the latest cake ingredients: ingress mode & ack filtering

Re: [LEDE-DEV] firewall question

2017-12-15 Thread Eric Romano
The "input" option of your LAN zone is set to ACCEPT. This means that any traffic to the interface ip address(es) of that zone will be allowed unless otherwise blocked by a rule. It's not obvious but zone forwarding rules only for traffic forwarded on behalf of clients on the network, not for

Re: [LEDE-DEV] [PATCH] kernel: add kmod-fou

2017-12-15 Thread John Crispin
Hi Filip please resend a V2 with a description of what the patch/module actually does     John On 13/12/17 22:35, Filip Moc wrote: Signed-off-by: Filip Moc --- package/kernel/linux/modules/netsupport.mk | 22 ++ 1 file changed, 22 insertions(+) diff