Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| inbox:firewall:firewall_components [2018/09/16 12:09] – ↷ Links adapted because of a move operation bobafetthotmail | docs:guide-user:firewall:firewall_components [2020/07/15 17:42] – [Kernel Tuning via sysctl] updated vgaetera | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| components to the OpenWrt firewall: | components to the OpenWrt firewall: | ||
| - | - the [[inbox: | + | - the [[docs: |
| - a set of netfilter hooks in the kernel networking stacks | - a set of netfilter hooks in the kernel networking stacks | ||
| - a set of linux kernel modules that handle the inspection of network packets | - a set of linux kernel modules that handle the inspection of network packets | ||
| - a set of kernel tuning parameters to configure the network stacks and firewall modules | - a set of kernel tuning parameters to configure the network stacks and firewall modules | ||
| - | This documentation is based on | + | This documentation is based on [[releases:18.06:notes-18.06.0|OpenWrt 18.06.0]]. |
| - | [[https:// | + | |
| Many of the configurations have been tested against this release using the | Many of the configurations have been tested against this release using the | ||
| - | [[inbox: | + | [[docs: |
| ===== Firewall3 (fw3) ===== | ===== Firewall3 (fw3) ===== | ||
| - | The [[inbox: | + | The [[docs: |
| application used to provision the firewall. | application used to provision the firewall. | ||
| team specifically for the project. | team specifically for the project. | ||
| Line 63: | Line 62: | ||
| ===== Kernel Tuning via sysctl ===== | ===== Kernel Tuning via sysctl ===== | ||
| - | ''/ | + | ''/ |
| - | loads ''/ | + | This is a shell script that loads ''/ |
| - | set/tune kernel parameters to provide OpenWrt features. | + | These set/tune kernel parameters to provide OpenWrt features. |
| - | [[http:// | + | See [[man>sysctl.conf]]. |
| - | All are parameters documented under the '' | + | All are parameters documented under the '' |
| - | of kernel source tree so the specifics will not be repeated here. See | + | See '' |
| - | '' | + | |
| - | :!: Since the OpenWrt feature set is fairly static, the kernel parameters almost | + | :!: Since the OpenWrt feature set is fairly static, the kernel parameters almost certainly do not need to tuned beyond the defaults provided in the build. |
| - | certainly do not need to tuned beyond the defaults provided in the build. | + | |
| - | :!: Notice that netfilter bridging support in the kernel is disabled! | + | :!: Notice that netfilter bridging support in the kernel is disabled! |
| - | '' | + | See '' |
| - | <file> | + | <code> |
| bridge-nf-call-iptables - BOOLEAN | bridge-nf-call-iptables - BOOLEAN | ||
| 1 : pass bridged IPv4 traffic to iptables' | 1 : pass bridged IPv4 traffic to iptables' | ||
| 0 : disable this. | 0 : disable this. | ||
| Default: 1 | Default: 1 | ||
| - | </file> | + | </code> |
| - | + | ||
| - | FIXME : the **sysctl** directives in ''/ | + | |
| - | those in the ''/ | + | |
| - | entirely redundant. | + | |
| - | + | ||