summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* make policy match compile independant of kernel headerssvn_t_iptables_1_3_5/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-013-2/+6
|
* Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-011-0/+13
| | | | file in a way that breaks userspace :(
* fix ipt_conntrack compilation against very early (2.4.0) kernel releases/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-011-1/+1
|
* remove other bits of old ip pool code, people should use ipset ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-015-323/+2
| | | | (ipset.netfilter.org) these days
* remove ippool/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-013-679/+0
|
* Prepare policy match for x_tables unification by making sure both/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-317-16/+126
| | | | ipt_policy and ip6t_policy use the same data structure.
* fix 'save' (Michael Rash)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-301-2/+2
|
* major manpage update (Yasuyuki Kozakai)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-3027-88/+149
|
* Add 'copy+paste' support for 'state' and 'connmark' match, as well as/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-264-1/+535
| | | | 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support.
* add note about deprecated state/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-261-0/+2
|
* fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-01-222-2/+2
|
* Fix "empty policy element" complaining in non-strict mode./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-222-2/+4
| | | | Noticed by Tom Eastep <teastep@shorewall.net>.
* Clarify --tunnel-src/--tunnel-dst options/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-122-6/+10
|
* Move empty policy element check to also catch last element/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-122-10/+12
|
* Don't allow using --next option without specifying a policy element/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-122-4/+14
|
* Fix invalid assignment of tunnel-src to dest address (Patrick McHardy)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-091-2/+2
|
* Add documentation for string match (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-031-0/+15
|
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-224-8/+10
| | | | Bugzilla #413
* fix iptables-save of 'goto' target (Closes: #410)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-051-2/+2
|
* Add note that TCPMSS is only valid in the mangle table (not true today, but ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-051-1/+4
| | | | maybe someday)
* fix compilation of iptables on [old] systems that don't have IPT_F_GOTO/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-242-0/+6
|
* note that we can only delete chains that are empty/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-221-3/+4
|
* tcp-rst is the alias, not tcp-reset (Torsten Hilbrich)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-221-1/+1
|
* Add policy match extensions from patch-o-matic/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-196-0/+998
|
* Fix some gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-184-7/+7
|
* Don't eat numeric arguments for other extensions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-181-4/+12
|
* The conntrack match does not print any info for --ctproto, thus/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-171-0/+7
| | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester)
* only set revisions on real targets, not on jumps. (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-171-1/+3
|
* - Fix memory leak in TC_COMMIT() (Markus Sundberg)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-121-23/+25
| | | | | - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function
* add 'goto' support (Henrik Nordstrom <hno@marasystems.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-053-3/+33
|
* fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)svn_t_iptables_1_3_4/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-032-53/+10
| | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :(
* about to release 1.3.4/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-10-311-2/+2
|
* The conntrack match extension doesn't handle address inversion correctly. ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-2/+2
| | | | (Tom Eastep)
* Kernels higher than 2.6.10 don't support multiple --to arguments in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-194-0/+41
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* * specifying random seed for the Jenkins hash works as documented/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-28/+37
| | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org>
* Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-09-111-0/+4
| | | | We can't include that header since it conflicts with sys/types.h
* Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-09-111-6/+6
| | | | merged into the 2.6 kernel
* Update manpage to reflect missing ability to SNAT to multiple ranges in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-291-4/+6
| | | | 2.6.11-rc1 and later
* Update manpage to reflect missing NAT to multiple ranges support in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-291-4/+7
| | | | 2.6.11-rc1 and later.
* update string match to reflect new kernel implementation (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-281-40/+110
|
* Note which kernel versions are affected by REJECT change (Maciej Soltysiak)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-261-0/+2
|
* add support for new 'dccp' protocol match/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-063-0/+414
|
* port Eric Leblond's NFQUEUE missing-break fix to ip6tables/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-052-0/+4
|
* Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-052-0/+4
|
* _really_ sort only user defined chains (Robert de Barth ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-311-1/+1
| | | | <list-netfilter@debarth.co.uk>
* 1.3.3 releasesvn_t_iptables_1_3_3/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-291-2/+2
|
* The call to free_opts() in merge_options() is invalid C. The oldopts/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-292-6/+2
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-284-8/+52
|
* Fix NAT of ICMP ID ranges (Patrick McHardy)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-224-4/+8
|
* get rid of numerous gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-1914-20/+25
|