Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Supress error message from modprobe on checking revision. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-03-13 | 6 | -22/+34 | |
| | ||||||
* | Fix cut and paste error breaking use of groups != 0 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-03-06 | 2 | -12/+12 | |
| | ||||||
* | iptables: add random option to SNAT (Eric Leblond) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-24 | 6 | -9/+117 | |
| | ||||||
* | Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-19 | 1 | -4/+1 | |
| | | | | to check no option of ICMP type. | |||||
* | Update coreteam members in manpages | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-15 | 2 | -2/+4 | |
| | ||||||
* | Fix missing space in error message (Bugzilla 544) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-14 | 2 | -2/+2 | |
| | ||||||
* | Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-13 | 1 | -0/+0 | |
| | | | | way of doing this. | |||||
* | Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-13 | 6 | -6/+6 | |
| | | | | specified, but loaded when extra options are specified, too. | |||||
* | Forgot to add TCPMSS target to PF6_EXT_SLIB | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-13 | 1 | -1/+1 | |
| | ||||||
* | Error if no ICMP type is specified even though user intended | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-13 | 1 | -0/+3 | |
| | | | | to use icmp match. | |||||
* | Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-09 | 4 | -0/+271 | |
| | | | | Kernel part will go in 2.6.21 | |||||
* | Update coreteam members in manpages. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-28 | 2 | -4/+4 | |
| | ||||||
* | Bugzilla #535 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-26 | 1 | -1/+1 | |
| | | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option. | |||||
* | Bugzilla #534: | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-26 | 1 | -4/+0 | |
| | | | | | Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does. | |||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-16 | 3 | -0/+186 | |
| | | | | Kernel part will go in 2.6.21. | |||||
* | Add UDPLITE multiport support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-11 | 5 | -3/+14 | |
| | ||||||
* | Fix missing space in ruleset listing | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-11 | 1 | -1/+1 | |
| | ||||||
* | Remove extensions for unmaintained/obsolete patchlets | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-10 | 65 | -5009/+2 | |
| | ||||||
* | [PATCH]: Fix greedy debug grep | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-10 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | | From Bugzilla #527: if you have a kernel with say a '-g' in it, then KERNEL_DIR will include the '-g' in it, CFLAGS will include the '-g' in it, and then the grep will think you have -g in your CFLAGS for example, if you use the grsec or gentoo patchset: $ uname -r 2.6.19.1-grsec $ uname -r 2.6.19-gentoo-r2 then your CFLAGS will look like: -O2 -Wall -Wunused -I"/lib/modules/2.6.19.1-grsec/build"/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.7\" and the greedy check grep will incorrectly flag this: egrep -e '-g|-pg|IPTC_DEBUG' | |||||
* | fix typo in manpage (thomas@aktaia.intevation.org) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2007-01-07 | 1 | -1/+1 | |
| | ||||||
* | Move extensions for pom patches to individual patchlets. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-12 | 18 | -1337/+1 | |
| | ||||||
* | fix compile/install error for iptables-xml with DO_MULTI=1 (Lutz Jaenicke) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-12-09 | 5 | -8/+13 | |
| | ||||||
* | Bump version to 1.3.7svn_t_iptables_1_3_7 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-04 | 1 | -2/+2 | |
| | ||||||
* | Add target extensions for new NFLOG target | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-03 | 4 | -0/+326 | |
| | ||||||
* | Fix iptables-save not printing -s !0/0 and -d !0/0 as well as ip6tables | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-02 | 2 | -2/+2 | |
| | | | | unnecessarily printing the address. Base on patch by Daniel De Graaf. | |||||
* | [PATCH]: Fix /etc/network usage (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-29 | 3 | -36/+36 | |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | |||||
* | [PATCH] Fix -E (rename) in iptables/ip6tables | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-14 | 2 | -2/+0 | |
| | | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> | |||||
* | Use /lib/modules/$(uname -r)/build instead of /usr/src/linux as KERNEL_DIR ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-14 | 1 | -1/+1 | |
| | | | | default | |||||
* | Add ip6tables support for hashlimit match | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-13 | 2 | -0/+372 | |
| | ||||||
* | Add iptables-xml tool (Amin Azez <azez@ufomechanic.net>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-13 | 3 | -3/+1012 | |
| | ||||||
* | Add ip6tables support for sctp match | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-13 | 2 | -0/+553 | |
| | ||||||
* | load ip_[6]tables.ko just before checking revision support in kernel. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-11-13 | 4 | -4/+40 | |
| | ||||||
* | changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-11-13 | 1 | -2/+2 | |
| | | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18. | |||||
* | - Add revision support to ip6tables. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-10-20 | 4 | -4/+324 | |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | |||||
* | Fix spelling error | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-10-11 | 1 | -1/+1 | |
| | ||||||
* | [PATCH]: iptables segfaults when given "" to --log-prefix (Mike Frysinger ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-10-10 | 3 | -0/+16 | |
| | | | | | | <vapier@gentoo.org>) Bugzilla #516 | |||||
* | Add endian annotation types to fix compilation for kernels > 2.6.18 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-10-09 | 1 | -0/+5 | |
| | ||||||
* | Version number was not bumped in Makefile in svnsvn_t_iptables_1_3_6 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-10-09 | 1 | -2/+2 | |
| | ||||||
* | Use correct types at error reporting (patch sent by H. Nakano) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-10-06 | 1 | -2/+2 | |
| | ||||||
* | Use negative-list for "weird character in interface" warning instead of ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-09-20 | 2 | -7/+7 | |
| | | | | warning for basically every non-alphanumeric character. | |||||
* | [PATCH] Named realm (Simon Lodal <simon@parknet.dk>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-09-02 | 2 | -13/+158 | |
| | | | | Optionally read realm values from /etc/iproute2/rt_realms | |||||
* | Add statistic match extension | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-31 | 2 | -0/+177 | |
| | ||||||
* | [PATCH] iptables: fix ipt_MARK documentation (Eric Leblond) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-29 | 1 | -1/+8 | |
| | | | | | This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code. | |||||
* | [PATCH]: iptables -Z clears the per-rule counters, but not the chain policy ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-22 | 1 | -0/+3 | |
| | | | | | | counters (Andy Gay <andy@andynet.net>) https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502 | |||||
* | [PATCH] update quota match for xtables + fix -D bug (Phil Oester ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-08 | 2 | -7/+8 | |
| | | | | <kernel@linuxace.com>) | |||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-25 | 3 | -5/+20 | |
| | | | | invalid arguments to get accepted. | |||||
* | [PATCH] proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-22 | 3 | -20/+5 | |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | |||||
* | [PATCH] BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 1 | -0/+8 | |
| | | | | | | | | | Correcting a chain references increment bug in libiptc. The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The problem is the construction of "r" the rule entry, that is used for comparison. The problem is that the function iptcc_map_target() increase the target chains references count. | |||||
* | [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 13 | -137/+46 | |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | |||||
* | [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 13 | -105/+30 | |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. |