summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix missing space in error message (Bugzilla 544)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-142-2/+2
|
* Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-131-0/+0
| | | | way of doing this.
* Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-136-6/+6
| | | | specified, but loaded when extra options are specified, too.
* Forgot to add TCPMSS target to PF6_EXT_SLIB/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-131-1/+1
|
* Error if no ICMP type is specified even though user intended/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-131-0/+3
| | | | to use icmp match.
* Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-094-0/+271
| | | | Kernel part will go in 2.6.21
* Update coreteam members in manpages./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-282-4/+4
|
* Bugzilla #535/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-261-1/+1
| | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option.
* Bugzilla #534:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-261-4/+0
| | | | | Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does.
* Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-163-0/+186
| | | | Kernel part will go in 2.6.21.
* Add UDPLITE multiport support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-115-3/+14
|
* Fix missing space in ruleset listing/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-111-1/+1
|
* Remove extensions for unmaintained/obsolete patchlets/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-1065-5009/+2
|
* [PATCH]: Fix greedy debug grep/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-101-1/+1
| | | | | | | | | | | | | | | | | | | | | From Bugzilla #527: if you have a kernel with say a '-g' in it, then KERNEL_DIR will include the '-g' in it, CFLAGS will include the '-g' in it, and then the grep will think you have -g in your CFLAGS for example, if you use the grsec or gentoo patchset: $ uname -r 2.6.19.1-grsec $ uname -r 2.6.19-gentoo-r2 then your CFLAGS will look like: -O2 -Wall -Wunused -I"/lib/modules/2.6.19.1-grsec/build"/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.7\" and the greedy check grep will incorrectly flag this: egrep -e '-g|-pg|IPTC_DEBUG'
* fix typo in manpage (thomas@aktaia.intevation.org)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2007-01-071-1/+1
|
* Move extensions for pom patches to individual patchlets./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-12-1218-1337/+1
|
* fix compile/install error for iptables-xml with DO_MULTI=1 (Lutz Jaenicke)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-12-095-8/+13
|
* Bump version to 1.3.7svn_t_iptables_1_3_7/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-12-041-2/+2
|
* Add target extensions for new NFLOG target/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-12-034-0/+326
|
* Fix iptables-save not printing -s !0/0 and -d !0/0 as well as ip6tables/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-12-022-2/+2
| | | | unnecessarily printing the address. Base on patch by Daniel De Graaf.
* [PATCH]: Fix /etc/network usage (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-293-36/+36
| | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt
* [PATCH] Fix -E (rename) in iptables/ip6tables/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-142-2/+0
| | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Use /lib/modules/$(uname -r)/build instead of /usr/src/linux as KERNEL_DIR ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-141-1/+1
| | | | default
* Add ip6tables support for hashlimit match/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-132-0/+372
|
* Add iptables-xml tool (Amin Azez <azez@ufomechanic.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-133-3/+1012
|
* Add ip6tables support for sctp match/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-132-0/+553
|
* load ip_[6]tables.ko just before checking revision support in kernel./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-11-134-4/+40
|
* changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-11-131-2/+2
| | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18.
* - Add revision support to ip6tables./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-10-204-4/+324
| | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
* Fix spelling error/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-10-111-1/+1
|
* [PATCH]: iptables segfaults when given "" to --log-prefix (Mike Frysinger ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-10-103-0/+16
| | | | | | <vapier@gentoo.org>) Bugzilla #516
* Add endian annotation types to fix compilation for kernels > 2.6.18/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-10-091-0/+5
|
* Version number was not bumped in Makefile in svnsvn_t_iptables_1_3_6/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org2006-10-091-2/+2
|
* Use correct types at error reporting (patch sent by H. Nakano)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org2006-10-061-2/+2
|
* Use negative-list for "weird character in interface" warning instead of ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-09-202-7/+7
| | | | warning for basically every non-alphanumeric character.
* [PATCH] Named realm (Simon Lodal <simon@parknet.dk>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-09-022-13/+158
| | | | Optionally read realm values from /etc/iproute2/rt_realms
* Add statistic match extension/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-312-0/+177
|
* [PATCH] iptables: fix ipt_MARK documentation (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-291-1/+8
| | | | | This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code.
* [PATCH]: iptables -Z clears the per-rule counters, but not the chain policy ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-221-0/+3
| | | | | | counters (Andy Gay <andy@andynet.net>) https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502
* [PATCH] update quota match for xtables + fix -D bug (Phil Oester ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-08-082-7/+8
| | | | <kernel@linuxace.com>)
* Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-253-5/+20
| | | | invalid arguments to get accepted.
* [PATCH] proto_to_name duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-223-20/+5
| | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel.
* [PATCH] BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-201-0/+8
| | | | | | | | | Correcting a chain references increment bug in libiptc. The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The problem is the construction of "r" the rule entry, that is used for comparison. The problem is that the function iptcc_map_target() increase the target chains references count.
* [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-2013-137/+46
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-2013-105/+30
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* [PATCH] Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-203-2/+4
| | | | | | | | | | | | As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454.
* [PATCH] iptables: handle cidr notation more sanely (Phil Oester ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-101-0/+30
| | | | | | | | | | | | | | | | | | <kernel@linuxace.com>) At present, a command such as iptables -A foo -s 10.10/16 will interpret 10.10/16 as 10.0.0.10/16, and after applying the mask end up with 10.0.0.0/16, which likely isn't what the user intended. Yet some people do expect 10.10 (without the cidr notation) to end up as 10.0.0.10. The below patch should satisfy all parties. It zero pads the missing octets only in the cidr case, leaving the IP untouched otherwise. This resolves bug #422
* [PATCH] please kill santa-claus (Pierre-Yves Ritschard ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-051-1/+0
| | | | | | <pierre-yves@spootnik.org>) Remove "hoho" message :)
* [PATCH] libiptc symbols clash (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-052-0/+4
| | | | | As reported by Dmitry Levin, the TC_NUM_RULES and TC_GET_RULE exports clash. His patch below, resolving bug #456
* - force user to specify --icmpv6-type if icmpv6 match is required to load/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-07-042-1/+11
| | | | | | - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461)