Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Clarify --tunnel-src/--tunnel-dst options | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -6/+10 | |
| | ||||||
* | Move empty policy element check to also catch last element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -10/+12 | |
| | ||||||
* | Don't allow using --next option without specifying a policy element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -4/+14 | |
| | ||||||
* | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-09 | 1 | -2/+2 | |
| | ||||||
* | Add documentation for string match (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-03 | 1 | -0/+15 | |
| | ||||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-22 | 4 | -8/+10 | |
| | | | | Bugzilla #413 | |||||
* | fix iptables-save of 'goto' target (Closes: #410) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-12-05 | 1 | -2/+2 | |
| | ||||||
* | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-05 | 1 | -1/+4 | |
| | | | | maybe someday) | |||||
* | fix compilation of iptables on [old] systems that don't have IPT_F_GOTO | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-24 | 2 | -0/+6 | |
| | ||||||
* | note that we can only delete chains that are empty | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -3/+4 | |
| | ||||||
* | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -1/+1 | |
| | ||||||
* | Add policy match extensions from patch-o-matic | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-19 | 6 | -0/+998 | |
| | ||||||
* | Fix some gcc-4 warnings | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 4 | -7/+7 | |
| | ||||||
* | Don't eat numeric arguments for other extensions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 1 | -4/+12 | |
| | ||||||
* | The conntrack match does not print any info for --ctproto, thus | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -0/+7 | |
| | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | |||||
* | only set revisions on real targets, not on jumps. (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -1/+3 | |
| | ||||||
* | - Fix memory leak in TC_COMMIT() (Markus Sundberg) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-12 | 1 | -23/+25 | |
| | | | | | - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function | |||||
* | add 'goto' support (Henrik Nordstrom <hno@marasystems.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-05 | 3 | -3/+33 | |
| | ||||||
* | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)svn_t_iptables_1_3_4 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-03 | 2 | -53/+10 | |
| | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | |||||
* | about to release 1.3.4 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-10-31 | 1 | -2/+2 | |
| | ||||||
* | The conntrack match extension doesn't handle address inversion correctly. ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-19 | 1 | -2/+2 | |
| | | | | (Tom Eastep) | |||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-19 | 4 | -0/+41 | |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | |||||
* | * specifying random seed for the Jenkins hash works as documented | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-19 | 1 | -28/+37 | |
| | | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> | |||||
* | Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org | 2005-09-11 | 1 | -0/+4 | |
| | | | | We can't include that header since it conflicts with sys/types.h | |||||
* | Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org | 2005-09-11 | 1 | -6/+6 | |
| | | | | merged into the 2.6 kernel | |||||
* | Update manpage to reflect missing ability to SNAT to multiple ranges in ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-29 | 1 | -4/+6 | |
| | | | | 2.6.11-rc1 and later | |||||
* | Update manpage to reflect missing NAT to multiple ranges support in ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-29 | 1 | -4/+7 | |
| | | | | 2.6.11-rc1 and later. | |||||
* | update string match to reflect new kernel implementation (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-28 | 1 | -40/+110 | |
| | ||||||
* | Note which kernel versions are affected by REJECT change (Maciej Soltysiak) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-26 | 1 | -0/+2 | |
| | ||||||
* | add support for new 'dccp' protocol match | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-06 | 3 | -0/+414 | |
| | ||||||
* | port Eric Leblond's NFQUEUE missing-break fix to ip6tables | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-05 | 2 | -0/+4 | |
| | ||||||
* | Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-08-05 | 2 | -0/+4 | |
| | ||||||
* | _really_ sort only user defined chains (Robert de Barth ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-31 | 1 | -1/+1 | |
| | | | | <list-netfilter@debarth.co.uk> | |||||
* | 1.3.3 releasesvn_t_iptables_1_3_3 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-29 | 1 | -2/+2 | |
| | ||||||
* | The call to free_opts() in merge_options() is invalid C. The oldopts | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-29 | 2 | -6/+2 | |
| | | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself. | |||||
* | update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-28 | 4 | -8/+52 | |
| | ||||||
* | Fix NAT of ICMP ID ranges (Patrick McHardy) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-22 | 4 | -4/+8 | |
| | ||||||
* | get rid of numerous gcc-4 warnings | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-19 | 14 | -20/+25 | |
| | ||||||
* | add NFQUEUE support for ipv4 and ipv6 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-19 | 4 | -2/+244 | |
| | ||||||
* | fix various missing header file / #define issues on old kernels. I've now ↵svn_t_iptables_1_3_2 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-10 | 3 | -16/+23 | |
| | | | | tested compilation with kernels starting 2.4.17 | |||||
* | we need to have this header file included, since old kernels don't define ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-10 | 1 | -0/+16 | |
| | | | | IP6T_LOG_UID. | |||||
* | bump version number to 1.3.2 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-10 | 1 | -2/+2 | |
| | ||||||
* | add note to https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=334 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-07-04 | 1 | -0/+6 | |
| | ||||||
* | attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-29 | 1 | -2/+2 | |
| | | | | Costa Tsaousis (backport from ipv4 owner) | |||||
* | add pointer to bugzilla | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-24 | 1 | -0/+1 | |
| | ||||||
* | we don't have any counter issues in sparc64 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-24 | 1 | -1/+0 | |
| | ||||||
* | Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-06-24 | 2 | -1/+20 | |
| | ||||||
* | fix deletion of targets where kernel size != userspace size (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-23 | 2 | -0/+2 | |
| | ||||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-22 | 6 | -82/+5 | |
| | ||||||
* | This patch prevents user to set negative port value of SNAT/DNAT. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-22 | 2 | -4/+4 | |
| | | | | (Yasuyuki Kozakai) |