summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
...
* Add documentation for string match (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-031-0/+15
|
* fix iptables-save of 'goto' target (Closes: #410)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-12-051-2/+2
|
* Add note that TCPMSS is only valid in the mangle table (not true today, but ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-051-1/+4
| | | | maybe someday)
* tcp-rst is the alias, not tcp-reset (Torsten Hilbrich)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-221-1/+1
|
* Add policy match extensions from patch-o-matic/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-196-0/+998
|
* Fix some gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-184-7/+7
|
* Don't eat numeric arguments for other extensions/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-11-181-4/+12
|
* The conntrack match does not print any info for --ctproto, thus/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-171-0/+7
| | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester)
* fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)svn_t_iptables_1_3_4/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-032-53/+10
| | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :(
* The conntrack match extension doesn't handle address inversion correctly. ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-2/+2
| | | | (Tom Eastep)
* Kernels higher than 2.6.10 don't support multiple --to arguments in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-192-0/+14
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* * specifying random seed for the Jenkins hash works as documented/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-28/+37
| | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org>
* Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-09-111-6/+6
| | | | merged into the 2.6 kernel
* Update manpage to reflect missing ability to SNAT to multiple ranges in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-291-4/+6
| | | | 2.6.11-rc1 and later
* Update manpage to reflect missing NAT to multiple ranges support in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-291-4/+7
| | | | 2.6.11-rc1 and later.
* update string match to reflect new kernel implementation (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-281-40/+110
|
* add support for new 'dccp' protocol match/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-063-0/+414
|
* port Eric Leblond's NFQUEUE missing-break fix to ip6tables/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-052-0/+4
|
* Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-08-052-0/+4
|
* update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-282-0/+18
|
* Fix NAT of ICMP ID ranges (Patrick McHardy)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-224-4/+8
|
* get rid of numerous gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-1910-15/+17
|
* add NFQUEUE support for ipv4 and ipv6/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-193-2/+228
|
* fix various missing header file / #define issues on old kernels. I've now ↵svn_t_iptables_1_3_2/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-101-0/+6
| | | | tested compilation with kernels starting 2.4.17
* attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-291-2/+2
| | | | Costa Tsaousis (backport from ipv4 owner)
* Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-242-1/+20
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-222-78/+0
|
* This patch prevents user to set negative port value of SNAT/DNAT./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-222-4/+4
| | | | (Yasuyuki Kozakai)
* [3/3] OSF: lib_ipt.c changes to support connector notifications (Evgeniy ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-111-3/+11
| | | | Polyakov <johnpol@2ka.mipt.ru>)
* update multiport manpage (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-112-8/+10
|
* Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-111-2/+2
| | | | <pluto@agmk.net>)
* While adding testing for inversion of multiport, noticed that documentation ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2005-05-251-2/+2
| | | | about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match.
* include FIN bit in mask of "--syn" bits/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-05-042-3/+3
|
* Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-05-021-0/+2
|
* Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-04-241-0/+1
|
* pull out pmtu changes to fix compilation issues/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-152-124/+3
|
* add REJECT with icmp-frag-needed (Florian Lohoff)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-102-3/+124
|
* don't allow newlines in LOG prefix (Phil Oester) (Closes: #312)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-012-0/+8
|
* add lots of man pages (Jonas Berlin)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-0117-0/+474
|
* SET target bugfix by Michal Pokrywka applied/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org2005-03-181-1/+3
|
* Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-03-161-1/+1
|
* [PATCH] improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-03-151-3/+4
|
* This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-03-071-2/+3
|
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-02-1483-471/+18
| | | | Fixes build with conntrack event patch for 2.6
* Allow "--realm ! foo" and "! --realm foo" (Closes: #297)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-02-131-1/+1
|
* fix missing comma at end of line/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-02-131-1/+1
|
* Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-02-122-25/+82
| | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
* try to fix realm save/restore issue (Adresses: #297)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-02-081-11/+14
|
* Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-02-071-2/+1
| | | | userspace). (Samuel Jean)
* fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-02-071-2/+6
|