Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | [PATCH]: rename overlapping function names | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net | 2008-01-20 | 1 | -5/+0 |
| | | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> | ||||
* | [PATCH]: bunch o' renames | /C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net | 2008-01-20 | 1 | -3/+0 |
| | | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> | ||||
* | Moves all declarations in iptables_common.h to xtables.h. | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -1/+0 |
| | |||||
* | Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -11/+1 |
| | |||||
* | Moves some duplicated functions in ip[6]tables.c to xtables.c | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -3/+0 |
| | | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved. | ||||
* | Introduces xtables match/target registration | /C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org | 2007-07-24 | 1 | -138/+5 |
| | | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. | ||||
* | Add UDPLITE multiport support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-11 | 1 | -0/+3 |
| | |||||
* | [PATCH]: Fix /etc/network usage (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-29 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | ||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-25 | 1 | -1/+0 |
| | | | | invalid arguments to get accepted. | ||||
* | [PATCH] proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-22 | 1 | -0/+1 |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
* | [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 1 | -0/+1 |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
* | [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 1 | -0/+1 |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
* | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-28 | 1 | -0/+3 |
| | |||||
* | Multiple matches of the same type can be specified on the commandline. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-03-03 | 1 | -0/+4 |
| | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | ||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-22 | 1 | -0/+1 |
| | | | | Bugzilla #413 | ||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-19 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-06-22 | 1 | -0/+1 |
| | |||||
* | Extension revision number support (if kernel supports the getsockopts). | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org | 2005-01-03 | 1 | -0/+18 |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | ||||
* | Fix setting lib_dir in ip*tables-{save,restore} | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org | 2004-12-27 | 1 | -0/+4 |
| | |||||
* | add definition for IPPROTO_SCTP for systems with old header files | laforge | 2004-03-04 | 1 | -0/+4 |
| | |||||
* | Make sure to use matches in the order they are given when calling ↵ | gandalf | 2004-02-02 | 1 | -2/+8 |
| | | | | do_command() multiple times. | ||||
* | make iptables-restore print the line number in case of an error | laforge | 2003-03-03 | 1 | -0/+2 |
| | | | | (Illes Marci <marci@balabit.hu>) | ||||
* | Export addr_to_anyname(), mask_to_dotted(), parse_hostnetworkmask() | marc | 2001-12-06 | 1 | -0/+6 |
| | | | | | and parse_protocol() as they are needed by the upcoming ipt_conntrack match module. | ||||
* | - added patch to support statically linking of iptables | laforge | 2001-08-06 | 1 | -0/+6 |
| | | | | - iptables-save/-restore is no longer experimental | ||||
* | make iptables-restore and iptables-save work again | laforge | 2000-12-01 | 1 | -0/+9 |
| | |||||
* | Jan Echternach's const tweak. | rusty | 2000-08-27 | 1 | -1/+1 |
| | |||||
* | IPv6 enhancements. | rusty | 2000-05-02 | 1 | -17/+11 |
| | |||||
* | Changes to allow matching (for delete) on part of a rule, for rules which | rusty | 2000-04-19 | 1 | -0/+6 |
| | | | | change in the kernel (eg. ipt_limit). | ||||
* | reorganized tree after kernel mergesvn_t_netfilter | marc | 2000-03-20 | 1 | -0/+122 |