Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add iptables-xml tool (Amin Azez <azez@ufomechanic.net>) | Amin Azez | 2006-11-13 | 3 | -3/+1012 |
| | |||||
* | Add ip6tables support for sctp match | Patrick McHardy | 2006-11-13 | 2 | -0/+553 |
| | |||||
* | load ip_[6]tables.ko just before checking revision support in kernel. | Yasuyuki KOZAKAI | 2006-11-13 | 4 | -4/+40 |
| | |||||
* | changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 | Yasuyuki KOZAKAI | 2006-11-13 | 1 | -2/+2 |
| | | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18. | ||||
* | - Add revision support to ip6tables. | Rémi Denis-Courmont | 2006-10-20 | 4 | -4/+324 |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | ||||
* | Fix spelling error | Patrick McHardy | 2006-10-11 | 1 | -1/+1 |
| | |||||
* | iptables segfaults when given "" to --log-prefix (Mike Frysinger ↵ | Mike Frysinger | 2006-10-10 | 3 | -0/+16 |
| | | | | | | <vapier@gentoo.org>) Bugzilla #516 | ||||
* | Add endian annotation types to fix compilation for kernels > 2.6.18 | Patrick McHardy | 2006-10-09 | 1 | -0/+5 |
| | |||||
* | Version number was not bumped in Makefile in svnv1.3.6 | Joszef Kadlecsik | 2006-10-09 | 1 | -2/+2 |
| | |||||
* | Use correct types at error reporting (patch sent by H. Nakano) | Joszef Kadlecsik | 2006-10-06 | 1 | -2/+2 |
| | |||||
* | Use negative-list for "weird character in interface" warning instead of ↵ | Patrick McHardy | 2006-09-20 | 2 | -7/+7 |
| | | | | warning for basically every non-alphanumeric character. | ||||
* | Named realm (Simon Lodal <simon@parknet.dk>) | Simon Lodal | 2006-09-02 | 2 | -13/+158 |
| | | | | Optionally read realm values from /etc/iproute2/rt_realms | ||||
* | Add statistic match extension | Patrick McHardy | 2006-08-31 | 2 | -0/+177 |
| | |||||
* | iptables: fix ipt_MARK documentation (Eric Leblond) | Eric Leblond | 2006-08-29 | 1 | -1/+8 |
| | | | | | This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code. | ||||
* | iptables -Z clears the per-rule counters, but not the chain policy counters ↵ | Andy Gay | 2006-08-22 | 1 | -0/+3 |
| | | | | | | (Andy Gay <andy@andynet.net>) https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502 | ||||
* | update quota match for xtables + fix -D bug (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-08-08 | 2 | -7/+8 |
| | |||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | Patrick McHardyJesper Brouer | 2006-07-25 | 3 | -5/+20 |
| | | | | invalid arguments to get accepted. | ||||
* | proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-22 | 3 | -20/+5 |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
* | BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>) | Patrick McHardyJesper Brouer | 2006-07-25 | 1 | -0/+8 |
| | | | | | | | | | Correcting a chain references increment bug in libiptc. The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The problem is the construction of "r" the rule entry, that is used for comparison. The problem is that the function iptcc_map_target() increase the target chains references count. | ||||
* | reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 13 | -137/+46 |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
* | reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 13 | -105/+30 |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
* | Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 3 | -2/+4 |
| | | | | | | | | | | | | As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454. | ||||
* | iptables: handle cidr notation more sanely (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-10 | 1 | -0/+30 |
| | | | | | | | | | | | | | | | | At present, a command such as iptables -A foo -s 10.10/16 will interpret 10.10/16 as 10.0.0.10/16, and after applying the mask end up with 10.0.0.0/16, which likely isn't what the user intended. Yet some people do expect 10.10 (without the cidr notation) to end up as 10.0.0.10. The below patch should satisfy all parties. It zero pads the missing octets only in the cidr case, leaving the IP untouched otherwise. This resolves bug #422 | ||||
* | please kill santa-claus (Pierre-Yves Ritschard <pierre-yves@spootnik.org>) | Pierre-Yves Ritschard | 2006-07-05 | 1 | -1/+0 |
| | | | | Remove "hoho" message :) | ||||
* | libiptc symbols clash (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-05 | 2 | -0/+4 |
| | | | | | As reported by Dmitry Levin, the TC_NUM_RULES and TC_GET_RULE exports clash. His patch below, resolving bug #456 | ||||
* | - force user to specify --icmpv6-type if icmpv6 match is required to load | Yasuyuki KOZAKAI | 2006-07-04 | 2 | -1/+11 |
| | | | | | | - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) | ||||
* | ip6tables multiport does not support x:y (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-03 | 1 | -5/+4 |
| | | | | | | | | | | Update the manpage for ip6tables multiport match to reflect reality -- it does not (yet) support x:y syntax. I looked at adding it, but adding revision support to ip6tables seems a waste at this point, since once xtables support is added to iptables, this problem will resolve itself. Closes bug #451. | ||||
* | iptables trivial compile warning cleanup (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-03 | 2 | -4/+6 |
| | | | | | | | | | | | Cleanup a few compile warnings in latest snapshot: extensions/libipt_dscp_helper.c:69: warning: 'dscp_to_name' defined but not used extensions/libipt_sctp.c: In function 'print_chunks': extensions/libipt_sctp.c:465: warning: value computed is not used extensions/libipt_sctp.c:477: warning: value computed is not used Resolves bug #457. | ||||
* | size_t changed to socklen_t in getsockopt call | Joszef Kadlecsik | 2006-06-23 | 1 | -3/+3 |
| | |||||
* | set match negation bug fixed | Joszef Kadlecsik | 2006-06-23 | 2 | -3/+3 |
| | |||||
* | REDIRECT does not accept IP (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-06-20 | 1 | -0/+3 |
| | | | | | | As pointed out by Nicolas Mailhot in bugzilla #483, REDIRECT does not accept an IP address and when supplied with one, provides unexpected results. Patch below fixes this. | ||||
* | Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer ↵ | Jesper Dangaard Brouer | 2006-06-19 | 2 | -2/+7 |
| | | | | <hawk@comx.dk>) | ||||
* | trivial connlimit manpage fix (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-05-29 | 1 | -2/+2 |
| | |||||
* | Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>) | Simon Lodal | 2006-05-24 | 1 | -4/+4 |
| | |||||
* | Add information about :<port> syntax (Evan Miller <evanm@frap.net>) | Evan Miller | 2006-05-24 | 1 | -2/+3 |
| | |||||
* | secmark: Add libip6t_CONNSECMARK | James Morris | 2006-05-24 | 3 | -1/+140 |
| | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | D'oh .. I'm not too smart, forgot to add the new files in the previous ↵ | Patrick McHardy | 2006-05-24 | 6 | -0/+405 |
| | | | | patches :) | ||||
* | secmark: Add libipt_CONNSECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | secmark: Add libip6t_SECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | secmark: Add libipt_SECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | secmark: Add libselinux support | James Morris | 2006-05-24 | 3 | -4/+36 |
| | | | | | | | | | This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | Patrick McHardy | 2006-04-28 | 4 | -16/+58 |
| | |||||
* | Replace annoying "Something wrong... deleting dependencies" message by ↵ | Patrick McHardy | 2006-04-28 | 1 | -1/+1 |
| | | | | something more useful. | ||||
* | Don't overwrite errno with return value of setsockopt (which is -1 on error). | Patrick McHardy | 2006-04-22 | 1 | -6/+2 |
| | | | | Fixes "Unknown error 4294967295" message (bugzilla #460). | ||||
* | Revert incorrect fix for "Unknown error 4294967295" problem | Patrick McHardyHarald Welte | 2006-04-22 | 1 | -2/+0 |
| | |||||
* | When entering an invalid command (such as iptables -A INPUT -j MARK --set-mark | Harald Welte | 2006-04-21 | 1 | -0/+2 |
| | | | | 1), the error message "Unknown error 4294967295" is displayed; (Closes: #460) | ||||
* | In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS | Patrick McHardyHarald Welte | 2006-04-22 | 2 | -30/+32 |
| | | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462) | ||||
* | cmdflags is used in cmd2char() to return the option for a command. It uses the | Harald Welte | 2006-04-21 | 2 | -4/+2 |
| | | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463) | ||||
* | [IPTABLES,IP6TABLES]: check invalid esp spi range | Yasuyuki KOZAKAI | 2006-04-15 | 2 | -0/+6 |
| | |||||
* | [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp". | Yasuyuki KOZAKAI | 2006-04-15 | 1 | -3/+1 |
| |