summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bump version to 1.4.1-rc1v1.4.1-rc1Patrick McHardy2008-05-191-1/+1
| | | | | Actually its not a bump but a decrease, the autoconf patches apparently sneaked it a version bump to 1.4.1 already.
* fix ip6tables dest address printingJamie Strandboge2008-05-161-2/+2
| | | | | | | | | | | | | | | | | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464244 ip6tables improperly displays the destination address when the address is longer than 18 characters. Here is example output: ... DROP tcp 2001:db8::/32 2001:db8:3:4:5:6:7:8/128tcp spt:25 ... Proper formatting should have a space between '2001:db8:3:4:5:6:7:8/128' and 'tcp'. Signed-off-by: Jamie Strandboge <jamie@ubuntu.com> Signed-off-by: Lawrence J. Lane <ljlane@debian.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Make --set-counters (-c) accept comma separated countersHenrik Nordstrom2008-05-132-9/+14
| | | | | | | | | | | | Here is the --set-counters syntax patch requested earlier today making --set-counters (-c) accept comma separated counts. -c packets,bytes I have not updated the manpage to reflect this alternate syntax for the --set-counters (-c) option. Henrik Nordstrom <henrik@henriknordstrom.net>
* iptables --list chain rulenumHenrik Nordstrom2008-05-132-30/+62
| | | | | | | | | | | | Excent --list (and --list-rules) to allow selection of a single rule number iptables --list INPUT 4 iptables --list-rules INPUT 4 list rule number 4 in INPUT. Henrik Nordstrom <henrik@henriknordstrom.net>
* iptables --list-rules commandHenrik Nordstrom2008-05-138-429/+551
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* Add support for --set-counters to iptables -PHenrik Nordstrom2008-05-122-4/+4
| | | | | | | | Adds support for setting the policy counters iptables -P INPUT -J DROP -c 10 20 Henrik Nordstrom <henrik@henriknordstrom.net>
* Make iptables-restore usable over a pipeHenrik Nordstrom2008-05-122-0/+2
| | | | | | | | The attached patch flushes stdout between commands to make output operations (-L etc) in iptables-restore usable over a pipe. stdio by defaut buffers output if not connected to a terminal. Henrik Nordstrom <henrik@henriknordstrom.net>
* iptables out-of-tree build directoryJan Engelhardt2008-05-121-1/+3
| | | | | | | Reported by: Henrik Nordstrom When xtables.h is not already found in /usr/include, compilation would fail when ${top_srcdir} != ${top_builddir}.
* [PATCH 1] Makefile.am: use PACKAGE_TARNAMEJan Engelhardt2008-04-211-5/+5
|
* iptables-save:remove unnecessary code.Shan Wei2008-04-211-13/+0
| | | | | | The following code is never be used. It should be removed. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
* Properly initialize revision for ip6tables targetsPatrick McHardy2008-04-151-1/+8
| | | | Also resync error handling with iptables.
* Remove old functions, constantsJan Engelhardt2008-04-1597-606/+514
|
* [PATCH 11] configure.ac: remove already-defined variablesJan Engelhardt2008-04-151-3/+1
|
* Dynamically create xtables.h.in with versionJan Engelhardt2008-04-152-1/+3
|
* configure.ac: AC_SUBST must be separateJan Engelhardt2008-04-151-1/+2
|
* Update documentation about building the packageJan Engelhardt2008-04-152-36/+64
|
* Resolve libipt_set warningsJan Engelhardt2008-04-151-9/+9
|
* Remove support for compilation of conditional extensionsJan Engelhardt2008-04-1510-233/+522
|
* Wrap dlopen code into NO_SHARED_LIBSJan Engelhardt2008-04-151-0/+2
|
* Resolve warnings on 64-bit compileJan Engelhardt2008-04-151-2/+2
|
* Combine ipt and ip6t manpagesJan Engelhardt2008-04-1415-204/+12
| | | | Combine ipt and ip6t manpages
* Implement AF_UNSPEC as a wildcard for extensionsJan Engelhardt2008-04-1417-281/+37
|
* RATEEST: add manpageJan Engelhardt2008-04-142-3/+13
|
* iptables: use C99 lists for struct optionsGáspár Lajos2008-04-146-93/+93
|
* Install libiptc header files because xtables.h depends on itJan Engelhardt2008-04-141-0/+3
|
* Add all necessary header files - compilation fix for various casesJan Engelhardt2008-04-1416-101/+239
| | | | | | Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h.
* Import iptables-applyMartin F. Krafft2008-04-142-0/+218
|
* configure: split --enable-libipq from --enable-develJan Engelhardt2008-04-132-2/+6
|
* manpages: update to reflect fine-grained controlJan Engelhardt2008-04-1310-17/+17
|
* manpages: grammar and spellingJan Engelhardt2008-04-1310-16/+16
|
* manpages: fix broken markup (missing close tags)Jan Engelhardt2008-04-138-11/+11
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-1312-83/+108
|
* Add support for xt_hashlimit match revision 1Jan Engelhardt2008-04-133-64/+458
|
* xtables.h: move non-exported parts to internal.hJan Engelhardt2008-04-132-61/+60
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-1321-27/+55
|
* Update the libxt_owner manpage with the UID/GID-range featureJan Engelhardt2008-04-061-6/+9
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-0617-153/+140
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* Drop -W from CFLAGS and some tiny code cleanupsJan Engelhardt2008-04-0610-18/+18
| | | | | - change "unsigned" to explicit "unsigned int" - remove some casts
* Makefile: add a "tarball" targetJan Engelhardt2008-04-061-0/+8
|
* Correct the family member value of libxt_mark revision 1Jan Engelhardt2008-04-061-1/+1
| | | | | libxt_mark rev1 used AF_INET6 in the class structure where it should have used AF_INET.
* Fix compilation of iptables-static buildJan Engelhardt2008-04-061-3/+3
| | | | | | | | Adjust the _INIT macro and thus fix the build/linking procedure of the monolithic do-it-all binary (iptables-static). Also fix the Makefile since unfortunately, lib%.o does not seem to have a higher precedence than %.o
* Retry ruleset dump when kernel returns EAGAIN.Patrick McHardy2008-04-021-1/+4
| | | | Bugzilla #104
* [IPTABLES]: libxt_iprange: Fix IP validation logicJames King2008-04-021-2/+2
| | | | | | | IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com>
* removes useless white spaces from iptables-xml manpages.Filippo Zangheri2008-03-071-9/+9
| | | | Signed-off-by: Filippo Zangheri <filippo.zangheri@yahoo.it>
* bump iptables version to prepare 1.4.1 releasePablo Neira Ayuso2008-03-021-1/+1
|
* Fix define value of SCTP chunk type.Naohiro Ooiwa2008-02-291-2/+2
| | | | | | | There are wrong chunk_type values in sctp table. The chunk_type of ASCONF and ASCNF_ACK must be 193 and 128, respectively. Naohiro Ooiwa <nooiwa@miraclelinux.com>
* Remove compiler.h inclusions.Patrick McHardy2008-02-223-4/+0
|
* Add netfilter.hPatrick McHardy2008-01-291-0/+48
|
* fix gcc warningsMax Kellermann2008-01-2984-118/+122
| | | | Max Kellermann <max@duempel.org>
* allow empty strings in argument parserMax Kellermann2008-01-292-14/+10
| | | | Max Kellermann <max@duempel.org>