| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The --src-range and --dst-range parameters did not set the IPRANGE_*
flags in struct xt_iprange_mtinfo.
Reported-by: Maxim Britov <maxim.britov@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
| |
Commit bb34082d ("iptables --list chain rulenum") broke the line
numbering, starting with printing an offset of 2.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
| |
When --disable-shared is used, there are no .so files to install, and
the argument order for install would get messed up.
Reported-by: Michael Teicher <mteicher@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
A number of options support negation, but the manpage did not reflect
this ("[!]" was absent). Also fix a few [] (optional arguments) to {}
(required arguments) in the option-BNF.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
| |
- Using plain integer as NULL pointer
- Undeclared non-static variables
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
| |
It could happen that --<arg><value> was printed on iptables-save with
owner rules (owner_mt_save() function) without the obligatory space
inbetween. Also transfer printing of the space character into
owner_mt_print_item().
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
| |
In revision 1 address type checking can be limited to either the
incoming or outgoing interface depending on the current chain. In
the FORWARD chain only one of them is allowed at the same time.
Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
| |
The _save functions need to use the same syntax that is used for parsing
the input instead of "user readable" output.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
linux/dccp.h is unlikely to be installed before 2.6.18 (which was
when headers_install was introduced), and does not exist at all
before 2.6.14. Add a compile-time check to skip compilation of
libxt_dccp in case this was detected.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
| |
Resync headers and add types.h file for endian annotated types, which
are not available with old headers.
|
| |
|
|
|
|
|
| |
Spotted by Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Attached is a patch to add the new defines. The macro XTABLES_VERSION
is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested
that an empty XTABLES_VERSION_EXTRA in configure.ac works.
Now we can write code like this:
#warning You are obselete and will be assimilated.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
| |
In the manpages, bold is used to denote characters the user has to
enter verbatim, italic denotes placeholders and non-highlighted
pieces are used as a structure: "[]" specifying an optional part,
"{}" a mandatory part, with "|" used for alternations. The "!" for
negation is better supported before the option than after it, too.
The patch makes a few files consistent with this style already used
in manpages.
|
| | |
|
| |
|
|
|
|
| |
Fixes Bugzilla 482.
Signed-off-by: Kristof Provost <kristof@sigsegv.be>
|
| |\ |
|
| | |
| |
| |
| |
| | |
Actually its not a bump but a decrease, the autoconf patches
apparently sneaked it a version bump to 1.4.1 already.
|
| |/
|
|
|
|
|
|
| |
The new iptables git version assumes /bin/sh is always GNU bash,
that's not the case (Ubuntu 8.04 uses dash), see attachment
for a fix.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464244
ip6tables improperly displays the destination address when the address
is longer than 18 characters. Here is example output:
...
DROP tcp 2001:db8::/32 2001:db8:3:4:5:6:7:8/128tcp spt:25
...
Proper formatting should have a space between '2001:db8:3:4:5:6:7:8/128'
and 'tcp'.
Signed-off-by: Jamie Strandboge <jamie@ubuntu.com>
Signed-off-by: Lawrence J. Lane <ljlane@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Here is the --set-counters syntax patch requested earlier today making
--set-counters (-c) accept comma separated counts.
-c packets,bytes
I have not updated the manpage to reflect this alternate syntax for the
--set-counters (-c) option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Excent --list (and --list-rules) to allow selection of a single rule
number
iptables --list INPUT 4
iptables --list-rules INPUT 4
list rule number 4 in INPUT.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds iptables --list-rules (-S) command, acting as a combination of
iptables --list and iptables-save.
The primary motivation behind this patch is to get iptables-save like
output capabilities in iptables-restore, allowing "iptables-restore -n"
to be used as a consistent API to iptables for all kind of operations,
not only blind updates..
As a bonus iptables also gets the capability of printing the rules
as-is.
This completely replaces the earlier patch which added the --rules
option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| |
|
|
|
|
|
|
| |
Adds support for setting the policy counters
iptables -P INPUT -J DROP -c 10 20
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| |
|
|
|
|
|
|
| |
The attached patch flushes stdout between commands to make output
operations (-L etc) in iptables-restore usable over a pipe. stdio by
defaut buffers output if not connected to a terminal.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| |
|
|
|
|
|
| |
Reported by: Henrik Nordstrom
When xtables.h is not already found in /usr/include, compilation
would fail when ${top_srcdir} != ${top_builddir}.
|
| | |
|
| |
|
|
|
|
| |
The following code is never be used. It should be removed.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
|
| |
|
|
| |
Also resync error handling with iptables.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Combine ipt and ip6t manpages
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Allow iptables to compile without a kernel source tree. This
implies fixing build for older kernels, such as 2.6.17 which
lack xt_SECMARK.h.
|
| | |
|
