summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* about to release 1.3.4Harald Welte2005-10-311-2/+2
|
* The conntrack match extension doesn't handle address inversion correctly. ↵Tom Eastep2005-09-191-2/+2
| | | | (Tom Eastep)
* Kernels higher than 2.6.10 don't support multiple --to arguments inPhil Oester2005-09-194-0/+41
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* * specifying random seed for the Jenkins hash works as documentedKOVACS Krisztian2005-09-191-28/+37
| | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org>
* Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel.Martin Josefsson2005-09-111-0/+4
| | | | We can't include that header since it conflicts with sys/types.h
* Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵Martin Josefsson2005-09-111-6/+6
| | | | merged into the 2.6 kernel
* Update manpage to reflect missing ability to SNAT to multiple ranges in ↵Harald Welte2005-08-291-4/+6
| | | | 2.6.11-rc1 and later
* Update manpage to reflect missing NAT to multiple ranges support in ↵Harald Welte2005-08-291-4/+7
| | | | 2.6.11-rc1 and later.
* update string match to reflect new kernel implementation (Pablo Neira)Pablo Neira2005-08-281-40/+110
|
* Note which kernel versions are affected by REJECT change (Maciej Soltysiak)Maciej Soltysiak2005-08-261-0/+2
|
* add support for new 'dccp' protocol matchHarald Welte2005-08-063-0/+414
|
* port Eric Leblond's NFQUEUE missing-break fix to ip6tablesHarald Welte2005-08-052-0/+4
|
* Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond)Eric Leblond2005-08-052-0/+4
|
* _really_ sort only user defined chains (Robert de Barth ↵Robert de Barth2005-07-311-1/+1
| | | | <list-netfilter@debarth.co.uk>
* 1.3.3 releasev1.3.3Harald Welte2005-07-291-2/+2
|
* The call to free_opts() in merge_options() is invalid C. The oldoptsMarcus Sundberg2005-07-292-6/+2
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changesHarald Welte2005-07-284-8/+52
|
* Fix NAT of ICMP ID ranges (Patrick McHardy)Patrick McHardy2005-07-224-4/+8
|
* get rid of numerous gcc-4 warningsHarald Welte2005-07-1914-20/+25
|
* add NFQUEUE support for ipv4 and ipv6Harald Welte2005-07-194-2/+244
|
* fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2Harald Welte2005-07-103-16/+23
| | | | tested compilation with kernels starting 2.4.17
* we need to have this header file included, since old kernels don't define ↵Harald Welte2005-07-101-0/+16
| | | | IP6T_LOG_UID.
* bump version number to 1.3.2Harald Welte2005-07-101-2/+2
|
* add note to https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=334Harald Welte2005-07-041-0/+6
|
* attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵Harald Welte2005-06-291-2/+2
| | | | Costa Tsaousis (backport from ipv4 owner)
* add pointer to bugzillaHarald Welte2005-06-241-0/+1
|
* we don't have any counter issues in sparc64Harald Welte2005-06-241-1/+0
|
* Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>)Patrick McHardy2005-06-242-1/+20
|
* fix deletion of targets where kernel size != userspace size (Pablo Neira)Pablo Neira2005-06-232-0/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-226-82/+5
|
* This patch prevents user to set negative port value of SNAT/DNAT.Yasuyuki KOZAKAI2005-06-222-4/+4
| | | | (Yasuyuki Kozakai)
* Chain name should not start with '!' (Yasuyuki Kozakai ↵Yasuyuki KOZAKAI2005-06-132-4/+4
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Flush chain with noflush when it is redefined (Charlie Brady ↵Charlie Brady2005-06-122-12/+30
| | | | <charlieb-netfilter-devel@budge.apana.org.au>)
* OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov ↵Evgeniy Polyakov2005-06-111-3/+11
| | | | <johnpol@2ka.mipt.ru>)
* update multiport manpage (Phil Oester <kernel@linuxace.com>)Phil Oester2005-06-112-8/+10
|
* Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora ↵Tom Eastep2005-06-111-2/+2
| | | | <pluto@agmk.net>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵Pablo Neira2005-05-292-11/+34
| | | | iptables-restore dramatically (Pablo Neira)
* While adding testing for inversion of multiport, noticed that documentation ↵Rusty Russell2005-05-251-2/+2
| | | | about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match.
* include FIN bit in mask of "--syn" bitsHarald Welte2005-05-042-3/+3
|
* Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>)Patrick McHardy2005-05-021-0/+2
|
* Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>)Piotrek Kaczmarek2005-04-241-0/+1
|
* pull out pmtu changes to fix compilation issuesHarald Welte2005-04-152-124/+3
|
* poll goto specific changes out of trunkHarald WeltePablo Neira2005-04-152-4/+1
|
* fix iptables-save/restore of goto (Jonas Berlin)Jonas Berlin2005-04-152-1/+4
|
* omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵Harald WeltePablo Neira2005-04-151-1/+22
| | | | to use ip_conntrack_old_tuple. (Pablo Neira)
* add REJECT with icmp-frag-needed (Florian Lohoff)Florian Lohoff2005-04-102-3/+124
|
* don't allow newlines in LOG prefix (Phil Oester) (Closes: #312)Phil Oester2005-04-012-0/+8
|
* re-sync ip6tables with iptables (check for init functions) (Jonas Berlin)Jonas Berlin2005-04-011-8/+12
|
* add lots of man pages (Jonas Berlin)Jonas Berlin2005-04-0117-0/+474
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵Jonas Berlin2005-04-012-2/+2
| | | | everywhere else '0' is used (Jonas Berlin)