Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | extensions: libxt_connlabel: do not open config file from _init hook | Florian Westphal | 2014-09-05 | 1 | -7/+20 |
| | | | | | | | | else, static builds will print this for every iptables invocation, even 'iptables -L'. Delay open until we need to translate a mapping. Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | extensions: libxt_connlabel: use libnetfilter_conntrack | Florian Westphal | 2013-07-16 | 1 | -114/+28 |
| | | | | | | | | | | | | | | | | | Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | extensions: add connlabel match | Florian Westphal | 2013-05-06 | 1 | -0/+210 |
allows to "tag" connections with up to 128 label names. Labels are defined in /etc/xtables/connlabel.conf, example: 0 from eth0 1 via eth0 Labels can then be attached to flows, e.g. -A PREROUTING -i eth0 -m connlabel --label "from eth0" --set Signed-off-by: Florian Westphal <fw@strlen.de> |