| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | update quota match for xtables + fix -D bug (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-08-08 | 2 | -7/+8 |
| | | |||||
| * | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | Patrick McHardyJesper Brouer | 2006-07-25 | 1 | -2/+19 |
| | | | | | invalid arguments to get accepted. | ||||
| * | proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-22 | 1 | -19/+2 |
| | | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
| * | reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 9 | -137/+18 |
| | | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
| * | reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 9 | -105/+6 |
| | | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
| * | please kill santa-claus (Pierre-Yves Ritschard <pierre-yves@spootnik.org>) | Pierre-Yves Ritschard | 2006-07-05 | 1 | -1/+0 |
| | | | | | Remove "hoho" message :) | ||||
| * | - force user to specify --icmpv6-type if icmpv6 match is required to load | Yasuyuki KOZAKAI | 2006-07-04 | 2 | -1/+11 |
| | | | | | | | - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) | ||||
| * | ip6tables multiport does not support x:y (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-03 | 1 | -5/+4 |
| | | | | | | | | | | | Update the manpage for ip6tables multiport match to reflect reality -- it does not (yet) support x:y syntax. I looked at adding it, but adding revision support to ip6tables seems a waste at this point, since once xtables support is added to iptables, this problem will resolve itself. Closes bug #451. | ||||
| * | iptables trivial compile warning cleanup (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-03 | 2 | -4/+6 |
| | | | | | | | | | | | | Cleanup a few compile warnings in latest snapshot: extensions/libipt_dscp_helper.c:69: warning: 'dscp_to_name' defined but not used extensions/libipt_sctp.c: In function 'print_chunks': extensions/libipt_sctp.c:465: warning: value computed is not used extensions/libipt_sctp.c:477: warning: value computed is not used Resolves bug #457. | ||||
| * | size_t changed to socklen_t in getsockopt call | Joszef Kadlecsik | 2006-06-23 | 1 | -3/+3 |
| | | |||||
| * | set match negation bug fixed | Joszef Kadlecsik | 2006-06-23 | 2 | -3/+3 |
| | | |||||
| * | REDIRECT does not accept IP (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-06-20 | 1 | -0/+3 |
| | | | | | | | As pointed out by Nicolas Mailhot in bugzilla #483, REDIRECT does not accept an IP address and when supplied with one, provides unexpected results. Patch below fixes this. | ||||
| * | trivial connlimit manpage fix (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-05-29 | 1 | -2/+2 |
| | | |||||
| * | Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>) | Simon Lodal | 2006-05-24 | 1 | -4/+4 |
| | | |||||
| * | Add information about :<port> syntax (Evan Miller <evanm@frap.net>) | Evan Miller | 2006-05-24 | 1 | -2/+3 |
| | | |||||
| * | secmark: Add libip6t_CONNSECMARK | James Morris | 2006-05-24 | 3 | -1/+140 |
| | | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
| * | D'oh .. I'm not too smart, forgot to add the new files in the previous ↵ | Patrick McHardy | 2006-05-24 | 6 | -0/+405 |
| | | | | | patches :) | ||||
| * | secmark: Add libipt_CONNSECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
| * | secmark: Add libip6t_SECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | | This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
| * | secmark: Add libipt_SECMARK | James Morris | 2006-05-24 | 1 | -1/+1 |
| | | | | | | | This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
| * | secmark: Add libselinux support | James Morris | 2006-05-24 | 1 | -1/+14 |
| | | | | | | | | | | This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org> | ||||
| * | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | Patrick McHardy | 2006-04-28 | 2 | -16/+48 |
| | | |||||
| * | [IPTABLES,IP6TABLES]: check invalid esp spi range | Yasuyuki KOZAKAI | 2006-04-15 | 2 | -0/+6 |
| | | |||||
| * | fix loading shared library of ICMPv6 match. | Yasuyuki KOZAKAI | 2006-04-15 | 3 | -1/+1 |
| | | | | | | | | | | | | | | The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever. | ||||
| * | [IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel | Harald Welte | 2006-04-12 | 2 | -2/+2 |
| | | | | | The recent kernels don't have ipt_connbytes.c and ip6t_esp.c. | ||||
| * | Correct iptables-save output of osf module (Daniel De Graaf) | Daniel De Graaf | 2006-03-31 | 1 | -0/+8 |
| | | |||||
| * | make policy match compile independant of kernel headersv1.3.5 | Harald Welte | 2006-02-01 | 2 | -2/+2 |
| | | |||||
| * | Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h | Harald Welte | 2006-02-01 | 1 | -0/+13 |
| | | | | | file in a way that breaks userspace :( | ||||
| * | remove other bits of old ip pool code, people should use ipset ↵ | Harald Welte | 2006-02-01 | 3 | -295/+0 |
| | | | | | (ipset.netfilter.org) these days | ||||
| * | Prepare policy match for x_tables unification by making sure both | Patrick McHardy | 2006-01-31 | 5 | -16/+10 |
| | | | | | ipt_policy and ip6t_policy use the same data structure. | ||||
| * | fix 'save' (Michael Rash) | Michael Rash | 2006-01-30 | 1 | -2/+2 |
| | | |||||
| * | major manpage update (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2006-01-30 | 26 | -84/+128 |
| | | |||||
| * | Add 'copy+paste' support for 'state' and 'connmark' match, as well as | Harald Welte | 2006-01-26 | 4 | -1/+535 |
| | | | | | 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support. | ||||
| * | add note about deprecated state | Harald Welte | 2006-01-26 | 1 | -0/+2 |
| | | |||||
| * | fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony) | Harald Welte | 2006-01-22 | 2 | -2/+2 |
| | | |||||
| * | Fix "empty policy element" complaining in non-strict mode. | Noticed by Tom Eastep | 2006-01-22 | 2 | -2/+4 |
| | | | | | Noticed by Tom Eastep <teastep@shorewall.net>. | ||||
| * | Clarify --tunnel-src/--tunnel-dst options | Patrick McHardy | 2006-01-12 | 2 | -6/+10 |
| | | |||||
| * | Move empty policy element check to also catch last element | Patrick McHardy | 2006-01-12 | 2 | -10/+12 |
| | | |||||
| * | Don't allow using --next option without specifying a policy element | Patrick McHardy | 2006-01-12 | 2 | -4/+14 |
| | | |||||
| * | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | Patrick McHardy | 2006-01-09 | 1 | -2/+2 |
| | | |||||
| * | Add documentation for string match (Pablo Neira) | Pablo Neira | 2006-01-03 | 1 | -0/+15 |
| | | |||||
| * | fix iptables-save of 'goto' target (Closes: #410) | Harald Welte | 2005-12-05 | 1 | -2/+2 |
| | | |||||
| * | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | Patrick McHardy | 2005-12-05 | 1 | -1/+4 |
| | | | | | maybe someday) | ||||
| * | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | Harald Welte | 2005-11-22 | 1 | -1/+1 |
| | | |||||
| * | Add policy match extensions from patch-o-matic | Patrick McHardy | 2005-11-19 | 6 | -0/+998 |
| | | |||||
| * | Fix some gcc-4 warnings | Patrick McHardy | 2005-11-18 | 4 | -7/+7 |
| | | |||||
| * | Don't eat numeric arguments for other extensions | Patrick McHardy | 2005-11-18 | 1 | -4/+12 |
| | | |||||
| * | The conntrack match does not print any info for --ctproto, thus | Phil Oester | 2005-11-17 | 1 | -0/+7 |
| | | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | ||||
| * | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)v1.3.4 | Deti Fliegl | 2005-11-03 | 2 | -53/+10 |
| | | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | ||||
| * | The conntrack match extension doesn't handle address inversion correctly. ↵ | Tom Eastep | 2005-09-19 | 1 | -2/+2 |
| | | | | | (Tom Eastep) | ||||
 |
index : iptables | |
| iptables tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |
path: root/extensions