| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | [PATCH 04/05] secmark: Add libipt_CONNSECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 | |
| | | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | |||||
| * | [PATCH 03/05] secmark: Add libip6t_SECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 | |
| | | | | | | | This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | |||||
| * | [PATCH 02/05] secmark: Add libipt_SECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 | |
| | | | | | | | This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | |||||
| * | [PATCH 01/05] secmark: Add libselinux support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 3 | -4/+36 | |
| | | | | | | | | | | This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org> | |||||
| * | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-28 | 4 | -16/+58 | |
| | | ||||||
| * | Replace annoying "Something wrong... deleting dependencies" message by ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-28 | 1 | -1/+1 | |
| | | | | | something more useful. | |||||
| * | Don't overwrite errno with return value of setsockopt (which is -1 on error). | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-22 | 1 | -6/+2 | |
| | | | | | Fixes "Unknown error 4294967295" message (bugzilla #460). | |||||
| * | Revert incorrect fix for "Unknown error 4294967295" problem | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-22 | 1 | -2/+0 | |
| | | ||||||
| * | When entering an invalid command (such as iptables -A INPUT -j MARK --set-mark | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 1 | -0/+2 | |
| | | | | | 1), the error message "Unknown error 4294967295" is displayed; (Closes: #460) | |||||
| * | In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 2 | -30/+32 | |
| | | | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462) | |||||
| * | cmdflags is used in cmd2char() to return the option for a command. It uses the | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 2 | -4/+2 | |
| | | | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463) | |||||
| * | [IPTABLES,IP6TABLES]: check invalid esp spi range | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 2 | -0/+6 | |
| | | ||||||
| * | [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp". | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 1 | -3/+1 | |
| | | ||||||
| * | fix loading shared library of ICMPv6 match. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 3 | -1/+1 | |
| | | | | | | | | | | | | | | The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever. | |||||
| * | [IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-12 | 2 | -2/+2 | |
| | | | | | The recent kernels don't have ipt_connbytes.c and ip6t_esp.c. | |||||
| * | [PATCH]: Correct iptables-save output of osf module (Daniel De Graaf) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-03-31 | 1 | -0/+8 | |
| | | ||||||
| * | [PATCH] don't allow to specify protocol of IPv6 extension header (Yasuyuki ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-03-29 | 1 | -0/+16 | |
| | | | | | | | | | | Kozakai) Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case. | |||||
| * | Multiple matches of the same type can be specified on the commandline. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-03-03 | 4 | -32/+84 | |
| | | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | |||||
| * | Make '-p all' a special case that is handled before calling getprotoent() ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-11 | 2 | -2/+14 | |
| | | | | | (Closes: #446) | |||||
| * | fix double-free if a single match is used multiple times within a signle rule | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-11 | 2 | -2/+6 | |
| | | | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances. | |||||
| * | don't install libiptc.a | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 1 | -1/+2 | |
| | | ||||||
| * | fix segfault or loading of invalid counters in ip[6]tables-restore (Olaf ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 2 | -2/+8 | |
| | | | | | Rempel) (Closes: #437) | |||||
| * | make policy match compile independant of kernel headerssvn_t_iptables_1_3_5 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 3 | -2/+6 | |
| | | ||||||
| * | Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 1 | -0/+13 | |
| | | | | | file in a way that breaks userspace :( | |||||
| * | fix ipt_conntrack compilation against very early (2.4.0) kernel releases | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 1 | -1/+1 | |
| | | ||||||
| * | remove other bits of old ip pool code, people should use ipset ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 5 | -323/+2 | |
| | | | | | (ipset.netfilter.org) these days | |||||
| * | remove ippool | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 3 | -679/+0 | |
| | | ||||||
| * | Prepare policy match for x_tables unification by making sure both | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-31 | 7 | -16/+126 | |
| | | | | | ipt_policy and ip6t_policy use the same data structure. | |||||
| * | fix 'save' (Michael Rash) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-30 | 1 | -2/+2 | |
| | | ||||||
| * | major manpage update (Yasuyuki Kozakai) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-30 | 27 | -88/+149 | |
| | | ||||||
| * | Add 'copy+paste' support for 'state' and 'connmark' match, as well as | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-26 | 4 | -1/+535 | |
| | | | | | 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support. | |||||
| * | add note about deprecated state | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-26 | 1 | -0/+2 | |
| | | ||||||
| * | fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-22 | 2 | -2/+2 | |
| | | ||||||
| * | Fix "empty policy element" complaining in non-strict mode. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-22 | 2 | -2/+4 | |
| | | | | | Noticed by Tom Eastep <teastep@shorewall.net>. | |||||
| * | Clarify --tunnel-src/--tunnel-dst options | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -6/+10 | |
| | | ||||||
| * | Move empty policy element check to also catch last element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -10/+12 | |
| | | ||||||
| * | Don't allow using --next option without specifying a policy element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -4/+14 | |
| | | ||||||
| * | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-09 | 1 | -2/+2 | |
| | | ||||||
| * | Add documentation for string match (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-03 | 1 | -0/+15 | |
| | | ||||||
| * | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-22 | 4 | -8/+10 | |
| | | | | | Bugzilla #413 | |||||
| * | fix iptables-save of 'goto' target (Closes: #410) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-12-05 | 1 | -2/+2 | |
| | | ||||||
| * | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-05 | 1 | -1/+4 | |
| | | | | | maybe someday) | |||||
| * | fix compilation of iptables on [old] systems that don't have IPT_F_GOTO | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-24 | 2 | -0/+6 | |
| | | ||||||
| * | note that we can only delete chains that are empty | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -3/+4 | |
| | | ||||||
| * | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -1/+1 | |
| | | ||||||
| * | Add policy match extensions from patch-o-matic | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-19 | 6 | -0/+998 | |
| | | ||||||
| * | Fix some gcc-4 warnings | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 4 | -7/+7 | |
| | | ||||||
| * | Don't eat numeric arguments for other extensions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 1 | -4/+12 | |
| | | ||||||
| * | The conntrack match does not print any info for --ctproto, thus | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -0/+7 | |
| | | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | |||||
| * | only set revisions on real targets, not on jumps. (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -1/+3 | |
| | | ||||||
 |
index : iptables.old-history | |
| iptables historical tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |