Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-13 | 1 | -0/+0 |
| | | | | way of doing this. | ||||
* | Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-13 | 6 | -6/+6 |
| | | | | specified, but loaded when extra options are specified, too. | ||||
* | Forgot to add TCPMSS target to PF6_EXT_SLIB | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-02-13 | 1 | -1/+1 |
| | |||||
* | Error if no ICMP type is specified even though user intended | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-13 | 1 | -0/+3 |
| | | | | to use icmp match. | ||||
* | Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2007-02-09 | 3 | -0/+266 |
| | | | | Kernel part will go in 2.6.21 | ||||
* | Bugzilla #535 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-26 | 1 | -1/+1 |
| | | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option. | ||||
* | Bugzilla #534: | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-26 | 1 | -4/+0 |
| | | | | | Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does. | ||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-16 | 2 | -0/+176 |
| | | | | Kernel part will go in 2.6.21. | ||||
* | Add UDPLITE multiport support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-11 | 1 | -3/+6 |
| | |||||
* | Fix missing space in ruleset listing | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-11 | 1 | -1/+1 |
| | |||||
* | Remove extensions for unmaintained/obsolete patchlets | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2007-01-10 | 65 | -5009/+2 |
| | |||||
* | fix typo in manpage (thomas@aktaia.intevation.org) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2007-01-07 | 1 | -1/+1 |
| | |||||
* | Move extensions for pom patches to individual patchlets. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-12 | 18 | -1337/+1 |
| | |||||
* | Add target extensions for new NFLOG target | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-12-03 | 4 | -0/+326 |
| | |||||
* | [PATCH]: Fix /etc/network usage (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-29 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | ||||
* | Add ip6tables support for hashlimit match | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-13 | 2 | -0/+372 |
| | |||||
* | Add ip6tables support for sctp match | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-11-13 | 2 | -0/+553 |
| | |||||
* | - Add revision support to ip6tables. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-10-20 | 1 | -1/+200 |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | ||||
* | [PATCH]: iptables segfaults when given "" to --log-prefix (Mike Frysinger ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-10-10 | 3 | -0/+16 |
| | | | | | | <vapier@gentoo.org>) Bugzilla #516 | ||||
* | Use correct types at error reporting (patch sent by H. Nakano) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-10-06 | 1 | -2/+2 |
| | |||||
* | [PATCH] Named realm (Simon Lodal <simon@parknet.dk>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-09-02 | 2 | -13/+158 |
| | | | | Optionally read realm values from /etc/iproute2/rt_realms | ||||
* | Add statistic match extension | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-31 | 2 | -0/+177 |
| | |||||
* | [PATCH] iptables: fix ipt_MARK documentation (Eric Leblond) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-29 | 1 | -1/+8 |
| | | | | | This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code. | ||||
* | [PATCH] update quota match for xtables + fix -D bug (Phil Oester ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-08-08 | 2 | -7/+8 |
| | | | | <kernel@linuxace.com>) | ||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-25 | 1 | -2/+19 |
| | | | | invalid arguments to get accepted. | ||||
* | [PATCH] proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-22 | 1 | -19/+2 |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
* | [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 9 | -137/+18 |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
* | [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-20 | 9 | -105/+6 |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
* | [PATCH] please kill santa-claus (Pierre-Yves Ritschard ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-05 | 1 | -1/+0 |
| | | | | | | <pierre-yves@spootnik.org>) Remove "hoho" message :) | ||||
* | - force user to specify --icmpv6-type if icmpv6 match is required to load | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-07-04 | 2 | -1/+11 |
| | | | | | | - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) | ||||
* | [PATCH] ip6tables multiport does not support x:y (Phil Oester ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-03 | 1 | -5/+4 |
| | | | | | | | | | | | | <kernel@linuxace.com>) Update the manpage for ip6tables multiport match to reflect reality -- it does not (yet) support x:y syntax. I looked at adding it, but adding revision support to ip6tables seems a waste at this point, since once xtables support is added to iptables, this problem will resolve itself. Closes bug #451. | ||||
* | [PATCH] iptables trivial compile warning cleanup (Phil Oester ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-07-03 | 2 | -4/+6 |
| | | | | | | | | | | | | | <kernel@linuxace.com>) Cleanup a few compile warnings in latest snapshot: extensions/libipt_dscp_helper.c:69: warning: 'dscp_to_name' defined but not used extensions/libipt_sctp.c: In function 'print_chunks': extensions/libipt_sctp.c:465: warning: value computed is not used extensions/libipt_sctp.c:477: warning: value computed is not used Resolves bug #457. | ||||
* | size_t changed to socklen_t in getsockopt call | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-06-23 | 1 | -3/+3 |
| | |||||
* | set match negation bug fixed | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-06-23 | 2 | -3/+3 |
| | |||||
* | [PATCH] REDIRECT does not accept IP (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-06-20 | 1 | -0/+3 |
| | | | | | | As pointed out by Nicolas Mailhot in bugzilla #483, REDIRECT does not accept an IP address and when supplied with one, provides unexpected results. Patch below fixes this. | ||||
* | [PATCH] trivial connlimit manpage fix (Phil Oester <kernel@linuxace.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-29 | 1 | -2/+2 |
| | |||||
* | Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -4/+4 |
| | |||||
* | Add information about :<port> syntax (Evan Miller <evanm@frap.net>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -2/+3 |
| | |||||
* | [PATCH 05/05] secmark: Add libip6t_CONNSECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 3 | -1/+140 |
| | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | D'oh .. I'm not too smart, forgot to add the new files in the previous ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 6 | -0/+405 |
| | | | | patches :) | ||||
* | [PATCH 04/05] secmark: Add libipt_CONNSECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 |
| | | | | | | | This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | [PATCH 03/05] secmark: Add libip6t_SECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 |
| | | | | | | This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | [PATCH 02/05] secmark: Add libipt_SECMARK | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+1 |
| | | | | | | This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | [PATCH 01/05] secmark: Add libselinux support | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-05-24 | 1 | -1/+14 |
| | | | | | | | | | This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org> | ||||
* | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-28 | 2 | -16/+48 |
| | |||||
* | [IPTABLES,IP6TABLES]: check invalid esp spi range | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 2 | -0/+6 |
| | |||||
* | fix loading shared library of ICMPv6 match. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 3 | -1/+1 |
| | | | | | | | | | | | | | The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever. | ||||
* | [IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-12 | 2 | -2/+2 |
| | | | | The recent kernels don't have ipt_connbytes.c and ip6t_esp.c. | ||||
* | [PATCH]: Correct iptables-save output of osf module (Daniel De Graaf) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-03-31 | 1 | -0/+8 |
| | |||||
* | make policy match compile independant of kernel headerssvn_t_iptables_1_3_5 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 2 | -2/+2 |
| |