summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_CT.c8
-rw-r--r--extensions/libxt_conntrack.man4
-rw-r--r--extensions/libxt_iprange.c8
-rw-r--r--extensions/libxt_state.man3
4 files changed, 18 insertions, 5 deletions
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 0b40fc61..6be6ea05 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -67,9 +67,9 @@ static uint32_t ct_parse_events(const struct event_tbl *tbl, unsigned int size,
strcpy(str, events);
while ((t = strsep(&e, ","))) {
for (i = 0; i < size; i++) {
- if (strcmp(t, tbl->name))
+ if (strcmp(t, tbl[i].name))
continue;
- mask |= 1 << tbl->event;
+ mask |= 1 << tbl[i].event;
break;
}
@@ -150,6 +150,8 @@ static void ct_print(const void *ip, const struct xt_entry_target *target, int n
if (info->exp_events)
ct_print_events("expevents", exp_event_tbl,
ARRAY_SIZE(exp_event_tbl), info->exp_events);
+ if (info->zone)
+ printf("zone %u ", info->zone);
}
static void ct_save(const void *ip, const struct xt_entry_target *target)
@@ -167,6 +169,8 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
if (info->exp_events)
ct_print_events("--expevents", exp_event_tbl,
ARRAY_SIZE(exp_event_tbl), info->exp_events);
+ if (info->zone)
+ printf("--zone %u ", info->zone);
}
static struct xtables_target ct_target = {
diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man
index b3d9e730..ec51ef53 100644
--- a/extensions/libxt_conntrack.man
+++ b/extensions/libxt_conntrack.man
@@ -55,6 +55,10 @@ in both directions,
meaning that the packet is starting a new connection, but is associated with an
existing connection, such as an FTP data transfer, or an ICMP error.
.TP
+\fBUNTRACKED\fR
+meaning that the packet is not tracked at all, which happens if you use
+the NOTRACK target in raw table.
+.TP
\fBSNAT\fR
A virtual state, matching if the original source address differs from the reply
destination.
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index b28a635a..55a2f84b 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -108,7 +108,8 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
info->flags |= IPRANGE_SRC_INV;
iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
-
+ info->src.min_ip = range[0].ip;
+ info->src.max_ip = range[1].ip;
break;
case '2':
@@ -122,8 +123,9 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags,
if (invert)
info->flags |= IPRANGE_DST_INV;
- iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range");
-
+ iprange_parse_range(optarg, range, NFPROTO_IPV4, "--dst-range");
+ info->dst.min_ip = range[0].ip;
+ info->dst.max_ip = range[1].ip;
break;
default:
diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man
index b5e719a4..37d095bc 100644
--- a/extensions/libxt_state.man
+++ b/extensions/libxt_state.man
@@ -19,3 +19,6 @@ directions, and
meaning that the packet is starting a new connection, but is
associated with an existing connection, such as an FTP data transfer,
or an ICMP error.
+.B UNTRACKED
+meaning that the packet is not tracked at all, which happens if you use
+the NOTRACK target in raw table.