diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_CT.c | 8 | ||||
-rw-r--r-- | extensions/libxt_conntrack.man | 4 | ||||
-rw-r--r-- | extensions/libxt_iprange.c | 8 | ||||
-rw-r--r-- | extensions/libxt_state.man | 3 |
4 files changed, 18 insertions, 5 deletions
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c index 0b40fc61..6be6ea05 100644 --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c @@ -67,9 +67,9 @@ static uint32_t ct_parse_events(const struct event_tbl *tbl, unsigned int size, strcpy(str, events); while ((t = strsep(&e, ","))) { for (i = 0; i < size; i++) { - if (strcmp(t, tbl->name)) + if (strcmp(t, tbl[i].name)) continue; - mask |= 1 << tbl->event; + mask |= 1 << tbl[i].event; break; } @@ -150,6 +150,8 @@ static void ct_print(const void *ip, const struct xt_entry_target *target, int n if (info->exp_events) ct_print_events("expevents", exp_event_tbl, ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf("zone %u ", info->zone); } static void ct_save(const void *ip, const struct xt_entry_target *target) @@ -167,6 +169,8 @@ static void ct_save(const void *ip, const struct xt_entry_target *target) if (info->exp_events) ct_print_events("--expevents", exp_event_tbl, ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf("--zone %u ", info->zone); } static struct xtables_target ct_target = { diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man index b3d9e730..ec51ef53 100644 --- a/extensions/libxt_conntrack.man +++ b/extensions/libxt_conntrack.man @@ -55,6 +55,10 @@ in both directions, meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. .TP +\fBUNTRACKED\fR +meaning that the packet is not tracked at all, which happens if you use +the NOTRACK target in raw table. +.TP \fBSNAT\fR A virtual state, matching if the original source address differs from the reply destination. diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index b28a635a..55a2f84b 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -108,7 +108,8 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) info->flags |= IPRANGE_SRC_INV; iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range"); - + info->src.min_ip = range[0].ip; + info->src.max_ip = range[1].ip; break; case '2': @@ -122,8 +123,9 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) info->flags |= IPRANGE_DST_INV; - iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range"); - + iprange_parse_range(optarg, range, NFPROTO_IPV4, "--dst-range"); + info->dst.min_ip = range[0].ip; + info->dst.max_ip = range[1].ip; break; default: diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man index b5e719a4..37d095bc 100644 --- a/extensions/libxt_state.man +++ b/extensions/libxt_state.man @@ -19,3 +19,6 @@ directions, and meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. +.B UNTRACKED +meaning that the packet is not tracked at all, which happens if you use +the NOTRACK target in raw table. |