Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add Jozsef's TRACE target. | Patrick McHardy | 2007-06-25 | 5 | -2/+148 |
| | | | | | Changed to be built unconditionally by myself since it doesn't need any headerfiles anyways. | ||||
* | bump versionv1.3.8 | Pablo Neira Ayuso | 2007-06-25 | 1 | -2/+2 |
| | |||||
* | Fixes build error of conntrack match because of missing ip_conntrack_tuple.h | Yasuyuki KOZAKAI | 2007-06-24 | 1 | -1/+0 |
| | | | | | in linux 2.6.22. It is not needed because nf_conntrack headers can be used instead. | ||||
* | A white space fix in ip6tables.c | Yasuyuki KOZAKAI | 2007-06-12 | 1 | -1/+1 |
| | |||||
* | '-p all' and '-p 0' should be allowed. And actually ip6tables in kernel | Yasuyuki KOZAKAI | 2007-06-11 | 1 | -7/+6 |
| | | | | | allows '! -p xxx' where xxx is extension header. It matches all valid IPv6 packets. | ||||
* | libipt_hashlimit doc update | Jan Engelhardt | 2007-06-03 | 1 | -2/+2 |
| | | | | | | Add srcip,srcport to hashlimit manpage. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | ||||
* | Add --random option to DNAT and REDIRECT targets and fix the manpage mess ↵ | Patrick McHardy | 2007-05-29 | 7 | -27/+76 |
| | | | | this option left behind. | ||||
* | Use posix conform directory existance check (Roy Marples <uberlord@gentoo.org>) | Roy Marples | 2007-05-10 | 1 | -1/+1 |
| | | | | | | Makefile uses [ -a /dir ] which is invalid on non bash shells Bugzilla #569 | ||||
* | Fix missing newlines in iptables-save/restore output (Pavol Rusnak ↵ | Pavel Rusnak | 2007-05-10 | 4 | -6/+6 |
| | | | | | | <prusnak@suse.cz>) Bugzilla #568 | ||||
* | update quota manpage for SMP (Phil Oester) | Phil Oester | 2007-05-02 | 1 | -1/+0 |
| | | | | | The quota match works fine on SMP, so update the manpage to reflect this. Closes bugzilla #564. | ||||
* | In fixing bug #446 [1], the output for unspecified proto was changed from ↵ | Phil Oester | 2007-04-30 | 2 | -0/+2 |
| | | | | "all" to "0". This reverts to the original behaviour, and closes bugzilla #543. (Phil Oester) | ||||
* | Fix iptables-save with --random option | Patrick McHardy | 2007-04-18 | 3 | -3/+14 |
| | |||||
* | Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs. | Patrick McHardy | 2007-04-18 | 3 | -45/+7 |
| | |||||
* | Remove libnsl from LDLIBS | Patrick McHardy | 2007-04-18 | 1 | -1/+1 |
| | | | | Bugzilla 557 | ||||
* | fix problem with iptables-restore and quotes (close bugzilla id 505) | Pablo Neira Ayuso | 2007-04-18 | 1 | -15/+32 |
| | |||||
* | Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵ | Patrick McHardy | 2007-04-18 | 16 | -12/+308 |
| | | | | versions. | ||||
* | Remove unnecessary ip_conntrack/ip_nat includes | Patrick McHardy | 2007-04-18 | 2 | -2/+0 |
| | |||||
* | revert some slipped through patches | Pablo Neira AyusoMaurice van der Pot | 2007-04-16 | 2 | -33/+16 |
| | |||||
* | prepare conntrack and conntrackd merge: rename conntrack to conntrack-tools | Pablo Neira Ayuso | 2007-04-16 | 2 | -16/+33 |
| | |||||
* | Fix iptables --modprobe parameter (Maurice van der Pot <griffon26@kfk4ever.com>) | Pablo Neira AyusoMaurice van der Pot | 2007-04-16 | 1 | -1/+1 |
| | | | | | | Supply modprobe parameter to iptables_insmod function. Bugzilla #556 | ||||
* | ip6tables-restore should output error of modprobe if failed to load | Yasuyuki KOZAKAI | 2007-03-20 | 1 | -1/+1 |
| | | | | ip6tables.ko after failed to initialize handle. | ||||
* | Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet | Yasuyuki KOZAKAI | 2007-03-20 | 4 | -12/+14 |
| | |||||
* | Supress error message from modprobe on checking revision. | Yasuyuki KOZAKAI | 2007-03-13 | 6 | -22/+34 |
| | |||||
* | Fix cut and paste error breaking use of groups != 0 | Patrick McHardy | 2007-03-06 | 2 | -12/+12 |
| | |||||
* | iptables: add random option to SNAT (Eric Leblond) | Eric Leblond | 2007-02-24 | 6 | -9/+117 |
| | |||||
* | Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary | Yasuyuki KOZAKAI | 2007-02-19 | 1 | -4/+1 |
| | | | | to check no option of ICMP type. | ||||
* | Update coreteam members in manpages | Yasuyuki KOZAKAI | 2007-02-15 | 2 | -2/+4 |
| | |||||
* | Fix missing space in error message (Bugzilla 544) | Patrick McHardy | 2007-02-14 | 2 | -2/+2 |
| | |||||
* | Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵ | Patrick McHardy | 2007-02-13 | 1 | -0/+0 |
| | | | | way of doing this. | ||||
* | Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is | Yasuyuki KOZAKAI | 2007-02-13 | 6 | -6/+6 |
| | | | | specified, but loaded when extra options are specified, too. | ||||
* | Forgot to add TCPMSS target to PF6_EXT_SLIB | Patrick McHardy | 2007-02-13 | 1 | -1/+1 |
| | |||||
* | Error if no ICMP type is specified even though user intended | Yasuyuki KOZAKAI | 2007-02-13 | 1 | -0/+3 |
| | | | | to use icmp match. | ||||
* | Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) | Masahide NAKAMURA | 2007-02-09 | 4 | -0/+271 |
| | | | | Kernel part will go in 2.6.21 | ||||
* | Update coreteam members in manpages. | Patrick McHardy | 2007-01-28 | 2 | -4/+4 |
| | |||||
* | Bugzilla #535 | Patrick McHardy | 2007-01-26 | 1 | -1/+1 |
| | | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option. | ||||
* | Bugzilla #534: | Patrick McHardy | 2007-01-26 | 1 | -4/+0 |
| | | | | | Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does. | ||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | Arnaud Ebalard | 2007-01-16 | 3 | -0/+186 |
| | | | | Kernel part will go in 2.6.21. | ||||
* | Add UDPLITE multiport support | Patrick McHardy | 2007-01-11 | 5 | -3/+14 |
| | |||||
* | Fix missing space in ruleset listing | Patrick McHardy | 2007-01-11 | 1 | -1/+1 |
| | |||||
* | Remove extensions for unmaintained/obsolete patchlets | Patrick McHardy | 2007-01-10 | 65 | -5009/+2 |
| | |||||
* | Fix greedy debug grep | Patrick McHardy | 2007-01-10 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | From Bugzilla #527: if you have a kernel with say a '-g' in it, then KERNEL_DIR will include the '-g' in it, CFLAGS will include the '-g' in it, and then the grep will think you have -g in your CFLAGS for example, if you use the grsec or gentoo patchset: $ uname -r 2.6.19.1-grsec $ uname -r 2.6.19-gentoo-r2 then your CFLAGS will look like: -O2 -Wall -Wunused -I"/lib/modules/2.6.19.1-grsec/build"/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.7\" and the greedy check grep will incorrectly flag this: egrep -e '-g|-pg|IPTC_DEBUG' | ||||
* | fix typo in manpage (thomas@aktaia.intevation.org) | thomas | 2007-01-07 | 1 | -1/+1 |
| | |||||
* | Move extensions for pom patches to individual patchlets. | Patrick McHardy | 2006-12-12 | 18 | -1337/+1 |
| | |||||
* | fix compile/install error for iptables-xml with DO_MULTI=1 (Lutz Jaenicke) | Lutz Jaenicke | 2006-12-09 | 5 | -8/+13 |
| | |||||
* | Bump version to 1.3.7v1.3.7 | Patrick McHardy | 2006-12-04 | 1 | -2/+2 |
| | |||||
* | Add target extensions for new NFLOG target | Patrick McHardy | 2006-12-03 | 4 | -0/+326 |
| | |||||
* | Fix iptables-save not printing -s !0/0 and -d !0/0 as well as ip6tables | Patrick McHardy | 2006-12-02 | 2 | -2/+2 |
| | | | | unnecessarily printing the address. Base on patch by Daniel De Graaf. | ||||
* | Fix /etc/network usage (Pablo Neira) | Pablo Neira Ayuso | 2006-11-29 | 3 | -36/+36 |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | ||||
* | Fix -E (rename) in iptables/ip6tables | Krzysztof Piotr Oledzki | 2006-11-14 | 2 | -2/+0 |
| | | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> | ||||
* | Use /lib/modules/$(uname -r)/build instead of /usr/src/linux as KERNEL_DIR ↵ | Patrick McHardy | 2006-11-14 | 1 | -1/+1 |
| | | | | default |