| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
linux/dccp.h is unlikely to be installed before 2.6.18 (which was
when headers_install was introduced), and does not exist at all
before 2.6.14. Add a compile-time check to skip compilation of
libxt_dccp in case this was detected.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
Resync headers and add types.h file for endian annotated types, which
are not available with old headers.
|
|
|
|
|
|
|
| |
Spotted by Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attached is a patch to add the new defines. The macro XTABLES_VERSION
is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested
that an empty XTABLES_VERSION_EXTRA in configure.ac works.
Now we can write code like this:
#warning You are obselete and will be assimilated.
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
| |
In the manpages, bold is used to denote characters the user has to
enter verbatim, italic denotes placeholders and non-highlighted
pieces are used as a structure: "[]" specifying an optional part,
"{}" a mandatory part, with "|" used for alternations. The "!" for
negation is better supported before the option than after it, too.
The patch makes a few files consistent with this style already used
in manpages.
|
| |
|
|
|
|
|
|
| |
Fixes Bugzilla 482.
Signed-off-by: Kristof Provost <kristof@sigsegv.be>
|
|\ |
|
| |
| |
| |
| |
| | |
Actually its not a bump but a decrease, the autoconf patches
apparently sneaked it a version bump to 1.4.1 already.
|
|/
|
|
|
|
|
|
| |
The new iptables git version assumes /bin/sh is always GNU bash,
that's not the case (Ubuntu 8.04 uses dash), see attachment
for a fix.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464244
ip6tables improperly displays the destination address when the address
is longer than 18 characters. Here is example output:
...
DROP tcp 2001:db8::/32 2001:db8:3:4:5:6:7:8/128tcp spt:25
...
Proper formatting should have a space between '2001:db8:3:4:5:6:7:8/128'
and 'tcp'.
Signed-off-by: Jamie Strandboge <jamie@ubuntu.com>
Signed-off-by: Lawrence J. Lane <ljlane@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here is the --set-counters syntax patch requested earlier today making
--set-counters (-c) accept comma separated counts.
-c packets,bytes
I have not updated the manpage to reflect this alternate syntax for the
--set-counters (-c) option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Excent --list (and --list-rules) to allow selection of a single rule
number
iptables --list INPUT 4
iptables --list-rules INPUT 4
list rule number 4 in INPUT.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds iptables --list-rules (-S) command, acting as a combination of
iptables --list and iptables-save.
The primary motivation behind this patch is to get iptables-save like
output capabilities in iptables-restore, allowing "iptables-restore -n"
to be used as a consistent API to iptables for all kind of operations,
not only blind updates..
As a bonus iptables also gets the capability of printing the rules
as-is.
This completely replaces the earlier patch which added the --rules
option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
| |
Adds support for setting the policy counters
iptables -P INPUT -J DROP -c 10 20
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
| |
The attached patch flushes stdout between commands to make output
operations (-L etc) in iptables-restore usable over a pipe. stdio by
defaut buffers output if not connected to a terminal.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
| |
Reported by: Henrik Nordstrom
When xtables.h is not already found in /usr/include, compilation
would fail when ${top_srcdir} != ${top_builddir}.
|
| |
|
|
|
|
|
|
| |
The following code is never be used. It should be removed.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
|
|
|
|
| |
Also resync error handling with iptables.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Combine ipt and ip6t manpages
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Allow iptables to compile without a kernel source tree. This
implies fixing build for older kernels, such as 2.6.17 which
lack xt_SECMARK.h.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
|
|
|
|
|
| |
- change "unsigned" to explicit "unsigned int"
- remove some casts
|
| |
|
|
|
|
|
| |
libxt_mark rev1 used AF_INET6 in the class structure where it should
have used AF_INET.
|