Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | note that we can only delete chains that are empty | Harald Welte | 2005-11-22 | 1 | -3/+4 | |
| | ||||||
* | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | Harald Welte | 2005-11-22 | 1 | -1/+1 | |
| | ||||||
* | Add policy match extensions from patch-o-matic | Patrick McHardy | 2005-11-19 | 6 | -0/+998 | |
| | ||||||
* | Fix some gcc-4 warnings | Patrick McHardy | 2005-11-18 | 4 | -7/+7 | |
| | ||||||
* | Don't eat numeric arguments for other extensions | Patrick McHardy | 2005-11-18 | 1 | -4/+12 | |
| | ||||||
* | The conntrack match does not print any info for --ctproto, thus | Phil Oester | 2005-11-17 | 1 | -0/+7 | |
| | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | |||||
* | only set revisions on real targets, not on jumps. (Pablo Neira) | Pablo Neira | 2005-11-17 | 1 | -1/+3 | |
| | ||||||
* | - Fix memory leak in TC_COMMIT() (Markus Sundberg) | Harald Welte | 2005-11-12 | 1 | -23/+25 | |
| | | | | | - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function | |||||
* | add 'goto' support (Henrik Nordstrom <hno@marasystems.com>) | Henrik Nordstrom | 2005-11-05 | 3 | -3/+33 | |
| | ||||||
* | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)v1.3.4 | Deti Fliegl | 2005-11-03 | 2 | -53/+10 | |
| | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | |||||
* | about to release 1.3.4 | Harald Welte | 2005-10-31 | 1 | -2/+2 | |
| | ||||||
* | The conntrack match extension doesn't handle address inversion correctly. ↵ | Tom Eastep | 2005-09-19 | 1 | -2/+2 | |
| | | | | (Tom Eastep) | |||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 4 | -0/+41 | |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | |||||
* | * specifying random seed for the Jenkins hash works as documented | KOVACS Krisztian | 2005-09-19 | 1 | -28/+37 | |
| | | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> | |||||
* | Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. | Martin Josefsson | 2005-09-11 | 1 | -0/+4 | |
| | | | | We can't include that header since it conflicts with sys/types.h | |||||
* | Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵ | Martin Josefsson | 2005-09-11 | 1 | -6/+6 | |
| | | | | merged into the 2.6 kernel | |||||
* | Update manpage to reflect missing ability to SNAT to multiple ranges in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+6 | |
| | | | | 2.6.11-rc1 and later | |||||
* | Update manpage to reflect missing NAT to multiple ranges support in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+7 | |
| | | | | 2.6.11-rc1 and later. | |||||
* | update string match to reflect new kernel implementation (Pablo Neira) | Pablo Neira | 2005-08-28 | 1 | -40/+110 | |
| | ||||||
* | Note which kernel versions are affected by REJECT change (Maciej Soltysiak) | Maciej Soltysiak | 2005-08-26 | 1 | -0/+2 | |
| | ||||||
* | add support for new 'dccp' protocol match | Harald Welte | 2005-08-06 | 3 | -0/+414 | |
| | ||||||
* | port Eric Leblond's NFQUEUE missing-break fix to ip6tables | Harald Welte | 2005-08-05 | 2 | -0/+4 | |
| | ||||||
* | Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond) | Eric Leblond | 2005-08-05 | 2 | -0/+4 | |
| | ||||||
* | _really_ sort only user defined chains (Robert de Barth ↵ | Robert de Barth | 2005-07-31 | 1 | -1/+1 | |
| | | | | <list-netfilter@debarth.co.uk> | |||||
* | 1.3.3 releasev1.3.3 | Harald Welte | 2005-07-29 | 1 | -2/+2 | |
| | ||||||
* | The call to free_opts() in merge_options() is invalid C. The oldopts | Marcus Sundberg | 2005-07-29 | 2 | -6/+2 | |
| | | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself. | |||||
* | update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes | Harald Welte | 2005-07-28 | 4 | -8/+52 | |
| | ||||||
* | Fix NAT of ICMP ID ranges (Patrick McHardy) | Patrick McHardy | 2005-07-22 | 4 | -4/+8 | |
| | ||||||
* | get rid of numerous gcc-4 warnings | Harald Welte | 2005-07-19 | 14 | -20/+25 | |
| | ||||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 4 | -2/+244 | |
| | ||||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 3 | -16/+23 | |
| | | | | tested compilation with kernels starting 2.4.17 | |||||
* | we need to have this header file included, since old kernels don't define ↵ | Harald Welte | 2005-07-10 | 1 | -0/+16 | |
| | | | | IP6T_LOG_UID. | |||||
* | bump version number to 1.3.2 | Harald Welte | 2005-07-10 | 1 | -2/+2 | |
| | ||||||
* | add note to https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=334 | Harald Welte | 2005-07-04 | 1 | -0/+6 | |
| | ||||||
* | attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵ | Harald Welte | 2005-06-29 | 1 | -2/+2 | |
| | | | | Costa Tsaousis (backport from ipv4 owner) | |||||
* | add pointer to bugzilla | Harald Welte | 2005-06-24 | 1 | -0/+1 | |
| | ||||||
* | we don't have any counter issues in sparc64 | Harald Welte | 2005-06-24 | 1 | -1/+0 | |
| | ||||||
* | Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>) | Patrick McHardy | 2005-06-24 | 2 | -1/+20 | |
| | ||||||
* | fix deletion of targets where kernel size != userspace size (Pablo Neira) | Pablo Neira | 2005-06-23 | 2 | -0/+2 | |
| | ||||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2005-06-22 | 6 | -82/+5 | |
| | ||||||
* | This patch prevents user to set negative port value of SNAT/DNAT. | Yasuyuki KOZAKAI | 2005-06-22 | 2 | -4/+4 | |
| | | | | (Yasuyuki Kozakai) | |||||
* | Chain name should not start with '!' (Yasuyuki Kozakai ↵ | Yasuyuki KOZAKAI | 2005-06-13 | 2 | -4/+4 | |
| | | | | <yasuyuki.kozakai@toshiba.co.jp>) | |||||
* | Flush chain with noflush when it is redefined (Charlie Brady ↵ | Charlie Brady | 2005-06-12 | 2 | -12/+30 | |
| | | | | <charlieb-netfilter-devel@budge.apana.org.au>) | |||||
* | OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov ↵ | Evgeniy Polyakov | 2005-06-11 | 1 | -3/+11 | |
| | | | | <johnpol@2ka.mipt.ru>) | |||||
* | update multiport manpage (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2005-06-11 | 2 | -8/+10 | |
| | ||||||
* | Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora ↵ | Tom Eastep | 2005-06-11 | 1 | -2/+2 | |
| | | | | <pluto@agmk.net>) | |||||
* | Release previously merged options from merge_opts(), reduces memory-usage of ↵ | Pablo Neira | 2005-05-29 | 2 | -11/+34 | |
| | | | | iptables-restore dramatically (Pablo Neira) | |||||
* | While adding testing for inversion of multiport, noticed that documentation ↵ | Rusty Russell | 2005-05-25 | 1 | -2/+2 | |
| | | | | about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match. | |||||
* | include FIN bit in mask of "--syn" bits | Harald Welte | 2005-05-04 | 2 | -3/+3 | |
| | ||||||
* | Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>) | Patrick McHardy | 2005-05-02 | 1 | -0/+2 | |
| |