| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
In the manpages, bold is used to denote characters the user has to
enter verbatim, italic denotes placeholders and non-highlighted
pieces are used as a structure: "[]" specifying an optional part,
"{}" a mandatory part, with "|" used for alternations. The "!" for
negation is better supported before the option than after it, too.
The patch makes a few files consistent with this style already used
in manpages.
|
| |
|
|
|
|
|
|
| |
Fixes Bugzilla 482.
Signed-off-by: Kristof Provost <kristof@sigsegv.be>
|
|\ |
|
| |
| |
| |
| |
| | |
Actually its not a bump but a decrease, the autoconf patches
apparently sneaked it a version bump to 1.4.1 already.
|
|/
|
|
|
|
|
|
| |
The new iptables git version assumes /bin/sh is always GNU bash,
that's not the case (Ubuntu 8.04 uses dash), see attachment
for a fix.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464244
ip6tables improperly displays the destination address when the address
is longer than 18 characters. Here is example output:
...
DROP tcp 2001:db8::/32 2001:db8:3:4:5:6:7:8/128tcp spt:25
...
Proper formatting should have a space between '2001:db8:3:4:5:6:7:8/128'
and 'tcp'.
Signed-off-by: Jamie Strandboge <jamie@ubuntu.com>
Signed-off-by: Lawrence J. Lane <ljlane@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Here is the --set-counters syntax patch requested earlier today making
--set-counters (-c) accept comma separated counts.
-c packets,bytes
I have not updated the manpage to reflect this alternate syntax for the
--set-counters (-c) option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Excent --list (and --list-rules) to allow selection of a single rule
number
iptables --list INPUT 4
iptables --list-rules INPUT 4
list rule number 4 in INPUT.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds iptables --list-rules (-S) command, acting as a combination of
iptables --list and iptables-save.
The primary motivation behind this patch is to get iptables-save like
output capabilities in iptables-restore, allowing "iptables-restore -n"
to be used as a consistent API to iptables for all kind of operations,
not only blind updates..
As a bonus iptables also gets the capability of printing the rules
as-is.
This completely replaces the earlier patch which added the --rules
option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
| |
Adds support for setting the policy counters
iptables -P INPUT -J DROP -c 10 20
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
|
| |
The attached patch flushes stdout between commands to make output
operations (-L etc) in iptables-restore usable over a pipe. stdio by
defaut buffers output if not connected to a terminal.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
|
|
|
|
|
|
| |
Reported by: Henrik Nordstrom
When xtables.h is not already found in /usr/include, compilation
would fail when ${top_srcdir} != ${top_builddir}.
|
| |
|
|
|
|
|
|
| |
The following code is never be used. It should be removed.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
|
|
|
|
| |
Also resync error handling with iptables.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Combine ipt and ip6t manpages
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Allow iptables to compile without a kernel source tree. This
implies fixing build for older kernels, such as 2.6.17 which
lack xt_SECMARK.h.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
|
|
|
|
|
| |
- change "unsigned" to explicit "unsigned int"
- remove some casts
|
| |
|
|
|
|
|
| |
libxt_mark rev1 used AF_INET6 in the class structure where it should
have used AF_INET.
|
|
|
|
|
|
|
|
| |
Adjust the _INIT macro and thus fix the build/linking procedure of
the monolithic do-it-all binary (iptables-static).
Also fix the Makefile since unfortunately, lib%.o does not seem to
have a higher precedence than %.o
|
|
|
|
| |
Bugzilla #104
|
|
|
|
|
|
|
| |
IP address validation logic was inverted, causing valid addresses to
be rejected.
Signed-off-by: James King <t.james.king@gmail.com>
|
|
|
|
| |
Signed-off-by: Filippo Zangheri <filippo.zangheri@yahoo.it>
|
| |
|