Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | iptables: add random option to SNAT (Eric Leblond) | Eric Leblond | 2007-02-24 | 6 | -9/+117 |
| | |||||
* | Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary | Yasuyuki KOZAKAI | 2007-02-19 | 1 | -4/+1 |
| | | | | to check no option of ICMP type. | ||||
* | Update coreteam members in manpages | Yasuyuki KOZAKAI | 2007-02-15 | 2 | -2/+4 |
| | |||||
* | Fix missing space in error message (Bugzilla 544) | Patrick McHardy | 2007-02-14 | 2 | -2/+2 |
| | |||||
* | Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵ | Patrick McHardy | 2007-02-13 | 1 | -0/+0 |
| | | | | way of doing this. | ||||
* | Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is | Yasuyuki KOZAKAI | 2007-02-13 | 6 | -6/+6 |
| | | | | specified, but loaded when extra options are specified, too. | ||||
* | Forgot to add TCPMSS target to PF6_EXT_SLIB | Patrick McHardy | 2007-02-13 | 1 | -1/+1 |
| | |||||
* | Error if no ICMP type is specified even though user intended | Yasuyuki KOZAKAI | 2007-02-13 | 1 | -0/+3 |
| | | | | to use icmp match. | ||||
* | Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) | Masahide NAKAMURA | 2007-02-09 | 4 | -0/+271 |
| | | | | Kernel part will go in 2.6.21 | ||||
* | Update coreteam members in manpages. | Patrick McHardy | 2007-01-28 | 2 | -4/+4 |
| | |||||
* | Bugzilla #535 | Patrick McHardy | 2007-01-26 | 1 | -1/+1 |
| | | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option. | ||||
* | Bugzilla #534: | Patrick McHardy | 2007-01-26 | 1 | -4/+0 |
| | | | | | Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does. | ||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | Arnaud Ebalard | 2007-01-16 | 3 | -0/+186 |
| | | | | Kernel part will go in 2.6.21. | ||||
* | Add UDPLITE multiport support | Patrick McHardy | 2007-01-11 | 5 | -3/+14 |
| | |||||
* | Fix missing space in ruleset listing | Patrick McHardy | 2007-01-11 | 1 | -1/+1 |
| | |||||
* | Remove extensions for unmaintained/obsolete patchlets | Patrick McHardy | 2007-01-10 | 65 | -5009/+2 |
| | |||||
* | Fix greedy debug grep | Patrick McHardy | 2007-01-10 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | From Bugzilla #527: if you have a kernel with say a '-g' in it, then KERNEL_DIR will include the '-g' in it, CFLAGS will include the '-g' in it, and then the grep will think you have -g in your CFLAGS for example, if you use the grsec or gentoo patchset: $ uname -r 2.6.19.1-grsec $ uname -r 2.6.19-gentoo-r2 then your CFLAGS will look like: -O2 -Wall -Wunused -I"/lib/modules/2.6.19.1-grsec/build"/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.7\" and the greedy check grep will incorrectly flag this: egrep -e '-g|-pg|IPTC_DEBUG' | ||||
* | fix typo in manpage (thomas@aktaia.intevation.org) | thomas | 2007-01-07 | 1 | -1/+1 |
| | |||||
* | Move extensions for pom patches to individual patchlets. | Patrick McHardy | 2006-12-12 | 18 | -1337/+1 |
| | |||||
* | fix compile/install error for iptables-xml with DO_MULTI=1 (Lutz Jaenicke) | Lutz Jaenicke | 2006-12-09 | 5 | -8/+13 |
| | |||||
* | Bump version to 1.3.7v1.3.7 | Patrick McHardy | 2006-12-04 | 1 | -2/+2 |
| | |||||
* | Add target extensions for new NFLOG target | Patrick McHardy | 2006-12-03 | 4 | -0/+326 |
| | |||||
* | Fix iptables-save not printing -s !0/0 and -d !0/0 as well as ip6tables | Patrick McHardy | 2006-12-02 | 2 | -2/+2 |
| | | | | unnecessarily printing the address. Base on patch by Daniel De Graaf. | ||||
* | Fix /etc/network usage (Pablo Neira) | Pablo Neira Ayuso | 2006-11-29 | 3 | -36/+36 |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | ||||
* | Fix -E (rename) in iptables/ip6tables | Krzysztof Piotr Oledzki | 2006-11-14 | 2 | -2/+0 |
| | | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net> | ||||
* | Use /lib/modules/$(uname -r)/build instead of /usr/src/linux as KERNEL_DIR ↵ | Patrick McHardy | 2006-11-14 | 1 | -1/+1 |
| | | | | default | ||||
* | Add ip6tables support for hashlimit match | Patrick McHardy | 2006-11-13 | 2 | -0/+372 |
| | |||||
* | Add iptables-xml tool (Amin Azez <azez@ufomechanic.net>) | Amin Azez | 2006-11-13 | 3 | -3/+1012 |
| | |||||
* | Add ip6tables support for sctp match | Patrick McHardy | 2006-11-13 | 2 | -0/+553 |
| | |||||
* | load ip_[6]tables.ko just before checking revision support in kernel. | Yasuyuki KOZAKAI | 2006-11-13 | 4 | -4/+40 |
| | |||||
* | changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 | Yasuyuki KOZAKAI | 2006-11-13 | 1 | -2/+2 |
| | | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18. | ||||
* | - Add revision support to ip6tables. | Rémi Denis-Courmont | 2006-10-20 | 4 | -4/+324 |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | ||||
* | Fix spelling error | Patrick McHardy | 2006-10-11 | 1 | -1/+1 |
| | |||||
* | iptables segfaults when given "" to --log-prefix (Mike Frysinger ↵ | Mike Frysinger | 2006-10-10 | 3 | -0/+16 |
| | | | | | | <vapier@gentoo.org>) Bugzilla #516 | ||||
* | Add endian annotation types to fix compilation for kernels > 2.6.18 | Patrick McHardy | 2006-10-09 | 1 | -0/+5 |
| | |||||
* | Version number was not bumped in Makefile in svnv1.3.6 | Joszef Kadlecsik | 2006-10-09 | 1 | -2/+2 |
| | |||||
* | Use correct types at error reporting (patch sent by H. Nakano) | Joszef Kadlecsik | 2006-10-06 | 1 | -2/+2 |
| | |||||
* | Use negative-list for "weird character in interface" warning instead of ↵ | Patrick McHardy | 2006-09-20 | 2 | -7/+7 |
| | | | | warning for basically every non-alphanumeric character. | ||||
* | Named realm (Simon Lodal <simon@parknet.dk>) | Simon Lodal | 2006-09-02 | 2 | -13/+158 |
| | | | | Optionally read realm values from /etc/iproute2/rt_realms | ||||
* | Add statistic match extension | Patrick McHardy | 2006-08-31 | 2 | -0/+177 |
| | |||||
* | iptables: fix ipt_MARK documentation (Eric Leblond) | Eric Leblond | 2006-08-29 | 1 | -1/+8 |
| | | | | | This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code. | ||||
* | iptables -Z clears the per-rule counters, but not the chain policy counters ↵ | Andy Gay | 2006-08-22 | 1 | -0/+3 |
| | | | | | | (Andy Gay <andy@andynet.net>) https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502 | ||||
* | update quota match for xtables + fix -D bug (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-08-08 | 2 | -7/+8 |
| | |||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | Patrick McHardyJesper Brouer | 2006-07-25 | 3 | -5/+20 |
| | | | | invalid arguments to get accepted. | ||||
* | proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-22 | 3 | -20/+5 |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
* | BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>) | Patrick McHardyJesper Brouer | 2006-07-25 | 1 | -0/+8 |
| | | | | | | | | | Correcting a chain references increment bug in libiptc. The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The problem is the construction of "r" the rule entry, that is used for comparison. The problem is that the function iptcc_map_target() increase the target chains references count. | ||||
* | reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 13 | -137/+46 |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
* | reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 13 | -105/+30 |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
* | Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 3 | -2/+4 |
| | | | | | | | | | | | | As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454. | ||||
* | iptables: handle cidr notation more sanely (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-10 | 1 | -0/+30 |
| | | | | | | | | | | | | | | | | At present, a command such as iptables -A foo -s 10.10/16 will interpret 10.10/16 as 10.0.0.10/16, and after applying the mask end up with 10.0.0.0/16, which likely isn't what the user intended. Yet some people do expect 10.10 (without the cidr notation) to end up as 10.0.0.10. The below patch should satisfy all parties. It zero pads the missing octets only in the cidr case, leaving the IP untouched otherwise. This resolves bug #422 |