Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add note about deprecated state | Harald Welte | 2006-01-26 | 1 | -0/+2 |
| | |||||
* | fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony) | Harald Welte | 2006-01-22 | 2 | -2/+2 |
| | |||||
* | Fix "empty policy element" complaining in non-strict mode. | Noticed by Tom Eastep | 2006-01-22 | 2 | -2/+4 |
| | | | | Noticed by Tom Eastep <teastep@shorewall.net>. | ||||
* | Clarify --tunnel-src/--tunnel-dst options | Patrick McHardy | 2006-01-12 | 2 | -6/+10 |
| | |||||
* | Move empty policy element check to also catch last element | Patrick McHardy | 2006-01-12 | 2 | -10/+12 |
| | |||||
* | Don't allow using --next option without specifying a policy element | Patrick McHardy | 2006-01-12 | 2 | -4/+14 |
| | |||||
* | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | Patrick McHardy | 2006-01-09 | 1 | -2/+2 |
| | |||||
* | Add documentation for string match (Pablo Neira) | Pablo Neira | 2006-01-03 | 1 | -0/+15 |
| | |||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | Jones Desougi | 2005-12-22 | 4 | -8/+10 |
| | | | | Bugzilla #413 | ||||
* | fix iptables-save of 'goto' target (Closes: #410) | Harald Welte | 2005-12-05 | 1 | -2/+2 |
| | |||||
* | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | Patrick McHardy | 2005-12-05 | 1 | -1/+4 |
| | | | | maybe someday) | ||||
* | fix compilation of iptables on [old] systems that don't have IPT_F_GOTO | Harald Welte | 2005-11-24 | 2 | -0/+6 |
| | |||||
* | note that we can only delete chains that are empty | Harald Welte | 2005-11-22 | 1 | -3/+4 |
| | |||||
* | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | Harald Welte | 2005-11-22 | 1 | -1/+1 |
| | |||||
* | Add policy match extensions from patch-o-matic | Patrick McHardy | 2005-11-19 | 6 | -0/+998 |
| | |||||
* | Fix some gcc-4 warnings | Patrick McHardy | 2005-11-18 | 4 | -7/+7 |
| | |||||
* | Don't eat numeric arguments for other extensions | Patrick McHardy | 2005-11-18 | 1 | -4/+12 |
| | |||||
* | The conntrack match does not print any info for --ctproto, thus | Phil Oester | 2005-11-17 | 1 | -0/+7 |
| | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | ||||
* | only set revisions on real targets, not on jumps. (Pablo Neira) | Pablo Neira | 2005-11-17 | 1 | -1/+3 |
| | |||||
* | - Fix memory leak in TC_COMMIT() (Markus Sundberg) | Harald Welte | 2005-11-12 | 1 | -23/+25 |
| | | | | | - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function | ||||
* | add 'goto' support (Henrik Nordstrom <hno@marasystems.com>) | Henrik Nordstrom | 2005-11-05 | 3 | -3/+33 |
| | |||||
* | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)v1.3.4 | Deti Fliegl | 2005-11-03 | 2 | -53/+10 |
| | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | ||||
* | about to release 1.3.4 | Harald Welte | 2005-10-31 | 1 | -2/+2 |
| | |||||
* | The conntrack match extension doesn't handle address inversion correctly. ↵ | Tom Eastep | 2005-09-19 | 1 | -2/+2 |
| | | | | (Tom Eastep) | ||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 4 | -0/+41 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | * specifying random seed for the Jenkins hash works as documented | KOVACS Krisztian | 2005-09-19 | 1 | -28/+37 |
| | | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> | ||||
* | Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. | Martin Josefsson | 2005-09-11 | 1 | -0/+4 |
| | | | | We can't include that header since it conflicts with sys/types.h | ||||
* | Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵ | Martin Josefsson | 2005-09-11 | 1 | -6/+6 |
| | | | | merged into the 2.6 kernel | ||||
* | Update manpage to reflect missing ability to SNAT to multiple ranges in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+6 |
| | | | | 2.6.11-rc1 and later | ||||
* | Update manpage to reflect missing NAT to multiple ranges support in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+7 |
| | | | | 2.6.11-rc1 and later. | ||||
* | update string match to reflect new kernel implementation (Pablo Neira) | Pablo Neira | 2005-08-28 | 1 | -40/+110 |
| | |||||
* | Note which kernel versions are affected by REJECT change (Maciej Soltysiak) | Maciej Soltysiak | 2005-08-26 | 1 | -0/+2 |
| | |||||
* | add support for new 'dccp' protocol match | Harald Welte | 2005-08-06 | 3 | -0/+414 |
| | |||||
* | port Eric Leblond's NFQUEUE missing-break fix to ip6tables | Harald Welte | 2005-08-05 | 2 | -0/+4 |
| | |||||
* | Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond) | Eric Leblond | 2005-08-05 | 2 | -0/+4 |
| | |||||
* | _really_ sort only user defined chains (Robert de Barth ↵ | Robert de Barth | 2005-07-31 | 1 | -1/+1 |
| | | | | <list-netfilter@debarth.co.uk> | ||||
* | 1.3.3 releasev1.3.3 | Harald Welte | 2005-07-29 | 1 | -2/+2 |
| | |||||
* | The call to free_opts() in merge_options() is invalid C. The oldopts | Marcus Sundberg | 2005-07-29 | 2 | -6/+2 |
| | | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself. | ||||
* | update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes | Harald Welte | 2005-07-28 | 4 | -8/+52 |
| | |||||
* | Fix NAT of ICMP ID ranges (Patrick McHardy) | Patrick McHardy | 2005-07-22 | 4 | -4/+8 |
| | |||||
* | get rid of numerous gcc-4 warnings | Harald Welte | 2005-07-19 | 14 | -20/+25 |
| | |||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 4 | -2/+244 |
| | |||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 3 | -16/+23 |
| | | | | tested compilation with kernels starting 2.4.17 | ||||
* | we need to have this header file included, since old kernels don't define ↵ | Harald Welte | 2005-07-10 | 1 | -0/+16 |
| | | | | IP6T_LOG_UID. | ||||
* | bump version number to 1.3.2 | Harald Welte | 2005-07-10 | 1 | -2/+2 |
| | |||||
* | add note to https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=334 | Harald Welte | 2005-07-04 | 1 | -0/+6 |
| | |||||
* | attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵ | Harald Welte | 2005-06-29 | 1 | -2/+2 |
| | | | | Costa Tsaousis (backport from ipv4 owner) | ||||
* | add pointer to bugzilla | Harald Welte | 2005-06-24 | 1 | -0/+1 |
| | |||||
* | we don't have any counter issues in sparc64 | Harald Welte | 2005-06-24 | 1 | -1/+0 |
| | |||||
* | Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>) | Patrick McHardy | 2005-06-24 | 2 | -1/+20 |
| |