summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * extensions: remove bogus use of XT_GETOPT_TABLEENDJan Engelhardt2011-05-083-3/+3
| | | | | | | | | | | | | | | | | | | | Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_u32: add missing call to xtables_option_parseJan Engelhardt2011-05-081-0/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)Jan Engelhardt2011-05-081-1/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tos: add inversion support back againJan Engelhardt2011-05-081-2/+2
| | | | | | | | | | | | It was unfortunately removed during the option parser switch. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-099-443/+327
|\|
| * libxt_dccp: use guided option parserJan Engelhardt2011-05-011-94/+40
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_udp: use guided option parserJan Engelhardt2011-05-011-65/+30
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_PORTRC supportJan Engelhardt2011-05-012-1/+64
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * extensions: remove unused TOS codeJan Engelhardt2011-05-011-58/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tos: use guided option parserJan Engelhardt2011-05-011-55/+33
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_TOS: use guided option parserJan Engelhardt2011-05-013-80/+143
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xtoptions: respect return value in xtables_getportbynameJan Engelhardt2011-04-141-0/+2
| | | | | | | | | | | | If ret was negative, ntohs may make it positive, which is undesired. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_TEE: use guided option parserJan Engelhardt2011-04-141-89/+14
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * build: bump libxtables ABI versionJan Engelhardt2011-04-141-1/+1
| | | | | | | | | | | | | | Adding the x6_* members to struct xtables_{match,target} caused a change requiring a bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | combine ip6?tables-multi into xtables-multiMaciej Żenczykowski2011-04-195-68/+60
| | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* | Move common parts of libext{4,6}.a into libext.aMaciej Żenczykowski2011-04-1910-15/+54
| | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* | Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.Maciej Żenczykowski2011-04-192-2/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This enables one to have a single configuration file for both ipv4 and ipv6 firewall rules. Example: iptables-restore config ip6tables-restore config Where the file 'config' contains: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :ssh - [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A INPUT -i lo -j ACCEPT -A INPUT -4 -p icmp -j ACCEPT -A INPUT -6 -p icmpv6 -j ACCEPT -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh -A ssh -j ACCEPT COMMIT Signed-off-by: Maciej Zenczykowski <maze@google.com>
* | Don't load ip6?_tables module when already loadedMaciej Zenczykowski2011-04-192-5/+35
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-1820-1842/+1127
|\|
| * libipt_ULOG: use guided option parserJan Engelhardt2011-04-131-103/+34
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_TPROXY: use guided option parserJan Engelhardt2011-04-131-154/+62
| | | | | | | | | | | | | | I am starting with a simple module here that does not require a final_check function. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_PORT supportJan Engelhardt2011-04-132-1/+56
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_ONEHOST supportJan Engelhardt2011-04-132-0/+62
| | | | | | | | | | | | | | | | The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_LOG: use guided option parserJan Engelhardt2011-04-132-266/+82
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_SYSLOGLEVEL supportJan Engelhardt2011-04-132-1/+51
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_string: use guided option parserJan Engelhardt2011-04-131-91/+47
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: pass struct xt_entry_{match,target} to x6 parserJan Engelhardt2011-04-132-0/+6
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_TCPMSS: use guided option parserJan Engelhardt2011-04-131-61/+35
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_NFQUEUE: use guided option parserJan Engelhardt2011-04-131-92/+47
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_CT: use guided option parserJan Engelhardt2011-04-131-46/+28
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16 supportJan Engelhardt2011-04-132-1/+10
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_connbytes: use guided option parserJan Engelhardt2011-04-131-69/+38
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64RC supportJan Engelhardt2011-04-132-1/+10
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT8RC supportJan Engelhardt2011-04-132-4/+13
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcpmss: use guided option parserJan Engelhardt2011-04-131-72/+20
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_length: use guided option parserJan Engelhardt2011-04-131-75/+17
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16RC supportJan Engelhardt2011-04-132-7/+23
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_realm: use guided option parserJan Engelhardt2011-04-131-163/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_devgroup: use guided option parserJan Engelhardt2011-04-131-160/+41
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: linked-list name<->id mapJan Engelhardt2011-04-132-0/+114
| | | | | | | | | | | | This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_quota: use guided option parserJan Engelhardt2011-04-131-52/+15
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64 supportJan Engelhardt2011-04-132-2/+12
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_CONNMARK: use guided option parserJan Engelhardt2011-04-132-235/+134
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_MARK: use guided option parserJan Engelhardt2011-04-132-193/+104
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_MARKMASK32 supportJan Engelhardt2011-04-132-0/+34
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | SET target revision 2 addedJozsef Kadlecsik2011-04-174-60/+227
| | | | | | | | | | | | | | | | | | The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-1334-1783/+955
|\|
| * libxt_u32: use guided option parserJan Engelhardt2011-04-061-22/+17
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_time: use guided option parserJan Engelhardt2011-04-061-101/+52
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_state: use guided option parserJan Engelhardt2011-04-061-34/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>