summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* iptables-save: output ! in position according to manpageJan Engelhardt2008-12-0916-78/+54
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove unused include filesJan Engelhardt2008-12-076-141/+0
| | | | | | | | No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: guard chain index allocation for different malloc implementationsJan Engelhardt2008-11-261-1/+1
| | | | | | | | Some libc implementations such as µClibc return NULL on malloc(0). They are free to do that per C standard. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signeed-off-by: Patrick McHardy <kaber@trash.net>
* doc: fix a typo in libip6t_REJECT.manJan Engelhardt2008-11-241-2/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-2040-38/+38
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: refer to dmesg when we hit errorPablo Neira Ayuso2008-11-192-2/+4
| | | | | | | | | | | This does not make any better, but at least refer to dmesg which is the common source of information to diagnose kernel-side problems. This is helpful for newbie users. # iptables -I INPUT -j CLUSTERIP iptables: Invalid argument. Run `dmesg' for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* state: report spaces in the state list parsingPablo Neira Ayuso2008-11-192-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds better error reporting when the user inserts a space between two states with the --state option. iptables -I INPUT -m state ESTABLISHED, RELATED ^ mind the space results in: iptables v1.4.2-rc1: Bad state `' Try `iptables -h' or 'iptables --help' for more information. Now this returns: iptables v1.4.2-rc1: `--state' requires a list of states with no spaces, e.g. ESTABLISHED,RELATED This patch also applies to libxt_conntrack which has a copy of the function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: fix error reporting with wrong/missing argumentsPablo Neira Ayuso2008-11-192-2/+36
| | | | | | | | | | | | | | | | This patch fixes wrong error reporting when arguments are missing: # iptables -I INPUT -m state --state iptables v1.4.2-rc1: Unknown arg `(null)' Try `iptables -h' or 'iptables --help' for more information. or wrong: # iptables -I INPUT -m state --xyz iptables v1.4.2-rc1: Unknown arg `(null)' Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-1878-134/+146
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: reuse the global modprobe_program variableJan Engelhardt2008-11-182-11/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Bump version to 1.4.3-rc1v1.4.3-rc1Patrick McHardy2008-11-132-4/+4
|
* libxt_conntrack: dump ctdirJan Engelhardt2008-11-121-0/+15
| | | | | | | | Sent in as part of a larger private mail by Gáspár Lajos <swifty@freemail.hu>; I cherry-picked the ctdir part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: make sockfd a per-handle thingJan Engelhardt2008-11-101-24/+14
| | | | | | | Get away from this singleton. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: respect -n option during ruledumpJan Engelhardt2008-11-101-2/+8
| | | | | | | Reference: http://bugs.debian.org/502548 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: use hex output for hookmaskJan Engelhardt2008-11-101-2/+2
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove unused iptc_get_raw_socket and iptc_check_packetJan Engelhardt2008-11-103-26/+0
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove indirectionsJan Engelhardt2008-11-1013-279/+284
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-1015-188/+186
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add SCTP/DCCP support to NAT targetsPatrick McHardy2008-11-044-4/+12
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: explain what rule-specification isJan Engelhardt2008-10-291-5/+11
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: use separate paragraphs for command syntaxJan Engelhardt2008-10-291-9/+9
| | | | | | | | This makes it (IMO) easier to follow when the terminal is small and the command line specifications begin to wrap. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile warnings using gcc 4.3.2Thomas Jarosch2008-10-234-0/+4
| | | | | | | | | | | | | | libxt_dccp.c: In function 'port_to_service': libxt_dccp.c:196: warning: implicit declaration of function 'htons' libxt_sctp.c: In function 'port_to_service': libxt_sctp.c:321: warning: implicit declaration of function 'htons' libxt_tcp.c: In function 'port_to_service': libxt_tcp.c:220: warning: implicit declaration of function 'htons' libxt_udp.c: In function 'port_to_service': libxt_udp.c:104: warning: implicit declaration of function 'htons' Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile error in libxt_iprange.c using gcc 4.3.2Thomas Jarosch2008-10-231-0/+1
| | | | | | | | | | | | | | | | | | | | | In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
* libxt_recent: add IPv6 supportJan Engelhardt2008-10-222-60/+76
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Move libipt_recent to libxt_recentJan Engelhardt2008-10-224-91/+91
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_TOS: fix compilation errorJirí Moravec2008-10-221-0/+1
| | | | | | | | | | | | | Fix compilation error caused by double definition of IPPROTO_SCTP: In file included from /usr/include/netinet/ip.h:25, from /usr/include/linux/ip.h:19, from tos_values.c:4, from libxt_TOS.c:15: /usr/include/netinet/in.h:84: error: expected identifier before numeric constant make[2]: *** [libxt_TOS.oo] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the socket matchKOVACS Krisztian2008-10-152-0/+41
| | | | | | | Add user-space code for the socket match. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the TPROXY targetKOVACS Krisztian2008-10-153-0/+186
| | | | | Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v1.4.2v1.4.2Patrick McHardy2008-10-082-3/+3
|
* mark: fix invalid iptables-save outputPablo Sebastian Greco2008-09-291-1/+1
| | | | | | | | | | When a neg mark is saved via iptables-save it is saved as !--mark, but this is not recognized by iptables-restore, just adding a space to the saved file to make it look like "! --mark" makes iptables-restore accept the file. Signed-off-by: Pablo Sebastian Greco <pablo@fliagreco.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libiptc: remove old fixmeJesper Dangaard Brouer2008-09-241-2/+0
| | | | | | | Chains _are_ sorted, binary search depend on it! Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: remove mentions of NAT in ip6tables manpageJan Engelhardt2008-09-081-18/+3
| | | | | | | ip6tables does not support NAT at this time. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: run ldconfig on `make install`Jan Engelhardt2008-09-081-0/+5
| | | | | | Reporeted-by: Brent Clark <brentgclarklist@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: update comments part IIJan Engelhardt2008-09-042-4/+4
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: fix another typo in tcp manpagePatrick McHardy2008-09-011-1/+1
|
* manpages: Fix a typo in tcp man pageWANG Cong2008-09-011-1/+1
| | | | | Signed-off-by: WANG Cong <wangcong@zeuux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Missing limits.h includesPhil Oester2008-09-013-0/+5
| | | | | | | | | Latest git doesn't compile for me on Fedora 9 due to various *MAX constants being undefined. Below adds the include in 3 files which need it (although I can't see why this isn't required in 1.4.1.1). Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_recent: do allow --rttl for --updateJan Engelhardt2008-09-012-2/+2
| | | | | | | | Tony Ho noticed a too-strict check in xt_recent, so here is a fix. Reported-by: Tony Ho <iptables@iblink.com.cn> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: prepare make tarball for git 1.6.0Jan Engelhardt2008-09-011-1/+1
| | | | | | | Git 1.6.0 will not have the dashful forms anymore. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Update commentsJan Engelhardt2008-09-0164-340/+13
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use regular includesJan Engelhardt2008-09-019-10/+9
| | | | | | | | iptables ships with all header files and prioritized its own include directory over /usr/include/linux, so just use the normal brackets. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_iprange: fix option namesJan Engelhardt2008-09-011-16/+16
| | | | | | | There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_mac: flatten casts in libxt_macJan Engelhardt2008-09-011-5/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: add missing rateest match documentationJan Engelhardt2008-08-151-0/+55
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manpages: add missing rateest documentationJan Engelhardt2008-08-151-0/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: fix iptables-static buildJan Engelhard2008-08-151-2/+2
| | | | | | | | Commit 126c1361ad5201973e6ebc761b3e38a67915de29 unfortunately broke building iptables-static due to listing iptables.c twice. Fix this. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manpages: add missing --rsource,--rdest options to libxt_recent.manJan Engelhardt2008-08-131-0/+7
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix initext.c dependencyJan Engelhardt2008-08-131-1/+1
| | | | | | | initext?.c is generated within the current directory, not in ${srcdir}. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix dependency tracking for xtables.h.inJan Engelhardt2008-08-131-0/+2
| | | | | | | | For files to be correctly regenerated after the .in file has been touched, an explicit extra dependency is needed in the Makefile. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Synchronize invert flag order with manpagesJan Engelhardt2008-08-1322-45/+45
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>