summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* poll goto specific changes out of trunkHarald WeltePablo Neira2005-04-152-4/+1
|
* fix iptables-save/restore of goto (Jonas Berlin)Jonas Berlin2005-04-152-1/+4
|
* omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵Harald WeltePablo Neira2005-04-151-1/+22
| | | | to use ip_conntrack_old_tuple. (Pablo Neira)
* add REJECT with icmp-frag-needed (Florian Lohoff)Florian Lohoff2005-04-102-3/+124
|
* don't allow newlines in LOG prefix (Phil Oester) (Closes: #312)Phil Oester2005-04-012-0/+8
|
* re-sync ip6tables with iptables (check for init functions) (Jonas Berlin)Jonas Berlin2005-04-011-8/+12
|
* add lots of man pages (Jonas Berlin)Jonas Berlin2005-04-0117-0/+474
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵Jonas Berlin2005-04-012-2/+2
| | | | everywhere else '0' is used (Jonas Berlin)
* SET target bugfix by Michal Pokrywka appliedMichal Pokrywka2005-03-181-1/+3
|
* Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>)Torsten Lüttgert2005-03-161-1/+1
|
* improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>)Jonas Berlin2005-03-151-3/+4
|
* bump version to 1.3.1v1.3.1Harald Welte2005-03-071-2/+2
|
* This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)Pablo Neira2005-03-072-2/+40
|
* Restore chain order (Olaf Rempel <razzor@kopf-tisch.de>)Olaf Rempel2005-03-041-4/+7
|
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-1487-508/+26
| | | | Fixes build with conntrack event patch for 2.6
* Allow "--realm ! foo" and "! --realm foo" (Closes: #297)Harald Welte2005-02-131-1/+1
|
* fix missing comma at end of lineHarald Welte2005-02-131-1/+1
|
* Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace.Martin Josefsson2005-02-124-25/+91
| | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
* time to release 1.3.0 finalv1.3.0Harald Welte2005-02-121-1/+1
|
* remove way outdated filesHarald Welte2005-02-122-96/+0
|
* update notes to reflect subversion usageHarald Welte2005-02-121-4/+4
|
* try to fix realm save/restore issue (Adresses: #297)Harald Welte2005-02-081-11/+14
|
* Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in ↵Samuel Jean2005-02-071-2/+1
| | | | userspace). (Samuel Jean)
* fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh)Nikolai Malykh2005-02-071-2/+6
|
* Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus ↵Phil Oester2005-02-041-3/+0
| | | | | | and the other one needs more investigation to why valgrind is complaining. Noticed and reverted by Phil Oester.
* Add support for inversion to multiport revision 1.Phil Oester2005-02-022-5/+11
| | | | Signed-off-by: Phil Oester <kernel@linuxace.com>
* we now need to exclude .svn instead of CVSv1.3.0-rc1Harald Welte2005-02-011-1/+1
|
* release rc1Harald Welte2005-02-011-1/+1
|
* re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0Harald Welte2005-02-011-7/+18
|
* fix compiler warning about discarding constHarald Welte2005-02-011-1/+1
|
* add missing commaHarald Welte2005-02-011-1/+1
|
* fix typoHarald Welte2005-02-011-1/+1
|
* make structure initializers use C99 standard (Harald Welte)Harald Welte2005-02-0119-261/+229
|
* typoMartin Josefsson2005-02-011-1/+1
|
* check for colonsHarald Welte2005-02-011-1/+6
|
* be more specific what INPUT means (Matthias Bruestle)Harald Welte2005-02-011-1/+1
|
* Use C99 initializersHarald Welte2005-02-011-11/+11
|
* - Sets the 'iptc_fn' global variable to the pointer to the current functions ↵Derrik Pates2005-02-011-13/+36
| | | | | | | | in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned. - Implements a simple reference counter for the netlink socket global variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple tables (filter, nat, mangle, untracked) may be opened at one time. The way libiptc does it in the official version causes previously-opened tables to break such that attempts to commit changes will fail. - Adds a couple of memset() invocations in TC_COMMIT, based on past analysis with valgrind. It claimed that allocated structure were not being fully initialized, and adding the memset()s corrected this warning. (Derrik Pates <demon@devrandom.net>)
* John McCann points out via bugzilla that iptables happily accepts thisPhil Oester2005-02-011-1/+6
| | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com>
* fix name of 'extra_opts' structure member (Nikolai Malykh)Nikolai Malykh2005-01-221-1/+1
|
* Make it compile on current kernels, the future isn't here yet.Martin Josefsson2005-01-051-0/+6
|
* Testsuite found an issue: multiport accepts -p ! tcp.Rusty Russell2005-01-031-0/+4
|
* Pablo Neira:Pablo Neira2005-01-032-1/+227
| | | | Multiport revision 1 userspace support.
* Remove leftover debug printfMartin Josefsson2005-01-031-3/+0
|
* Replace memchr with strlen and fix up one of the statements.Martin Josefsson2005-01-031-4/+4
|
* Extension revision number support (if kernel supports the getsockopts).Rusty Russell2005-01-035-21/+281
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Prevent user from using --helper multiple times (Nicolas Bouliane ↵Nicolas Bouliane2005-01-021-0/+3
| | | | <nib@cookinglinux.org>)
* Add --log-uid option (John Lange <john.lange@open-it.ca>)John Lange2005-01-022-1/+20
|
* Stupid typo that meant we didn't compare target data when doing ↵Rusty Russell2004-12-291-1/+1
| | | | delete-by-matching-rule (found by nfsim test).
* Fix compile error introduced by C99 conversion.Rusty Russell2004-12-291-1/+0
|