Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add --random option to DNAT and REDIRECT targets and fix the manpage mess ↵ | Patrick McHardy | 2007-05-29 | 1 | -2/+20 |
| | | | | this option left behind. | ||||
* | Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵ | Patrick McHardy | 2007-04-18 | 1 | -1/+1 |
| | | | | versions. | ||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 1 | -0/+7 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | Fix NAT of ICMP ID ranges (Patrick McHardy) | Patrick McHardy | 2005-07-22 | 1 | -1/+2 |
| | |||||
* | This patch prevents user to set negative port value of SNAT/DNAT. | Yasuyuki KOZAKAI | 2005-06-22 | 1 | -2/+2 |
| | | | | (Yasuyuki Kozakai) | ||||
* | Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) | Pablo Neira | 2005-02-14 | 1 | -9/+0 |
| | | | | Fixes build with conntrack event patch for 2.6 | ||||
* | John McCann points out via bugzilla that iptables happily accepts this | Phil Oester | 2005-02-01 | 1 | -1/+6 |
| | | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com> | ||||
* | Pablo Neira: extensions conversion to C99 structure initialization | Pablo Neira | 2004-12-28 | 1 | -14/+13 |
| | | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) | ||||
* | globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent ↵ | Harald Welte | 2002-05-29 | 1 | -2/+2 |
| | | | | naming | ||||
* | Fix 'iptables -p !' bug (segfault when `!' used without argument) | Harald Welte | 2002-03-14 | 1 | -1/+1 |
| | |||||
* | - added patch to support statically linking of iptables | Harald Welte | 2001-08-06 | 1 | -0/+1 |
| | | | | - iptables-save/-restore is no longer experimental | ||||
* | Aligning matchsize and targetsize now responsibility of extension writers | Rusty Russell | 2000-07-03 | 1 | -2/+2 |
| | | | | (PPC fix). | ||||
* | Alignment fixes (requires kernel patch). | Rusty Russell | 2000-04-27 | 1 | -1/+1 |
| | |||||
* | Changes to allow matching (for delete) on part of a rule, for rules which | Rusty Russell | 2000-04-19 | 1 | -0/+1 |
| | | | | change in the kernel (eg. ipt_limit). | ||||
* | reorganized tree after kernel merge | Marc Boucher | 2000-03-20 | 1 | -0/+244 |