summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_CT.c
Commit message (Collapse)AuthorAgeFilesLines
* libxt_CT: add support for recently introduced zone optionsDaniel Borkmann2015-09-291-14/+73
| | | | | | | | This adds the user space front-end and man-page bits for the additional zone features (direction, mark) of the CT target. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_CT: Add the "NOTRACK" aliasJozsef Kadlecsik2013-07-241-0/+48
| | | | | | | Available since Linux kernel 3.8. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add copyright statementsPatrick McHardy2013-05-291-0/+4
| | | | | | Add copyright statements to all extensions authored by myself. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_NOTRACK: replace as an alias to CT --notrackJan Engelhardt2012-09-291-0/+40
| | | | | | | Note that we do not need any print/save functions for the alias entries, since the real CT entry will handle this. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* libxt_CT: add --timeout optionPablo Neira Ayuso2012-04-021-12/+122
| | | | | | | | | | | | | | | | | | | | This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_CT: use guided option parserJan Engelhardt2011-04-131-46/+28
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-8/+7
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-2/+0
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-6/+7
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* CT: fix --ctevents parsingPablo Neira Ayuso2010-05-091-2/+2
| | | | | | | | | | | | This patch fixes the following problem: # iptables -t raw -I PREROUTING -t raw -j CT --ctevents assured iptables v1.4.7: Unknown event type "assured" Try `iptables -h' or 'iptables --help' for more information. However, `assured' is one of the supported arguments for --ctevents. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_CT: print conntrack zone in ->print/->savePatrick McHardy2010-04-201-0/+4
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_CT: add a manpageJan Engelhardt2010-03-111-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add CT extensionPatrick McHardy2010-03-081-0/+188
Signed-off-by: Patrick McHardy <kaber@trash.net>