| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | src: mark newly opened fds as FD_CLOEXEC (close on exec) | Maciej Żenczykowski | 2012-03-23 | 1 | -0/+7 |
| | | | | | | | | | | | | | | | | | | | By default, Unix-like systems leak file descriptors after fork/exec call. I think this seem to result in SELinux spotting a strange AVC log messages according to what I can find on the web. Fedora 18 iptables source includes this change. Maciej says: "iptables does potentially fork/exec modprobe to load modules. That can cause a selinux 'domain'/'role'/whatever-it-is-called crossing. You can do automated inspection of what gets carried across such privilege changes and any unexpected open file descriptors flag problems, patches like this cut down on the noise." Signed-off-by: Maciej enczykowski <maze@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
| * | Fix set match/target direction parser | Jozsef Kadlecsik | 2011-04-09 | 1 | -4/+3 |
| | | | | | | The direction parser did not catch when more src/dst direction parameters were supplied than allowed. | ||||
| * | libxt_set: new revision added | Jozsef Kadlecsik | 2010-06-16 | 1 | -0/+147 |
| libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address | |||||
 |
index : iptables | |
| iptables tree | pablo@netfilter.org |
| summaryrefslogtreecommitdiffstats |