Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Clarify --tunnel-src/--tunnel-dst options | Patrick McHardy | 2006-01-12 | 2 | -6/+10 |
| | |||||
* | Move empty policy element check to also catch last element | Patrick McHardy | 2006-01-12 | 2 | -10/+12 |
| | |||||
* | Don't allow using --next option without specifying a policy element | Patrick McHardy | 2006-01-12 | 2 | -4/+14 |
| | |||||
* | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | Patrick McHardy | 2006-01-09 | 1 | -2/+2 |
| | |||||
* | Add documentation for string match (Pablo Neira) | Pablo Neira | 2006-01-03 | 1 | -0/+15 |
| | |||||
* | fix iptables-save of 'goto' target (Closes: #410) | Harald Welte | 2005-12-05 | 1 | -2/+2 |
| | |||||
* | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | Patrick McHardy | 2005-12-05 | 1 | -1/+4 |
| | | | | maybe someday) | ||||
* | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | Harald Welte | 2005-11-22 | 1 | -1/+1 |
| | |||||
* | Add policy match extensions from patch-o-matic | Patrick McHardy | 2005-11-19 | 6 | -0/+998 |
| | |||||
* | Fix some gcc-4 warnings | Patrick McHardy | 2005-11-18 | 4 | -7/+7 |
| | |||||
* | Don't eat numeric arguments for other extensions | Patrick McHardy | 2005-11-18 | 1 | -4/+12 |
| | |||||
* | The conntrack match does not print any info for --ctproto, thus | Phil Oester | 2005-11-17 | 1 | -0/+7 |
| | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | ||||
* | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)v1.3.4 | Deti Fliegl | 2005-11-03 | 2 | -53/+10 |
| | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | ||||
* | The conntrack match extension doesn't handle address inversion correctly. ↵ | Tom Eastep | 2005-09-19 | 1 | -2/+2 |
| | | | | (Tom Eastep) | ||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 2 | -0/+14 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | * specifying random seed for the Jenkins hash works as documented | KOVACS Krisztian | 2005-09-19 | 1 | -28/+37 |
| | | | | | | | * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> | ||||
* | Make libipt_connbytes.c compile with the ipt_connbytes version that has been ↵ | Martin Josefsson | 2005-09-11 | 1 | -6/+6 |
| | | | | merged into the 2.6 kernel | ||||
* | Update manpage to reflect missing ability to SNAT to multiple ranges in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+6 |
| | | | | 2.6.11-rc1 and later | ||||
* | Update manpage to reflect missing NAT to multiple ranges support in ↵ | Harald Welte | 2005-08-29 | 1 | -4/+7 |
| | | | | 2.6.11-rc1 and later. | ||||
* | update string match to reflect new kernel implementation (Pablo Neira) | Pablo Neira | 2005-08-28 | 1 | -40/+110 |
| | |||||
* | add support for new 'dccp' protocol match | Harald Welte | 2005-08-06 | 3 | -0/+414 |
| | |||||
* | port Eric Leblond's NFQUEUE missing-break fix to ip6tables | Harald Welte | 2005-08-05 | 2 | -0/+4 |
| | |||||
* | Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond) | Eric Leblond | 2005-08-05 | 2 | -0/+4 |
| | |||||
* | update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes | Harald Welte | 2005-07-28 | 2 | -0/+18 |
| | |||||
* | Fix NAT of ICMP ID ranges (Patrick McHardy) | Patrick McHardy | 2005-07-22 | 4 | -4/+8 |
| | |||||
* | get rid of numerous gcc-4 warnings | Harald Welte | 2005-07-19 | 10 | -15/+17 |
| | |||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 3 | -2/+228 |
| | |||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 1 | -0/+6 |
| | | | | tested compilation with kernels starting 2.4.17 | ||||
* | attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵ | Harald Welte | 2005-06-29 | 1 | -2/+2 |
| | | | | Costa Tsaousis (backport from ipv4 owner) | ||||
* | Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>) | Patrick McHardy | 2005-06-24 | 2 | -1/+20 |
| | |||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2005-06-22 | 2 | -78/+0 |
| | |||||
* | This patch prevents user to set negative port value of SNAT/DNAT. | Yasuyuki KOZAKAI | 2005-06-22 | 2 | -4/+4 |
| | | | | (Yasuyuki Kozakai) | ||||
* | OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov ↵ | Evgeniy Polyakov | 2005-06-11 | 1 | -3/+11 |
| | | | | <johnpol@2ka.mipt.ru>) | ||||
* | update multiport manpage (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2005-06-11 | 2 | -8/+10 |
| | |||||
* | Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora ↵ | Tom Eastep | 2005-06-11 | 1 | -2/+2 |
| | | | | <pluto@agmk.net>) | ||||
* | While adding testing for inversion of multiport, noticed that documentation ↵ | Rusty Russell | 2005-05-25 | 1 | -2/+2 |
| | | | | about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match. | ||||
* | include FIN bit in mask of "--syn" bits | Harald Welte | 2005-05-04 | 2 | -3/+3 |
| | |||||
* | Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>) | Patrick McHardy | 2005-05-02 | 1 | -0/+2 |
| | |||||
* | Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>) | Piotrek Kaczmarek | 2005-04-24 | 1 | -0/+1 |
| | |||||
* | pull out pmtu changes to fix compilation issues | Harald Welte | 2005-04-15 | 2 | -124/+3 |
| | |||||
* | add REJECT with icmp-frag-needed (Florian Lohoff) | Florian Lohoff | 2005-04-10 | 2 | -3/+124 |
| | |||||
* | don't allow newlines in LOG prefix (Phil Oester) (Closes: #312) | Phil Oester | 2005-04-01 | 2 | -0/+8 |
| | |||||
* | add lots of man pages (Jonas Berlin) | Jonas Berlin | 2005-04-01 | 17 | -0/+474 |
| | |||||
* | SET target bugfix by Michal Pokrywka applied | Michal Pokrywka | 2005-03-18 | 1 | -1/+3 |
| | |||||
* | Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>) | Torsten Lüttgert | 2005-03-16 | 1 | -1/+1 |
| | |||||
* | improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>) | Jonas Berlin | 2005-03-15 | 1 | -3/+4 |
| | |||||
* | This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) | Pablo Neira | 2005-03-07 | 1 | -2/+3 |
| | |||||
* | Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) | Pablo Neira | 2005-02-14 | 83 | -471/+18 |
| | | | | Fixes build with conntrack event patch for 2.6 | ||||
* | Allow "--realm ! foo" and "! --realm foo" (Closes: #297) | Harald Welte | 2005-02-13 | 1 | -1/+1 |
| | |||||
* | fix missing comma at end of line | Harald Welte | 2005-02-13 | 1 | -1/+1 |
| |