summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
...
| * libxt_TCPOPTSTRIP: use guided option parserJan Engelhardt2011-04-061-34/+12
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_SECMARK: use guided option parserJan Engelhardt2011-04-061-39/+15
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_LED: use guided option parserJan Engelhardt2011-04-061-51/+33
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_DSCP: use guided option parserJan Engelhardt2011-04-062-127/+54
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_CLASSIFY: use guided option parserJan Engelhardt2011-04-061-40/+15
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_AUDIT: use guided option parserJan Engelhardt2011-04-061-44/+22
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_addrtype: use guided option parserJan Engelhardt2011-04-061-103/+57
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_ECN: use guided option parserJan Engelhardt2011-04-062-109/+68
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_ipv6header: use guided option parserJan Engelhardt2011-04-061-61/+27
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_icmp: use guided option parserJan Engelhardt2011-04-062-65/+35
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_hbh: use guided option parserJan Engelhardt2011-04-061-39/+22
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_dst: use guided option parserJan Engelhardt2011-04-061-41/+20
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_REJECT: use guided option parserJan Engelhardt2011-04-062-58/+48
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_esp: use guided option parserJan Engelhardt2011-04-061-79/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_frag: use guided option parserJan Engelhardt2011-04-061-109/+36
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_ah: use guided option parserJan Engelhardt2011-04-062-158/+43
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_hl: use guided option parserJan Engelhardt2011-04-062-133/+82
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip[6]t_HL: use guided option parserJan Engelhardt2011-04-062-137/+84
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-126-271/+119
|\|
| * libxt_cluster: use guided option parserJan Engelhardt2011-04-061-139/+48
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_cpu: use guided option parserJan Engelhardt2011-04-061-49/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_CONNSECMARK: use guided option parserJan Engelhardt2011-04-061-36/+23
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_socket: use guided option parserJan Engelhardt2011-04-061-14/+15
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_CHECKSUM: use guided option parserJan Engelhardt2011-04-061-32/+14
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * extensions: add missing checks for specific flags (2)Jan Engelhardt2011-04-061-1/+3
| | | | | | | | | | | | | | Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use ipv6header's --soft without specifying any options. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'master' of vishnu.netfilter.org:/data/git/iptablesPatrick McHardy2011-04-121-4/+3
|\ \
| * | Fix set match/target direction parserJozsef Kadlecsik2011-04-091-4/+3
| | | | | | | | | | | | | | | The direction parser did not catch when more src/dst direction parameters were supplied than allowed.
* | | doc: avoid duplicate entries in manpageJan Engelhardt2011-04-061-2/+2
|/ / | | | | | | | | | | | | | | | | Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use [[:alnum:]], which unfortunately drew matches into the target section, and targets into the match section. [[:upper:]] and [[:lower:]] should have been used instead, of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | v6: rename init_extensions() to init_extensions6()Maciej Zenczykowski2011-04-041-2/+2
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename init_extensions() to init_extensions4()Maciej Zenczykowski2011-04-041-2/+2
|/ | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* mark newly opened fds as FD_CLOEXEC (close on exec)Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* man pages: allow underscores in match and target namesMaciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: documentation for iptables and ip6tables "security" tablesMark Montague2011-04-042-4/+10
| | | | | | | | Add documentation for the iptables and ip6tables "security" tables. Based on http://lwn.net/Articles/267140/ and kernel source. Signed-off-by: Mark Montague <mark@catseye.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: add manual page section for AUDIT targetThomas Graf2011-03-161-0/+14
| | | | | Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: rateest options can be optionalJan Engelhardt2011-02-211-4/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_quota: require --quota to be specifiedJan Engelhardt2011-02-201-1/+9
| | | | | | | It is pretty pointless to use -m quota without specifying --quota. There would be nothing left to count down on. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix odd partial sentence in libipt_TTLJan Engelhardt2011-02-201-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: mention other possible nf_loggers for TRACEJan Engelhardt2011-02-201-3/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_ECN: set proper option flagsJan Engelhardt2011-02-191-1/+1
| | | | | | | When specifying --ecn-tcp-remove, *flags will be wrongly set to denote that --ecn-ip-ect had been specified. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add missing checks for specific flagsJan Engelhardt2011-02-193-3/+3
| | | | | | | | | With "!flags", any option will be accepted. The extensions however want one very specific option to be used (or wrong help text). Commits: DNAT: v1.3.8~23, osf: v1.4.6~3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_hbh: remove unimplemented --hbh-not-strictJan Engelhardt2011-02-191-14/+0
| | | | | | Same as with ip6t_dst. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_dst: remove unimplemented --dst-not-strictJan Engelhardt2011-02-191-18/+0
| | | | | | This was never ever implemented in the kernel, so just remove it. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Remove unused CVS expanded keywordsJan Engelhardt2011-02-193-6/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove redundant init functionsJan Engelhardt2011-02-1914-87/+1
| | | | | | The main program already zeroes the per-extension data block. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix misspelling of "field"Jan Engelhardt2011-02-183-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix wrong sentence about negation in xt_limitJan Engelhardt2011-02-171-2/+5
| | | | | | This is an update to commit v1.4.7~6. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: fix indent of vtableJan Engelhardt2011-02-164-45/+45
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_devgroup: option whitespace update following v1.4.10-49-g7386635Jan Engelhardt2011-02-161-7/+7
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_cluster: fix inversion in the cluster matchPablo Neira Ayuso2011-02-061-2/+2
| | | | | | | | | | | | | | | | | | | | In libxt_cluster.c, we use: info->flags |= (1 << XT_CLUSTER_F_INV); but we should use instead: info->flags |= XT_CLUSTER_F_INV; since the definition of XT_CLUSTER_F_INV is: enum xt_cluster_flags { XT_CLUSTER_F_INV = (1 << 0) }; This fixes the inversion in the cluster match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add extension for devgroup matchPatrick McHardy2011-02-031-0/+297
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>