summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changesHarald Welte2005-07-282-0/+18
|
* Fix NAT of ICMP ID ranges (Patrick McHardy)Patrick McHardy2005-07-224-4/+8
|
* get rid of numerous gcc-4 warningsHarald Welte2005-07-1910-15/+17
|
* add NFQUEUE support for ipv4 and ipv6Harald Welte2005-07-193-2/+228
|
* fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2Harald Welte2005-07-101-0/+6
| | | | tested compilation with kernels starting 2.4.17
* attempt to fix save/restore of '! --uid-owner squid' problem as reported by ↵Harald Welte2005-06-291-2/+2
| | | | Costa Tsaousis (backport from ipv4 owner)
* Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>)Patrick McHardy2005-06-242-1/+20
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-222-78/+0
|
* This patch prevents user to set negative port value of SNAT/DNAT.Yasuyuki KOZAKAI2005-06-222-4/+4
| | | | (Yasuyuki Kozakai)
* OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov ↵Evgeniy Polyakov2005-06-111-3/+11
| | | | <johnpol@2ka.mipt.ru>)
* update multiport manpage (Phil Oester <kernel@linuxace.com>)Phil Oester2005-06-112-8/+10
|
* Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora ↵Tom Eastep2005-06-111-2/+2
| | | | <pluto@agmk.net>)
* While adding testing for inversion of multiport, noticed that documentation ↵Rusty Russell2005-05-251-2/+2
| | | | about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match.
* include FIN bit in mask of "--syn" bitsHarald Welte2005-05-042-3/+3
|
* Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>)Patrick McHardy2005-05-021-0/+2
|
* Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>)Piotrek Kaczmarek2005-04-241-0/+1
|
* pull out pmtu changes to fix compilation issuesHarald Welte2005-04-152-124/+3
|
* add REJECT with icmp-frag-needed (Florian Lohoff)Florian Lohoff2005-04-102-3/+124
|
* don't allow newlines in LOG prefix (Phil Oester) (Closes: #312)Phil Oester2005-04-012-0/+8
|
* add lots of man pages (Jonas Berlin)Jonas Berlin2005-04-0117-0/+474
|
* SET target bugfix by Michal Pokrywka appliedMichal Pokrywka2005-03-181-1/+3
|
* Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>)Torsten Lüttgert2005-03-161-1/+1
|
* improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>)Jonas Berlin2005-03-151-3/+4
|
* This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)Pablo Neira2005-03-071-2/+3
|
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-1483-471/+18
| | | | Fixes build with conntrack event patch for 2.6
* Allow "--realm ! foo" and "! --realm foo" (Closes: #297)Harald Welte2005-02-131-1/+1
|
* fix missing comma at end of lineHarald Welte2005-02-131-1/+1
|
* Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace.Martin Josefsson2005-02-122-25/+82
| | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
* try to fix realm save/restore issue (Adresses: #297)Harald Welte2005-02-081-11/+14
|
* Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in ↵Samuel Jean2005-02-071-2/+1
| | | | userspace). (Samuel Jean)
* fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh)Nikolai Malykh2005-02-071-2/+6
|
* Add support for inversion to multiport revision 1.Phil Oester2005-02-021-5/+10
| | | | Signed-off-by: Phil Oester <kernel@linuxace.com>
* fix compiler warning about discarding constHarald Welte2005-02-011-1/+1
|
* add missing commaHarald Welte2005-02-011-1/+1
|
* fix typoHarald Welte2005-02-011-1/+1
|
* make structure initializers use C99 standard (Harald Welte)Harald Welte2005-02-0119-261/+229
|
* check for colonsHarald Welte2005-02-011-1/+6
|
* Use C99 initializersHarald Welte2005-02-011-11/+11
|
* John McCann points out via bugzilla that iptables happily accepts thisPhil Oester2005-02-011-1/+6
| | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com>
* fix name of 'extra_opts' structure member (Nikolai Malykh)Nikolai Malykh2005-01-221-1/+1
|
* Make it compile on current kernels, the future isn't here yet.Martin Josefsson2005-01-051-0/+6
|
* Testsuite found an issue: multiport accepts -p ! tcp.Rusty Russell2005-01-031-0/+4
|
* Pablo Neira:Pablo Neira2005-01-031-1/+199
| | | | Multiport revision 1 userspace support.
* Extension revision number support (if kernel supports the getsockopts).Rusty Russell2005-01-031-14/+126
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Prevent user from using --helper multiple times (Nicolas Bouliane ↵Nicolas Bouliane2005-01-021-0/+3
| | | | <nib@cookinglinux.org>)
* Add --log-uid option (John Lange <john.lange@open-it.ca>)John Lange2005-01-022-1/+20
|
* Fix compile error introduced by C99 conversion.Rusty Russell2004-12-291-1/+0
|
* Pablo Neira: extensions conversion to C99 structure initializationPablo Neira2004-12-2869-939/+893
| | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
* Use string_to_number. Don't check for no optarg: we set has_arg to 1 in ↵Rusty Russell2004-12-221-5/+5
| | | | option array, so getopt does that for us.
* Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I ↵Nicolas Bouliane2004-12-201-0/+5
| | | | realized that when we enter --tos twice the second overwrite the first.