Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | Patrick McHardy | 2006-04-28 | 2 | -0/+10 |
| | |||||
* | Multiple matches of the same type can be specified on the commandline. | Joszef Kadlecsik | 2006-03-03 | 2 | -0/+8 |
| | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | ||||
* | make policy match compile independant of kernel headersv1.3.5 | Harald Welte | 2006-02-01 | 1 | -0/+4 |
| | |||||
* | fix ipt_conntrack compilation against very early (2.4.0) kernel releases | Harald Welte | 2006-02-01 | 1 | -1/+1 |
| | |||||
* | remove other bits of old ip pool code, people should use ipset ↵ | Harald Welte | 2006-02-01 | 1 | -26/+0 |
| | | | | (ipset.netfilter.org) these days | ||||
* | Prepare policy match for x_tables unification by making sure both | Patrick McHardy | 2006-01-31 | 2 | -0/+116 |
| | | | | ipt_policy and ip6t_policy use the same data structure. | ||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | Jones Desougi | 2005-12-22 | 2 | -0/+2 |
| | | | | Bugzilla #413 | ||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 1 | -0/+9 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. | Martin Josefsson | 2005-09-11 | 1 | -0/+4 |
| | | | | We can't include that header since it conflicts with sys/types.h | ||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 1 | -0/+16 |
| | |||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 2 | -16/+17 |
| | | | | tested compilation with kernels starting 2.4.17 | ||||
* | we need to have this header file included, since old kernels don't define ↵ | Harald Welte | 2005-07-10 | 1 | -0/+16 |
| | | | | IP6T_LOG_UID. | ||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2005-06-22 | 2 | -0/+3 |
| | |||||
* | omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵ | Harald WeltePablo Neira | 2005-04-15 | 1 | -1/+22 |
| | | | | to use ip_conntrack_old_tuple. (Pablo Neira) | ||||
* | This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) | Pablo Neira | 2005-03-07 | 1 | -0/+37 |
| | |||||
* | Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. | Martin Josefsson | 2005-02-12 | 2 | -0/+9 |
| | | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> | ||||
* | Add support for inversion to multiport revision 1. | Phil Oester | 2005-02-02 | 1 | -0/+1 |
| | | | | Signed-off-by: Phil Oester <kernel@linuxace.com> | ||||
* | Pablo Neira: | Pablo Neira | 2005-01-03 | 1 | -0/+28 |
| | | | | Multiport revision 1 userspace support. | ||||
* | Extension revision number support (if kernel supports the getsockopts). | Rusty Russell | 2005-01-03 | 2 | -0/+33 |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | ||||
* | Fix setting lib_dir in ip*tables-{save,restore} | Martin Josefsson | 2004-12-27 | 3 | -0/+9 |
| | |||||
* | move ipt_hashlimit to it's correct location | Harald Welte | 2004-10-20 | 1 | -0/+0 |
| | |||||
* | add hashlimit kernel header file | Harald Welte | 2004-10-20 | 1 | -0/+40 |
| | |||||
* | Add comment match extension (Brad Fisher) | Brad Fisher | 2004-09-20 | 1 | -0/+10 |
| | |||||
* | port physdev to ip6tables (Bart De Schuymer) | Bart De Schuymer | 2004-09-12 | 1 | -0/+24 |
| | |||||
* | Add ipt_addrtype.h | Patrick McHardy | 2004-06-28 | 1 | -0/+11 |
| | |||||
* | add missing include | Harald Welte | 2004-06-21 | 1 | -0/+39 |
| | |||||
* | With a 64bit kernel only the high 32bits of nfmark was used regardless of | Martin Josefsson | 2004-05-26 | 4 | -0/+50 |
| | | | | | | | 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace. | ||||
* | Fix 64bit kernel / 32bit userspace issue. | Martin Josefsson | 2004-05-26 | 2 | -6/+15 |
| | | | | Sync header with kernel. | ||||
* | Add versions of string_to_number() for use in 32bit userspace with 64bit kernel. | Martin Josefsson | 2004-05-26 | 1 | -0/+8 |
| | |||||
* | Fix 64bit kernel / 32bit userspace issue. | Martin Josefsson | 2004-05-26 | 3 | -1/+56 |
| | |||||
* | add definition for IPPROTO_SCTP for systems with old header files | Harald Welte | 2004-03-04 | 1 | -0/+4 |
| | |||||
* | update for matching chunk flags (Kiran Kumar) | Kiran Kumar | 2004-03-02 | 1 | -0/+11 |
| | |||||
* | add userspace part of SCTP match | Harald Welte | 2004-02-21 | 1 | -20/+91 |
| | |||||
* | latest version of CONNMARK updates (Henrik Nordstrom) | Henrik Nordstrom | 2004-02-03 | 2 | -0/+19 |
| | |||||
* | Bloody copy-n-edit. Make sure to use matches in the order they are given... | Martin Josefsson | 2004-02-02 | 1 | -2/+8 |
| | |||||
* | Make sure to use matches in the order they are given when calling ↵ | Martin Josefsson | 2004-02-02 | 1 | -2/+8 |
| | | | | do_command() multiple times. | ||||
* | update ipt_physdev.h (test8 change, make parisc work, alignment issues) | Harald Welte | 2003-11-02 | 1 | -2/+2 |
| | |||||
* | CLASSIFY is now built unconditionally, thus we need the kernel header | Harald Welte | 2003-09-13 | 1 | -0/+8 |
| | |||||
* | fix ipq_id_t on 'real' kernel+userspace 64bit archs (Ryan Veety) | Ryan Veety | 2003-09-07 | 1 | -1/+1 |
| | |||||
* | add include files for soon-to-be-submitted patches (and build them ↵ | Harald Welte | 2003-08-23 | 4 | -0/+56 |
| | | | | unconditionally by putting thme in the extensions/Makefile) | ||||
* | Fix the previous fix | Martin Josefsson | 2003-05-05 | 1 | -0/+3 |
| | | | | No more segfaults or compilewarnings. | ||||
* | add (untested) sctp userspace support for even more untested kernel part (in ↵ | Harald Welte | 2003-05-03 | 1 | -0/+25 |
| | | | | pom soon) | ||||
* | fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵ | Martin Josefsson | 2003-05-02 | 1 | -0/+3 |
| | | | | Josefsson) | ||||
* | rename iplimit to connlimit | Harald Welte | 2003-04-30 | 1 | -6/+6 |
| | |||||
* | ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer | Bart De Schuymer | 2003-04-27 | 1 | -2/+7 |
| | |||||
* | port 'line number on error in iptables-restore' from ipv4 | Harald Welte | 2003-03-05 | 1 | -0/+2 |
| | |||||
* | make iptables-restore print the line number in case of an error | Illes Marci | 2003-03-03 | 1 | -0/+2 |
| | | | | (Illes Marci <marci@balabit.hu>) | ||||
* | add libipt_physdev.c (Bart de Schumyer) | Bart De Schuymer | 2003-02-11 | 1 | -0/+19 |
| | |||||
* | add support for rpc match | Harald Welte | 2003-01-12 | 1 | -0/+35 |
| | |||||
* | apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak ↵ | Maciej Soltysiak | 2003-01-08 | 2 | -0/+44 |
| | | | | <solt@dns.toxicfilms.tv>) |