| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds iptables --list-rules (-S) command, acting as a combination of
iptables --list and iptables-save.
The primary motivation behind this patch is to get iptables-save like
output capabilities in iptables-restore, allowing "iptables-restore -n"
to be used as a consistent API to iptables for all kind of operations,
not only blind updates..
As a bonus iptables also gets the capability of printing the rules
as-is.
This completely replaces the earlier patch which added the --rules
option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Allow iptables to compile without a kernel source tree. This
implies fixing build for older kernels, such as 2.6.17 which
lack xt_SECMARK.h.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
|
| | |
|
| | |
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
|
|
| |
UID/GID range support for libxt_owner
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Add support for xt_CONNMARK target revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
Import libxt_TCPOPTSTRIP into iptables.
Signed-off-by: Sven Schnelle <svens@bitebene.org>
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Move libipt_iprange to libxt_iprange.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Introduce libxt_mark match revision 1 support.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Rename overlapping function names.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
| |
Move a few functions from iptables.c/ip6tables.c to xtables.c
so they are available for combined (both AF_INET and AF_INET6)
libxt modules. Rename overlapping function names.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Move libipt_conntrack to libxt_conntrack.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
| |
Add support for xt_connmark match revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
Add support for xt_MARK target revision 2.
Also consolidate libip6t_MARK.man and libipt_MARK.man.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support
for xt_TOS target revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
Move libipt_tos revision 0 to libxt_tos revision 0 and add support
for xt_tos match revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
libxt_owner merges libipt_owner and libip6t_owner, and adds support
for the xt_owner match revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
| |
Error messages vary wildly among modules, and there is a lot of
reundance in it too. Introduce a helper function that does all of
the parameter checking boilerplate and gives unique messages.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
back the 'end' pointer. It is useful where you want to do boundary
checking yet work with strings that are not entirely slurped by
strtoul(), e.g.:
s = "1/2"; /* one half */
if (!strtonum(s, &end, &value, 0, 5))
error("Zero-length string, or value out of bounds");
if (*end != '/')
error("Malformed string");
info->param1 = value;
if (!strtonum(end + 1, &end, &value, 2, 4))
error("..");
if (*end != '\0')
error("Malformed string");
info->param2 = value;
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Can build both static and dynamic at the same time
- iptables-static will be a multi-binary, semi-static
(link against libc but w/o dynamic plugins)
- Always build IPv6 modules
- consider INSTALL
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
| |
Remove our own definitions of the Linux types and use <linux/types.h>
instead. libiptc needs it too, or otherwise will choke on union
nf_inet_addr.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing a make/compile issue with iptables, release candidate 1.4.0rc1,
which has existed since SVN changeset 6920. This patch adds ip_tables.h
and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree.
Changeset 6920 added the include file x_tables.h from kernel source, but
didn't add ip_tables.h and ip6_tables.h.
At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these
kernel headers where changed, which actually removes certain
depencencies from ip_tables.h and ip6_tables.h to x_tables.h.
If compiling will fail, with old kernel headers (ip_tables.h and
ip6_tables.h) available in systems include path, because they depend on
certaine defines in x_tables.h with is missing in the version in SVN.
Jesper Brouer <jdb@comx.dk>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is libipt_time from POM-ng enhanced by the following:
* day-of-month support (for example "match on the 15th of each month")
* inversion support for --weekdays and --monthdays
* match against UTC or local timezone
* a manpage
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
|
| |
|
|
| |
prototypes
|
| |
|
|
| |
Fixes compiler warning in quota match.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
