| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the Makefile so that:
1. --enable-shared / --disable-shared control the linkage against
libdl (and thus the potential to use 3rd party extensions)
2. --enable-static / --disable-static controls whether shipped
extensions are built-in or provided as modules
iptables-static becomes redundant by this action; iptables-multi now
has the feature.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
Just for correctness, close some file descriptors that were opened.
(E.g. ip6tables-save reading from procfs files.)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Ignore the absence of /proc/net/ip_tables_names, which happens
when x_tables.ko is not loaded. This is equivalent to having
x_tables.ko, but no tabe modules, loaded. As such, success should
be returned.
2. Load table when explicitly requested by the -t option. Users might
expect "*foo" etc. to be output when `iptables-save -t foo` is
executed. So do autoload x_tables.ko and the table in this case.
*. Do this for both iptables-save and ip6tables-save, and adjust
the manpages for the new -M (modprobe program location) option that
is introduced.
Based upon a patch by Soren Hansen.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Kill program_name, program_version and xtables_program_name.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
|
|
|
|
|
| |
Introduce xtables_init_all() which hides three calls xtables_init(),
xtables_set_nfproto(), and xtables_set_params(). Make
ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use
it.
I moved xtables_set_params around for readability reasons.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
| |
Set proper name of application.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
|
| |
libxtables should not rely on the program executable providing the
magic constants for using [gs]etsockopt.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
Split XTABLES_VERSION into xtables and iptables, and encode the
xtables soversion into the extensions instead. This makes it possible
to upgrade iptables without having to recompile 3rd-party extensions
(if the libxtables version matches, of course).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Consolidate the libdir variable initialization code into xtables.c.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
Tell the user what to use instead of IP*TABLES_LIBDIR.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
Don't you hate it when iptc_handle_t *x actually is a double-indirection
struct iptc_handle **? This also shows the broken constness model, since
"const iptc_handle_t x" = "iptc_handle_t const x" =
"struct iptc_handle *const x", which is like no const at all.
Lots of things to do then.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds iptables --list-rules (-S) command, acting as a combination of
iptables --list and iptables-save.
The primary motivation behind this patch is to get iptables-save like
output capabilities in iptables-restore, allowing "iptables-restore -n"
to be used as a consistent API to iptables for all kind of operations,
not only blind updates..
As a bonus iptables also gets the capability of printing the rules
as-is.
This completely replaces the earlier patch which added the --rules
option.
Henrik Nordstrom <henrik@henriknordstrom.net>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
|
|
|
|
| |
if NO_SHARED_LIBS is defined, then iptables shouldnt even include dlfcn.h.
otherwise you hit a build failure when using toolchains that do not provide
dlfcn.h because they do not support shared objects.
Signed-Off-By: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
|
| |
When defining DO_MULTI=1 in Makefile, only iptables is built as
a single multipurpose binary. This patch makes ip6tables also be
built in the same manner.
Hann-huei Chiou <koala@ascenvision.com>
|
| |
|
|
| |
Victor Stinner <victor.stinner@inl.fr>
|
| |
|
|
|
|
| |
<prusnak@suse.cz>)
Bugzilla #568
|
| |
|
|
| |
unnecessarily printing the address. Base on patch by Daniel De Graaf.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Josefsson)
|
| |
|
|
|
|
|
|
| |
- remove -C(check) function from ip6tables
- -M added to the getopts()'s list (missed)
- small change in the iptables help
- remove some unused code
- some GPL notice added
|
| |
|
|
| |
naming
|
| | |
|
| | |
|
| |
|
|
| |
- iptables-save/-restore is no longer experimental
|
| | |
|
| | |
|
| |
|
|
| |
fixes '+' in interface names bug (iptables-save)
|
| |
|
