Commit message AuthorAgeFilesLines
* libxt_hashlimit: use a more obvious expiry value by defaultJan Engelhardt2011-06-221-0/+5
| | | | | | | | | | Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner <> Signed-off-by: Jan Engelhardt <>
* libxt_state: fix regression about inversion of main optionJan Engelhardt2011-06-221-0/+2
| | | | Signed-off-by: Jan Engelhardt <>
* libip6t_HL: fix option names from ttl -> hlJan Engelhardt2011-06-221-2/+14
| | | | Signed-off-by: Jan Engelhardt <>
* libipt_LOG: fix ignoring all but last flagsJan Engelhardt2011-06-211-0/+2
| | | | Signed-off-by: Jan Engelhardt <>
* option: fix ignored negation before implicit extension loadingJan Engelhardt2011-06-071-0/+2
| | | | | | | | | | | | `iptables -A INPUT -p tcp ! --syn` forgot the negation, i.e. it was not present in a subsequent `iptables -S`. Commit v1.4.11~77^2~9 missed the fact that after autoloading a proto extension, cs.invert must not be touched until the next getopt call. This is now fixed by having command_default return a value to indicate whether to jump or not. Signed-off-by: Jan Engelhardt <>
* tests: add some sample rulesets to test save-restore cycleJan Engelhardt2011-06-072-0/+222
These rulesets use practically all options (I may have missed some) for verification that the new Guided Option Parser would take the same input as the old open-coded ones did. They might come in handy at some point. Signed-off-by: Jan Engelhardt <>