From 4e98e81ecdcc321d232edc42fac168d257e712ff Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 21 Jun 2011 17:00:45 +0200 Subject: libipt_LOG: fix ignoring all but last flags Signed-off-by: Jan Engelhardt --- tests/options-most.rules | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/options-most.rules') diff --git a/tests/options-most.rules b/tests/options-most.rules index 6c4a8313..13ee9873 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -146,6 +146,8 @@ -A matches -A matches -m rt --rt-segsleft 5:4294967295 -A matches +-A ntarg -j LOG --log-tcp-sequence --log-tcp-options --log-ip-options +-A ntarg -A ntarg -j NFQUEUE --queue-num 1 -A ntarg -A ntarg -j NFQUEUE --queue-balance 8:99 -- cgit v1.2.3 From 017e7b7e1cf4fb63208e46592d06cc030f6d552d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 10:15:07 +0200 Subject: libip6t_HL: fix option names from ttl -> hl Signed-off-by: Jan Engelhardt --- tests/options-most.rules | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'tests/options-most.rules') diff --git a/tests/options-most.rules b/tests/options-most.rules index 13ee9873..125b5bf3 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -1,4 +1,3 @@ -# Generated by ip6tables-save v1.4.10 on Mon Jan 31 02:19:53 2011 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] @@ -171,4 +170,17 @@ #-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-eq --rateest-pps2 9 #-A zmatches -m rateest --rateest-delta --rateest RE1 --rateest-pps1 8 --rateest-gt --rateest-pps2 9 COMMIT -# Completed on Mon Jan 31 02:19:54 2011 +*mangle +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:matches - - +:ntarg - - +:zmatches - - +-A INPUT -m u32 --u32 "0x0=0x0&&0x0=0x1" -j ntarg +-A ntarg -j HL --hl-inc 1 +-A ntarg -j HL --hl-dec 1 +-A ntarg +COMMIT -- cgit v1.2.3 From 70cb0a6d3e09f64f9a05870d694ac0160319de9a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 11:15:34 +0200 Subject: libxt_state: fix regression about inversion of main option Signed-off-by: Jan Engelhardt --- tests/options-most.rules | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/options-most.rules') diff --git a/tests/options-most.rules b/tests/options-most.rules index 125b5bf3..2b419e57 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -75,6 +75,8 @@ -A matches -A matches -m conntrack --ctexpire 5:4294967295 -A matches +-A matches -m conntrack ! --ctstate NEW ! --ctproto tcp ! --ctorigsrc ::1/127 ! --ctorigdst ::2/127 ! --ctreplsrc ::2/127 ! --ctrepldst ::2/127 ! --ctorigsrcport 3 ! --ctorigdstport 4 ! --ctreplsrcport 5 ! --ctrepldstport 6 ! --ctstatus ASSURED ! --ctexpire 8:9 +-A matches -A matches -p esp -m esp --espspi 1 -A matches -A matches -p esp -m esp --espspi :2 -- cgit v1.2.3 From 68146dad91611bd8d6d12c8ba27219130d99607b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 22 Jun 2011 11:18:19 +0200 Subject: libxt_hashlimit: use a more obvious expiry value by default Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner Signed-off-by: Jan Engelhardt --- tests/options-most.rules | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests/options-most.rules') diff --git a/tests/options-most.rules b/tests/options-most.rules index 2b419e57..7298a1f9 100644 --- a/tests/options-most.rules +++ b/tests/options-most.rules @@ -87,6 +87,11 @@ -A matches -A matches -p esp -m esp --espspi 5:4294967295 -A matches +-A matches -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 1 --hashlimit-name mini1 +-A matches -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-name mini2 +-A matches -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 1 --hashlimit-name mini3 +-A matches -m hashlimit --hashlimit-upto 1/day --hashlimit-burst 1 --hashlimit-name mini4 +-A matches -A matches -m ipvs --vaddr fe80::/64 --vport 1 --vdir REPLY --vmethod GATE --vportctl 21 -A matches -A matches -m length --length 1 -- cgit v1.2.3