Tag 'v1.3.6' created by Joszef Kadlecsik <[email protected]> at
2006-10-09 13:09 -0700
iptables 1.3.6
Changes since v1.3.5:
Andy Gay (1):
iptables -Z clears the per-rule counters, but not the chain policy
counters (Andy Gay <[email protected]>)
Daniel De Graaf (1):
Correct iptables-save output of osf module (Daniel De Graaf)
Eric Leblond (1):
iptables: fix ipt_MARK documentation (Eric Leblond)
Evan Miller (1):
Add information about :<port> syntax (Evan Miller <[email protected]>)
Harald Welte (7):
fix segfault or loading of invalid counters in ip[6]tables-restore (Olaf
Rempel) (Closes: #437)
don't install libiptc.a
fix double-free if a single match is used multiple times within a signle
rule
Make '-p all' a special case that is handled before calling getprotoent()
(Closes: #446)
[IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in
kernel
cmdflags is used in cmd2char() to return the option for a command. It
uses the
When entering an invalid command (such as iptables -A INPUT -j MARK
--set-mark
James Morris (5):
secmark: Add libselinux support
secmark: Add libipt_SECMARK
secmark: Add libip6t_SECMARK
secmark: Add libipt_CONNSECMARK
secmark: Add libip6t_CONNSECMARK
Jesper Dangaard Brouer (1):
Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer
<[email protected]>)
Joszef Kadlecsik (5):
Multiple matches of the same type can be specified on the commandline.
set match negation bug fixed
size_t changed to socklen_t in getsockopt call
Use correct types at error reporting (patch sent by H. Nakano)
Version number was not bumped in Makefile in svn
Patrick McHardy (6):
Don't overwrite errno with return value of setsockopt (which is -1 on
error).
Replace annoying "Something wrong... deleting dependencies" message by
something more useful.
Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.
D'oh .. I'm not too smart, forgot to add the new files in the previous
patches :)
Add statistic match extension
Use negative-list for "weird character in interface" warning instead of
warning for basically every non-alphanumeric character.
Patrick McHardyHarald Welte (2):
In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS
Revert incorrect fix for "Unknown error 4294967295" problem
Patrick McHardyJesper Brouer (2):
BUG: libiptc chain references bug (Jesper Brouer <[email protected]>)
Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can
cause
Phil Oester (11):
trivial connlimit manpage fix (Phil Oester <[email protected]>)
REDIRECT does not accept IP (Phil Oester <[email protected]>)
iptables trivial compile warning cleanup (Phil Oester
<[email protected]>)
ip6tables multiport does not support x:y (Phil Oester
<[email protected]>)
libiptc symbols clash (Phil Oester <[email protected]>)
iptables: handle cidr notation more sanely (Phil Oester
<[email protected]>)
Use gcc to build shared objects (Phil Oester <[email protected]>)
reduce service_to_port duplication (Phil Oester <[email protected]>)
reduce parse_*_port duplication (Phil Oester <[email protected]>)
proto_to_name duplication (Phil Oester <[email protected]>)
update quota match for xtables + fix -D bug (Phil Oester
<[email protected]>)
Pierre-Yves Ritschard (1):
please kill santa-claus (Pierre-Yves Ritschard <[email protected]>)
Simon Lodal (2):
Use lowercase letters for match name (Simon Lodal <[email protected]>)
Named realm (Simon Lodal <[email protected]>)
Yasuyuki KOZAKAI (5):
don't allow to specify protocol of IPv6 extension header (Yasuyuki
Kozakai)
fix loading shared library of ICMPv6 match.
[IP6TABLES] kill manual comparing protocol name with "ipv6-icmp".
[IPTABLES,IP6TABLES]: check invalid esp spi range
- force user to specify --icmpv6-type if icmpv6 match is required to load
---
extensions/libip6t_icmpv6.c | 272 ------------------------------------
extensions/libip6t_icmpv6.man | 14 -
Makefile | 20 ++
Rules.make | 15 +
extensions/.connbytes-test | 2
extensions/.esp-test6 | 2
extensions/.quota-test | 2
extensions/.statistic-test | 2
extensions/Makefile | 17 +-
extensions/libip6t_CONNSECMARK.c | 124 ++++++++++++++++
extensions/libip6t_CONNSECMARK.man | 15 +
extensions/libip6t_SECMARK.c | 125 ++++++++++++++++
extensions/libip6t_SECMARK.man | 7
extensions/libip6t_esp.c | 3
extensions/libip6t_icmp6.c | 278 +++++++++++++++++++++++++++++++++++++
extensions/libip6t_icmp6.man | 14 +
extensions/libip6t_multiport.c | 50 ++----
extensions/libip6t_multiport.man | 9 -
extensions/libip6t_tcp.c | 30 ---
extensions/libip6t_udp.c | 30 ---
extensions/libipt_CONNSECMARK.c | 126 ++++++++++++++++
extensions/libipt_CONNSECMARK.man | 15 +
extensions/libipt_DNAT.man | 5
extensions/libipt_MARK.man | 9 +
extensions/libipt_REDIRECT.c | 3
extensions/libipt_SECMARK.c | 125 ++++++++++++++++
extensions/libipt_SECMARK.man | 7
extensions/libipt_connlimit.man | 4
extensions/libipt_dccp.c | 31 ----
extensions/libipt_dscp_helper.c | 4
extensions/libipt_esp.c | 3
extensions/libipt_icmp.c | 4
extensions/libipt_iprange.c | 1
extensions/libipt_mport.c | 24 ---
extensions/libipt_multiport.c | 50 ++----
extensions/libipt_osf.c | 8 +
extensions/libipt_quota.c | 13 -
extensions/libipt_realm.c | 171 ++++++++++++++++++++--
extensions/libipt_realm.man | 6
extensions/libipt_sctp.c | 37 ----
extensions/libipt_set.c | 2
extensions/libipt_set.h | 10 -
extensions/libipt_statistic.c | 175 +++++++++++++++++++++++
extensions/libipt_tcp.c | 30 ---
extensions/libipt_udp.c | 30 ---
include/ip6tables.h | 13 +
include/iptables.h | 9 +
include/iptables_common.h | 5
ip6tables-restore.c | 5
ip6tables.c | 167 +++++++++++++++-------
iptables-restore.c | 5
iptables-standalone.c | 6
iptables.c | 145 +++++++++++++++----
libiptc/Makefile | 3
libiptc/libip4tc.c | 2
libiptc/libip6tc.c | 2
libiptc/libiptc.c | 19 +-
57 files changed, 1626 insertions(+), 679 deletions(-)
---
_______________________________________________
svn mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/svn
