anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 05:05:12 +02:00
Code Issues Releases Wiki Activity
634 Commits 5 Branches 85 Tags
0edb572f6e1ff9c2571c8dbaf15e51af57f072c1
Commit Graph

634 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jan Engelhardt
0edb572f6e ACCOUNT: update to 1.16 
There are no changes to integrate from ipt_ACCOUNT because xt_ACCOUT
already, by way of the compat_xtables layer, supports multiple kernel
versions.
 2011-01-22 17:34:06 +01:00
Jan Engelhardt
ebb61aa3c9 pknock: resolve warnings about unused variables 2011-01-22 17:32:38 +01:00
Jan Engelhardt
bd2e6108f3 pknock: use build flags in pknock Makefile 2011-01-22 17:31:53 +01:00
Jan Engelhardt
1b53724a61 ipset: update to 5.4.1 2011-01-22 15:56:44 +01:00
Jan Engelhardt
3141b2ff86 ipset: update to 5.3 2011-01-19 02:55:23 +01:00
Jan Engelhardt
980a53348f build: use AM_CPPFLAGS in ipset-5/ 2011-01-19 02:36:26 +01:00
Jan Engelhardt
8ea781e257 build: fix objdir builds for ipset-5 (xt-a specific) 2011-01-19 02:35:49 +01:00
Jan Engelhardt
65e97a66e6 build: restore functionality of configure's --without-kbuild option 2011-01-13 20:25:00 +01:00
Jan Engelhardt
d82b20ead7 xt_LOGMARK: fix detection of untracked connection for Linux >= 2.6.36 2011-01-12 01:53:38 +01:00
Jan Engelhardt
0168f8e8a2 doc: deprecate --with-xtlibdir configure option 2011-01-04 12:47:09 +01:00
Jan Engelhardt
dc22ec7bd1 build: mark Linux 2.6.37 as supported 2011-01-04 12:44:55 +01:00
Jan Engelhardt
80ded69d77 Xtables-addons 1.32 v1.32 2011-01-04 04:37:58 +01:00
Jan Engelhardt
af1bfd7684 build: relax libmnl checks and document ipset requirements 2011-01-04 04:37:44 +01:00
Jan Engelhardt
b05712a14d Merge branch 'ipset' 2011-01-04 04:32:05 +01:00
Jan Engelhardt
7d8ffffd85 ipset: import ipset 5.2+GENL 
This requires Linux 2.6.35 or newer to build, so it is deactivated by
default in the "mconfig" file.
 2011-01-04 04:31:46 +01:00
Jan Engelhardt
75212f3972 ipset: move ipset to ipset-4 2011-01-04 03:59:25 +01:00
Jan Engelhardt
77027ff8d3 build: use AM_CPPFLAGS 2010-12-30 08:36:15 +01:00
Jan Engelhardt
e9a70bbf15 build: workaround fixdep permission error 
make -C ../../../linux-2.6.36-rc8-32
O=/usr/src/linux-2.6.36-rc8-32-obj/x86_64/desktop/. kernelrelease
  HOSTCC  scripts/basic/fixdep
/usr/src/linux-2.6.36-rc8-32/scripts/basic/fixdep.c:398:1:
fatal error: opening dependency file scripts/basic/.fixdep.d:
Permission denied
 2010-12-30 08:08:24 +01:00
Jan Engelhardt
1dc1ae3ec5 build: restore compilation of ipset, add missing CFLAGS 
ipset_iphash.c: In function "iphash_create_init":
ipset_iphash.c:42: error: "IP_NF_SET_HASHSIZE" undeclared (first use
in this function)
 2010-12-11 18:23:44 +01:00
Jan Engelhardt
3bbea41b30 build: pass down AM_CFLAGS to sub-makes 
Honor ipset/Makefile.am's AM_CFLAGS when compiling extensions.
 2010-12-11 18:23:21 +01:00
Jan Engelhardt
549508499c build: stop on error in subcommand 
make only evaluates $? of an entire shell invocation. As such, if any
command in the chain can fail, $? needs to be thrown, and early so.
 2010-12-11 03:36:46 +01:00
Jan Engelhardt
748498038a gradm: fix compile error - add missing include 
Hooray for 2.6.34 ALIGN bug still biting.

libxt_gradm.c:84: warning: implicit declaration of function 'ALIGN'
libxt_gradm.c:84: error: initializer element is not constant
libxt_gradm.c:84: error: (near initialization for 'gradm_mt_reg.size')
 2010-12-11 01:50:29 +01:00
Jan Engelhardt
3ee2b5fb93 doc: cleanup changelog (and use ISO-8601 format) 2010-12-04 16:38:30 +01:00
Jozsef Kadlecsik
5bcdf7f10e ipset: update to 4.5 2010-12-04 16:32:28 +01:00
Jan Engelhardt
6599996ccc build: remove unused -DXTABLES_LIBDIR from CFLAGS 2010-11-23 21:52:45 +01:00
Jan Engelhardt
bf8d44cca4 build: improve kernel version detection again 
Apparently people don't just begin the EXTRAVERSION with a dash.
So rewrite it all and throw out /anything/ non-numeric.
 2010-11-23 21:51:06 +01:00
Jan Engelhardt
1721b76a0f xt_geoip: update manpage with instructions for db build 2010-11-17 15:13:16 +01:00
Jan Engelhardt
81ad2519a9 Xtables-addons 1.31 v1.31 2010-11-05 19:42:22 +01:00
Jan Engelhardt
f65ea59795 Merge branch 'gradm' 2010-11-03 23:58:59 +01:00
Jan Engelhardt
baf7b1091a Merge remote branch 'origin/iface' 2010-11-03 23:58:35 +01:00
Jan Engelhardt
2ae0413e31 build: properly detect versions like "2.6.36+" 2010-11-03 12:55:09 +01:00
Jan Engelhardt
db76ea9a5c xt_iface: allow matching against incoming/outgoing interface 2010-10-31 01:53:23 +02:00
Jan Engelhardt
3ed1a3cbf0 build: autodetect value for --with-xtlibdir 2010-10-31 01:01:13 +02:00
Anthony G. Basile
9c4c76f9e2 libxt_gradm: match packets based on status of grsecurity RBAC 
This patch adds a module which is useful to users of grsecurity's RBAC
system. It matches packets based on whether RBAC is enabled or
disabled.

See: http://grsecurity.net/

Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>

Jan Engelhardt> Also, I do not see a xt_gradm.c in this patch.

This [xt_gradm.c] is part of the grsecurity patch which not only adds
the Xtables code, but also the RBAC code. Without the entire RBAC
stuff, xt_gradm does not make sense and so it is included with the
grsecurity patch to the kernel, and not this patch to Xtables-addons.

>Can you elaborate a bit on how this is useful in conjunction with
>rulesets? I could imagine it be used with LSM selctx'es for example,
>or another extension that tests for other RBAC attributes.

The idea here is that when the RBAC rulesets are not being enforced,
the system is more vulnerable and the user wants stricter firewall
rules. When RBAC is being enforced, one can relax the firewall and
access to services which are now better protected. In practice this
usually means allowing only access to some trusted IP(s) on boot
before RBAC is turned on.
 2010-10-29 14:54:06 +02:00
Jan Engelhardt
7f33590df8 doc: update changelog 2010-10-29 14:48:27 +02:00
Jan Engelhardt
6733265358 xt_iface: reorder code for upcoming address checking 
From now on, info->flags lists the flags to test, not just the flags
to test positively for.
 2010-10-24 18:13:28 +02:00
Jan Engelhardt
f757049112 xt_iface: reduce indent by early return 2010-10-24 16:35:12 +02:00
Jan Engelhardt
21cdf786f7 xt_iface: move XT_IFACE_IFACE out of the public header 
This flag is only used by the userspace component, so remove it from
the kernel header. Also change the value to 1<<16 for the same reason.
 2010-10-24 16:31:26 +02:00
Jan Engelhardt
7c248871f8 build: respect LDFLAGS on make 
Without setting these variables, ./configure LDFLAGS=-m32
would have no effect.
 2010-10-20 19:20:34 +02:00
Jan Engelhardt
3500a38767 build: improve detection of kernel version and error handling 
Thanks to Arkadiusz Miskiewicz from PLD for reporting.

	make: *** kernelrelease: No such file or directory. Stop.
	Found kernel version "...0" in
	ERROR: That kernel version is not supported. Please see
	INSTALL for minimum configuration.
 2010-10-16 15:56:15 +02:00
Jan Engelhardt
cf9b60a57e ACCOUNT: remove uses of obsolete IPT_CONTINUE 
And replace by XT_CONTINUE, to avoid compilation errors in 2.6.37.
 2010-10-16 15:45:31 +02:00
Jan Engelhardt
e5eedb25c2 LOGMARK: print remaining ct lifetime 2010-10-12 17:29:26 +02:00
Jan Engelhardt
e3ae8dcb81 Xtables-addons 1.30 v1.30 2010-10-02 00:41:47 +02:00
Jan Engelhardt
aca381d3b6 mconfig: deactivate building of xt_TEE and xt_CHECKSUM 2010-10-02 00:41:17 +02:00
Jan Engelhardt
bb15becc88 ipset: update to 4.4 2010-10-02 00:34:38 +02:00
Jan Engelhardt
14458b3a7e Xtables-addons 1.29 v1.29 2010-09-29 02:51:48 +02:00
Jan Engelhardt
2d36632d4a build: add workaround for beoken linux-glibc-devel (2) 2010-09-29 02:51:26 +02:00
Jan Engelhardt
b5e2c7255a build: add workaround for broken linux-glibc-devel 2.6.34 userspace headers 2010-09-23 02:37:45 +02:00
Jan Engelhardt
376a89e7d1 build: support for Linux 2.6.36 2010-09-22 23:37:34 +02:00
Jan Engelhardt
03ec8a7696 TEE: resolve compile error with Linux 2.6.36-rc 
xt_TEE.c:54:19: error: request for member "dst" in something not a
structure or union
xt_TEE.c:55:20: error: "struct rtable" has no member named "u"

Linux kernel commit v2.6.36-rc1~571^2~616 changed this.
 2010-09-22 23:37:19 +02:00