1fed8bbf09
extensions: more precise description
2011-07-17 14:27:07 +02:00
eceaee3431
doc: do not advertise old tools
...
Remove mention of netcat from the libxt_SYSRQ manpage.
2011-06-25 00:05:26 +02:00
77b29a62ee
xt_SYSRQ: include host address in digest
...
The xt_SYSRQ hash now includes the destination IPv4 or IPv6 address
which makes it harder to replay a request to many different machines
in the hope that some of them are using the same password.
2011-06-25 00:03:28 +02:00
33db992c39
xt_SYSRQ: make IPv6 trigger work again
...
IPv6 sysrq never worked because of bad pointer arithmetic.
2011-06-24 23:42:38 +02:00
85d8f98dd7
xt_TARPIT: fix a kernel oops in --reset mode
...
1. Moved misplaced code that was causing kernel oops in reset mode.
2. Added payload size calc to honeypot mode, so ack sequence may ACK
the length of client's sent payload packets correctly.
3. Modified TTL for honeypot mode so we look more like a Windows
machine.
2011-06-24 22:09:34 +02:00
e3956498ac
doc: remove stray "userspace" wording
2011-06-01 01:44:54 +02:00
6f730f3ab2
xt_TARPIT: unlock for use with all tables
2011-06-01 01:37:05 +02:00
2b590a35fd
Merge branch 'ipset-6'
2011-05-31 23:05:40 +02:00
3dd33dfe93
doc: move iptaccount(8) option overview to its own manpage
2011-05-31 23:05:31 +02:00
d417077816
doc: fix \(em in ipv4options
2011-05-31 23:00:35 +02:00
d057f6d6f0
doc: replace NOTRACK by CT-notrack
2011-05-31 22:58:34 +02:00
b2fc85c589
ipset: update to 6.7-genl
2011-05-31 22:54:49 +02:00
fa1348455d
xt_TARPIT: honeypot and reset modes
...
Honeypot mode attempts to maintain a normal connection for the purpose
of capturing payload packets.
Reset mode provides the ability to send a reset packet in lieu of
using the DROP or REJECT targets.
2011-05-31 22:41:51 +02:00
1a5c079e6b
Merge branch 'ipset-6'
2011-05-31 16:56:26 +02:00
cfb72bf468
ipset: update to 6.6a-genl
2011-05-31 16:14:44 +02:00
1b0790d151
ipset-6: move manpage into src/
2011-05-31 16:09:03 +02:00
a5355e74ea
xt_geoip: avoid recursive function calls
...
The stack memory is very limited in Linux kernel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de >
2011-04-14 09:07:25 +02:00
cea4817a46
Merge branch 'ipset-6'
...
Conflicts:
INSTALL
mconfig
2011-04-11 04:23:18 +02:00
2dc79fe008
ipset; update to ipset-6.3 (genl)
...
* Handle EAGAIN from autoloading code.
* Turn one nfgenmsg site into genlmsg to avoid protocol mismatch
2011-04-11 04:11:30 +02:00
499c6db75e
ipset: update to ipset-6.2
2011-04-04 00:39:50 +02:00
f4882ca029
xt_DNETMAP: support for kernels below 2.6.34
2011-04-03 23:50:10 +02:00
8fd3eb56eb
xt_DNETMAP: add missing alias
2011-04-03 23:49:53 +02:00
32871bad39
xt_pknock: avoid inversion of rule lookup that led to warnings
...
Commit v1.18-48-g58839b9 had this screwed up.
2011-02-25 01:22:16 +01:00
0ba44bd461
xt_pknock: avoid crash when hash TFM could not be allocated
2011-02-25 01:22:16 +01:00
d4e6e3d155
xt_pknock: indent
2011-02-25 01:20:12 +01:00
18043f3e3a
ipset: update to 6.0
2011-02-24 00:40:23 +01:00
ff27f61477
ipset: rename ipset-5 directory to ipset-6
2011-02-24 00:02:18 +01:00
7a8bfed52c
xt_geoip: keep compiling for <= 2.6.23
2011-02-02 05:21:56 +01:00
1edc9b943b
build: do not forget including path for compat_user.h
2011-02-02 05:15:09 +01:00
ebfa77795a
build: preliminary support for iptables 1.4.11
2011-02-02 05:09:58 +01:00
a7a77d7146
Merge branch 'dnetmap'
2011-02-02 04:54:25 +01:00
39de351a91
libxt_geoip: update manual page with new tool syntax
2011-02-02 04:51:38 +01:00
07bf41a294
Merge branch 'geoip'
2011-02-02 04:48:40 +01:00
07cd29d9ce
xt_geoip: IPv6 support
2011-02-02 04:47:28 +01:00
eb9634aee6
xt_geoip: v4/v6 name preparations
2011-02-02 04:43:36 +01:00
19f241a09c
xt_geoip: cleanups, preparations for IPv6 geoip
2011-02-02 01:55:09 +01:00
0a29c1d32f
xt_DNETMAP: style considerations
...
Clean up the files a bit. For one, break dangerously right-indented
function headers, and correct some spaces that should be tab.
2011-01-27 03:23:22 +01:00
ca8ebe4467
Merge remote branch 'origin/master'
2011-01-22 18:10:18 +01:00
e82410735a
xt_DNETMAP: use compat_xtables layer to run on older kernels
2011-01-22 18:09:15 +01:00
89e72bb0f4
doc: Add version information to README
2011-01-22 17:34:48 +01:00
0edb572f6e
ACCOUNT: update to 1.16
...
There are no changes to integrate from ipt_ACCOUNT because xt_ACCOUT
already, by way of the compat_xtables layer, supports multiple kernel
versions.
2011-01-22 17:34:06 +01:00
ebb61aa3c9
pknock: resolve warnings about unused variables
2011-01-22 17:32:38 +01:00
bd2e6108f3
pknock: use build flags in pknock Makefile
2011-01-22 17:31:53 +01:00
e425c8f277
xt_DNETMAP: use more appropriate format specifiers
...
Substitute %i -> %d. Use %u for prefix length.
2011-01-22 17:23:13 +01:00
e3e88827fb
xt_DNETMAP: use permission mnemonic constants
2011-01-22 15:59:15 +01:00
1b53724a61
ipset: update to 5.4.1
2011-01-22 15:56:44 +01:00
3141b2ff86
ipset: update to 5.3
2011-01-19 02:55:23 +01:00
980a53348f
build: use AM_CPPFLAGS in ipset-5/
2011-01-19 02:36:26 +01:00
8ea781e257
build: fix objdir builds for ipset-5 (xt-a specific)
2011-01-19 02:35:49 +01:00
7e39ee66e0
libxt_length: fix name of manpage file
2011-01-15 05:23:38 +01:00
Jan Engelhardt