In case the kernel is built without IPv6 support the compilation of
this module fails as it assumes IPv6. This patch makes kernel support
conditional on kernel .config.
In case the kernel is built without IPv6 support the compilation of
this module fails as it assumes IPv6. This patch makes kernel support
conditional on kernel .config.
Jonas Berlin notes that --with-xtables only emitted a -I parameter
and -L was absent.
On second look, we would also be missing -Wl,-rpath, and that would
all be system-dependent. The --with-xtables option is actually not
needed; one can easily specify extra include directories and linker
flags by means of overriding libxtables_CFLAGS and libxtables_LIBS
(even when there are no installed pkgconfig files for libxtables).
In case only modules that are built in subdirectories of extensions
are enabled (and thus nothing is build in extensions directory itself)
installation fails with the error (only build_ACCOUNT=y in mconfig):
install -pm0755
"/vt/portage/tmp/portage/net-firewall/xtables-addons-1.21/image/
//usr/local/libexec/xtables";
install: missing destination file operand after
"/vt/portage/tmp/portage/net-firewall/xtables-addons-1.21/image/
//usr/local/libexec/xtables"
Try `install --help' for more information.
make[3]: *** [install] Error 1
This commit adds an option to xt_quota2 called "no-change". The
effect of this option, when used, is that it will skip incrementing
or decrementing the quota counter, effectively providing a quota test
only.
The reason for implementing this is so that I could have a rule check
if quota is available for a rule in the PREROUTING tables, without
actually decrementing the amount of available quota. I only wanted to
decrement the amount of available quota in the FORWARD rule.
Otherwise, the first packet of every connection would be counted
twice.
Not sure if this was overlooked, or if it is not in a suitable state
for general use, but lets give it a shot and see how it works.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
[j.eng: it was overlooked]
xt_pknock.c: In function "update_peer":
xt_pknock.c:890:3: warning: implicit declaration of function "pass_security"
xt_pknock.c: In function "pknock_mt":
xt_pknock.c:1030:5: warning: implicit declaration of function "is_close_knock"
IP refers to Internet Protocol; adding "address" is therefore beneficial.
The CIDR size is better known as "prefix length".
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Consistently apply markup so that only replaceable items are italic,
and only items to be typed verbatim are bold. Also apply the command
syntax "BNF" (where and when to use [], {}) that is used in the
iptables manpages to ipset.8.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
The --without-build option is useful when your distro has multiple
kernels and/or you want to build a common package for userspace stuff
only. Support this option properly.
