anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-17 18:14:57 +02:00
Code Issues Releases Wiki Activity
982 Commits 5 Branches 85 Tags
ed8e496750c0e3629e548e90d72051efdbfc7ad6
Commit Graph

782 Commits

Author SHA1 Message Date
Jan Engelhardt
eb9634aee6 xt_geoip: v4/v6 name preparations 2011-02-02 04:43:36 +01:00
Jan Engelhardt
19f241a09c xt_geoip: cleanups, preparations for IPv6 geoip 2011-02-02 01:55:09 +01:00
Jan Engelhardt
0a29c1d32f xt_DNETMAP: style considerations 
Clean up the files a bit. For one, break dangerously right-indented
function headers, and correct some spaces that should be tab.
 2011-01-27 03:23:22 +01:00
Jan Engelhardt
ca8ebe4467 Merge remote branch 'origin/master' 2011-01-22 18:10:18 +01:00
Jan Engelhardt
e82410735a xt_DNETMAP: use compat_xtables layer to run on older kernels 2011-01-22 18:09:15 +01:00
Jan Engelhardt
89e72bb0f4 doc: Add version information to README 2011-01-22 17:34:48 +01:00
Jan Engelhardt
0edb572f6e ACCOUNT: update to 1.16 
There are no changes to integrate from ipt_ACCOUNT because xt_ACCOUT
already, by way of the compat_xtables layer, supports multiple kernel
versions.
 2011-01-22 17:34:06 +01:00
Jan Engelhardt
ebb61aa3c9 pknock: resolve warnings about unused variables 2011-01-22 17:32:38 +01:00
Jan Engelhardt
bd2e6108f3 pknock: use build flags in pknock Makefile 2011-01-22 17:31:53 +01:00
Jan Engelhardt
e425c8f277 xt_DNETMAP: use more appropriate format specifiers 
Substitute %i -> %d. Use %u for prefix length.
 2011-01-22 17:23:13 +01:00
Jan Engelhardt
e3e88827fb xt_DNETMAP: use permission mnemonic constants 2011-01-22 15:59:15 +01:00
Jan Engelhardt
1b53724a61 ipset: update to 5.4.1 2011-01-22 15:56:44 +01:00
Jan Engelhardt
3141b2ff86 ipset: update to 5.3 2011-01-19 02:55:23 +01:00
Jan Engelhardt
980a53348f build: use AM_CPPFLAGS in ipset-5/ 2011-01-19 02:36:26 +01:00
Jan Engelhardt
8ea781e257 build: fix objdir builds for ipset-5 (xt-a specific) 2011-01-19 02:35:49 +01:00
Jan Engelhardt
7e39ee66e0 libxt_length: fix name of manpage file 2011-01-15 05:23:38 +01:00
Jan Engelhardt
d82b20ead7 xt_LOGMARK: fix detection of untracked connection for Linux >= 2.6.36 2011-01-12 01:53:38 +01:00
Marek Kierdelewicz
c5d4dd0bcf Import of xt_DNETMAP 2011-01-10 22:59:32 +01:00
Jan Engelhardt
7d8ffffd85 ipset: import ipset 5.2+GENL 
This requires Linux 2.6.35 or newer to build, so it is deactivated by
default in the "mconfig" file.
 2011-01-04 04:31:46 +01:00
Jan Engelhardt
75212f3972 ipset: move ipset to ipset-4 2011-01-04 03:59:25 +01:00
Jan Engelhardt
77027ff8d3 build: use AM_CPPFLAGS 2010-12-30 08:36:15 +01:00
Jan Engelhardt
25bf680ead geoip: put IPv4 geoip data into its own map 2010-12-19 00:48:42 +01:00
Jan Engelhardt
1dc1ae3ec5 build: restore compilation of ipset, add missing CFLAGS 
ipset_iphash.c: In function "iphash_create_init":
ipset_iphash.c:42: error: "IP_NF_SET_HASHSIZE" undeclared (first use
in this function)
 2010-12-11 18:23:44 +01:00
Jan Engelhardt
3bbea41b30 build: pass down AM_CFLAGS to sub-makes 
Honor ipset/Makefile.am's AM_CFLAGS when compiling extensions.
 2010-12-11 18:23:21 +01:00
Jan Engelhardt
748498038a gradm: fix compile error - add missing include 
Hooray for 2.6.34 ALIGN bug still biting.

libxt_gradm.c:84: warning: implicit declaration of function 'ALIGN'
libxt_gradm.c:84: error: initializer element is not constant
libxt_gradm.c:84: error: (near initialization for 'gradm_mt_reg.size')
 2010-12-11 01:50:29 +01:00
Jozsef Kadlecsik
5bcdf7f10e ipset: update to 4.5 2010-12-04 16:32:28 +01:00
Jan Engelhardt
1721b76a0f xt_geoip: update manpage with instructions for db build 2010-11-17 15:13:16 +01:00
Jan Engelhardt
f65ea59795 Merge branch 'gradm' 2010-11-03 23:58:59 +01:00
Jan Engelhardt
db76ea9a5c xt_iface: allow matching against incoming/outgoing interface 2010-10-31 01:53:23 +02:00
Anthony G. Basile
9c4c76f9e2 libxt_gradm: match packets based on status of grsecurity RBAC 
This patch adds a module which is useful to users of grsecurity's RBAC
system. It matches packets based on whether RBAC is enabled or
disabled.

See: http://grsecurity.net/

Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu>

Jan Engelhardt> Also, I do not see a xt_gradm.c in this patch.

This [xt_gradm.c] is part of the grsecurity patch which not only adds
the Xtables code, but also the RBAC code. Without the entire RBAC
stuff, xt_gradm does not make sense and so it is included with the
grsecurity patch to the kernel, and not this patch to Xtables-addons.

>Can you elaborate a bit on how this is useful in conjunction with
>rulesets? I could imagine it be used with LSM selctx'es for example,
>or another extension that tests for other RBAC attributes.

The idea here is that when the RBAC rulesets are not being enforced,
the system is more vulnerable and the user wants stricter firewall
rules. When RBAC is being enforced, one can relax the firewall and
access to services which are now better protected. In practice this
usually means allowing only access to some trusted IP(s) on boot
before RBAC is turned on.
 2010-10-29 14:54:06 +02:00
Jan Engelhardt
6733265358 xt_iface: reorder code for upcoming address checking 
From now on, info->flags lists the flags to test, not just the flags
to test positively for.
 2010-10-24 18:13:28 +02:00
Jan Engelhardt
f757049112 xt_iface: reduce indent by early return 2010-10-24 16:35:12 +02:00
Jan Engelhardt
21cdf786f7 xt_iface: move XT_IFACE_IFACE out of the public header 
This flag is only used by the userspace component, so remove it from
the kernel header. Also change the value to 1<<16 for the same reason.
 2010-10-24 16:31:26 +02:00
Jan Engelhardt
cf9b60a57e ACCOUNT: remove uses of obsolete IPT_CONTINUE 
And replace by XT_CONTINUE, to avoid compilation errors in 2.6.37.
 2010-10-16 15:45:31 +02:00
Jan Engelhardt
e5eedb25c2 LOGMARK: print remaining ct lifetime 2010-10-12 17:29:26 +02:00
Jan Engelhardt
bb15becc88 ipset: update to 4.4 2010-10-02 00:34:38 +02:00
Jan Engelhardt
2d36632d4a build: add workaround for beoken linux-glibc-devel (2) 2010-09-29 02:51:26 +02:00
Jan Engelhardt
b5e2c7255a build: add workaround for broken linux-glibc-devel 2.6.34 userspace headers 2010-09-23 02:37:45 +02:00
Jan Engelhardt
03ec8a7696 TEE: resolve compile error with Linux 2.6.36-rc 
xt_TEE.c:54:19: error: request for member "dst" in something not a
structure or union
xt_TEE.c:55:20: error: "struct rtable" has no member named "u"

Linux kernel commit v2.6.36-rc1~571^2~616 changed this.
 2010-09-22 23:37:19 +02:00
Jan Engelhardt
442982f04e SYSRQ: resolve compile error with Linux 2.6.36-rc 
xt_SYSRQ.c:156:3: error: too many arguments to function 'handle_sysrq'

Linux kernel commit v2.6.36-rc3~19^2~5 changed it and finally removed
the last unused argument.
 2010-09-22 23:37:02 +02:00
Jan Engelhardt
98b853cea3 ipset: update to 4.3+git3 2010-09-22 22:41:24 +02:00
Jan Engelhardt
59401339b8 ipset: bump version number 
Basically Xtables-addons's copy of ipset is already functionally equal
to ipset 4.3 thanks to our compat_xtables layer (and our modifications
in ipset/ to use it).
 2010-09-22 22:32:50 +02:00
Jan Engelhardt
121836ce80 ipset: enable building of ip_set_ipport{ip,net}hash.ko 2010-09-22 22:30:58 +02:00
Jan Engelhardt
fb2eea69af compat_xtables: return bool for match_check and target_check in 2.6.23..34 
Reported-by: Tomasz Pala <gotar@polanet.pl>
 2010-09-01 15:02:04 +02:00
Jan Engelhardt
922a9be87d geoip: import scripts for building the xt_geoip database 2010-07-24 11:22:33 +02:00
Jan Engelhardt
4d48511f01 xt_length2: IPv6 jumbogram support 2010-07-24 10:57:03 +02:00
Patrick McHardy
fe49f9b6a4 xt_CHECKSUM: use xtables_param_act 2010-07-15 12:21:16 +02:00
Patrick McHardy
283974cbbe xt_CHECKSUM: only use __u* in public header files 2010-07-15 12:21:16 +02:00
Patrick McHardy
7deca86132 xt_CHECKSUM: remove unnecessary header inclusions 2010-07-15 12:21:16 +02:00
Jan Engelhardt
7d6435f422 doc: update geoip db url 
My hopto.org zone disappeared after I left it unattended...
 2010-07-12 00:49:23 +02:00