anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 13:15:12 +02:00
Code Issues Releases Wiki Activity
Files
b132101b63a044a42dfb7e9ed825de4099f60ba9
xtables-addons/extensions
History
Jan Rafaj b132101b63 pknock: check interknock time only for !ST_ALLOWED peers 
Fixes a bug whereby an ST_ALLOWED peer existing for a time greater
than gc_expir_time would be gc-deleted, because both
!has_logged_during_this_minute(peer) and
is_interknock_time_exceeded(peer, rule->max_time) would be satisfied
for ST_ALLOWED hosts.

We also no longer test for !has_logged_during_this_minute(peer) in
peer_gc(), since there is really no need for this: the anti-spoof
minute check is performed (and subsequent remove_peer(peer) called if
needed) for each passing UDP-mode peer with expired autoclose in
pknock_mt(), given that --autoclose has been specified. If autoclose
has not been set, it will be subject to reset_knock_status(peer)
called from knock_mt() upon receiving the first closing secret - so it
is still guaranteed to disappear at the closest opportunity.

Signed-off-by: Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>
2009-10-12 17:21:32 +02:00
..
ACCOUNT
Update .gitignore files
2009-09-26 00:13:15 +02:00
ipset
Update .gitignore files
2009-09-26 00:13:15 +02:00
pknock
pknock: check interknock time only for !ST_ALLOWED peers
2009-10-12 17:21:32 +02:00
.gitignore
Update .gitignore files
2009-09-26 00:13:15 +02:00
compat_nfinetaddr.h
Add a compat wrapper to make modules work with older Linux.
2008-01-29 15:40:57 +01:00
compat_rawpost.h
RAWNAT: add the rawpost tables for IPv4/IPv6
2009-04-11 00:35:58 +02:00
compat_skbuff.h
build: support for Linux 2.6.31-rc1
2009-07-02 01:51:40 +02:00
compat_xtables.c
compat_xtables: fix compilation with <= 2.6.19
2009-04-30 20:35:48 +02:00
compat_xtables.h
compat_xtables: fix compilation with <= 2.6.19
2009-04-30 20:35:48 +02:00
compat_xtnu.h
compat_xtables: fix compilation with <= 2.6.19
2009-04-30 20:35:48 +02:00
ip6table_rawpost.c
RAWNAT: make iptable_rawpost compile with 2.6.30-rc5
2009-05-15 18:35:53 +02:00
iptable_rawpost.c
RAWNAT: make iptable_rawpost compile with 2.6.30-rc5
2009-05-15 18:35:53 +02:00
Kbuild
pknock: move into separate directory
2009-10-09 17:50:05 +02:00
libxt_CHAOS.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
libxt_CHAOS.man
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
libxt_condition.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
libxt_condition.man
condition: remove support for nonstandard inversion
2008-04-08 11:58:34 +02:00
libxt_DELUDE.c
src: avoid use of _init
2008-11-20 20:00:26 +01:00
libxt_DELUDE.man
Import Chaostables extensions
2008-02-21 18:56:21 +01:00
libxt_dhcpmac.c
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
libxt_DHCPMAC.c
dhcpmac: fix rename leftover from typo
2009-04-04 01:14:32 +02:00
libxt_dhcpmac.man
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
libxt_DHCPMAC.man
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
libxt_ECHO.c
src: avoid use of _init
2008-11-20 20:00:26 +01:00
libxt_ECHO.man
doc: add manpages for xt_ECHO and xt_TEE
2008-11-24 17:42:32 +01:00
libxt_fuzzy.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
libxt_fuzzy.man
fuzzy: import 20050627 code base
2008-09-01 15:22:16 -04:00
libxt_geoip.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
libxt_geoip.man
geoip: use simpler, preprocessed integer vector lists and fix endian issue
2008-03-22 03:59:57 +01:00
libxt_iface.c
iface: enable for multiprotocol
2009-05-14 21:38:09 +02:00
libxt_iface.man
iface: update documentation
2009-04-26 23:20:38 +02:00
libxt_IPMARK.c
IPMARK: print missing --shift parameter
2009-06-12 03:33:54 +02:00
libxt_IPMARK.man
Update manpages of CHAOS, IPMARK
2008-06-27 22:56:42 +02:00
libxt_ipp2p.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
libxt_ipp2p.man
ipp2p: update manpage
2009-01-09 20:24:41 +01:00
libxt_ipv4options.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
libxt_ipv4options.man
libxt_ipv4options: add manpage
2009-03-19 10:34:27 +01:00
libxt_length2.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
libxt_length.man
Add xt_length2
2009-01-30 06:01:12 +01:00
libxt_LOGMARK.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
libxt_LOGMARK.man
Add xt_LOGMARK (nfmark, ctmark, secmark logger)
2008-01-30 13:54:57 +01:00
libxt_lscan.c
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
libxt_lscan.man
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
libxt_psd.c
psd: style: remove braces for single statements in ifs
2009-08-16 12:40:44 +02:00
libxt_psd.man
psd: import 20090807 code base
2009-08-12 21:59:33 +02:00
libxt_quota2.c
quota2: support nameless counters
2009-07-02 02:21:11 +02:00
libxt_quota2.man
xt_quota2: support packet counting; add manpage
2008-07-07 01:19:10 +02:00
libxt_RAWDNAT.c
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
libxt_RAWDNAT.man
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
libxt_RAWSNAT.c
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
libxt_RAWSNAT.man
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
libxt_STEAL.c
STEAL: enable for multiprotocol
2009-05-14 21:38:08 +02:00
libxt_STEAL.man
Add the "STEAL" target from the "demos" branch
2009-03-25 19:54:25 +01:00
libxt_SYSRQ.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
libxt_SYSRQ.man
SYSRQ: fix manpage typo
2009-04-02 10:37:55 +02:00
libxt_TARPIT.c
src: avoid use of _init
2008-11-20 20:00:26 +01:00
libxt_TARPIT.man
manpages: generate manpages
2008-04-09 20:55:35 +02:00
libxt_TEE.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
libxt_TEE.man
doc: add manpages for xt_ECHO and xt_TEE
2008-11-24 17:42:32 +01:00
mac.c
Upgrade to iptables 1.4.3 API
2009-03-19 11:05:26 +01:00
Makefile.am
build: restore parallel build capability
2009-09-25 21:18:09 +02:00
Mbuild
pknock: move into separate directory
2009-10-09 17:50:05 +02:00
xt_ACCOUNT.Kconfig
ACCOUNT: add Kconfig file
2009-09-18 15:46:39 +02:00
xt_CHAOS.c
Update my email address
2009-03-25 22:10:42 +01:00
xt_CHAOS.h
Import Chaostables extensions
2008-02-21 18:56:21 +01:00
xt_CHAOS.Kconfig
Add Kconfig descriptions for Chaostables, ECHO, geoip
2008-03-24 16:28:14 +01:00
xt_condition.c
condition: fix compile error on 2.6.31-rt
2009-09-12 02:24:13 +02:00
xt_condition.h
condition: greatly improve processing speed
2008-04-08 11:58:35 +02:00
xt_condition.Kconfig
condition: import 20080125 code base
2008-04-08 11:58:33 +02:00
xt_DELUDE.c
build: support for Linux 2.6.31-rc1
2009-07-02 01:51:40 +02:00
xt_DELUDE.Kconfig
Add Kconfig descriptions for Chaostables, ECHO, geoip
2008-03-24 16:28:14 +01:00
xt_DHCPMAC.c
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
xt_DHCPMAC.h
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
xt_DHCPMAC.Kconfig
dhcpmac: rename from dhcpaddr
2009-03-26 21:55:10 +01:00
xt_ECHO.c
xt_ECHO: compile fix
2008-11-19 17:38:45 +01:00
xt_ECHO.Kconfig
Add Kconfig descriptions for Chaostables, ECHO, geoip
2008-03-24 16:28:14 +01:00
xt_fuzzy.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
xt_fuzzy.h
fuzzy: import 20050627 code base
2008-09-01 15:22:16 -04:00
xt_fuzzy.Kconfig
fuzzy: import 20050627 code base
2008-09-01 15:22:16 -04:00
xt_geoip.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
xt_geoip.h
geoip: minor cleanups in help, opts and logic
2008-03-22 03:59:58 +01:00
xt_geoip.Kconfig
Add Kconfig descriptions for Chaostables, ECHO, geoip
2008-03-24 16:28:14 +01:00
xt_iface.c
iface: fix compilation with <= 2.6.27
2009-04-30 19:41:31 +02:00
xt_iface.h
iface: must use __u types in header files
2009-04-27 20:46:25 +02:00
xt_IPMARK.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
xt_IPMARK.h
IPMARK: IPv6 support
2008-04-09 19:24:01 +02:00
xt_IPMARK.Kconfig
IPMARK: import 20080304 code base
2008-04-08 20:37:59 +02:00
xt_ipp2p.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
xt_ipp2p.h
ipp2p: version bump
2009-01-30 06:02:10 +01:00
xt_ipp2p.Kconfig
ipp2p: import 20080304 code base
2008-04-08 20:34:03 +02:00
xt_ipv4options.c
Add a reworked IPv4 options match - xt_ipv4options
2009-03-08 23:38:12 +01:00
xt_ipv4options.h
Add a reworked IPv4 options match - xt_ipv4options
2009-03-08 23:38:12 +01:00
xt_ipv4options.Kconfig
desc: add informational Kconfig descriptions
2009-03-26 21:32:44 +01:00
xt_length2.c
Add xt_length2
2009-01-30 06:01:12 +01:00
xt_length2.h
Add xt_length2
2009-01-30 06:01:12 +01:00
xt_length2.Kconfig
desc: add informational Kconfig descriptions
2009-03-26 21:32:44 +01:00
xt_LOGMARK.c
Update my email address
2009-03-25 22:10:42 +01:00
xt_LOGMARK.h
xt_LOGMARK: dump CLASSIFY mark, ctstate and ctstatus
2008-02-20 23:17:55 +01:00
xt_LOGMARK.Kconfig
Add xt_LOGMARK (nfmark, ctmark, secmark logger)
2008-01-30 13:54:57 +01:00
xt_lscan.c
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
xt_lscan.h
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
xt_lscan.Kconfig
xt_lscan: rename from xt_portscan
2009-03-05 01:43:29 +01:00
xt_psd.c
psd: byteswap constant value instead
2009-09-11 21:38:23 +02:00
xt_psd.h
psd: use fixated types in info struct
2009-08-13 00:52:46 +02:00
xt_psd.Kconfig
psd: import 20090807 code base
2009-08-12 21:59:33 +02:00
xt_quota2.c
quota2: fix invalid page access in cleanup function
2009-08-07 10:35:52 +02:00
xt_quota2.h
quota2: change max name length from 31 to 15
2009-07-10 17:21:27 +02:00
xt_quota2.Kconfig
desc: add informational Kconfig descriptions
2009-03-26 21:32:44 +01:00
xt_RAWNAT.c
compat_xtables: fix compilation with <= 2.6.19
2009-04-30 20:35:48 +02:00
xt_RAWNAT.h
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
xt_RAWNAT.Kconfig
RAWNAT: add extension's kernel and userspace modules
2009-04-26 21:44:54 +02:00
xt_STEAL.c
Add the "STEAL" target from the "demos" branch
2009-03-25 19:54:25 +01:00
xt_SYSRQ.c
extensions: bump revision number to avoid possible POM clash
2009-05-14 21:42:05 +02:00
xt_SYSRQ.Kconfig
SYSRQ target
2008-08-03 12:26:09 -04:00
xt_TARPIT.c
build: support for Linux 2.6.31-rc1
2009-07-02 01:51:40 +02:00
xt_TARPIT.Kconfig
Initial commit.
2008-01-29 03:57:08 +01:00
xt_TEE.c
TEE: spello fix
2009-07-02 04:16:14 +02:00
xt_TEE.h
Initial commit.
2008-01-29 03:57:08 +01:00
xt_TEE.Kconfig
Initial commit.
2008-01-29 03:57:08 +01:00