iptables branch, master, updated. v1.4.10-89-gd59b9db
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Wed Mar 9 13:57:33 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "iptables".
The branch, master has been updated
via d59b9db031abee37a9aa9776662dd15370faabf4 (commit)
via 9cc4f24e72f87ca191c2e723e7cd293f6477481c (commit)
from f96cb8094ceffb9ffe8e94b4ee6800aa581dd021 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d59b9db031abee37a9aa9776662dd15370faabf4
Author: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Date: Tue Mar 8 22:42:51 2011 +0100
iptables: add -C to check for existing rules
It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.
Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.
This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.
Signed-off-by: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9cc4f24e72f87ca191c2e723e7cd293f6477481c
Author: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Date: Mon Mar 7 18:30:27 2011 +0100
ip(6)tables-multi: unify subcommand handling
I found the subcommand handling and naming done by iptables-multi and
ip6tables-multi very confusing and complicated; this patch
reorganizes the subcommands in a single table, allowing both variants
of them to be used (iptables/main) and also prints a list of the
allowed commands if an unknown command is entered by the user.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
-----------------------------------------------------------------------
Summary of changes:
include/libiptc/libip6tc.h | 6 ++++
include/libiptc/libiptc.h | 6 ++++
ip6tables-multi.c | 46 +++++++++-------------------------
ip6tables.8.in | 10 ++++++-
ip6tables.c | 60 +++++++++++++++++++++++++++++++++++++++----
iptables-multi.c | 52 ++++++++++---------------------------
iptables.8.in | 9 ++++++-
iptables.c | 60 +++++++++++++++++++++++++++++++++++++++----
libiptc/libip4tc.c | 1 +
libiptc/libip6tc.c | 1 +
libiptc/libiptc.c | 30 +++++++++++++++++----
xshared.c | 36 ++++++++++++++++++++++++++
xshared.h | 11 ++++++++
13 files changed, 235 insertions(+), 93 deletions(-)
hooks/post-receive
--
iptables
More information about the netfilter-cvslog
mailing list