ifndef KERNEL_DIR
KERNEL_DIR=/usr/src/linux
endif
-NETFILTER_VERSION:=1.2.7
-OLD_NETFILTER_VERSION:=1.2.6a
+IPTABLES_VERSION:=1.2.7
+OLD_IPTABLES_VERSION:=1.2.6a
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
endif
COPT_FLAGS:=-O2
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg # -DIPTC_DEBUG
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DIPTABLES_VERSION=\"$(IPTABLES_VERSION)\" #-g -DDEBUG #-pg # -DIPTC_DEBUG
ifdef NO_SHARED_LIBS
CFLAGS += -DNO_SHARED_LIBS=1
# Rusty's distro magic.
.PHONY: distrib
-distrib: check distclean delrelease $(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2 diff md5sums # nowhitespace
+distrib: check distclean delrelease $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2 diff md5sums # nowhitespace
# Makefile must not define:
# -g -pg -DIPTC_DEBUG
.PHONY: delrelease
delrelease:
- rm -f $(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2
+ rm -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
-$(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2:
- cd .. && ln -sf userspace iptables-$(NETFILTER_VERSION) && tar cvf - --exclude CVS iptables-$(NETFILTER_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(NETFILTER_VERSION)
+$(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2:
+ cd .. && ln -sf userspace iptables-$(IPTABLES_VERSION) && tar cvf - --exclude CVS iptables-$(IPTABLES_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(IPTABLES_VERSION)
.PHONY: diff
-diff: $(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2
+diff: $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
@mkdir /tmp/diffdir
- @cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(NETFILTER_VERSION).tar.bz2
- @set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(OLD_NETFILTER_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2; diff -urN iptables-$(OLD_NETFILTER_VERSION) iptables-$(NETFILTER_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2
+ @cd /tmp/diffdir && tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(IPTABLES_VERSION).tar.bz2
+ @set -e; cd /tmp/diffdir; tar -x --bzip2 -f $(RELEASE_DIR)/iptables-$(OLD_IPTABLES_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2; diff -urN iptables-$(OLD_IPTABLES_VERSION) iptables-$(IPTABLES_VERSION) | bzip2 -9 > $(RELEASE_DIR)/patch-iptables-$(OLD_IPTABLES_VERSION)-$(IPTABLES_VERSION).bz2
@rm -rf /tmp/diffdir
.PHONY: md5sums
md5sums:
- cd $(RELEASE_DIR)/ && md5sum patch-iptables-*-$(NETFILTER_VERSION).bz2 iptables-$(NETFILTER_VERSION).tar.bz2
+ cd $(RELEASE_DIR)/ && md5sum patch-iptables-*-$(IPTABLES_VERSION).bz2 iptables-$(IPTABLES_VERSION).tar.bz2
# $(wildcard) fails wierdly with make v.3.78.1.
include $(shell echo */Makefile)
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
" --log-ip-options Log IP options.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_target log
= { NULL,
"LOG",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_log_info)),
IP6T_ALIGN(sizeof(struct ip6t_log_info)),
&help,
"MARK target v%s options:\n"
" --set-mark value Set nfmark value\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_target mark
= { NULL,
"MARK",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
&help,
struct ip6tables_target reject
= { NULL,
"REJECT",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
IP6T_ALIGN(sizeof(struct ip6t_reject_info)),
&help,
" --ahspi [!] spi[:spi] match spi (range)\n"
" --ahlen [!] length total length of this header\n"
" --ahres check the reserved filed, too\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match ah
= { NULL,
"ah",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_ah)),
IP6T_ALIGN(sizeof(struct ip6t_ah)),
&help,
" --%s-len [!] length total length of this header\n"
" --%s-opts TYPE[:LEN][,TYPE[:LEN]...] \n"
" Options and its length (list, max: %d)\n",
-UNAME , NETFILTER_VERSION, LNAME, LNAME, IP6T_OPTS_OPTSNR);
+UNAME , IPTABLES_VERSION, LNAME, LNAME, IP6T_OPTS_OPTSNR);
}
#if HOPBYHOP
#else
"dst",
#endif
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_opts)),
IP6T_ALIGN(sizeof(struct ip6t_opts)),
&help,
printf(
"ESP v%s options:\n"
" --espspi [!] spi[:spi] match spi (range)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match esp
= { NULL,
"esp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_esp)),
IP6T_ALIGN(sizeof(struct ip6t_esp)),
&help,
"eui64 v%s options:\n"
" This module hasn't got any option\n"
" This module checks for EUI64 IPv6 addresses\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match eui64
= { NULL,
"eui64",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(int)),
IP6T_ALIGN(sizeof(int)),
&help,
" --fragfirst matches on the first fragment\n"
" [--fragmore|--fraglast] there are more fragments or this\n"
" is the last one\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match frag
= { NULL,
"frag",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_frag)),
IP6T_ALIGN(sizeof(struct ip6t_frag)),
&help,
" --%s-len [!] length total length of this header\n"
" --%s-opts TYPE[:LEN][,TYPE[:LEN]...] \n"
" Options and its length (list, max: %d)\n",
-UNAME , NETFILTER_VERSION, LNAME, LNAME, IP6T_OPTS_OPTSNR);
+UNAME , IPTABLES_VERSION, LNAME, LNAME, IP6T_OPTS_OPTSNR);
}
#if HOPBYHOP
#else
"dst",
#endif
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_opts)),
IP6T_ALIGN(sizeof(struct ip6t_opts)),
&help,
"ICMPv6 v%s options:\n"
" --icmpv6-type [!] typename match icmpv6 type\n"
" (or numeric type or type/code)\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
print_icmpv6types();
}
static struct ip6tables_match icmpv6
= { NULL,
"icmp6",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_icmp)),
IP6T_ALIGN(sizeof(struct ip6t_icmp)),
&help,
" ipv6-frag,ah,esp,ipv6-nonxt,protocol\n"
" numbers: 0,60,43,44,51,50,59\n"
"--soft The header CONTAINS the specified extensions\n",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match ipv6header
= { NULL,
"ipv6header",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)),
IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)),
&help,
"length v%s options:\n"
"[!] --length length[:length] Match packet length against value or range\n"
" of values (inclusive)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
struct ip6tables_match length
= { NULL,
"length",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_length_info)),
IP6T_ALIGN(sizeof(struct ip6t_length_info)),
&help,
" [Packets per second unless followed by \n"
" /sec /minute /hour /day postfixes]\n"
"--limit-burst number number to match in a burst, default %u\n"
-"\n", NETFILTER_VERSION, IP6T_LIMIT_BURST);
+"\n", IPTABLES_VERSION, IP6T_LIMIT_BURST);
}
static struct option opts[] = {
struct ip6tables_match limit
= { NULL,
"limit",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_rateinfo)),
offsetof(struct ip6t_rateinfo, prev),
&help,
"MAC v%s options:\n"
" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
" Match source MAC address\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match mac
= { NULL,
"mac",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
IP6T_ALIGN(sizeof(struct ip6t_mac_info)),
&help,
"MARK match v%s options:\n"
"[!] --mark value[/mask] Match nfmark value with optional mask\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match mark
= { NULL,
"mark",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
IP6T_ALIGN(sizeof(struct ip6t_mark_info)),
&help,
" match destination port(s)\n"
" --ports port[,port,port]\n"
" match both source and destination port(s)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match multiport
= { NULL,
"multiport",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_multiport)),
IP6T_ALIGN(sizeof(struct ip6t_multiport)),
&help,
"[!] --pid-owner processid Match local pid\n"
"[!] --sid-owner sessionid Match local sid\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match owner
= { NULL,
"owner",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
IP6T_ALIGN(sizeof(struct ip6t_owner_info)),
&help,
" --rt-0-res check the reserved filed, too (type 0)\n"
" --rt-0-addrs ADDR[,ADDR...] Type=0 addresses (list, max: %d)\n"
" --rt-0-not-strict List of Type=0 addresses not a strict list\n",
-NETFILTER_VERSION, IP6T_RT_HOPS);
+IPTABLES_VERSION, IP6T_RT_HOPS);
}
static struct option opts[] = {
struct ip6tables_match rt
= { NULL,
"rt",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_rt)),
IP6T_ALIGN(sizeof(struct ip6t_rt)),
&help,
{
printf(
"Standard v%s options:\n"
-"(If target is DROP, ACCEPT, RETURN or nothing)\n", NETFILTER_VERSION);
+"(If target is DROP, ACCEPT, RETURN or nothing)\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_target standard
= { NULL,
"standard",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(int)),
IP6T_ALIGN(sizeof(int)),
&help,
" --dport ...\n"
" match destination port(s)\n"
" --tcp-option [!] number match if TCP option set\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match tcp
= { NULL,
"tcp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_tcp)),
IP6T_ALIGN(sizeof(struct ip6t_tcp)),
&help,
" --destination-port [!] port[:port]\n"
" --dport ...\n"
" match destination port(s)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct ip6tables_match udp
= { NULL,
"udp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IP6T_ALIGN(sizeof(struct ip6t_udp)),
IP6T_ALIGN(sizeof(struct ip6t_udp)),
&help,
"BALANCE v%s options:\n"
" --to-destination <ipaddr>-<ipaddr>\n"
" Addresses to map destination to.\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target balance
= { NULL,
"BALANCE",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
" --save-mark Save the packet nfmark on the connection\n"
" --restore-mark Restore saved nfmark value\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target mark
= { NULL,
"CONNMARK",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
IPT_ALIGN(sizeof(struct ipt_connmark_target_info)),
&help,
" --to-destination <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map destination to.\n"
" (You can use this more than once)\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target dnat
= { NULL,
"DNAT",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
struct iptables_target dscp
= { NULL,
"DSCP",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
IPT_ALIGN(sizeof(struct ipt_DSCP_info)),
&help,
*
* libipt_ECN.c borrowed heavily from libipt_DSCP.c
*
- * $Id: libipt_ECN.c,v 1.3 2002/04/10 13:12:53 laforge Exp $
+ * $Id: libipt_ECN.c,v 1.5 2002/05/29 12:43:34 laforge Exp $
*/
#include <stdio.h>
#include <string.h>
" --ecn-ip-ect Set the IPv4 ECT codepoint (0 to 3)\n"
" --ecn-tcp-cwr Set the IPv4 CWR bit (0 or 1)\n"
" --ecn-tcp-ece Set the IPv4 CWR bit (0 or 1)\n",
- NETFILTER_VERSION, NETFILTER_VERSION
+ IPTABLES_VERSION, IPTABLES_VERSION
);
}
struct iptables_target ecn
= { NULL,
"ECN",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_ECN_info)),
IPT_ALIGN(sizeof(struct ipt_ECN_info)),
&help,
struct iptables_target ftos
= { NULL,
"FTOS",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
IPT_ALIGN(sizeof(struct ipt_FTOS_info)),
&help,
static void help(void)
{
printf("IPV4OPTSSTRIP v%s target takes no option !! Make sure you use it in the mangle table.\n",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target IPV4OPTSSTRIP
= { NULL,
"IPV4OPTSSTRIP",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(0),
IPT_ALIGN(0),
&help,
" --log-tcp-sequence Log TCP sequence numbers.\n\n"
" --log-tcp-options Log TCP options.\n\n"
" --log-ip-options Log IP options.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target log
= { NULL,
"LOG",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_log_info)),
IPT_ALIGN(sizeof(struct ipt_log_info)),
&help,
"MARK target v%s options:\n"
" --set-mark value Set nfmark value\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target mark
= { NULL,
"MARK",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
&help,
"MASQUERADE v%s options:\n"
" --to-ports <port>[-<port>]\n"
" Port (range) to map to.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target masq
= { NULL,
"MASQUERADE",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
{
printf(
"MIRROR target v%s takes no options\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target mirror
= { NULL,
"MIRROR",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(0),
IPT_ALIGN(0),
&help,
" --nldrop Drop the packet too\n"
" --nlmark <number> Mark the packet\n"
" --nlsize <bytes> Limit packet size\n",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
}
static struct option opts[] = {
static
struct iptables_target netlink = { NULL,
"NETLINK",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_nldata)),
IPT_ALIGN(sizeof(struct ipt_nldata)),
&help,
printf(MODULENAME" v%s options:\n"
" --%s address[/mask]\n"
" Network address to map to.\n\n",
- NETFILTER_VERSION, opts[0].name);
+ IPTABLES_VERSION, opts[0].name);
}
static u_int32_t
struct iptables_target target_module
= { NULL,
MODULENAME,
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
" --add-dstip <pool>\n"
" --del-dstip <pool>\n"
" add/del src/dst IP from pool.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target ipt_pool_target
= { NULL,
"POOL",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_pool_info)),
IPT_ALIGN(sizeof(struct ipt_pool_info)),
&help,
"REDIRECT v%s options:\n"
" --to-ports <port>[-<port>]\n"
" Port (range) to map to.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target redir
= { NULL,
"REDIRECT",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
struct iptables_target reject
= { NULL,
"REJECT",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_reject_info)),
IPT_ALIGN(sizeof(struct ipt_reject_info)),
&help,
" --nodst\n"
" Don't use destination-ip in\n"
" source selection\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target same
= { NULL,
"SAME",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_same_info)),
IPT_ALIGN(sizeof(struct ipt_same_info)),
&help,
" --to-source <ipaddr>[-<ipaddr>][:port-port]\n"
" Address to map source to.\n"
" (You can use this more than once)\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target snat
= { NULL,
"SNAT",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
IPT_ALIGN(sizeof(struct ip_nat_multi_range)),
&help,
"TCPMSS target v%s mutually-exclusive options:\n"
" --set-mss value explicitly set MSS option to specified value\n"
" --clamp-mss-to-pmtu automatically clamp MSS value to (path_MTU - 40)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target mss
= { NULL,
"TCPMSS",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
IPT_ALIGN(sizeof(struct ipt_tcpmss_info)),
&help,
"TOS target v%s options:\n"
" --set-tos value Set Type of Service field to one of the\n"
" following numeric or descriptive values:\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
for (i = 0; i < sizeof(TOS_values)/sizeof(struct TOS_value);i++)
printf(" %s %u (0x%02x)\n",
struct iptables_target tos
= { NULL,
"TOS",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
IPT_ALIGN(sizeof(struct ipt_tos_target_info)),
&help,
/* Shared library add-on to iptables for the TTL target
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_TTL.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
+ * $Id: libipt_TTL.c,v 1.5 2002/03/14 11:35:58 laforge Exp $
*
* This program is distributed under the terms of GNU GPL
*/
" --ttl-set value Set TTL to <value>\n"
" --ttl-dec value Decrement TTL by <value>\n"
" --ttl-inc value Increment TTL by <value>\n"
-, NETFILTER_VERSION);
+, IPTABLES_VERSION);
}
static int parse(int c, char **argv, int invert, unsigned int *flags,
static
struct iptables_target TTL = { NULL,
"TTL",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_TTL_info)),
IPT_ALIGN(sizeof(struct ipt_TTL_info)),
&help,
" --ulog-cprange size Bytes of each packet to be passed\n"
" --ulog-qthreshold Threshold of in-kernel queue\n"
" --ulog-prefix prefix Prefix log messages with this prefix.\n\n",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
}
static struct option opts[] = {
static
struct iptables_target ulog = { NULL,
"ULOG",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_ulog_info)),
IPT_ALIGN(sizeof(struct ipt_ulog_info)),
&help,
"AH v%s options:\n"
" --ahspi [!] spi[:spi]\n"
" match spi (range)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match ah
= { NULL,
"ah",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_ah)),
IPT_ALIGN(sizeof(struct ipt_ah)),
&help,
"iplimit v%s options:\n"
"[!] --iplimit-above n match if the number of existing tcp connections is (not) above n\n"
" --iplimit-mask n group hosts using mask\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
static struct iptables_match iplimit = {
name: "iplimit",
- version: NETFILTER_VERSION,
+ version: IPTABLES_VERSION,
size: IPT_ALIGN(sizeof(struct ipt_iplimit_info)),
userspacesize: offsetof(struct ipt_iplimit_info,data),
help: help,
"CONNMARK match v%s options:\n"
"[!] --mark value[/mask] Match nfmark value with optional mask\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match mark
= { NULL,
"connmark",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_connmark_info)),
IPT_ALIGN(sizeof(struct ipt_connmark_info)),
&help,
" Status(es) to match\n"
" [!] --ctexpire time[:time] Match remaining lifetime in seconds against\n"
" value or range of values (inclusive)\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
struct iptables_match conntrack
= { NULL,
"conntrack",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
IPT_ALIGN(sizeof(struct ipt_conntrack_info)),
&help,
"DSCP match v%s options\n"
"[!] --dscp value Match DSCP codepoint with numerical value\n"
" This value can be in decimal (ex: 32)\n"
-" or in hex (ex: 0x20)\n", NETFILTER_VERSION
+" or in hex (ex: 0x20)\n", IPTABLES_VERSION
);
}
struct iptables_match dscp
= { NULL,
"dscp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_dscp_info)),
IPT_ALIGN(sizeof(struct ipt_dscp_info)),
&help,
"ESP v%s options:\n"
" --espspi [!] spi[:spi]\n"
" match spi (range)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match esp
= { NULL,
"esp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_esp)),
IPT_ALIGN(sizeof(struct ipt_esp)),
&help,
"helper match v%s options:\n"
"[!] --helper value Match helper value\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match helper
= { NULL,
"helper",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_helper_info)),
IPT_ALIGN(sizeof(struct ipt_helper_info)),
&help,
"ICMP v%s options:\n"
" --icmp-type [!] typename match icmp type\n"
" (or numeric type or type/code)\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
print_icmptypes();
}
struct iptables_match icmp
= { NULL,
"icmp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_icmp)),
IPT_ALIGN(sizeof(struct ipt_icmp)),
&help,
" [!] --ts (match timestamp flag)\n\n"
" [!] --ra (match router-alert option)\n\n"
" [!] --any-opt (match any option or no option at all if used with '!')\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match ipv4options_struct
= { NULL,
"ipv4options",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
IPT_ALIGN(sizeof(struct ipt_ipv4options_info)),
&help,
"length v%s options:\n"
"[!] --length length[:length] Match packet length against value or range\n"
" of values (inclusive)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
struct iptables_match length
= { NULL,
"length",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_length_info)),
IPT_ALIGN(sizeof(struct ipt_length_info)),
&help,
" [Packets per second unless followed by \n"
" /sec /minute /hour /day postfixes]\n"
"--limit-burst number number to match in a burst, default %u\n"
-"\n", NETFILTER_VERSION, IPT_LIMIT_BURST);
+"\n", IPTABLES_VERSION, IPT_LIMIT_BURST);
}
static struct option opts[] = {
struct iptables_match limit
= { NULL,
"limit",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_rateinfo)),
offsetof(struct ipt_rateinfo, prev),
&help,
"MAC v%s options:\n"
" --mac-source [!] XX:XX:XX:XX:XX:XX\n"
" Match source MAC address\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match mac
= { NULL,
"mac",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_mac_info)),
IPT_ALIGN(sizeof(struct ipt_mac_info)),
&help,
"MARK match v%s options:\n"
"[!] --mark value[/mask] Match nfmark value with optional mask\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match mark
= { NULL,
"mark",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_mark_info)),
IPT_ALIGN(sizeof(struct ipt_mark_info)),
&help,
" match destination port(s)\n"
" --ports port[,port:port,port]\n"
" match both source and destination port(s)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match mport
= { NULL,
"mport",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_mport)),
IPT_ALIGN(sizeof(struct ipt_mport)),
&help,
" match destination port(s)\n"
" --ports port[,port,port]\n"
" match both source and destination port(s)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match multiport
= { NULL,
"multiport",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_multiport)),
IPT_ALIGN(sizeof(struct ipt_multiport)),
&help,
" there must be Nth number of --packet\n"
" rules, covering all values between 0 and\n"
" Nth-1 inclusively.\n",
-NETFILTER_VERSION, IPT_NTH_NUM_COUNTERS-1);
+IPTABLES_VERSION, IPT_NTH_NUM_COUNTERS-1);
}
static struct option opts[] = {
struct iptables_match nth
= { NULL,
"nth",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_nth_info)),
IPT_ALIGN(sizeof(struct ipt_nth_info)),
&help,
"[!] --sid-owner sessionid Match local sid\n"
"[!] --cmd-owner name Match local command name\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
#else
printf(
"OWNER match v%s options:\n"
"[!] --pid-owner processid Match local pid\n"
"[!] --sid-owner sessionid Match local sid\n"
"\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
#endif /* IPT_OWNER_COMM */
}
struct iptables_match owner
= { NULL,
"owner",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_owner_info)),
IPT_ALIGN(sizeof(struct ipt_owner_info)),
&help,
struct iptables_match pkttype = {
NULL,
"pkttype",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
IPT_ALIGN(sizeof(struct ipt_pkttype_info)),
&help,
" [!] --srcpool NAME|INDEX\n"
" [!] --dstpool NAME|INDEX\n"
" Pool index (or name from %s) to match\n"
-"\n", NETFILTER_VERSION, IPPOOL_CONF);
+"\n", IPTABLES_VERSION, IPPOOL_CONF);
}
static struct option opts[] = {
struct iptables_match pool
= { NULL,
"pool",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_pool_info)),
IPT_ALIGN(sizeof(struct ipt_pool_info)),
&help,
" --psd-delay-threshold delay Portscan detection delay threshold\n\n"
" --psd-lo-ports-weight lo Privileged ports weight\n\n"
" --psd-hi-ports-weight hi High ports weight\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match psd
= { NULL,
"psd",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_psd_info)),
IPT_ALIGN(sizeof(struct ipt_psd_info)),
&help,
struct iptables_match quota = { NULL,
"quota",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof (struct ipt_quota_info)),
IPT_ALIGN(sizeof (struct ipt_quota_info)),
&help,
" [--average] percent The probability in percentage of the match\n"
" If ommited, a probability of 50%% percent is set.\n"
" Percentage must be within : 1 <= percent <= 99.\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match rand_match
= { NULL,
"random",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_rand_info)),
IPT_ALIGN(sizeof(struct ipt_rand_info)),
&help,
"REALM v%s options:\n"
" --realm [!] value[/mask]\n"
" Match realm\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match realm
= { NULL,
"realm",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_realm_info)),
IPT_ALIGN(sizeof(struct ipt_realm_info)),
&help,
" Useful if you have problems with people spoofing their source address in order\n"
" to DoS you via this module.\n"
" --name name Name of the recent list to be used. DEFAULT used if none given.\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
struct iptables_match recent
= { NULL,
"recent",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_recent_info)),
IPT_ALIGN(sizeof(struct ipt_recent_info)),
&help,
{
printf(
"record_rpc v%s takes no options\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match record_rpc
= { NULL,
"record_rpc",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(0),
IPT_ALIGN(0),
&help,
{
printf(
"Standard v%s options:\n"
-"(If target is DROP, ACCEPT, RETURN or nothing)\n", NETFILTER_VERSION);
+"(If target is DROP, ACCEPT, RETURN or nothing)\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_target standard
= { NULL,
"standard",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(int)),
IPT_ALIGN(sizeof(int)),
&help,
"state v%s options:\n"
" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
" State(s) to match\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match state
= { NULL,
"state",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_state_info)),
IPT_ALIGN(sizeof(struct ipt_state_info)),
&help,
printf(
"STRING match v%s options:\n"
"--string [!] string Match a string in a packet\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
fputc('\n', stdout);
}
struct iptables_match string
= { NULL,
"string",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_string_info)),
IPT_ALIGN(sizeof(struct ipt_string_info)),
&help,
" --dport ...\n"
" match destination port(s)\n"
" --tcp-option [!] number match if TCP option set\n\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match tcp
= { NULL,
"tcp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tcp)),
IPT_ALIGN(sizeof(struct ipt_tcp)),
&help,
"tcpmss match v%s options:\n"
"[!] --mss value[:value] Match TCP MSS range.\n"
" (only valid for TCP SYN or SYN/ACK packets)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match tcpmss
= { NULL,
"tcpmss",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
IPT_ALIGN(sizeof(struct ipt_tcpmss_match_info)),
&help,
" timestart value : HH:MM\n"
" timestop value : HH:MM\n"
" listofdays value: a list of days to apply -> ie. Mon,Tue,Wed,Thu,Fri. Case sensitive\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match timestruct
= { NULL,
"time",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_time_info)),
IPT_ALIGN(sizeof(struct ipt_time_info)),
&help,
"TOS match v%s options:\n"
"[!] --tos value Match Type of Service field from one of the\n"
" following numeric or descriptive values:\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
for (i = 0; i < sizeof(TOS_values)/sizeof(struct TOS_value);i++)
printf(" %s %u (0x%02x)\n",
struct iptables_match tos
= { NULL,
"tos",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_tos_info)),
IPT_ALIGN(sizeof(struct ipt_tos_info)),
&help,
/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge@gnumonks.org>
*
- * $Id: libipt_ttl.c,v 1.4 2002/02/25 11:25:41 laforge Exp $
+ * $Id: libipt_ttl.c,v 1.5 2002/03/14 11:35:58 laforge Exp $
*
* This program is released under the terms of GNU GPL */
" --ttl-eq value Match time to live value\n"
" --ttl-lt value Match TTL < value\n"
" --ttl-gt value Match TTL > value\n"
-, NETFILTER_VERSION);
+, IPTABLES_VERSION);
}
static void init(struct ipt_entry_match *m, unsigned int *nfcache)
struct iptables_match ttl = {
NULL,
"ttl",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_ttl_info)),
IPT_ALIGN(sizeof(struct ipt_ttl_info)),
&help,
" --destination-port [!] port[:port]\n"
" --dport ...\n"
" match destination port(s)\n",
-NETFILTER_VERSION);
+IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match udp
= { NULL,
"udp",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(sizeof(struct ipt_udp)),
IPT_ALIGN(sizeof(struct ipt_udp)),
&help,
{
printf(
"unclean v%s takes no options\n"
-"\n", NETFILTER_VERSION);
+"\n", IPTABLES_VERSION);
}
static struct option opts[] = {
struct iptables_match unclean
= { NULL,
"unclean",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
IPT_ALIGN(0),
IPT_ALIGN(0),
&help,
* Harald Welte <laforge@gnumonks.org>
* Rusty Russell <rusty@linuxcare.com.au>
*
- * $Id: ip6tables-restore.c,v 1.20 2002/01/17 20:43:10 laforge Exp $
+ * $Id: ip6tables-restore.c,v 1.8 2002/03/03 09:44:31 laforge Exp $
*/
#include <getopt.h>
const char *modprobe = 0;
program_name = "ip6tables-restore";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
break;
case 'h':
print_usage("ip6tables-restore",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
time_t now = time(NULL);
printf("# Generated by ip6tables-save v%s on %s",
- NETFILTER_VERSION, ctime(&now));
+ IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
int c;
program_name = "ip6tables-save";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
ip6tc_handle_t handle = NULL;
program_name = "ip6tables";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
*
* This code is distributed under the terms of GNU GPL
*
- * $Id: iptables-restore.c,v 1.19 2001/12/06 15:06:34 marc Exp $
+ * $Id: iptables-restore.c,v 1.20 2002/01/17 20:43:10 laforge Exp $
*/
#include <getopt.h>
const char *modprobe = 0;
program_name = "iptables-restore";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
break;
case 'h':
print_usage("iptables-restore",
- NETFILTER_VERSION);
+ IPTABLES_VERSION);
break;
case 'n':
noflush = 1;
time_t now = time(NULL);
printf("# Generated by iptables-save v%s on %s",
- NETFILTER_VERSION, ctime(&now));
+ IPTABLES_VERSION, ctime(&now));
printf("*%s\n", tablename);
/* Dump out chain names first,
int c;
program_name = "iptables-save";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
iptc_handle_t handle = NULL;
program_name = "iptables";
- program_version = NETFILTER_VERSION;
+ program_version = IPTABLES_VERSION;
#ifdef NO_SHARED_LIBS
init_extensions();
-/* Library which manipulates firewall rules. Version $Revision: 1.33 $ */
+/* Library which manipulates firewall rules. Version $Revision: 1.34 $ */
/* Architecture of firewall rules is as follows:
*
CHECK(handle);
printf("libiptc v%s. %u entries, %u bytes.\n",
- NETFILTER_VERSION,
+ IPTABLES_VERSION,
handle->new_number, handle->entries.size);
printf("Table `%s'\n", handle->info.name);
printf("Hooks: pre/in/fwd/out/post = %u/%u/%u/%u/%u\n",
projects / thirdparty / iptables.git / commitdiff
