Hi, I extended the socket match by the --wildcard option. Currently sockets which are bound to wildcards are ignored for matching, the new option allows to include sockets bound to IN_ADDR_ANY too. The default behaviour of not matching wildcard sockets is retained. It is more than one patch, as the --transparent option was not merged for iptables, even though it merged into the kernels netfilter code, and in the meantime the empty option code for the socket match was removed from iptables. So we have 3 patches for iptables: iptables-socket-match-empty-options.diff - revert removing the empty options from extensions/xt_socket.c iptables-socket-match-add-transparent-option.diff - apply patch to add the --transparent option from http://article.gmane.org/gmane.comp.security.firewalls.netfilter.devel/30246 iptables-socket-match-add-wildcard-option.diff - add wildcard option The kernel side of netfilter had to be patched too, but there is only one patch: linux-netfilter-socket-wildcard.diff - extend xt_socket by --wildcard option As I'm new to netfilter/kernel patches, I'd appreciate any help to get this feature merged. Markus -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
