My contributions to netfilter/iptables
On 7th December 2001, I became a core team member
of the netfilter project. Since then this page is kept for historical reasons
only and not maintained anymore.
Newer versions of my patches can be found in the cvs repository
of the Netfilter project.
The patches below are outdated.
The complete list of my patches:
- ipt_LOG bugfix
- H.323 (netmeeting) protocol helper
- patch-o-matic support for multiple helpers
- newnat code
- FTP security patch
- prestate/NOTRACK patch
- talk protocol patch (in patch-o-matic)
- log patch (for rule debugging)
- TCP window tracking (in patch-o-matic)
- conntrack DoS protection
- 18.07.2000: bug in conntrack patch, fix
not released due to the TCP window tracking patch
- 14.07.2000: ESTABLISHED state is not
reached until the TCP 3-way handshake is not completed
- REJECT target (in netfilter)
- 10.05.2000: Fragment from a long thread
on the acceptance of the new functionalities in the REJECT target.
- 09.03.2000: REJECT is valid only in the
INPUT and FORWARD rules.
- 28.02.2000: SYN protection support removed
- 02.02.2000: packet generation moved from
IP stack to the module
- 18.01.2000: initial release