|
 |
029dc7 |
# install init scripts to /usr/libexec with systemd
|
|
|
029dc7 |
%global script_path %{_libexecdir}/iptables
|
|
|
029dc7 |
|
|
|
029dc7 |
# service legacy actions (RHBZ#748134)
|
|
|
029dc7 |
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions
|
|
|
029dc7 |
|
|
|
6ef253 |
# boostrap mode to assist in libip{4,6}tc SONAME bump
|
|
|
6ef253 |
%global bootstrap 1
|
|
|
6ef253 |
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
%global version_old 1.8.2
|
|
|
6ef253 |
%global iptc_so_ver_old 0
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
%global iptc_so_ver 2
|
|
|
6ef253 |
|
|
|
029dc7 |
Name: iptables
|
|
|
029dc7 |
Summary: Tools for managing Linux kernel packet filtering capabilities
|
|
|
6ef253 |
URL: http://www.netfilter.org/projects/iptables
|
|
|
6ef253 |
Version: 1.8.4
|
|
|
4ff01d |
Release: 24%{?dist}
|
|
|
6ef253 |
Source: %{url}/files/%{name}-%{version}.tar.bz2
|
|
|
029dc7 |
Source1: iptables.init
|
|
|
029dc7 |
Source2: iptables-config
|
|
|
029dc7 |
Source3: iptables.service
|
|
|
029dc7 |
Source4: sysconfig_iptables
|
|
|
029dc7 |
Source5: sysconfig_ip6tables
|
|
|
029dc7 |
Source6: arptables.service
|
|
|
029dc7 |
Source7: arptables-helper
|
|
|
029dc7 |
Source8: ebtables.systemd
|
|
|
029dc7 |
Source9: ebtables.service
|
|
|
029dc7 |
Source10: ebtables-config
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
Source11: %{url}/files/%{name}-%{version_old}.tar.bz2
|
|
|
6ef253 |
Source12: 0003-extensions-format-security-fixes-in-libip-6-t_icmp.patch
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
|
|
|
fc8f74 |
Patch01: 0001-iptables-apply-Use-mktemp-instead-of-tempfile.patch
|
|
|
fc8f74 |
Patch02: 0002-xtables-restore-Fix-parser-feed-from-line-buffer.patch
|
|
|
fc8f74 |
Patch03: 0003-xtables-restore-Avoid-access-of-uninitialized-data.patch
|
|
|
fc8f74 |
Patch04: 0004-extensions-time-Avoid-undefined-shift.patch
|
|
|
fc8f74 |
Patch05: 0005-extensions-cluster-Avoid-undefined-shift.patch
|
|
|
fc8f74 |
Patch06: 0006-libxtables-Avoid-buffer-overrun-in-xtables_compatibl.patch
|
|
|
fc8f74 |
Patch07: 0007-xtables-translate-Guard-strcpy-call-in-xlate_ifname.patch
|
|
|
fc8f74 |
Patch08: 0008-extensions-among-Check-call-to-fstat.patch
|
|
|
fc8f74 |
Patch09: 0009-uapi-netfilter-Avoid-undefined-left-shift-in-xt_sctp.patch
|
|
|
fc8f74 |
Patch10: 0010-xtables-translate-Fix-for-interface-name-corner-case.patch
|
|
|
fc8f74 |
Patch11: 0011-xtables-translate-Fix-for-iface.patch
|
|
|
fc8f74 |
Patch12: 0012-tests-shell-Fix-skip-checks-with-host-mode.patch
|
|
|
fc8f74 |
Patch13: 0013-xtables-restore-fix-for-noflush-and-empty-lines.patch
|
|
|
fc8f74 |
Patch14: 0014-iptables-test.py-Fix-host-mode.patch
|
|
|
fc8f74 |
Patch15: 0015-xtables-Review-nft_init.patch
|
|
|
fc8f74 |
Patch16: 0016-nft-cache-Fix-nft_release_cache-under-stress.patch
|
|
|
fc8f74 |
Patch17: 0017-nft-cache-Fix-iptables-save-segfault-under-stress.patch
|
|
|
fc8f74 |
Patch18: 0018-ebtables-among-Support-mixed-MAC-and-MAC-IP-entries.patch
|
|
|
fc8f74 |
Patch19: 0019-xtables-Align-effect-of-4-6-options-with-legacy.patch
|
|
|
fc8f74 |
Patch20: 0020-xtables-Drop-4-and-6-support-from-xtables-save-resto.patch
|
|
|
fc8f74 |
Patch21: 0021-nfnl_osf-Fix-broken-conversion-to-nfnl_query.patch
|
|
|
fc8f74 |
Patch22: 0022-nfnl_osf-Improve-error-handling.patch
|
|
|
fc8f74 |
Patch23: 0023-nft-cache-Reset-genid-when-rebuilding-cache.patch
|
|
|
fc8f74 |
Patch24: 0024-nft-Fix-for-F-in-iptables-dumps.patch
|
|
|
fc8f74 |
Patch25: 0025-tests-shell-Test-F-in-dump-files.patch
|
|
|
87db66 |
Patch26: 0026-nft-Make-batch_add_chain-return-the-added-batch-obje.patch
|
|
|
87db66 |
Patch27: 0027-nft-Fix-error-reporting-for-refreshed-transactions.patch
|
|
|
87db66 |
Patch28: 0028-nft-Fix-for-concurrent-noflush-restore-calls.patch
|
|
|
87db66 |
Patch29: 0029-tests-shell-Improve-concurrent-noflush-restore-test-.patch
|
|
|
87db66 |
Patch30: 0030-nft-cache-Make-nft_rebuild_cache-respect-fake-cache.patch
|
|
|
87db66 |
Patch31: 0031-nft-Fix-for-broken-address-mask-match-detection.patch
|
|
|
87db66 |
Patch32: 0032-nft-Optimize-class-based-IP-prefix-matches.patch
|
|
|
87db66 |
Patch33: 0033-ebtables-Optimize-masked-MAC-address-matches.patch
|
|
|
87db66 |
Patch34: 0034-tests-shell-Add-test-for-bitwise-avoidance-fixes.patch
|
|
|
87db66 |
Patch35: 0035-libxtables-Make-sure-extensions-register-in-revision.patch
|
|
|
87db66 |
Patch36: 0036-libxtables-Simplify-pending-extension-registration.patch
|
|
|
87db66 |
Patch37: 0037-libxtables-Register-multiple-extensions-in-ascending.patch
|
|
|
87db66 |
Patch38: 0038-tests-shell-Test-for-fixed-extension-registration.patch
|
|
|
87db66 |
Patch39: 0039-extensions-libipt_icmp-Fix-translation-of-type-any.patch
|
|
|
87db66 |
Patch40: 0040-extensions-libxt_CT-add-translation-for-NOTRACK.patch
|
|
|
87db66 |
Patch41: 0041-nft-Fix-command-name-in-ip6tables-error-message.patch
|
|
|
87db66 |
Patch42: 0042-tests-shell-Merge-and-extend-return-codes-test.patch
|
|
|
87db66 |
Patch43: 0043-extensions-dccp-Fix-for-DCCP-type-INVALID.patch
|
|
|
ec5e2e |
Patch44: 0044-xtables-monitor-Fix-ip6tables-rule-printing.patch
|
|
|
ec5e2e |
Patch45: 0045-xtables-monitor-fix-rule-printing.patch
|
|
|
ec5e2e |
Patch46: 0046-xtables-monitor-fix-packet-family-protocol.patch
|
|
|
ec5e2e |
Patch47: 0047-xtables-monitor-print-packet-first.patch
|
|
|
ec5e2e |
Patch48: 0048-xtables-monitor.patch
|
|
|
ec5e2e |
Patch49: 0049-nft-Fix-bitwise-expression-avoidance-detection.patch
|
|
|
ec5e2e |
Patch50: 0050-xtables-translate-Fix-translation-of-odd-netmasks.patch
|
|
|
ec5e2e |
Patch51: 0051-Eliminate-inet_aton-and-inet_ntoa.patch
|
|
|
ec5e2e |
Patch52: 0052-xtables-arp-Don-t-use-ARPT_INV_.patch
|
|
|
ec5e2e |
Patch53: 0053-nft-arp-Make-use-of-ipv4_addr_to_string.patch
|
|
|
ec5e2e |
Patch54: 0054-extensions-SECMARK-Implement-revision-1.patch
|
|
|
ec5e2e |
Patch55: 0055-extensions-sctp-Fix-nftables-translation.patch
|
|
|
ec5e2e |
Patch56: 0056-extensions-sctp-Translate-chunk-types-option.patch
|
|
|
ec5e2e |
Patch57: 0057-extensions-SECMARK-Use-a-better-context-in-test-case.patch
|
|
|
ec5e2e |
Patch58: 0058-nft-cache-Retry-if-kernel-returns-EINTR.patch
|
|
|
6ab069 |
Patch59: 0059-doc-ebtables-nft.8-Adjust-for-missing-atomic-options.patch
|
|
|
6ab069 |
Patch60: 0060-ebtables-Dump-atomic-waste.patch
|
|
|
6ab069 |
Patch61: 0061-extensions-hashlimit-Fix-tests-with-HZ-100.patch
|
|
|
6ab069 |
Patch62: 0062-extensions-hashlimit-Fix-tests-with-HZ-1000.patch
|
|
|
d8275f |
Patch63: 0063-nft-Simplify-immediate-parsing.patch
|
|
|
d8275f |
Patch64: 0064-nft-Speed-up-immediate-parsing.patch
|
|
|
d8275f |
Patch65: 0065-xshared-Prefer-xtables_chain_protos-lookup-over-getp.patch
|
|
|
d8275f |
Patch66: 0066-xshared-Merge-and-share-parse_chain.patch
|
|
|
d8275f |
Patch67: 0067-nft-Reject-standard-targets-as-chain-names-when-rest.patch
|
|
|
d8275f |
Patch68: 0068-libxtables-Implement-notargets-hash-table.patch
|
|
|
d8275f |
Patch69: 0069-libxtables-Boost-rule-target-checks-by-announcing-ch.patch
|
|
|
d8275f |
Patch70: 0070-Use-proto_to_name-from-xshared-in-more-places.patch
|
|
|
d8275f |
Patch71: 0071-libxtables-Register-only-the-highest-revision-extens.patch
|
|
|
d8275f |
Patch72: 0072-xshared-Fix-response-to-unprivileged-users.patch
|
|
|
d8275f |
Patch73: 0073-Improve-error-messages-for-unsupported-extensions.patch
|
|
|
d8275f |
Patch74: 0074-nft-Fix-EPERM-handling-for-extensions-without-rev-0.patch
|
|
|
d8275f |
Patch75: 0075-tests-shell-Check-overhead-in-iptables-save-and-rest.patch
|
|
|
d8275f |
Patch76: 0076-libxtables-Fix-unsupported-extension-warning-corner-.patch
|
|
|
4ff01d |
Patch77: 0077-nft-shared-Introduce-__get_cmp_data.patch
|
|
|
4ff01d |
Patch78: 0078-ebtables-Support-p-Length.patch
|
|
|
6ef253 |
|
|
|
029dc7 |
# pf.os: ISC license
|
|
|
029dc7 |
# iptables-apply: Artistic Licence 2.0
|
|
|
029dc7 |
License: GPLv2 and Artistic 2.0 and ISC
|
|
|
029dc7 |
|
|
|
029dc7 |
# libnetfilter_conntrack is needed for xt_connlabel
|
|
|
029dc7 |
BuildRequires: pkgconfig(libnetfilter_conntrack)
|
|
|
029dc7 |
# libnfnetlink-devel is requires for nfnl_osf
|
|
|
029dc7 |
BuildRequires: pkgconfig(libnfnetlink)
|
|
|
029dc7 |
BuildRequires: libselinux-devel
|
|
|
029dc7 |
BuildRequires: kernel-headers
|
|
|
029dc7 |
BuildRequires: systemd
|
|
|
029dc7 |
# libmnl, libnftnl, bison, flex for nftables
|
|
|
029dc7 |
BuildRequires: bison
|
|
|
029dc7 |
BuildRequires: flex
|
|
|
029dc7 |
BuildRequires: gcc
|
|
|
029dc7 |
BuildRequires: pkgconfig(libmnl) >= 1.0
|
|
|
6ef253 |
BuildRequires: pkgconfig(libnftnl) >= 1.1.5-1
|
|
|
029dc7 |
# libpcap-devel for nfbpf_compile
|
|
|
029dc7 |
BuildRequires: libpcap-devel
|
|
|
029dc7 |
BuildRequires: autoconf
|
|
|
029dc7 |
BuildRequires: automake
|
|
|
029dc7 |
BuildRequires: libtool
|
|
|
029dc7 |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
029dc7 |
%if 0%{?fedora} > 24
|
|
|
029dc7 |
Conflicts: setup < 2.10.4-1
|
|
|
029dc7 |
%endif
|
|
|
029dc7 |
|
|
|
029dc7 |
%description
|
|
|
029dc7 |
The iptables utility controls the network packet filtering code in the
|
|
|
029dc7 |
Linux kernel. If you need to set up firewalls and/or IP masquerading,
|
|
|
029dc7 |
you should either install nftables or this package.
|
|
|
029dc7 |
|
|
|
029dc7 |
Note: This package contains the nftables-based variants of iptables and
|
|
|
029dc7 |
ip6tables, which are drop-in replacements of the legacy tools.
|
|
|
029dc7 |
|
|
|
029dc7 |
%package libs
|
|
|
029dc7 |
Summary: iptables libraries
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
|
|
|
029dc7 |
%description libs
|
|
|
029dc7 |
iptables libraries.
|
|
|
029dc7 |
|
|
|
029dc7 |
Please remember that libip*tc libraries do neither have a stable API nor a real so version.
|
|
|
029dc7 |
|
|
|
029dc7 |
For more information about this, please have a look at
|
|
|
029dc7 |
|
|
|
029dc7 |
http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.5
|
|
|
029dc7 |
|
|
|
029dc7 |
|
|
|
029dc7 |
%package devel
|
|
|
029dc7 |
Summary: Development package for iptables
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
|
029dc7 |
Requires: iptables-libs = %{version}-%{release}
|
|
|
029dc7 |
Requires: pkgconfig
|
|
|
029dc7 |
|
|
|
029dc7 |
%description devel
|
|
|
029dc7 |
iptables development headers and libraries.
|
|
|
029dc7 |
|
|
|
029dc7 |
The iptc libraries are marked as not public by upstream. The interface is not
|
|
|
029dc7 |
stable and may change with every new version. It is therefore unsupported.
|
|
|
029dc7 |
|
|
|
029dc7 |
%package services
|
|
|
029dc7 |
Summary: iptables and ip6tables services for iptables
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
Requires: %{name} = %{version}-%{release}
|
|
|
029dc7 |
Requires(post): systemd
|
|
|
029dc7 |
Requires(preun): systemd
|
|
|
029dc7 |
Requires(postun): systemd
|
|
|
029dc7 |
# obsolete old main package
|
|
|
029dc7 |
Obsoletes: %{name} < 1.4.16.1
|
|
|
029dc7 |
# obsolete ipv6 sub package
|
|
|
029dc7 |
Obsoletes: %{name}-ipv6 < 1.4.11.1
|
|
|
029dc7 |
|
|
|
029dc7 |
%description services
|
|
|
029dc7 |
iptables services for IPv4 and IPv6
|
|
|
029dc7 |
|
|
|
029dc7 |
This package provides the services iptables and ip6tables that have been split
|
|
|
029dc7 |
out of the base package since they are not active by default anymore.
|
|
|
029dc7 |
|
|
|
029dc7 |
%package utils
|
|
|
029dc7 |
Summary: iptables and ip6tables services for iptables
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
Requires: %{name} = %{version}-%{release}
|
|
|
029dc7 |
|
|
|
029dc7 |
%description utils
|
|
|
029dc7 |
Utils for iptables.
|
|
|
029dc7 |
|
|
|
029dc7 |
Currently only provides nfnl_osf with the pf.os database.
|
|
|
029dc7 |
|
|
|
029dc7 |
%package arptables
|
|
|
029dc7 |
Summary: User space tool to set up tables of ARP rules in kernel
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
Requires: %{name} = %{version}-%{release}
|
|
|
029dc7 |
Obsoletes: arptables
|
|
|
029dc7 |
Provides: arptables
|
|
|
029dc7 |
|
|
|
029dc7 |
%description arptables
|
|
|
029dc7 |
The arptables tool is used to set up and maintain
|
|
|
029dc7 |
the tables of ARP rules in the Linux kernel. These rules inspect
|
|
|
029dc7 |
the ARP frames which they see. arptables is analogous to the iptables
|
|
|
029dc7 |
user space tool, but is less complicated.
|
|
|
029dc7 |
|
|
|
029dc7 |
Note: This package contains the nftables-based variant of arptables, a drop-in
|
|
|
029dc7 |
replacement of the legacy tool.
|
|
|
029dc7 |
|
|
|
029dc7 |
%package ebtables
|
|
|
029dc7 |
Summary: Ethernet Bridge frame table administration tool
|
|
|
029dc7 |
Group: System Environment/Base
|
|
|
029dc7 |
Requires: %{name} = %{version}-%{release}
|
|
|
029dc7 |
Obsoletes: ebtables
|
|
|
029dc7 |
Provides: ebtables
|
|
|
029dc7 |
|
|
|
029dc7 |
%description ebtables
|
|
|
029dc7 |
Ethernet bridge tables is a firewalling tool to transparently filter network
|
|
|
029dc7 |
traffic passing a bridge. The filtering possibilities are limited to link
|
|
|
029dc7 |
layer filtering and some basic filtering on higher network layers.
|
|
|
029dc7 |
|
|
|
029dc7 |
This tool is the userspace control for the bridge and ebtables kernel
|
|
|
029dc7 |
components (built by default in RHEL kernels).
|
|
|
029dc7 |
|
|
|
029dc7 |
The ebtables tool can be used together with the other Linux filtering tools,
|
|
|
029dc7 |
like iptables. There are no known incompatibility issues.
|
|
|
029dc7 |
|
|
|
029dc7 |
Note: This package contains the nftables-based variant of ebtables, a drop-in
|
|
|
029dc7 |
replacement of the legacy tool.
|
|
|
029dc7 |
|
|
|
029dc7 |
%prep
|
|
|
029dc7 |
%autosetup -p1
|
|
|
029dc7 |
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
%{__mkdir} -p bootstrap_ver
|
|
|
6ef253 |
pushd bootstrap_ver
|
|
|
6ef253 |
%{__tar} --strip-components=1 -xf %{SOURCE11}
|
|
|
6ef253 |
%{__patch} -p1 <%{SOURCE12}
|
|
|
6ef253 |
popd
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
|
|
|
029dc7 |
%build
|
|
|
029dc7 |
./autogen.sh
|
|
|
029dc7 |
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
|
|
|
029dc7 |
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
|
|
|
029dc7 |
|
|
|
029dc7 |
# do not use rpath
|
|
|
029dc7 |
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
|
|
029dc7 |
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
|
|
029dc7 |
|
|
|
029dc7 |
rm -f include/linux/types.h
|
|
|
029dc7 |
|
|
|
029dc7 |
make %{?_smp_mflags} V=1
|
|
|
029dc7 |
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
pushd bootstrap_ver
|
|
|
6ef253 |
./autogen.sh
|
|
|
6ef253 |
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
|
|
|
6ef253 |
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
|
|
|
6ef253 |
|
|
|
6ef253 |
# do not use rpath
|
|
|
6ef253 |
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
|
|
|
6ef253 |
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
|
|
|
6ef253 |
|
|
|
6ef253 |
rm -f include/linux/types.h
|
|
|
6ef253 |
|
|
|
6ef253 |
make %{?_smp_mflags} V=1
|
|
|
6ef253 |
popd
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
|
|
|
029dc7 |
%install
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
%make_install -C bootstrap_ver
|
|
|
6ef253 |
find %{buildroot} -xtype f -not \
|
|
|
6ef253 |
-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
|
|
|
6ef253 |
find %{buildroot} -type l -not \
|
|
|
6ef253 |
-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
|
|
|
029dc7 |
make install DESTDIR=%{buildroot}
|
|
|
029dc7 |
# remove la file(s)
|
|
|
029dc7 |
rm -f %{buildroot}/%{_libdir}/*.la
|
|
|
029dc7 |
|
|
|
029dc7 |
# install ip*tables.h header files
|
|
|
029dc7 |
install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
|
|
|
029dc7 |
install -d -m 755 %{buildroot}%{_includedir}/iptables
|
|
|
029dc7 |
install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
|
|
|
029dc7 |
|
|
|
029dc7 |
# install ipulog header file
|
|
|
029dc7 |
install -d -m 755 %{buildroot}%{_includedir}/libipulog/
|
|
|
029dc7 |
install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
|
|
|
029dc7 |
|
|
|
029dc7 |
# install init scripts and configuration files
|
|
|
029dc7 |
install -d -m 755 %{buildroot}%{script_path}
|
|
|
029dc7 |
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
|
|
|
029dc7 |
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
|
|
|
029dc7 |
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
|
|
|
029dc7 |
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
|
|
|
029dc7 |
install -c -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
|
|
|
029dc7 |
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
|
|
|
029dc7 |
install -c -m 600 ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
|
|
|
029dc7 |
install -c -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
|
|
|
029dc7 |
install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
|
|
|
029dc7 |
|
|
|
029dc7 |
# install systemd service files
|
|
|
029dc7 |
install -d -m 755 %{buildroot}/%{_unitdir}
|
|
|
029dc7 |
install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
|
|
|
029dc7 |
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
|
|
|
029dc7 |
install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}
|
|
|
029dc7 |
|
|
|
029dc7 |
# install legacy actions for service command
|
|
|
029dc7 |
install -d %{buildroot}/%{legacy_actions}/iptables
|
|
|
029dc7 |
install -d %{buildroot}/%{legacy_actions}/ip6tables
|
|
|
029dc7 |
|
|
|
029dc7 |
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/save
|
|
|
029dc7 |
#!/bin/bash
|
|
|
029dc7 |
exec %{script_path}/iptables.init save
|
|
|
029dc7 |
EOF
|
|
|
029dc7 |
chmod 755 %{buildroot}/%{legacy_actions}/iptables/save
|
|
|
029dc7 |
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
|
|
|
029dc7 |
install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
|
|
|
029dc7 |
|
|
|
029dc7 |
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/panic
|
|
|
029dc7 |
#!/bin/bash
|
|
|
029dc7 |
exec %{script_path}/iptables.init panic
|
|
|
029dc7 |
EOF
|
|
|
029dc7 |
chmod 755 %{buildroot}/%{legacy_actions}/iptables/panic
|
|
|
029dc7 |
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy
|
|
|
029dc7 |
install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic
|
|
|
029dc7 |
|
|
|
029dc7 |
# install iptables-apply with man page
|
|
|
029dc7 |
install -m 755 iptables/iptables-apply %{buildroot}%{_sbindir}/
|
|
|
029dc7 |
install -m 644 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8/
|
|
|
029dc7 |
|
|
|
029dc7 |
%if 0%{?fedora} > 24
|
|
|
029dc7 |
# Remove /etc/ethertypes (now part of setup)
|
|
|
029dc7 |
rm -f %{buildroot}%{_sysconfdir}/ethertypes
|
|
|
029dc7 |
%endif
|
|
|
029dc7 |
|
|
|
029dc7 |
# drop all legacy tools
|
|
|
029dc7 |
rm -f %{buildroot}%{_sbindir}/*legacy*
|
|
|
029dc7 |
rm -f %{buildroot}%{_bindir}/iptables-xml
|
|
|
029dc7 |
rm -f %{buildroot}%{_mandir}/man1/iptables-xml*
|
|
|
029dc7 |
rm -f %{buildroot}%{_mandir}/man8/xtables-legacy*
|
|
|
029dc7 |
|
|
|
029dc7 |
# rename nft versions to standard name
|
|
|
029dc7 |
pfx=%{buildroot}%{_sbindir}/iptables
|
|
|
029dc7 |
for pfx in %{buildroot}%{_sbindir}/{iptables,ip6tables,arptables,ebtables}; do
|
|
|
029dc7 |
mv $pfx-nft $pfx
|
|
|
029dc7 |
mv $pfx-nft-restore $pfx-restore
|
|
|
029dc7 |
mv $pfx-nft-save $pfx-save
|
|
|
029dc7 |
done
|
|
|
029dc7 |
|
|
|
029dc7 |
# extra sources for arptables
|
|
|
029dc7 |
install -p -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/arptables.service
|
|
|
029dc7 |
mkdir -p %{buildroot}%{_libexecdir}/
|
|
|
029dc7 |
install -p -D -m 755 %{SOURCE7} %{buildroot}%{_libexecdir}/
|
|
|
029dc7 |
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
|
|
|
029dc7 |
echo '# Configure prior to use' > %{buildroot}%{_sysconfdir}/sysconfig/arptables
|
|
|
6ef253 |
for sfx in "" "-restore" "-save"; do
|
|
|
6ef253 |
echo '.so man8/arptables-nft${sfx}.8' > \
|
|
|
6ef253 |
%{buildroot}%{_mandir}/man8/arptables${sfx}.8
|
|
|
6ef253 |
done
|
|
|
029dc7 |
|
|
|
029dc7 |
# extra sources for ebtables
|
|
|
029dc7 |
install -p %{SOURCE9} %{buildroot}%{_unitdir}/
|
|
|
029dc7 |
install -m0755 %{SOURCE8} %{buildroot}%{_libexecdir}/ebtables
|
|
|
029dc7 |
install -m0600 %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config
|
|
|
029dc7 |
touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables
|
|
|
6ef253 |
echo '.so man8/ebtables-nft.8' > %{buildroot}%{_mandir}/man8/ebtables.8
|
|
|
029dc7 |
|
|
|
029dc7 |
%if 0%{?rhel}
|
|
|
029dc7 |
%pre
|
|
|
029dc7 |
for p in %{_sysconfdir}/alternatives/{iptables,ip6tables}.*; do
|
|
|
029dc7 |
if [ -h "$p" ]; then
|
|
|
029dc7 |
ipt=$(readlink "$p")
|
|
|
029dc7 |
echo "Removing alternatives for ${p##*/} with path $ipt"
|
|
|
029dc7 |
%{_sbindir}/alternatives --remove "${p##*/}" "$ipt"
|
|
|
029dc7 |
fi
|
|
|
029dc7 |
done
|
|
|
029dc7 |
%endif
|
|
|
029dc7 |
|
|
|
029dc7 |
%post -p /sbin/ldconfig
|
|
|
029dc7 |
|
|
|
029dc7 |
%postun -p /sbin/ldconfig
|
|
|
029dc7 |
|
|
|
029dc7 |
%post services
|
|
|
029dc7 |
%systemd_post iptables.service ip6tables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%preun services
|
|
|
029dc7 |
%systemd_preun iptables.service ip6tables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%postun services
|
|
|
029dc7 |
/sbin/ldconfig
|
|
|
029dc7 |
%systemd_postun iptables.service ip6tables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%post arptables
|
|
|
029dc7 |
%systemd_post arptables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%preun arptables
|
|
|
029dc7 |
%systemd_preun arptables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%postun arptables
|
|
|
029dc7 |
%systemd_postun arptables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%post ebtables
|
|
|
029dc7 |
%systemd_post ebtables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%preun ebtables
|
|
|
029dc7 |
%systemd_preun ebtables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%postun ebtables
|
|
|
029dc7 |
%systemd_postun_with_restart ebtables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
%files
|
|
|
029dc7 |
%{!?_licensedir:%global license %%doc}
|
|
|
029dc7 |
%license COPYING
|
|
|
029dc7 |
%doc INCOMPATIBILITIES
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/iptables-config
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables-config
|
|
|
029dc7 |
%if 0%{?fedora} <= 24
|
|
|
029dc7 |
%{_sysconfdir}/ethertypes
|
|
|
029dc7 |
%endif
|
|
|
029dc7 |
%{_sbindir}/iptables
|
|
|
029dc7 |
%{_sbindir}/iptables-apply
|
|
|
029dc7 |
%{_sbindir}/iptables-restore
|
|
|
029dc7 |
%{_sbindir}/iptables-restore-translate
|
|
|
029dc7 |
%{_sbindir}/iptables-save
|
|
|
029dc7 |
%{_sbindir}/iptables-translate
|
|
|
029dc7 |
%{_sbindir}/ip6tables
|
|
|
029dc7 |
%{_sbindir}/ip6tables-restore
|
|
|
029dc7 |
%{_sbindir}/ip6tables-restore-translate
|
|
|
029dc7 |
%{_sbindir}/ip6tables-save
|
|
|
029dc7 |
%{_sbindir}/ip6tables-translate
|
|
|
029dc7 |
%{_sbindir}/xtables-monitor
|
|
|
029dc7 |
%{_sbindir}/xtables-nft-multi
|
|
|
029dc7 |
%doc %{_mandir}/man8/iptables*
|
|
|
029dc7 |
%doc %{_mandir}/man8/ip6tables*
|
|
|
029dc7 |
%doc %{_mandir}/man8/xtables-monitor*
|
|
|
029dc7 |
%doc %{_mandir}/man8/xtables-nft*
|
|
|
6ef253 |
%doc %{_mandir}/man8/*tables-translate*
|
|
|
6ef253 |
%doc %{_mandir}/man8/*tables-restore-translate*
|
|
|
029dc7 |
%dir %{_libdir}/xtables
|
|
|
029dc7 |
%{_libdir}/xtables/libarpt*
|
|
|
029dc7 |
%{_libdir}/xtables/libebt*
|
|
|
029dc7 |
%{_libdir}/xtables/libipt*
|
|
|
029dc7 |
%{_libdir}/xtables/libip6t*
|
|
|
029dc7 |
%{_libdir}/xtables/libxt*
|
|
|
029dc7 |
|
|
|
029dc7 |
%files libs
|
|
|
6ef253 |
%{_libdir}/libip*tc.so.%{iptc_so_ver}*
|
|
|
6ef253 |
%if 0%{?bootstrap}
|
|
|
6ef253 |
%{_libdir}/libip*tc.so.%{iptc_so_ver_old}*
|
|
|
6ef253 |
%endif
|
|
|
6ef253 |
%{_libdir}/libxtables.so.12*
|
|
|
029dc7 |
|
|
|
029dc7 |
%files devel
|
|
|
029dc7 |
%dir %{_includedir}/iptables
|
|
|
029dc7 |
%{_includedir}/iptables/*.h
|
|
|
029dc7 |
%{_includedir}/*.h
|
|
|
029dc7 |
%dir %{_includedir}/libiptc
|
|
|
029dc7 |
%{_includedir}/libiptc/*.h
|
|
|
029dc7 |
%dir %{_includedir}/libipulog
|
|
|
029dc7 |
%{_includedir}/libipulog/*.h
|
|
|
029dc7 |
%{_libdir}/libip*tc.so
|
|
|
029dc7 |
%{_libdir}/libxtables.so
|
|
|
029dc7 |
%{_libdir}/pkgconfig/libiptc.pc
|
|
|
029dc7 |
%{_libdir}/pkgconfig/libip4tc.pc
|
|
|
029dc7 |
%{_libdir}/pkgconfig/libip6tc.pc
|
|
|
029dc7 |
%{_libdir}/pkgconfig/xtables.pc
|
|
|
029dc7 |
|
|
|
029dc7 |
%files services
|
|
|
029dc7 |
%dir %{script_path}
|
|
|
029dc7 |
%{script_path}/iptables.init
|
|
|
029dc7 |
%{script_path}/ip6tables.init
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/iptables
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables
|
|
|
029dc7 |
%{_unitdir}/iptables.service
|
|
|
029dc7 |
%{_unitdir}/ip6tables.service
|
|
|
029dc7 |
%dir %{legacy_actions}/iptables
|
|
|
029dc7 |
%{legacy_actions}/iptables/save
|
|
|
029dc7 |
%{legacy_actions}/iptables/panic
|
|
|
029dc7 |
%dir %{legacy_actions}/ip6tables
|
|
|
029dc7 |
%{legacy_actions}/ip6tables/save
|
|
|
029dc7 |
%{legacy_actions}/ip6tables/panic
|
|
|
029dc7 |
|
|
|
029dc7 |
%files utils
|
|
|
029dc7 |
%{_sbindir}/nfnl_osf
|
|
|
029dc7 |
%{_sbindir}/nfbpf_compile
|
|
|
029dc7 |
%dir %{_datadir}/xtables
|
|
|
029dc7 |
%{_datadir}/xtables/pf.os
|
|
|
029dc7 |
%doc %{_mandir}/man8/nfnl_osf*
|
|
|
029dc7 |
%doc %{_mandir}/man8/nfbpf_compile*
|
|
|
029dc7 |
|
|
|
029dc7 |
%files arptables
|
|
|
029dc7 |
%{_sbindir}/arptables*
|
|
|
029dc7 |
%{_libexecdir}/arptables-helper
|
|
|
029dc7 |
%{_unitdir}/arptables.service
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/arptables
|
|
|
6ef253 |
%doc %{_mandir}/man8/arptables*.8*
|
|
|
029dc7 |
|
|
|
029dc7 |
%files ebtables
|
|
|
029dc7 |
%{_sbindir}/ebtables*
|
|
|
029dc7 |
%{_libexecdir}/ebtables
|
|
|
029dc7 |
%{_unitdir}/ebtables.service
|
|
|
029dc7 |
%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
|
|
|
029dc7 |
%ghost %{_sysconfdir}/sysconfig/ebtables
|
|
|
6ef253 |
%doc %{_mandir}/man8/ebtables*.8*
|
|
|
029dc7 |
|
|
|
029dc7 |
%changelog
|
|
|
4ff01d |
* Wed Nov 23 2022 Phil Sutter <psutter@redhat.com> - 1.8.4-24
|
|
|
4ff01d |
- ebtables: Support '-p Length'
|
|
|
4ff01d |
- nft-shared: Introduce __get_cmp_data()
|
|
|
4ff01d |
|
|
|
d8275f |
* Fri Jul 01 2022 Phil Sutter <psutter@redhat.com> - 1.8.4-23
|
|
|
d8275f |
- libxtables: Fix unsupported extension warning corner case
|
|
|
d8275f |
- tests: shell: Check overhead in iptables-save and -restore
|
|
|
d8275f |
- nft: Fix EPERM handling for extensions without rev 0
|
|
|
d8275f |
- Improve error messages for unsupported extensions
|
|
|
d8275f |
- xshared: Fix response to unprivileged users
|
|
|
d8275f |
- libxtables: Register only the highest revision extension
|
|
|
d8275f |
- Use proto_to_name() from xshared in more places
|
|
|
d8275f |
- libxtables: Boost rule target checks by announcing chain names
|
|
|
d8275f |
- libxtables: Implement notargets hash table
|
|
|
d8275f |
- nft: Reject standard targets as chain names when restoring
|
|
|
d8275f |
- xshared: Merge and share parse_chain()
|
|
|
d8275f |
- xshared: Prefer xtables_chain_protos lookup over getprotoent
|
|
|
d8275f |
- nft: Speed up immediate parsing
|
|
|
d8275f |
- nft: Simplify immediate parsing
|
|
|
d8275f |
|
|
|
6ab069 |
* Mon Nov 29 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-22
|
|
|
6ab069 |
- extensions: hashlimit: Fix tests with HZ=1000
|
|
|
6ab069 |
|
|
|
6ab069 |
* Thu Oct 07 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-21
|
|
|
6ab069 |
- extensions: hashlimit: Fix tests with HZ=100
|
|
|
6ab069 |
- ebtables: Dump atomic waste
|
|
|
6ab069 |
- doc: ebtables-nft.8: Adjust for missing atomic-options
|
|
|
6ab069 |
|
|
|
ec5e2e |
* Wed Aug 04 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-20
|
|
|
ec5e2e |
- extensions: SECMARK: Use a better context in test case
|
|
|
ec5e2e |
- extensions: sctp: Translate --chunk-types option
|
|
|
ec5e2e |
- extensions: sctp: Fix nftables translation
|
|
|
ec5e2e |
- extensions: SECMARK: Implement revision 1
|
|
|
ec5e2e |
- nft: cache: Retry if kernel returns EINTR
|
|
|
ec5e2e |
|
|
|
ec5e2e |
* Fri Jun 18 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-19
|
|
|
ec5e2e |
- Fix for rpminspect results
|
|
|
ec5e2e |
|
|
|
ec5e2e |
* Mon May 24 2021 Phil Sutter <psutter@redhat.com> - 1.8.4-18
|
|
|
ec5e2e |
- xtables-translate: Fix translation of odd netmasks
|
|
|
ec5e2e |
- nft: Fix bitwise expression avoidance detection
|
|
|
ec5e2e |
- xtables-monitor: 'LL=0x304' is not very convenient, print LOOPBACK instead.
|
|
|
ec5e2e |
- xtables-monitor: print packet first
|
|
|
ec5e2e |
- xtables-monitor: fix packet family protocol
|
|
|
ec5e2e |
- xtables-monitor: fix rule printing
|
|
|
ec5e2e |
- xtables-monitor: Fix ip6tables rule printing
|
|
|
ec5e2e |
|
|
|
87db66 |
* Thu Dec 10 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-17
|
|
|
87db66 |
- extensions: dccp: Fix for DCCP type 'INVALID'
|
|
|
87db66 |
- tests: shell: Merge and extend return codes test
|
|
|
87db66 |
- nft: Fix command name in ip6tables error message
|
|
|
87db66 |
- extensions: libxt_CT: add translation for NOTRACK
|
|
|
87db66 |
- extensions: libipt_icmp: Fix translation of type 'any'
|
|
|
87db66 |
- tests/shell: Test for fixed extension registration
|
|
|
87db66 |
- libxtables: Register multiple extensions in ascending order
|
|
|
87db66 |
- libxtables: Simplify pending extension registration
|
|
|
87db66 |
- libxtables: Make sure extensions register in revision order
|
|
|
87db66 |
|
|
|
87db66 |
* Wed Oct 28 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-16
|
|
|
87db66 |
- tests/shell: Add test for bitwise avoidance fixes
|
|
|
87db66 |
- ebtables: Optimize masked MAC address matches
|
|
|
87db66 |
- nft: Optimize class-based IP prefix matches
|
|
|
87db66 |
- nft: Fix for broken address mask match detection
|
|
|
87db66 |
- nft: cache: Make nft_rebuild_cache() respect fake cache
|
|
|
87db66 |
- tests: shell: Improve concurrent noflush restore test a bit
|
|
|
87db66 |
- nft: Fix for concurrent noflush restore calls
|
|
|
87db66 |
- nft: Fix error reporting for refreshed transactions
|
|
|
87db66 |
- nft: Make batch_add_chain() return the added batch object
|
|
|
87db66 |
|
|
|
87db66 |
* Sat Aug 15 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-15
|
|
|
87db66 |
- Ignore sysctl files not suffixed '.conf'
|
|
|
87db66 |
|
|
|
fc8f74 |
* Wed Jun 24 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-14
|
|
|
fc8f74 |
- nft: Fix for '-F' in iptables dumps
|
|
|
fc8f74 |
- tests: shell: Test -F in dump files
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Fri May 29 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-13
|
|
|
fc8f74 |
- Fix for endless loop in iptables-restore --test
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Tue May 26 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-12
|
|
|
fc8f74 |
- Unbreak nfnl_osf tool
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Tue May 19 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-11
|
|
|
fc8f74 |
- Complete ebtables-nft among match support
|
|
|
fc8f74 |
- Replace RHEL-only xtables-monitor fix with upstream solution
|
|
|
fc8f74 |
- xtables: Align effect of -4/-6 options with legacy
|
|
|
fc8f74 |
- xtables: Drop -4 and -6 support from xtables-{save,restore}
|
|
|
fc8f74 |
- Review systemd unit files
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Tue Mar 17 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-10
|
|
|
fc8f74 |
- Fix for iptables-restore segfault under pressure
|
|
|
fc8f74 |
- Fix for iptables-save segfault under pressure
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Mon Feb 24 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-9
|
|
|
fc8f74 |
- iptables-test.py: Fix --host mode
|
|
|
fc8f74 |
- xtables-monitor: Fix segfault when tracing
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Sat Feb 15 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-8
|
|
|
fc8f74 |
- xtables-translate: Fix for iface++
|
|
|
fc8f74 |
- tests: shell: Fix skip checks with --host mode
|
|
|
fc8f74 |
- xtables-restore: fix for --noflush and empty lines
|
|
|
fc8f74 |
|
|
|
fc8f74 |
* Wed Feb 12 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-7
|
|
|
fc8f74 |
- xtables-translate: Fix for interface name corner-cases
|
|
|
fc8f74 |
|
|
|
6ef253 |
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-6
|
|
|
6ef253 |
- Add missing patch in last release, uAPI covscan fix
|
|
|
6ef253 |
|
|
|
6ef253 |
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-5
|
|
|
6ef253 |
- Fix covscan-indicated problems
|
|
|
6ef253 |
|
|
|
6ef253 |
* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-4
|
|
|
6ef253 |
- Fix for broken xtables-restore --noflush
|
|
|
6ef253 |
|
|
|
6ef253 |
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-3
|
|
|
6ef253 |
- Reduce globbing in library file names to expose future SONAME changes
|
|
|
6ef253 |
- Add bootstrapping for libip*tc SONAME bump
|
|
|
6ef253 |
|
|
|
6ef253 |
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-2
|
|
|
6ef253 |
- Use upstream-provided man pages for ebtables and arptables
|
|
|
6ef253 |
|
|
|
6ef253 |
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-1
|
|
|
6ef253 |
- Rebase onto upstream release 1.8.4
|
|
|
6ef253 |
|
|
|
6ef253 |
* Thu Aug 08 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-16
|
|
|
6ef253 |
- nft: Set socket receive buffer
|
|
|
6ef253 |
|
|
|
6ef253 |
* Wed Jul 31 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-15
|
|
|
6ef253 |
- doc: Install ip{6,}tables-restore-translate.8 man pages
|
|
|
6ef253 |
|
|
|
6ef253 |
* Tue Jul 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-14
|
|
|
6ef253 |
- arptables: Print space before comma and counters
|
|
|
6ef253 |
- extensions: Fix ipvs vproto parsing
|
|
|
6ef253 |
- extensions: Fix ipvs vproto option printing
|
|
|
6ef253 |
- extensions: Add testcase for libxt_ipvs
|
|
|
6ef253 |
|
|
|
6ef253 |
* Mon Jul 01 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-13
|
|
|
6ef253 |
- doc: Install ip{6,}tables-translate.8 manpages
|
|
|
6ef253 |
- nft: Eliminate dead code in __nft_rule_list
|
|
|
6ef253 |
|
|
|
029dc7 |
* Wed Jun 12 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-12
|
|
|
029dc7 |
- Add iptables-test.py testsuite to sources
|
|
|
029dc7 |
- extensions: libip6t_mh: fix bogus translation error
|
|
|
029dc7 |
- extensions: AUDIT: Document ineffective --type option
|
|
|
029dc7 |
- xtables-restore: Fix program names in help texts
|
|
|
029dc7 |
- xtables-save: Point at existing man page in help text
|
|
|
029dc7 |
- utils: Add a manpage for nfbpf_compile
|
|
|
029dc7 |
- Mark man pages in base package as documentation files
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu May 23 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-11
|
|
|
029dc7 |
- Enable verbose output when building
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu May 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-10
|
|
|
029dc7 |
- arptables-nft: fix decoding of hlen on bigendian platforms
|
|
|
029dc7 |
- xtables-save: Fix table not found error message
|
|
|
029dc7 |
- xtables: Catch errors when zeroing rule rounters
|
|
|
029dc7 |
- extensions: TRACE: Point at xtables-monitor in documentation
|
|
|
029dc7 |
- extensions: libipt_realm: Document allowed realm values
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 08 2019 Phil Sutter - 1.8.2-9
|
|
|
029dc7 |
- ebtables-nft: Support user-defined chain policies
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 07 2019 Phil Sutter - 1.8.2-8
|
|
|
029dc7 |
- arptables.8: Document --set-counters option
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 07 2019 Phil Sutter - 1.8.2-7
|
|
|
029dc7 |
- arptables: Support --set-counters option
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 01 2019 Phil Sutter - 1.8.2-6
|
|
|
029dc7 |
- Improve performance with large rulesets
|
|
|
029dc7 |
- Fix for changes in arptables output
|
|
|
029dc7 |
- Fix for inserting rules at wrong position
|
|
|
029dc7 |
- Fix segfault when comparing rules with standard target
|
|
|
029dc7 |
- Fix ebtables output for negated values
|
|
|
029dc7 |
- Document missing arptables FORWARD chain
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Dec 18 2018 Phil Sutter - 1.8.2-5
|
|
|
029dc7 |
- Drop change to test snippet not included in tarball from Patch4
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Dec 18 2018 Phil Sutter - 1.8.2-4
|
|
|
029dc7 |
- Fix iptables init script for nftables-backend
|
|
|
029dc7 |
- Drop references to unsupported broute table from ebtables man page
|
|
|
029dc7 |
- xtables: Don't use native nftables comments
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Dec 06 2018 Phil Sutter - 1.8.2-3
|
|
|
029dc7 |
- Drop change to test snippet not included in tarball from Patch3
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Dec 06 2018 Phil Sutter - 1.8.2-2
|
|
|
029dc7 |
- Point out that nftables-variants are installed in package description
|
|
|
029dc7 |
- Fix for deleting arptables rules by referencing them
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Dec 06 2018 Phil Sutter - 1.8.2-1
|
|
|
029dc7 |
- Rebase onto upstream version 1.8.2
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Oct 25 2018 Phil Sutter - 1.8.1-2
|
|
|
029dc7 |
- Add upstream fixes to 1.8.1 release
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Oct 25 2018 Phil Sutter - 1.8.1-1
|
|
|
029dc7 |
- Rebase onto upstream version 1.8.1
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Sep 27 2018 Phil Sutter - 1.8.0-11
|
|
|
029dc7 |
- Fix for covscan warnings in init scripts
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Sep 26 2018 Phil Sutter - 1.8.0-10
|
|
|
029dc7 |
- Fix short name of Artistic Licence
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Sep 26 2018 Phil Sutter - 1.8.0-9
|
|
|
029dc7 |
- Add further fixes for issues identified by covscan
|
|
|
029dc7 |
- Fix for bogus "is incompatible" warnings
|
|
|
029dc7 |
- Fix layout in License tag
|
|
|
029dc7 |
- Replace "Fedora" with "RHEL" in description
|
|
|
029dc7 |
- Make devel sub-package depend on libs sub-package
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 17 2018 Phil Sutter - 1.8.0-8
|
|
|
029dc7 |
- Fix issues identified by covscan
|
|
|
029dc7 |
- xtables-restore: Fix flushing referenced custom chains
|
|
|
029dc7 |
- xtables: Accept --wait in iptables-nft-restore
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 03 2018 Phil Sutter - 1.8.0-7
|
|
|
029dc7 |
- xtables: Align return codes with legacy iptables
|
|
|
029dc7 |
- xtables: Drop use of IP6T_F_PROTO
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 29 2018 Phil Sutter - 1.8.0-6
|
|
|
029dc7 |
- xtables: Fix for deleting rules with comment
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Aug 24 2018 Phil Sutter - 1.8.0-5
|
|
|
029dc7 |
- xtables: Use meta l4proto for -p match
|
|
|
029dc7 |
- ebtables: Fix for listing of non-existent chains
|
|
|
029dc7 |
- xtables: Fix for no output in iptables-nft -S
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Aug 18 2018 Phil Sutter - 1.8.0-4
|
|
|
029dc7 |
- xtables: Fix for segfault in iptables-nft
|
|
|
029dc7 |
- ebtables: Fix entries count in chain listing
|
|
|
029dc7 |
- Use %%autosetup macro in %%prep
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Aug 17 2018 Phil Sutter - 1.8.0-3
|
|
|
029dc7 |
- xtables: Make 'iptables -S nonexisting' return non-zero
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Aug 10 2018 Phil Sutter - 1.8.0-2
|
|
|
029dc7 |
- Rebase onto upstream master commit 514de4801b731db4712
|
|
|
029dc7 |
- Add arptables and ebtables sub-packages
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 11 2018 Phil Sutter - 1.8.0-1
|
|
|
029dc7 |
- New upstream version 1.8.0
|
|
|
029dc7 |
- Drop compat sub-package
|
|
|
029dc7 |
- Use nft tool versions, drop legacy ones
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Mar 01 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-2
|
|
|
029dc7 |
- Kill module unloading support
|
|
|
029dc7 |
- Support /etc/sysctl.d
|
|
|
029dc7 |
- Don't restart services after package update
|
|
|
029dc7 |
- Add support for --wait options to restore commands
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 21 2018 Michael Cronenworth <mike@cchtml.com> - 1.6.2-1
|
|
|
029dc7 |
- New upstream version 1.6.2
|
|
|
029dc7 |
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-6
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 1.6.1-5
|
|
|
029dc7 |
- Rebuild for new libnftnl
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-3
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 02 2017 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
|
|
|
029dc7 |
- New upstream version 1.6.1 with enhanced translation to nft support and
|
|
|
029dc7 |
several fixes (RHBZ#1417323)
|
|
|
029dc7 |
http://netfilter.org/projects/iptables/files/changes-iptables-1.6.1.txt
|
|
|
029dc7 |
- Enable parallel build again
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 02 2017 Petr Ĺ abata <contyk@redhat.com> - 1.6.0-4
|
|
|
029dc7 |
- Disabling parallel build to avoid build issues with xtables
|
|
|
029dc7 |
- See http://patchwork.alpinelinux.org/patch/1787/ for reference
|
|
|
029dc7 |
- This should be fixed in 1.6.1; parallel build can be restored after the
|
|
|
029dc7 |
update
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Dec 19 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-3
|
|
|
029dc7 |
- Dropped bad provides for iptables in services sub package (RHBZ#1327786)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jul 22 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-2
|
|
|
029dc7 |
- /etc/ethertypes has been moved into the setup package for F-25+.
|
|
|
029dc7 |
(RHBZ#1329256)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Apr 13 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-1
|
|
|
029dc7 |
- New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990)
|
|
|
029dc7 |
Upstream changelog:
|
|
|
029dc7 |
http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
|
|
|
029dc7 |
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
|
|
|
029dc7 |
- Using scripts form RHEL-7 (RHBZ#1240366)
|
|
|
029dc7 |
- New compat sub package for nftables compatibility
|
|
|
029dc7 |
- Install iptables-apply (RHBZ#912047)
|
|
|
029dc7 |
- Fixed module uninstall (RHBZ#1324101)
|
|
|
029dc7 |
- Incorporated changes by Petr Pisar
|
|
|
029dc7 |
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.21-16
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-15
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Dec 01 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-14
|
|
|
029dc7 |
- add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Nov 03 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-13
|
|
|
029dc7 |
- iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 29 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-12
|
|
|
029dc7 |
- ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-11
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.21-10
|
|
|
029dc7 |
- fix license handling
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-9
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Mar 12 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-8
|
|
|
029dc7 |
- add missing reload and panic actions
|
|
|
029dc7 |
- BuildRequires: pkgconfig(x) instead of x-devel
|
|
|
029dc7 |
- no need to specify file mode bits twice (in %%install and %%files)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Jan 19 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.4.21-7
|
|
|
029dc7 |
- Don't order services after syslog.target.
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
|
|
|
029dc7 |
- Enable connlabel support again, needs libnetfilter_conntrack
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
|
|
|
029dc7 |
- fixed update from RHEL-6 to RHEL-7 (RHBZ#1043901)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jan 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-5
|
|
|
029dc7 |
- chmod /etc/sysconfig/ip[6]tables 755 -> 600
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jan 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-4
|
|
|
029dc7 |
- drop virtual provide for xtables.so.9
|
|
|
029dc7 |
- add default /etc/sysconfig/ip[6]tables (RHBZ#1034494)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jan 09 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-3
|
|
|
029dc7 |
- no need to support the pre-systemd things
|
|
|
029dc7 |
- use systemd macros (#850166)
|
|
|
029dc7 |
- remove scriptlets for migrating to a systemd unit from a SysV initscripts
|
|
|
029dc7 |
- ./configure -> %%configure
|
|
|
029dc7 |
- spec clean up
|
|
|
029dc7 |
- fix self-obsoletion
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jan 9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-2
|
|
|
029dc7 |
- fixed system hang at shutdown if root device is network based (RHBZ#1007934)
|
|
|
029dc7 |
Thanks to Rodrigo A B Freire for the patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jan 9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-1
|
|
|
029dc7 |
- no connlabel.conf upstream anymore
|
|
|
029dc7 |
- new version 1.4.21
|
|
|
029dc7 |
- doc: clarify DEBUG usage macro
|
|
|
029dc7 |
- iptables: use autoconf to process .in man pages
|
|
|
029dc7 |
- extensions: libipt_ULOG: man page should mention NFLOG as replacement
|
|
|
029dc7 |
- extensions: libxt_connlabel: use libnetfilter_conntrack
|
|
|
029dc7 |
- Introduce a new revision for the set match with the counters support
|
|
|
029dc7 |
- libxt_CT: Add the "NOTRACK" alias
|
|
|
029dc7 |
- libip6t_mh: Correct command to list named mh types in manpage
|
|
|
029dc7 |
- extensions: libxt_DNAT, libxt_REDIRECT, libxt_NETMAP, libxt_SNAT, libxt_MASQUERADE, libxt_LOG: rename IPv4 manpage and tell about IPv6 support
|
|
|
029dc7 |
- extensions: libxt_LED: fix parsing of delay
|
|
|
029dc7 |
- ip{6}tables-restore: fix breakage due to new locking approach
|
|
|
029dc7 |
- libxt_recent: restore minimum value for --seconds
|
|
|
029dc7 |
- iptables-xml: fix parameter parsing (similar to 2165f38)
|
|
|
029dc7 |
- extensions: add copyright statements
|
|
|
029dc7 |
- xtables: improve get_modprobe handling
|
|
|
029dc7 |
- ip[6]tables: Add locking to prevent concurrent instances
|
|
|
029dc7 |
- iptables: Fix connlabel.conf install location
|
|
|
029dc7 |
- ip6tables: don't print out /128
|
|
|
029dc7 |
- libip6t_LOG: target output is different to libipt_LOG
|
|
|
029dc7 |
- build: additional include path required after UAPI changes
|
|
|
029dc7 |
- iptables: iptables-xml: Fix various parsing bugs
|
|
|
029dc7 |
- libxt_recent: restore reap functionality to recent module
|
|
|
029dc7 |
- build: fail in configure on missing dependency with --enable-bpf-compiler
|
|
|
029dc7 |
- extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter
|
|
|
029dc7 |
- extensions: libxt_set, libxt_SET: check the set family too
|
|
|
029dc7 |
- ip6tables: Use consistent exit code for EAGAIN
|
|
|
029dc7 |
- iptables: libxt_hashlimit.man: correct address
|
|
|
029dc7 |
- iptables: libxt_conntrack.man extraneous commas
|
|
|
029dc7 |
- iptables: libip(6)t_REJECT.man default icmp types
|
|
|
029dc7 |
- iptables: iptables-xm1.1 correct man section
|
|
|
029dc7 |
- iptables: libxt_recent.{c,man} dead URL
|
|
|
029dc7 |
- iptables: libxt_string.man add examples
|
|
|
029dc7 |
- extensions: libxt_LOG: use generic syslog reference in manpage
|
|
|
029dc7 |
- iptables: extensions/GNUMakefile.in use CPPFLAGS
|
|
|
029dc7 |
- iptables: correctly reference generated file
|
|
|
029dc7 |
- ip[6]tables: fix incorrect alignment in commands_v_options
|
|
|
029dc7 |
- build: add software version to manpage first line at configure stage
|
|
|
029dc7 |
- extensions: libxt_cluster: add note on arptables-jf
|
|
|
029dc7 |
- utils: nfsynproxy: fix error while compiling the BPF filter
|
|
|
029dc7 |
- extensions: add SYNPROXY extension
|
|
|
029dc7 |
- utils: add nfsynproxy tool
|
|
|
029dc7 |
- iptables: state match incompatibilty across versions
|
|
|
029dc7 |
- libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
|
|
|
029dc7 |
- iptables: improve chain name validation
|
|
|
029dc7 |
- iptables: spurious error in load_extension
|
|
|
029dc7 |
- xtables: trivial spelling fix
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Dec 22 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.19.1-2
|
|
|
029dc7 |
- Drop INSTALL from docs, escape macros in %%changelog.
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 31 2013 Thomas Woerner <twoerner@redhat.com> 1.4.19.1-1
|
|
|
029dc7 |
- new version 1.4.19.1
|
|
|
029dc7 |
- libxt_NFQUEUE: fix bypass option documentation
|
|
|
029dc7 |
- extensions: add connlabel match
|
|
|
029dc7 |
- extensions: add connlabel match
|
|
|
029dc7 |
- ip[6]tables: show --protocol instead of --proto in usage
|
|
|
029dc7 |
- libxt_recent: Fix missing space in manpage for --mask option
|
|
|
029dc7 |
- extensions: libxt_multiport: Update manpage to list valid protocols
|
|
|
029dc7 |
- utils: nfnl_osf: use the right nfnetlink lib
|
|
|
029dc7 |
- libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency
|
|
|
029dc7 |
- Revert "build: resolve link failure for ip6t_NETMAP"
|
|
|
029dc7 |
- libxt_osf: fix missing --ttl and --log in save output
|
|
|
029dc7 |
- libxt_osf: fix bad location for location in --genre
|
|
|
029dc7 |
- libip6t_SNPT: add manpage
|
|
|
029dc7 |
- libip6t_DNPT: add manpage
|
|
|
029dc7 |
- utils: updates .gitignore to include nfbpf_compile
|
|
|
029dc7 |
- extensions: libxt_bpf: clarify --bytecode argument
|
|
|
029dc7 |
- libxtables: fix parsing of dotted network mask format
|
|
|
029dc7 |
- build: bump version to 1.4.19
|
|
|
029dc7 |
- libxt_conntrack: fix state match alias state parsing
|
|
|
029dc7 |
- extensions: add libxt_bpf extension
|
|
|
029dc7 |
- utils: nfbpf_compile
|
|
|
029dc7 |
- doc: mention SNAT in INPUT chain since kernel 2.6.36
|
|
|
029dc7 |
- fixed changelog date weekdays where needed
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Mar 4 2013 Thomas Woerner <twoerner@redhat.com> 1.4.18-1
|
|
|
029dc7 |
- new version 1.4.18
|
|
|
029dc7 |
- lots of documentation changes
|
|
|
029dc7 |
- Introduce match/target aliases
|
|
|
029dc7 |
- Add the "state" alias to the "conntrack" match
|
|
|
029dc7 |
- iptables: remove unused leftover definitions
|
|
|
029dc7 |
- libxtables: add xtables_rule_matches_free
|
|
|
029dc7 |
- libxtables: add xtables_print_num
|
|
|
029dc7 |
- extensions: libip6t_DNPT: fix wording in DNPT target
|
|
|
029dc7 |
- extension: libip6t_DNAT: allow port DNAT without address
|
|
|
029dc7 |
- extensions: libip6t_DNAT: set IPv6 DNAT --to-destination
|
|
|
029dc7 |
- extensions: S/DNPT: add missing save function
|
|
|
029dc7 |
- changes of 1.4.17:
|
|
|
029dc7 |
- libxt_time: add support to ignore day transition
|
|
|
029dc7 |
- Convert the NAT targets to use the kernel supplied nf_nat.h header
|
|
|
029dc7 |
- extensions: add IPv6 MASQUERADE extension
|
|
|
029dc7 |
- extensions: add IPv6 SNAT extension
|
|
|
029dc7 |
- extensions: add IPv6 DNAT target
|
|
|
029dc7 |
- extensions: add IPv6 REDIRECT extension
|
|
|
029dc7 |
- extensions: add IPv6 NETMAP extension
|
|
|
029dc7 |
- extensions: add NPT extension
|
|
|
029dc7 |
- extensions: libxt_statistic: Fix save output
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.16.2-7
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 16 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.16.2-6
|
|
|
029dc7 |
- Own unowned -services libexec dirs (#894464, Michael Scherer).
|
|
|
029dc7 |
- Fix -services unit file permissions (#732936, Michal Schmidt).
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Nov 8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-5
|
|
|
029dc7 |
- fixed path of ip6tables.init in ip6tables.service
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Nov 2 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-4
|
|
|
029dc7 |
- fixed missing services for update of pre F-18 installations (rhbz#867960)
|
|
|
029dc7 |
- provide and obsolete old main package in services sub package
|
|
|
029dc7 |
- provide and obsolete old ipv6 sub package (pre F-17) in services sub package
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Oct 14 2012 Dan Horák <dan[at]dany.cz> 1.4.16.2-3
|
|
|
029dc7 |
- fix the compat provides for all 64-bit arches
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Oct 12 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-2
|
|
|
029dc7 |
- new sub package services providing the systemd services (RHBZ#862922)
|
|
|
029dc7 |
- new sub package utils: provides nfnl_osf and the pf.os database
|
|
|
029dc7 |
- using %%{_libexecdir}/iptables as script path for the original init scripts
|
|
|
029dc7 |
- added service iptables save funcitonality using the new way provided by
|
|
|
029dc7 |
initscripts 9.37.1 (RHBZ#748134)
|
|
|
029dc7 |
- added virtual provide for libxtables.so.7
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Oct 8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-1
|
|
|
029dc7 |
- new version 1.4.16.2
|
|
|
029dc7 |
- build: support for automake-1.12
|
|
|
029dc7 |
- build: separate AC variable replacements from xtables.h
|
|
|
029dc7 |
- build: have `make clean` remove dep files too
|
|
|
029dc7 |
- doc: grammatical updates to libxt_SET
|
|
|
029dc7 |
- doc: clean up interpunction in state list for xt_conntrack
|
|
|
029dc7 |
- doc: deduplicate extension descriptions into a new manpage
|
|
|
029dc7 |
- doc: trim "state" manpage and reference conntrack instead
|
|
|
029dc7 |
- doc: have NOTRACK manpage point to CT instead
|
|
|
029dc7 |
- doc: mention iptables-apply in the SEE ALSO sections
|
|
|
029dc7 |
- extensions: libxt_addrtype: fix type in help message
|
|
|
029dc7 |
- include: add missing linux/netfilter_ipv4/ip_queue.h
|
|
|
029dc7 |
- iptables: fix wrong error messages
|
|
|
029dc7 |
- iptables: support for match aliases
|
|
|
029dc7 |
- iptables: support for target aliases
|
|
|
029dc7 |
- iptables-restore: warn about -t in rule lines
|
|
|
029dc7 |
- ip[6]tables-restore: cleanup to reduce one level of indentation
|
|
|
029dc7 |
- libip6t_frag: match any frag id by default
|
|
|
029dc7 |
- libxtables: consolidate preference logic
|
|
|
029dc7 |
- libxt_devgroup: consolidate devgroup specification parsing
|
|
|
029dc7 |
- libxt_devgroup: guard against negative numbers
|
|
|
029dc7 |
- libxt_LED: guard against negative numbers
|
|
|
029dc7 |
- libxt_NOTRACK: replace as an alias to CT --notrack
|
|
|
029dc7 |
- libxt_state: replace as an alias to xt_conntrack
|
|
|
029dc7 |
- libxt_tcp: print space before, not after "flags:"
|
|
|
029dc7 |
- libxt_u32: do bounds checking for @'s operands
|
|
|
029dc7 |
- libxt_*limit: avoid division by zero
|
|
|
029dc7 |
- Merge branch 'master' of git://git.inai.de/iptables
|
|
|
029dc7 |
- Merge remote-tracking branch 'nf/stable'
|
|
|
029dc7 |
- New set match revision with --return-nomatch flag support
|
|
|
029dc7 |
- dropped fixrestore patch, upstream
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 1 2012 Thomas Woerner <twoerner@redhat.com> 1.4.15-1
|
|
|
029dc7 |
- new version 1.4.15
|
|
|
029dc7 |
- extensions: add HMARK target
|
|
|
029dc7 |
- iptables-restore: fix parameter parsing (shows up with gcc-4.7)
|
|
|
029dc7 |
- iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)
|
|
|
029dc7 |
- libxtables: add xtables_ip[6]mask_to_cidr
|
|
|
029dc7 |
- libxt_devgroup: add man page snippet
|
|
|
029dc7 |
- libxt_hashlimit: add support for byte-based operation
|
|
|
029dc7 |
- libxt_recent: add --mask netmask
|
|
|
029dc7 |
- libxt_recent: remove unused variable
|
|
|
029dc7 |
- libxt_HMARK: correct a number of errors introduced by Pablo's rework
|
|
|
029dc7 |
- libxt_HMARK: fix ct case example
|
|
|
029dc7 |
- libxt_HMARK: fix output of iptables -L
|
|
|
029dc7 |
- Revert "iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)"
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-3
|
|
|
029dc7 |
- added fixrestore patch submitted to upstream by fryasu (nfbz#774)
|
|
|
029dc7 |
(RHBZ#825796)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-2
|
|
|
029dc7 |
- disabled libipq, removed upstream, not provided by kernel anymore
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-1
|
|
|
029dc7 |
- new version 1.4.14
|
|
|
029dc7 |
- extensions: add IPv6 capable ECN match extension
|
|
|
029dc7 |
- extensions: add nfacct match
|
|
|
029dc7 |
- extensions: add rpfilter module
|
|
|
029dc7 |
- extensions: libxt_rateest: output all options in save hook
|
|
|
029dc7 |
- iptables: missing free() in function cache_add_entry()
|
|
|
029dc7 |
- iptables: missing free() in function delete_entry()
|
|
|
029dc7 |
- libiptc: fix retry path in TC_INIT
|
|
|
029dc7 |
- libiptc: Returns the position the entry was inserted
|
|
|
029dc7 |
- libipt_ULOG: fix --ulog-cprange
|
|
|
029dc7 |
- libxt_CT: add --timeout option
|
|
|
029dc7 |
- ip(6)tables-restore: make sure argv is NULL terminated
|
|
|
029dc7 |
- Revert "libiptc: Returns the position the entry was inserted"
|
|
|
029dc7 |
- src: mark newly opened fds as FD_CLOEXEC (close on exec)
|
|
|
029dc7 |
- tests: add rateest match rules
|
|
|
029dc7 |
- dropped patch5 (cloexec), merged upstream
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Apr 23 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-5
|
|
|
029dc7 |
- reenable iptables default services
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 29 2012 Harald Hoyer <harald@redhat.com> 1.4.12.2-4
|
|
|
029dc7 |
- install everything in /usr
|
|
|
029dc7 |
https://fedoraproject.org/wiki/Features/UsrMove
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-3
|
|
|
029dc7 |
- fixed auto enable check for Fedora > 16 and added rhel > 6 check
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 15 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-2
|
|
|
029dc7 |
- disabled autostart and auto enable for iptables.service and ip6tables.service
|
|
|
029dc7 |
for Fedora > 16
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-1
|
|
|
029dc7 |
- new version 1.4.12.2 with new pkgconfig/libip4tc.pc and pkgconfig/libip6tc.pc
|
|
|
029dc7 |
- build: make check stage not fail when building statically
|
|
|
029dc7 |
- build: restore build order of modules
|
|
|
029dc7 |
- build: scan for unreferenced symbols
|
|
|
029dc7 |
- build: sort file list before build
|
|
|
029dc7 |
- doc: clarification on the meaning of -p 0
|
|
|
029dc7 |
- doc: document iptables-restore's -T option
|
|
|
029dc7 |
- doc: fix undesired newline in ip6tables-restore(8)
|
|
|
029dc7 |
- ip6tables-restore: implement missing -T option
|
|
|
029dc7 |
- iptables: move kernel version find routing into libxtables
|
|
|
029dc7 |
- libiptc: provide separate pkgconfig files
|
|
|
029dc7 |
- libipt_SAME: set PROTO_RANDOM on all ranges
|
|
|
029dc7 |
- libxtables: Fix file descriptor leak in xtables_lmap_init on error
|
|
|
029dc7 |
- libxt_connbytes: fix handling of --connbytes FROM
|
|
|
029dc7 |
- libxt_CONNSECMARK: fix spacing in output
|
|
|
029dc7 |
- libxt_conntrack: improve error message on parsing violation
|
|
|
029dc7 |
- libxt_NFQUEUE: fix --queue-bypass ipt-save output
|
|
|
029dc7 |
- libxt_RATEEST: link with -lm
|
|
|
029dc7 |
- libxt_statistic: link with -lm
|
|
|
029dc7 |
- Merge branch 'stable'
|
|
|
029dc7 |
- Merge branch 'stable' of git://dev.medozas.de/iptables
|
|
|
029dc7 |
- nfnl_osf: add missing libnfnetlink_CFLAGS to compile process
|
|
|
029dc7 |
- xtoptions: fill in fallback value for nvals
|
|
|
029dc7 |
- xtoptions: simplify xtables_parse_interface
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.12.1-2
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Dec 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12.1-1
|
|
|
029dc7 |
- new version 1.4.12.1 with new pkgconfig/libipq.pc
|
|
|
029dc7 |
- build: abort autogen on subcommand failure
|
|
|
029dc7 |
- build: strengthen check for overlong lladdr components
|
|
|
029dc7 |
- build: workaround broken linux-headers on RHEL-5
|
|
|
029dc7 |
- doc: clarify libxt_connlimit defaults
|
|
|
029dc7 |
- doc: fix typo in libxt_TRACE
|
|
|
029dc7 |
- extensions: use multi-target registration
|
|
|
029dc7 |
- libip6t_dst: restore setting IP6T_OPTS_LEN flag
|
|
|
029dc7 |
- libip6t_frag: restore inversion support
|
|
|
029dc7 |
- libip6t_hbh: restore setting IP6T_OPTS_LEN flag
|
|
|
029dc7 |
- libipq: add pkgconfig file
|
|
|
029dc7 |
- libipt_ttl: document that negation is available
|
|
|
029dc7 |
- libxt_conntrack: fix --ctproto 0 output
|
|
|
029dc7 |
- libxt_conntrack: remove one misleading comment
|
|
|
029dc7 |
- libxt_dccp: fix deprecated intrapositional ordering of !
|
|
|
029dc7 |
- libxt_dccp: fix random output of ! on --dccp-option
|
|
|
029dc7 |
- libxt_dccp: provide man pages options in short help too
|
|
|
029dc7 |
- libxt_dccp: restore missing XTOPT_INVERT tags for options
|
|
|
029dc7 |
- libxt_dccp: spell out option name on save
|
|
|
029dc7 |
- libxt_dscp: restore inversion support
|
|
|
029dc7 |
- libxt_hashlimit: default htable-expire must be in milliseconds
|
|
|
029dc7 |
- libxt_hashlimit: observe new default gc-expire time when saving
|
|
|
029dc7 |
- libxt_hashlimit: remove inversion from hashlimit rev 0
|
|
|
029dc7 |
- libxt_owner: restore inversion support
|
|
|
029dc7 |
- libxt_physdev: restore inversion support
|
|
|
029dc7 |
- libxt_policy: remove superfluous inversion
|
|
|
029dc7 |
- libxt_set: put differing variable names in directly
|
|
|
029dc7 |
- libxt_set: update man page about kernel support on the feature
|
|
|
029dc7 |
- libxt_string: define _GNU_SOURCE for strnlen
|
|
|
029dc7 |
- libxt_string: escape the escaping char too
|
|
|
029dc7 |
- libxt_string: fix space around arguments
|
|
|
029dc7 |
- libxt_string: replace hex codes by char equivalents
|
|
|
029dc7 |
- libxt_string: simplify hex output routine
|
|
|
029dc7 |
- libxt_tcp: always print the mask parts
|
|
|
029dc7 |
- libxt_TCPMSS: restore build with IPv6-less libcs
|
|
|
029dc7 |
- libxt_TOS: update linux kernel version list for backported fix
|
|
|
029dc7 |
- libxt_u32: fix missing allowance for inversion
|
|
|
029dc7 |
- src: remove unused IPTABLES_MULTI define
|
|
|
029dc7 |
- tests: add negation tests for libxt_statistic
|
|
|
029dc7 |
- xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT
|
|
|
029dc7 |
- removed include/linux/types.h before build to be able to compile
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-2
|
|
|
029dc7 |
- dropped temporary provide again
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1.1
|
|
|
029dc7 |
- added temporary provides for libxtables.so.6 to be able to rebuild iproute,
|
|
|
029dc7 |
which is part of the standard build environment
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jul 25 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1
|
|
|
029dc7 |
- new version 1.4.12 with support of all new features of kernel 3.0
|
|
|
029dc7 |
- build: attempt to fix building under Linux 2.4
|
|
|
029dc7 |
- build: bump soversion for recent data structure change
|
|
|
029dc7 |
- build: install modules in arch-dependent location
|
|
|
029dc7 |
- doc: fix group range in libxt_NFLOG's man
|
|
|
029dc7 |
- doc: fix version string in ip6tables.8
|
|
|
029dc7 |
- doc: include matches/targets in manpage again
|
|
|
029dc7 |
- doc: mention multiple verbosity flags
|
|
|
029dc7 |
- doc: the -m option cannot be inverted
|
|
|
029dc7 |
- extensions: support for per-extension instance global variable space
|
|
|
029dc7 |
- iptables-apply: select default rule file depending on call name
|
|
|
029dc7 |
- iptables: consolidate target/match init call
|
|
|
029dc7 |
- iptables: Coverity: DEADCODE
|
|
|
029dc7 |
- iptables: Coverity: NEGATIVE_RETURNS
|
|
|
029dc7 |
- iptables: Coverity: RESOURCE_LEAK
|
|
|
029dc7 |
- iptables: Coverity: REVERSE_INULL
|
|
|
029dc7 |
- iptables: Coverity: VARARGS
|
|
|
029dc7 |
- iptables: restore negation for -f
|
|
|
029dc7 |
- libip6t_HL: fix option names from ttl -> hl
|
|
|
029dc7 |
- libipt_LOG: fix ignoring all but last flags
|
|
|
029dc7 |
- libxtables: ignore whitespace in the multiaddress argument parser
|
|
|
029dc7 |
- libxtables: properly reject empty hostnames
|
|
|
029dc7 |
- libxtables: set clone's initial data to NULL
|
|
|
029dc7 |
- libxt_conntrack: move more data into the xt_option_entry
|
|
|
029dc7 |
- libxt_conntrack: restore network-byte order for v1,v2
|
|
|
029dc7 |
- libxt_hashlimit: use a more obvious expiry value by default
|
|
|
029dc7 |
- libxt_rateest: abolish global variables
|
|
|
029dc7 |
- libxt_RATEEST: abolish global variables
|
|
|
029dc7 |
- libxt_RATEEST: fix userspacesize field
|
|
|
029dc7 |
- libxt_RATEEST: use guided option parser
|
|
|
029dc7 |
- libxt_state: fix regression about inversion of main option
|
|
|
029dc7 |
- option: remove last traces of intrapositional negation
|
|
|
029dc7 |
- complete changelog:
|
|
|
029dc7 |
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.12.txt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jul 21 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-4
|
|
|
029dc7 |
- merged ipv6 sub package into main package
|
|
|
029dc7 |
- renamed init scripts to /usr/libexec/ip*tables.init
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jul 15 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-3
|
|
|
029dc7 |
- added support for native systemd file (rhbz#694738)
|
|
|
029dc7 |
- new iptables.service file
|
|
|
029dc7 |
- additional requires
|
|
|
029dc7 |
- moved sysv init scripts to /usr/libexec
|
|
|
029dc7 |
- added new post, preun and postun scripts and triggers
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-2
|
|
|
029dc7 |
- dropped temporary provide again
|
|
|
029dc7 |
- enabled smp build
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1.1
|
|
|
029dc7 |
- added temporary provides for libxtables.so.5 to be able to rebuild iproute,
|
|
|
029dc7 |
which is part of the standard build environment
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jul 11 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1
|
|
|
029dc7 |
- new version 1.4.11.1, bug and doc fix release for 1.4.11
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 7 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11-1
|
|
|
029dc7 |
- new version 1.4.11 with all new features of 2.6.37-39 (not usable)
|
|
|
029dc7 |
- lots of changes and bugfixes for base and extensions
|
|
|
029dc7 |
- complete changelog:
|
|
|
029dc7 |
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.11.txt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.10-2
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 10 2011 Thomas Woerner <twoerner@redhat.com> 1.4.10-1
|
|
|
029dc7 |
- new version 1.4.10 with all new features of 2.6.36
|
|
|
029dc7 |
- all: consistent syntax use in struct option
|
|
|
029dc7 |
- build: fix static linking
|
|
|
029dc7 |
- doc: let man(1) autoalign the text in xt_cpu
|
|
|
029dc7 |
- doc: remove extra empty line from xt_cpu
|
|
|
029dc7 |
- doc: minimal spelling updates to xt_cpu
|
|
|
029dc7 |
- doc: consistent use of markup
|
|
|
029dc7 |
- extensions: libxt_quota: don't ignore the quota value on deletion
|
|
|
029dc7 |
- extensions: REDIRECT: add random help
|
|
|
029dc7 |
- extensions: add xt_cpu match
|
|
|
029dc7 |
- extensions: add idletimer xt target extension
|
|
|
029dc7 |
- extensions: libxt_IDLETIMER: use xtables_param_act when checking options
|
|
|
029dc7 |
- extensions: libxt_CHECKSUM extension
|
|
|
029dc7 |
- extensions: libipt_LOG/libip6t_LOG: support macdecode option
|
|
|
029dc7 |
- extensions: fix compilation of the new CHECKSUM target
|
|
|
029dc7 |
- extensions: libxt_ipvs: user-space lib for netfilter matcher xt_ipvs
|
|
|
029dc7 |
- iptables-xml: resolve compiler warnings
|
|
|
029dc7 |
- iptables: limit chain name length to be consistent with targets
|
|
|
029dc7 |
- libiptc: add Libs.private to pkgconfig files
|
|
|
029dc7 |
- libiptc: build with -Wl,--no-as-needed
|
|
|
029dc7 |
- xtables: remove unnecessary cast
|
|
|
029dc7 |
- dropped xt_CHECKSUM, added upstream
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Oct 12 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-2
|
|
|
029dc7 |
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
|
|
|
029dc7 |
- new version 1.4.9 with all new features of 2.6.35
|
|
|
029dc7 |
- doc: xt_hashlimit: fix a typo
|
|
|
029dc7 |
- doc: xt_LED: nroff formatting requirements
|
|
|
029dc7 |
- doc: xt_string: correct copy-and-pasting in manpage
|
|
|
029dc7 |
- extensions: add the LED target
|
|
|
029dc7 |
- extensions: libxt_quota.c: Support option negation
|
|
|
029dc7 |
- extensions: libxt_rateest: fix bps options for iptables-save
|
|
|
029dc7 |
- extensions: libxt_rateest: fix typo in the man page
|
|
|
029dc7 |
- extensions: REDIRECT: add random help
|
|
|
029dc7 |
- includes: sync header files from Linux 2.6.35-rc1
|
|
|
029dc7 |
- libxt_conntrack: do print netmask
|
|
|
029dc7 |
- libxt_hashlimit: always print burst value
|
|
|
029dc7 |
- libxt_set: new revision added
|
|
|
029dc7 |
- utils: add missing include flags to Makefile
|
|
|
029dc7 |
- xtables: another try at chain name length checking
|
|
|
029dc7 |
- xtables: remove xtables_set_revision function
|
|
|
029dc7 |
- xt_quota: also document negation
|
|
|
029dc7 |
- xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
|
|
|
029dc7 |
- xt_sctp: support FORWARD_TSN chunk type
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jul 2 2010 Thomas Woerner <twoerner@redhat.com> 1.4.8-1
|
|
|
029dc7 |
- new version 1.4.8 all new features of 2.6.34 (rhbz#)
|
|
|
029dc7 |
- extensions: REDIRECT: fix --to-ports parser
|
|
|
029dc7 |
- iptables: add noreturn attribute to exit_tryhelp()
|
|
|
029dc7 |
- extensions: MASQUERADE: fix --to-ports parser
|
|
|
029dc7 |
- libxt_comment: avoid use of IPv4-specific examples
|
|
|
029dc7 |
- libxt_CT: add a manpage
|
|
|
029dc7 |
- iptables: correctly check for too-long chain/target/match names
|
|
|
029dc7 |
- doc: libxt_MARK: no longer restricted to mangle table
|
|
|
029dc7 |
- doc: remove claim that TCPMSS is limited to mangle
|
|
|
029dc7 |
- libxt_recent: add a missing space in output
|
|
|
029dc7 |
- doc: add manpage for libxt_osf
|
|
|
029dc7 |
- libxt_osf: import nfnl_osf program
|
|
|
029dc7 |
- extensions: add support for xt_TEE
|
|
|
029dc7 |
- CT: fix --ctevents parsing
|
|
|
029dc7 |
- extensions: add CT extension
|
|
|
029dc7 |
- libxt_CT: print conntrack zone in ->print/->save
|
|
|
029dc7 |
- xtables: fix compilation when debugging is enabled
|
|
|
029dc7 |
- libxt_conntrack: document --ctstate UNTRACKED
|
|
|
029dc7 |
- iprange: fix xt_iprange v0 parsing
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Mar 24 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-2
|
|
|
029dc7 |
- added default values for IPTABLES_STATUS_VERBOSE and
|
|
|
029dc7 |
IPTABLES_STATUS_LINENUMBERS in init script
|
|
|
029dc7 |
- added missing lsb keywords Required-Start and Required-Stop to init script
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Mar 5 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-1
|
|
|
029dc7 |
- new version 1.4.7 with support for all new features of 2.6.33 (rhbz#570767)
|
|
|
029dc7 |
- libip4tc: Add static qualifier to dump_entry()
|
|
|
029dc7 |
- libipq: build as shared library
|
|
|
029dc7 |
- recent: reorder cases in code (cosmetic cleanup)
|
|
|
029dc7 |
- several man page and documentation fixes
|
|
|
029dc7 |
- policy: fix error message showing wrong option
|
|
|
029dc7 |
- includes: header updates
|
|
|
029dc7 |
- Lift restrictions on interface names
|
|
|
029dc7 |
- fixed license and moved iptables-xml into base package according to review
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 27 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-2
|
|
|
029dc7 |
- moved libip*tc and libxtables libs to /lib[64], added symlinks for .so libs
|
|
|
029dc7 |
to /usr/lib[64] for compatibility (rhbz#558796)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 13 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-1
|
|
|
029dc7 |
- new version 1.4.6 with support for all new features of 2.6.32
|
|
|
029dc7 |
- several man page fixes
|
|
|
029dc7 |
- Support for nommu arches
|
|
|
029dc7 |
- realm: remove static initializations
|
|
|
029dc7 |
- libiptc: remove unused functions
|
|
|
029dc7 |
- libiptc: avoid strict-aliasing warnings
|
|
|
029dc7 |
- iprange: do accept non-ranges for xt_iprange v1
|
|
|
029dc7 |
- iprange: warn on reverse range
|
|
|
029dc7 |
- iprange: roll address parsing into a loop
|
|
|
029dc7 |
- iprange: do accept non-ranges for xt_iprange v1 (log)
|
|
|
029dc7 |
- iprange: warn on reverse range (log)
|
|
|
029dc7 |
- libiptc: fix wrong maptype of base chain counters on restore
|
|
|
029dc7 |
- iptables: fix undersized deletion mask creation
|
|
|
029dc7 |
- style: reduce indent in xtables_check_inverse
|
|
|
029dc7 |
- libxtables: hand argv to xtables_check_inverse
|
|
|
029dc7 |
- iptables/extensions: make bundled options work again
|
|
|
029dc7 |
- CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
|
|
|
029dc7 |
- iptables: take masks into consideration for replace command
|
|
|
029dc7 |
- doc: explain experienced --hitcount limit
|
|
|
029dc7 |
- doc: name resolution clarification
|
|
|
029dc7 |
- iptables: expose option to zero packet/byte counters for a specific rule
|
|
|
029dc7 |
- build: restore --disable-ipv6 functionality on system w/o v6 headers
|
|
|
029dc7 |
- MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark
|
|
|
029dc7 |
- DNAT: fix incorrect check during parsing
|
|
|
029dc7 |
- extensions: add osf extension
|
|
|
029dc7 |
- conntrack: fix --expires parsing
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Dec 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-2
|
|
|
029dc7 |
- dropped nf_ext_init remains from cloexec patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Sep 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-1
|
|
|
029dc7 |
- new version 1.4.5 with support for all new features of 2.6.31
|
|
|
029dc7 |
- libxt_NFQUEUE: add new v1 version with queue-balance option
|
|
|
029dc7 |
- xt_conntrack: revision 2 for enlarged state_mask member
|
|
|
029dc7 |
- libxt_helper: fix invalid passed option to check_inverse
|
|
|
029dc7 |
- libiptc: split v4 and v6
|
|
|
029dc7 |
- extensions: collapse registration structures
|
|
|
029dc7 |
- iptables: allow for parse-less extensions
|
|
|
029dc7 |
- iptables: allow for help-less extensions
|
|
|
029dc7 |
- extensions: remove empty help and parse functions
|
|
|
029dc7 |
- xtables: add multi-registration functions
|
|
|
029dc7 |
- extensions: collapse data variables to use multi-reg calls
|
|
|
029dc7 |
- xtables: warn of missing version identifier in extensions
|
|
|
029dc7 |
- multi binary: allow subcommand via argv[1]
|
|
|
029dc7 |
- iptables: accept multiple IP address specifications for -s, -d
|
|
|
029dc7 |
- several build fixes
|
|
|
029dc7 |
- several man page fixes
|
|
|
029dc7 |
- fixed two leaked file descriptors on sockets (rhbz#521397)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Aug 24 2009 Thomas Woerner <twoerner@redhat.com> 1.4.4-1
|
|
|
029dc7 |
- new version 1.4.4 with support for all new features of 2.6.30
|
|
|
029dc7 |
- several man page fixes
|
|
|
029dc7 |
- iptables: replace open-coded sizeof by ARRAY_SIZE
|
|
|
029dc7 |
- libip6t_policy: remove redundant functions
|
|
|
029dc7 |
- policy: use direct xt_policy_info instead of ipt/ip6t
|
|
|
029dc7 |
- policy: merge ipv6 and ipv4 variant
|
|
|
029dc7 |
- extensions: add `cluster' match support
|
|
|
029dc7 |
- extensions: add const qualifiers in print/save functions
|
|
|
029dc7 |
- extensions: use NFPROTO_UNSPEC for .family field
|
|
|
029dc7 |
- extensions: remove redundant casts
|
|
|
029dc7 |
- iptables: close open file descriptors
|
|
|
029dc7 |
- fix segfault if incorrect protocol name is used
|
|
|
029dc7 |
- replace open-coded sizeof by ARRAY_SIZE
|
|
|
029dc7 |
- do not include v4-only modules in ip6tables manpage
|
|
|
029dc7 |
- use direct xt_policy_info instead of ipt/ip6t
|
|
|
029dc7 |
- xtables: fix segfault if incorrect protocol name is used
|
|
|
029dc7 |
- libxt_connlimit: initialize v6_mask
|
|
|
029dc7 |
- SNAT/DNAT: add support for persistent multi-range NAT mappings
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3.2-2
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Apr 15 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.2-1
|
|
|
029dc7 |
- new version 1.4.3.2
|
|
|
029dc7 |
- also install iptables/internal.h, needed for iptables.h and ip6tables.h
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Mar 30 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.1-1
|
|
|
029dc7 |
- new version 1.4.3.1
|
|
|
029dc7 |
- libiptc is now shared
|
|
|
029dc7 |
- supports all new features of the 2.6.29 kernel
|
|
|
029dc7 |
- dropped typo_latter patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Mar 5 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-3
|
|
|
029dc7 |
- still more review fixes (rhbz#225906)
|
|
|
029dc7 |
- consistent macro usage
|
|
|
029dc7 |
- use sed instead of perl for rpath removal
|
|
|
029dc7 |
- use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
|
|
|
029dc7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 20 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-1
|
|
|
029dc7 |
- new version 1.4.2
|
|
|
029dc7 |
- removed TOS value mask patch (upstream)
|
|
|
029dc7 |
- more review fixes (rhbz#225906)
|
|
|
029dc7 |
- install all header files (rhbz#462207)
|
|
|
029dc7 |
- dropped nf_ext_init (rhbz#472548)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 22 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-2
|
|
|
029dc7 |
- fixed TOS value mask problem (rhbz#456244) (upstream patch)
|
|
|
029dc7 |
- two more cloexec fixes
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 1 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-1
|
|
|
029dc7 |
- upstream bug fix release 1.4.1.1
|
|
|
029dc7 |
- dropped extra patch for 1.4.1 - not needed anymore
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 10 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1-1
|
|
|
029dc7 |
- new version 1.4.1 with new build environment
|
|
|
029dc7 |
- additional ipv6 network mask patch from Jan Engelhardt
|
|
|
029dc7 |
- spec file cleanup
|
|
|
029dc7 |
- removed old patches
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
|
|
|
029dc7 |
- use normal kernel headers, not linux/compiler.h
|
|
|
029dc7 |
- change BuildRequires: kernel-devel to kernel-headers
|
|
|
029dc7 |
- We need to do this to be able to build for both sparcv9 and sparc64
|
|
|
029dc7 |
(there is no kernel-devel.sparcv9)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Mar 20 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-4
|
|
|
029dc7 |
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Mar 3 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-3
|
|
|
029dc7 |
- use the kernel headers from the build tree for iptables for now to be able to
|
|
|
029dc7 |
compile this package, but this makes the package more kernel dependant
|
|
|
029dc7 |
- use s6_addr32 instead of in6_u.u6_addr32
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
|
|
|
029dc7 |
- Autorebuild for GCC 4.3
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-1
|
|
|
029dc7 |
- new version 1.4.0
|
|
|
029dc7 |
- fixed condrestart (rhbz#428148)
|
|
|
029dc7 |
- report the module in rmmod_r if there is an error
|
|
|
029dc7 |
- use nf_ext_init instead of my_init for extension constructors
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Nov 5 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-6
|
|
|
029dc7 |
- fixed leaked file descriptor before fork/exec (rhbz#312191)
|
|
|
029dc7 |
- blacklisting is not working, use "install X /bin/(true|false)" test instead
|
|
|
029dc7 |
- return private exit code 150 for disabled ipv6 support
|
|
|
029dc7 |
- use script name for output messages
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Oct 16 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-5
|
|
|
029dc7 |
- fixed error code for stopping a already stopped firewall (rhbz#321751)
|
|
|
029dc7 |
- moved blacklist test into start
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
|
|
|
029dc7 |
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
|
|
|
029dc7 |
- use simpler fix for (rhbz#295611)
|
|
|
029dc7 |
Thanks to Linus Torvalds for the patch.
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 24 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4
|
|
|
029dc7 |
- fixed IPv6 reject type (rhbz#295181)
|
|
|
029dc7 |
- fixed init script: start, stop and status
|
|
|
029dc7 |
- support netfilter compiled into kernel in init script (rhbz#295611)
|
|
|
029dc7 |
- dropped inversion for limit modules from man pages (rhbz#220780)
|
|
|
029dc7 |
- fixed typo in ip6tables man page (rhbz#236185)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Sep 19 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-3
|
|
|
029dc7 |
- do not depend on local_fs in lsb header - this delayes start after network
|
|
|
029dc7 |
- fixed exit code for initscript usage
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 17 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2.1
|
|
|
029dc7 |
- do not use lock file for condrestart test
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Aug 23 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2
|
|
|
029dc7 |
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
|
|
|
029dc7 |
- provide iptc interface again, but unsupported (rhbz#216733)
|
|
|
029dc7 |
- compile all extension, which are supported by the kernel-headers package
|
|
|
029dc7 |
- review fixes (rhbz#225906)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 31 2007 Thomas Woerner <twoerner@redhat.com>
|
|
|
029dc7 |
- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jul 13 2007 Steve Conklin <sconklin@redhat.com> - 1.3.8-1
|
|
|
029dc7 |
- New version 1.3.8
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Apr 23 2007 Jeremy Katz <katzj@redhat.com> - 1.3.7-2
|
|
|
029dc7 |
- fix error when ipv6 support isn't loaded in the kernel (#236888)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 10 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1.1
|
|
|
029dc7 |
- fixed installation of secmark modules
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jan 9 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1
|
|
|
029dc7 |
- new verison 1.3.7
|
|
|
029dc7 |
- iptc is not a public interface and therefore not installed anymore
|
|
|
029dc7 |
- dropped upstream secmark patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Sep 19 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-2
|
|
|
029dc7 |
- added secmark iptables patches (#201573)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2.1
|
|
|
029dc7 |
- rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2
|
|
|
029dc7 |
- bump again for double-long bug on ppc(64)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.1
|
|
|
029dc7 |
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 2 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-1
|
|
|
029dc7 |
- new version 1.3.5
|
|
|
029dc7 |
- fixed init script to set policy for raw tables, too (#179094)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 1.3.4-3
|
|
|
029dc7 |
- added important iptables header files to devel package
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
029dc7 |
- rebuilt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-2
|
|
|
029dc7 |
- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and
|
|
|
029dc7 |
replace "_init" with "__attribute((constructor)) my_init"
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1.1
|
|
|
029dc7 |
- rebuild due to unresolved symbols in shared libraries
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Nov 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1
|
|
|
029dc7 |
- new version 1.3.4
|
|
|
029dc7 |
- dropped free_opts patch (upstream fixed)
|
|
|
029dc7 |
- made libipq PIC (#158623)
|
|
|
029dc7 |
- additional configuration options for iptables startup script (#172929)
|
|
|
029dc7 |
Thanks to Jan Gruenwald for the patch
|
|
|
029dc7 |
- spec file cleanup (dropped linux_header define and usage)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.2-1
|
|
|
029dc7 |
- new version 1.3.2 with additional patch for the misplaced free_opts call
|
|
|
029dc7 |
from Marcus Sundberg
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed May 11 2005 Thomas Woerner <twoerner@redhat.com> 1.3.1-1
|
|
|
029dc7 |
- new version 1.3.1
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Mar 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-2
|
|
|
029dc7 |
- Remove unnecessary explicit kernel dep (#146142)
|
|
|
029dc7 |
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
|
|
|
029dc7 |
for the patch
|
|
|
029dc7 |
- Adapted iptables-config to reference to modprobe.conf (#150143)
|
|
|
029dc7 |
- Remove misleading message (#140154): Thanks to Ulrich Drepper
|
|
|
029dc7 |
for the patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Feb 21 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-1
|
|
|
029dc7 |
- new version 1.3.0
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
|
|
|
029dc7 |
- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
|
|
|
029dc7 |
- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
|
|
|
029dc7 |
- modified config file to match this change and un-commented variables with
|
|
|
029dc7 |
default values
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3
|
|
|
029dc7 |
- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
|
|
|
029dc7 |
for the patch
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
|
|
|
029dc7 |
- fixed free bug in iptables (#128322)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
|
|
|
029dc7 |
- new version 1.2.11
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jun 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
|
|
|
029dc7 |
- new version 1.2.10
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
029dc7 |
- rebuilt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
029dc7 |
- rebuilt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 26 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-2.3
|
|
|
029dc7 |
- fixed iptables-restore -c fault if there are no counters (#116421)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
029dc7 |
- rebuilt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
|
|
|
029dc7 |
- Close File descriptors to prevent SELinux error message
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
|
|
|
029dc7 |
- rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
|
|
|
029dc7 |
- vew version 1.2.9
|
|
|
029dc7 |
- new config options in ipXtables-config:
|
|
|
029dc7 |
IPTABLES_MODULES_UNLOAD
|
|
|
029dc7 |
- more documentation in ipXtables-config
|
|
|
029dc7 |
- fix for netlink security issue in libipq (devel package)
|
|
|
029dc7 |
- print fix for libipt_icmp (#109546)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
|
|
|
029dc7 |
- marked all messages in iptables init script for translation (#107462)
|
|
|
029dc7 |
- enabled devel package (#105884, #106101)
|
|
|
029dc7 |
- bumped build for fedora for libipt_recent.so (#106002)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Sep 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-12.1
|
|
|
029dc7 |
- fixed lost udp port range in ip6tables-save (#104484)
|
|
|
029dc7 |
- fixed non numeric multiport port output in ipXtables-savs
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 22 2003 Florian La Roche <Florian.LaRoche@redhat.de> 1.2.8-11
|
|
|
029dc7 |
- do not link against -lnsl
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Sep 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-10
|
|
|
029dc7 |
- made variables in rmmod_r local
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 22 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-9
|
|
|
029dc7 |
- fixed permission for init script
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-8
|
|
|
029dc7 |
- fixed save when iptables file is missing and iptables-config permissions
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
|
|
|
029dc7 |
- fixes for ip6tables: module unloading, setting policy only for existing
|
|
|
029dc7 |
tables
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jul 3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
|
|
|
029dc7 |
- IPTABLES_SAVE_COUNTER defaults to no, now
|
|
|
029dc7 |
- install config file in /etc/sysconfig
|
|
|
029dc7 |
- exchange unload of ip_tables and ip_conntrack
|
|
|
029dc7 |
- fixed start function
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jul 2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
|
|
|
029dc7 |
- new config option IPTABLES_SAVE_ON_RESTART
|
|
|
029dc7 |
- init script: new status, save and restart
|
|
|
029dc7 |
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
|
|
|
029dc7 |
- new config option IPTABLES_STATUS_NUMERIC
|
|
|
029dc7 |
- cleared IPTABLES_MODULES in iptables-config
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
|
|
|
029dc7 |
- new init scripts
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
|
|
029dc7 |
- remove check for very old kernel versions in init scripts
|
|
|
029dc7 |
- sync up both init scripts and remove some further ugly things
|
|
|
029dc7 |
- add some docu into rpm
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
|
|
|
029dc7 |
- rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
|
|
|
029dc7 |
- update to 1.2.8
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
|
|
029dc7 |
- rebuilt
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 13 2003 Bill Nottingham <notting@redhat.com> 1.2.7a-1
|
|
|
029dc7 |
- update to 1.2.7a
|
|
|
029dc7 |
- add a plethora of bugfixes courtesy Michael Schwendt <mschewndt@yahoo.com>
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Dec 13 2002 Elliot Lee <sopwith@redhat.com> 1.2.6a-3
|
|
|
029dc7 |
- Fix multilib
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de>
|
|
|
029dc7 |
- fixed iptables and ip6tables initscript output, based on #70511
|
|
|
029dc7 |
- check return status of all iptables calls, not just the last one
|
|
|
029dc7 |
in a 'for' loop.
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jul 29 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.6a-1
|
|
|
029dc7 |
- 1.2.6a (bugfix release, #69747)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
|
|
029dc7 |
- automated rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
|
|
029dc7 |
- automated rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Mar 4 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-3
|
|
|
029dc7 |
- Add some fixes from CVS, fixing bug #60465
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-2
|
|
|
029dc7 |
- Merge ip6tables improvements from Ian Prowell <iprowell@prowell.org>
|
|
|
029dc7 |
#59402
|
|
|
029dc7 |
- Update URL (#59354)
|
|
|
029dc7 |
- Use /sbin/chkconfig rather than chkconfig in %%postun script
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jan 11 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-1
|
|
|
029dc7 |
- 1.2.5
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
|
|
|
029dc7 |
- automated rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Nov 5 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-2
|
|
|
029dc7 |
- Fix %%preun script
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Oct 30 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-1
|
|
|
029dc7 |
- Update to 1.2.4 (various fixes, including security fixes; among others:
|
|
|
029dc7 |
#42990, #50500, #53325, #54280)
|
|
|
029dc7 |
- Fix init script (#31133)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Sep 3 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.3-1
|
|
|
029dc7 |
- 1.2.3 (5 security fixes, some other fixes)
|
|
|
029dc7 |
- Fix updating (#53032)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Aug 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-4
|
|
|
029dc7 |
- Fix #50990
|
|
|
029dc7 |
- Add some fixes from current CVS; should fix #52620
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jul 16 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-3
|
|
|
029dc7 |
- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
|
|
|
029dc7 |
issues
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-2
|
|
|
029dc7 |
- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt
|
|
|
029dc7 |
<mschwendt@yahoo.com>
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue May 8 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-1
|
|
|
029dc7 |
- 1.2.2
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- 1.2.1a, fixes #28412, #31136, #31460, #31133
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Mar 1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- Yet another initscript fix (#30173)
|
|
|
029dc7 |
- Fix the fixes; they fixed some issues but broke more important
|
|
|
029dc7 |
stuff :/ (#30176)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- Fix up initscript (#27962)
|
|
|
029dc7 |
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
|
|
|
029dc7 |
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
|
|
|
029dc7 |
- fix bugzilla #25986 (initscript not marked as config file)
|
|
|
029dc7 |
- fix bugzilla #25962 (iptables-restore)
|
|
|
029dc7 |
- mv chkconfig --del from postun to preun
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Feb 1 2001 Trond Eivind Glomsrød <teg@redhat.com>
|
|
|
029dc7 |
- Fix check for ipchains
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- Some fixes to init scripts
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- Add some fixes from CVS, fixes among other things Bug #24732
|
|
|
029dc7 |
|
|
|
029dc7 |
* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- Add missing man pages, fix up init script (Bug #17676)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
|
|
|
029dc7 |
- add init script
|
|
|
029dc7 |
|
|
|
029dc7 |
* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- 1.2
|
|
|
029dc7 |
- fix up ipv6 split
|
|
|
029dc7 |
- add init script
|
|
|
029dc7 |
- Move the plugins from /usr/lib/iptables to /lib/iptables.
|
|
|
029dc7 |
This needs to work before /usr is mounted...
|
|
|
029dc7 |
- Use -O1 on alpha (compiler bug)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sat Jan 6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- 1.1.2
|
|
|
029dc7 |
- Add IPv6 support (in separate package)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
|
|
|
029dc7 |
- build everywhere
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jul 25 2000 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
029dc7 |
- 1.1.1
|
|
|
029dc7 |
|
|
|
029dc7 |
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
|
|
|
029dc7 |
- automatic rebuild
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
|
|
|
029dc7 |
- move iptables to /sbin.
|
|
|
029dc7 |
- excludearch alpha for now, not building there because of compiler bug(?)
|
|
|
029dc7 |
|
|
|
029dc7 |
* Fri Jun 9 2000 Bill Nottingham <notting@redhat.com>
|
|
|
029dc7 |
- don't obsolete ipchains either
|
|
|
029dc7 |
- update to 1.1.0
|
|
|
029dc7 |
|
|
|
029dc7 |
* Sun Jun 4 2000 Bill Nottingham <notting@redhat.com>
|
|
|
029dc7 |
- remove explicit kernel requirement
|
|
|
029dc7 |
|
|
|
029dc7 |
* Tue May 2 2000 Bernhard Rosenkränzer <bero@redhat.com>
|
|
|
029dc7 |
- initial package
|