Blame SPECS/iptables.spec

621646
# install init scripts to /usr/libexec with systemd
621646
%global script_path %{_libexecdir}/iptables
621646
621646
# service legacy actions (RHBZ#748134)
621646
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions
621646
621646
# boostrap mode to assist in libip{4,6}tc SONAME bump
621646
%global bootstrap 1
621646
621646
%if 0%{?bootstrap}
621646
%global version_old 1.8.2
621646
%global iptc_so_ver_old 0
621646
%endif
621646
%global iptc_so_ver 2
621646
621646
Name: iptables
621646
Summary: Tools for managing Linux kernel packet filtering capabilities
621646
URL: http://www.netfilter.org/projects/iptables
621646
Version: 1.8.4
e8e25e
Release: 13%{?dist}
621646
Source: %{url}/files/%{name}-%{version}.tar.bz2
621646
Source1: iptables.init
621646
Source2: iptables-config
621646
Source3: iptables.service
621646
Source4: sysconfig_iptables
621646
Source5: sysconfig_ip6tables
621646
Source6: arptables.service
621646
Source7: arptables-helper
621646
Source8: ebtables.systemd
621646
Source9: ebtables.service
621646
Source10: ebtables-config
621646
%if 0%{?bootstrap}
621646
Source11: %{url}/files/%{name}-%{version_old}.tar.bz2
621646
Source12: 0003-extensions-format-security-fixes-in-libip-6-t_icmp.patch
621646
%endif
621646
e8e25e
Patch01: 0001-iptables-apply-Use-mktemp-instead-of-tempfile.patch
e8e25e
Patch02: 0002-xtables-restore-Fix-parser-feed-from-line-buffer.patch
e8e25e
Patch03: 0003-xtables-restore-Avoid-access-of-uninitialized-data.patch
e8e25e
Patch04: 0004-extensions-time-Avoid-undefined-shift.patch
e8e25e
Patch05: 0005-extensions-cluster-Avoid-undefined-shift.patch
e8e25e
Patch06: 0006-libxtables-Avoid-buffer-overrun-in-xtables_compatibl.patch
e8e25e
Patch07: 0007-xtables-translate-Guard-strcpy-call-in-xlate_ifname.patch
e8e25e
Patch08: 0008-extensions-among-Check-call-to-fstat.patch
e8e25e
Patch09: 0009-uapi-netfilter-Avoid-undefined-left-shift-in-xt_sctp.patch
621646
Patch10: 0010-xtables-translate-Fix-for-interface-name-corner-case.patch
621646
Patch11: 0011-xtables-translate-Fix-for-iface.patch
621646
Patch12: 0012-tests-shell-Fix-skip-checks-with-host-mode.patch
621646
Patch13: 0013-xtables-restore-fix-for-noflush-and-empty-lines.patch
621646
Patch14: 0014-iptables-test.py-Fix-host-mode.patch
e8e25e
Patch15: 0015-xtables-Review-nft_init.patch
621646
Patch16: 0016-nft-cache-Fix-nft_release_cache-under-stress.patch
621646
Patch17: 0017-nft-cache-Fix-iptables-save-segfault-under-stress.patch
e8e25e
Patch18: 0018-ebtables-among-Support-mixed-MAC-and-MAC-IP-entries.patch
e8e25e
Patch19: 0019-xtables-Align-effect-of-4-6-options-with-legacy.patch
e8e25e
Patch20: 0020-xtables-Drop-4-and-6-support-from-xtables-save-resto.patch
e8e25e
Patch21: 0021-nfnl_osf-Fix-broken-conversion-to-nfnl_query.patch
e8e25e
Patch22: 0022-nfnl_osf-Improve-error-handling.patch
e8e25e
Patch23: 0023-nft-cache-Reset-genid-when-rebuilding-cache.patch
621646
621646
# pf.os: ISC license
621646
# iptables-apply: Artistic Licence 2.0
621646
License: GPLv2 and Artistic 2.0 and ISC
621646
621646
# libnetfilter_conntrack is needed for xt_connlabel
621646
BuildRequires: pkgconfig(libnetfilter_conntrack)
621646
# libnfnetlink-devel is requires for nfnl_osf
621646
BuildRequires: pkgconfig(libnfnetlink)
621646
BuildRequires: libselinux-devel
621646
BuildRequires: kernel-headers
621646
BuildRequires: systemd
621646
# libmnl, libnftnl, bison, flex for nftables
621646
BuildRequires: bison
621646
BuildRequires: flex
621646
BuildRequires: gcc
621646
BuildRequires: pkgconfig(libmnl) >= 1.0
621646
BuildRequires: pkgconfig(libnftnl) >= 1.1.5-1
621646
# libpcap-devel for nfbpf_compile
621646
BuildRequires: libpcap-devel
621646
BuildRequires:  autoconf
621646
BuildRequires:  automake
621646
BuildRequires:  libtool
621646
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
621646
%if 0%{?fedora} > 24
621646
Conflicts: setup < 2.10.4-1
621646
%endif
621646
621646
%description
621646
The iptables utility controls the network packet filtering code in the
621646
Linux kernel. If you need to set up firewalls and/or IP masquerading,
621646
you should either install nftables or this package.
621646
621646
Note: This package contains the nftables-based variants of iptables and
621646
ip6tables, which are drop-in replacements of the legacy tools.
621646
621646
%package libs
621646
Summary: iptables libraries
621646
Group: System Environment/Base
621646
621646
%description libs
621646
iptables libraries.
621646
621646
Please remember that libip*tc libraries do neither have a stable API nor a real so version.
621646
621646
For more information about this, please have a look at
621646
621646
  http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.5
621646
621646
621646
%package devel
621646
Summary: Development package for iptables
621646
Group: System Environment/Base
621646
Requires: %{name}%{?_isa} = %{version}-%{release}
621646
Requires: iptables-libs = %{version}-%{release}
621646
Requires: pkgconfig
621646
621646
%description devel
621646
iptables development headers and libraries.
621646
621646
The iptc libraries are marked as not public by upstream. The interface is not
621646
stable and may change with every new version. It is therefore unsupported.
621646
621646
%package services
621646
Summary: iptables and ip6tables services for iptables
621646
Group: System Environment/Base
621646
Requires: %{name} = %{version}-%{release}
621646
Requires(post): systemd
621646
Requires(preun): systemd
621646
Requires(postun): systemd
621646
# obsolete old main package
621646
Obsoletes: %{name} < 1.4.16.1
621646
# obsolete ipv6 sub package
621646
Obsoletes: %{name}-ipv6 < 1.4.11.1
621646
621646
%description services
621646
iptables services for IPv4 and IPv6
621646
621646
This package provides the services iptables and ip6tables that have been split
621646
out of the base package since they are not active by default anymore.
621646
621646
%package utils
621646
Summary: iptables and ip6tables services for iptables
621646
Group: System Environment/Base
621646
Requires: %{name} = %{version}-%{release}
621646
621646
%description utils
621646
Utils for iptables.
621646
621646
Currently only provides nfnl_osf with the pf.os database.
621646
621646
%package arptables
621646
Summary: User space tool to set up tables of ARP rules in kernel
621646
Group: System Environment/Base
621646
Requires: %{name} = %{version}-%{release}
621646
Obsoletes: arptables
621646
Provides: arptables
621646
621646
%description arptables
621646
The arptables tool is used to set up and maintain
621646
the tables of ARP rules in the Linux kernel. These rules inspect
621646
the ARP frames which they see. arptables is analogous to the iptables
621646
user space tool, but is less complicated.
621646
621646
Note: This package contains the nftables-based variant of arptables, a drop-in
621646
replacement of the legacy tool.
621646
621646
%package ebtables
621646
Summary: Ethernet Bridge frame table administration tool
621646
Group: System Environment/Base
621646
Requires: %{name} = %{version}-%{release}
621646
Obsoletes: ebtables
621646
Provides: ebtables
621646
621646
%description ebtables
621646
Ethernet bridge tables is a firewalling tool to transparently filter network
621646
traffic passing a bridge. The filtering possibilities are limited to link
621646
layer filtering and some basic filtering on higher network layers.
621646
621646
This tool is the userspace control for the bridge and ebtables kernel
621646
components (built by default in RHEL kernels).
621646
621646
The ebtables tool can be used together with the other Linux filtering tools,
621646
like iptables. There are no known incompatibility issues.
621646
621646
Note: This package contains the nftables-based variant of ebtables, a drop-in
621646
replacement of the legacy tool.
621646
621646
%prep
621646
%autosetup -p1
621646
621646
%if 0%{?bootstrap}
621646
%{__mkdir} -p bootstrap_ver
621646
pushd bootstrap_ver
621646
%{__tar} --strip-components=1 -xf %{SOURCE11}
621646
%{__patch} -p1 <%{SOURCE12}
621646
popd
621646
%endif
621646
621646
%build
621646
./autogen.sh
621646
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
621646
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
621646
621646
# do not use rpath
621646
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
621646
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
621646
621646
rm -f include/linux/types.h
621646
621646
make %{?_smp_mflags} V=1
621646
621646
%if 0%{?bootstrap}
621646
pushd bootstrap_ver
621646
./autogen.sh
621646
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
621646
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
621646
621646
# do not use rpath
621646
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
621646
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
621646
621646
rm -f include/linux/types.h
621646
621646
make %{?_smp_mflags} V=1
621646
popd
621646
%endif
621646
621646
%install
621646
%if 0%{?bootstrap}
621646
%make_install -C bootstrap_ver
621646
find %{buildroot} -xtype f -not \
621646
	-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
621646
find %{buildroot} -type l -not \
621646
	-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
621646
%endif
621646
621646
make install DESTDIR=%{buildroot} 
621646
# remove la file(s)
621646
rm -f %{buildroot}/%{_libdir}/*.la
621646
621646
# install ip*tables.h header files
621646
install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
621646
install -d -m 755 %{buildroot}%{_includedir}/iptables
621646
install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
621646
621646
# install ipulog header file
621646
install -d -m 755 %{buildroot}%{_includedir}/libipulog/
621646
install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
621646
621646
# install init scripts and configuration files
621646
install -d -m 755 %{buildroot}%{script_path}
621646
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
621646
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
621646
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
621646
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
621646
install -c -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
621646
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
621646
install -c -m 600 ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
621646
install -c -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
621646
install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
621646
621646
# install systemd service files
621646
install -d -m 755 %{buildroot}/%{_unitdir}
621646
install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
621646
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
621646
install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}
621646
621646
# install legacy actions for service command
621646
install -d %{buildroot}/%{legacy_actions}/iptables
621646
install -d %{buildroot}/%{legacy_actions}/ip6tables
621646
621646
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/save
621646
#!/bin/bash
621646
exec %{script_path}/iptables.init save
621646
EOF
621646
chmod 755 %{buildroot}/%{legacy_actions}/iptables/save
621646
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
621646
install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
621646
621646
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/panic
621646
#!/bin/bash
621646
exec %{script_path}/iptables.init panic
621646
EOF
621646
chmod 755 %{buildroot}/%{legacy_actions}/iptables/panic
621646
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy
621646
install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic
621646
621646
# install iptables-apply with man page
621646
install -m 755 iptables/iptables-apply %{buildroot}%{_sbindir}/
621646
install -m 644 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8/
621646
621646
%if 0%{?fedora} > 24
621646
# Remove /etc/ethertypes (now part of setup)
621646
rm -f %{buildroot}%{_sysconfdir}/ethertypes
621646
%endif
621646
621646
# drop all legacy tools
621646
rm -f %{buildroot}%{_sbindir}/*legacy*
621646
rm -f %{buildroot}%{_bindir}/iptables-xml
621646
rm -f %{buildroot}%{_mandir}/man1/iptables-xml*
621646
rm -f %{buildroot}%{_mandir}/man8/xtables-legacy*
621646
621646
# rename nft versions to standard name
621646
pfx=%{buildroot}%{_sbindir}/iptables
621646
for pfx in %{buildroot}%{_sbindir}/{iptables,ip6tables,arptables,ebtables}; do
621646
	mv $pfx-nft $pfx
621646
	mv $pfx-nft-restore $pfx-restore
621646
	mv $pfx-nft-save $pfx-save
621646
done
621646
621646
# extra sources for arptables
621646
install -p -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/arptables.service
621646
mkdir -p %{buildroot}%{_libexecdir}/
621646
install -p -D -m 755 %{SOURCE7} %{buildroot}%{_libexecdir}/
621646
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
621646
echo '# Configure prior to use' > %{buildroot}%{_sysconfdir}/sysconfig/arptables
621646
for sfx in "" "-restore" "-save"; do
621646
	echo '.so man8/arptables-nft${sfx}.8' > \
621646
		%{buildroot}%{_mandir}/man8/arptables${sfx}.8
621646
done
621646
621646
# extra sources for ebtables
621646
install -p %{SOURCE9} %{buildroot}%{_unitdir}/
621646
install -m0755 %{SOURCE8} %{buildroot}%{_libexecdir}/ebtables
621646
install -m0600 %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config
621646
touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables
621646
echo '.so man8/ebtables-nft.8' > %{buildroot}%{_mandir}/man8/ebtables.8
621646
621646
%if 0%{?rhel}
621646
%pre
621646
for p in %{_sysconfdir}/alternatives/{iptables,ip6tables}.*; do
621646
    if [ -h "$p" ]; then
621646
        ipt=$(readlink "$p")
621646
        echo "Removing alternatives for ${p##*/} with path $ipt"
621646
        %{_sbindir}/alternatives --remove "${p##*/}" "$ipt"
621646
    fi
621646
done
621646
%endif
621646
621646
%post -p /sbin/ldconfig
621646
621646
%postun -p /sbin/ldconfig
621646
621646
%post services
621646
%systemd_post iptables.service ip6tables.service
621646
621646
%preun services
621646
%systemd_preun iptables.service ip6tables.service
621646
621646
%postun services
621646
/sbin/ldconfig
621646
%systemd_postun iptables.service ip6tables.service
621646
621646
%post arptables
621646
%systemd_post arptables.service
621646
621646
%preun arptables
621646
%systemd_preun arptables.service
621646
621646
%postun arptables
621646
%systemd_postun arptables.service
621646
621646
%post ebtables
621646
%systemd_post ebtables.service
621646
621646
%preun ebtables
621646
%systemd_preun ebtables.service
621646
621646
%postun ebtables
621646
%systemd_postun_with_restart ebtables.service
621646
621646
%files
621646
%{!?_licensedir:%global license %%doc}
621646
%license COPYING
621646
%doc INCOMPATIBILITIES
621646
%config(noreplace) %{_sysconfdir}/sysconfig/iptables-config
621646
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables-config
621646
%if 0%{?fedora} <= 24
621646
%{_sysconfdir}/ethertypes
621646
%endif
621646
%{_sbindir}/iptables
621646
%{_sbindir}/iptables-apply
621646
%{_sbindir}/iptables-restore
621646
%{_sbindir}/iptables-restore-translate
621646
%{_sbindir}/iptables-save
621646
%{_sbindir}/iptables-translate
621646
%{_sbindir}/ip6tables
621646
%{_sbindir}/ip6tables-restore
621646
%{_sbindir}/ip6tables-restore-translate
621646
%{_sbindir}/ip6tables-save
621646
%{_sbindir}/ip6tables-translate
621646
%{_sbindir}/xtables-monitor
621646
%{_sbindir}/xtables-nft-multi
621646
%doc %{_mandir}/man8/iptables*
621646
%doc %{_mandir}/man8/ip6tables*
621646
%doc %{_mandir}/man8/xtables-monitor*
621646
%doc %{_mandir}/man8/xtables-nft*
621646
%doc %{_mandir}/man8/*tables-translate*
621646
%doc %{_mandir}/man8/*tables-restore-translate*
621646
%dir %{_libdir}/xtables
621646
%{_libdir}/xtables/libarpt*
621646
%{_libdir}/xtables/libebt*
621646
%{_libdir}/xtables/libipt*
621646
%{_libdir}/xtables/libip6t*
621646
%{_libdir}/xtables/libxt*
621646
621646
%files libs
621646
%{_libdir}/libip*tc.so.%{iptc_so_ver}*
621646
%if 0%{?bootstrap}
621646
%{_libdir}/libip*tc.so.%{iptc_so_ver_old}*
621646
%endif
621646
%{_libdir}/libxtables.so.12*
621646
621646
%files devel
621646
%dir %{_includedir}/iptables
621646
%{_includedir}/iptables/*.h
621646
%{_includedir}/*.h
621646
%dir %{_includedir}/libiptc
621646
%{_includedir}/libiptc/*.h
621646
%dir %{_includedir}/libipulog
621646
%{_includedir}/libipulog/*.h
621646
%{_libdir}/libip*tc.so
621646
%{_libdir}/libxtables.so
621646
%{_libdir}/pkgconfig/libiptc.pc
621646
%{_libdir}/pkgconfig/libip4tc.pc
621646
%{_libdir}/pkgconfig/libip6tc.pc
621646
%{_libdir}/pkgconfig/xtables.pc
621646
621646
%files services
621646
%dir %{script_path}
621646
%{script_path}/iptables.init
621646
%{script_path}/ip6tables.init
621646
%config(noreplace) %{_sysconfdir}/sysconfig/iptables
621646
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables
621646
%{_unitdir}/iptables.service
621646
%{_unitdir}/ip6tables.service
621646
%dir %{legacy_actions}/iptables
621646
%{legacy_actions}/iptables/save
621646
%{legacy_actions}/iptables/panic
621646
%dir %{legacy_actions}/ip6tables
621646
%{legacy_actions}/ip6tables/save
621646
%{legacy_actions}/ip6tables/panic
621646
621646
%files utils
621646
%{_sbindir}/nfnl_osf
621646
%{_sbindir}/nfbpf_compile
621646
%dir %{_datadir}/xtables
621646
%{_datadir}/xtables/pf.os
621646
%doc %{_mandir}/man8/nfnl_osf*
621646
%doc %{_mandir}/man8/nfbpf_compile*
621646
621646
%files arptables
621646
%{_sbindir}/arptables*
621646
%{_libexecdir}/arptables-helper
621646
%{_unitdir}/arptables.service
621646
%config(noreplace) %{_sysconfdir}/sysconfig/arptables
621646
%doc %{_mandir}/man8/arptables*.8*
621646
621646
%files ebtables
621646
%{_sbindir}/ebtables*
621646
%{_libexecdir}/ebtables
621646
%{_unitdir}/ebtables.service
621646
%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
621646
%ghost %{_sysconfdir}/sysconfig/ebtables
621646
%doc %{_mandir}/man8/ebtables*.8*
621646
621646
%changelog
e8e25e
* Fri May 29 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-13
e8e25e
- Fix for endless loop in iptables-restore --test
e8e25e
e8e25e
* Tue May 26 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-12
e8e25e
- Unbreak nfnl_osf tool
e8e25e
e8e25e
* Tue May 19 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-11
e8e25e
- Complete ebtables-nft among match support
e8e25e
- Replace RHEL-only xtables-monitor fix with upstream solution
e8e25e
- xtables: Align effect of -4/-6 options with legacy
e8e25e
- xtables: Drop -4 and -6 support from xtables-{save,restore}
e8e25e
- Review systemd unit files
e8e25e
621646
* Tue Mar 17 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-10
621646
- Fix for iptables-restore segfault under pressure
621646
- Fix for iptables-save segfault under pressure
621646
621646
* Mon Feb 24 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-9
621646
- iptables-test.py: Fix --host mode
621646
- xtables-monitor: Fix segfault when tracing
621646
621646
* Sat Feb 15 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-8
621646
- xtables-translate: Fix for iface++
621646
- tests: shell: Fix skip checks with --host mode
621646
- xtables-restore: fix for --noflush and empty lines
621646
621646
* Wed Feb 12 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-7
621646
- xtables-translate: Fix for interface name corner-cases
621646
621646
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-6
621646
- Add missing patch in last release, uAPI covscan fix
621646
621646
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-5
621646
- Fix covscan-indicated problems
621646
621646
* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-4
621646
- Fix for broken xtables-restore --noflush
621646
621646
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-3
621646
- Reduce globbing in library file names to expose future SONAME changes
621646
- Add bootstrapping for libip*tc SONAME bump
621646
621646
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-2
621646
- Use upstream-provided man pages for ebtables and arptables
621646
621646
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-1
621646
- Rebase onto upstream release 1.8.4
621646
621646
* Thu Aug 08 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-16
621646
- nft: Set socket receive buffer
621646
621646
* Wed Jul 31 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-15
621646
- doc: Install ip{6,}tables-restore-translate.8 man pages
621646
621646
* Tue Jul 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-14
621646
- arptables: Print space before comma and counters
621646
- extensions: Fix ipvs vproto parsing
621646
- extensions: Fix ipvs vproto option printing
621646
- extensions: Add testcase for libxt_ipvs
621646
621646
* Mon Jul 01 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-13
621646
- doc: Install ip{6,}tables-translate.8 manpages
621646
- nft: Eliminate dead code in __nft_rule_list
621646
621646
* Wed Jun 12 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-12
621646
- Add iptables-test.py testsuite to sources
621646
- extensions: libip6t_mh: fix bogus translation error
621646
- extensions: AUDIT: Document ineffective --type option
621646
- xtables-restore: Fix program names in help texts
621646
- xtables-save: Point at existing man page in help text
621646
- utils: Add a manpage for nfbpf_compile
621646
- Mark man pages in base package as documentation files
621646
621646
* Thu May 23 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-11
621646
- Enable verbose output when building
621646
621646
* Thu May 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-10
621646
- arptables-nft: fix decoding of hlen on bigendian platforms
621646
- xtables-save: Fix table not found error message
621646
- xtables: Catch errors when zeroing rule rounters
621646
- extensions: TRACE: Point at xtables-monitor in documentation
621646
- extensions: libipt_realm: Document allowed realm values
621646
621646
* Fri Feb 08 2019 Phil Sutter - 1.8.2-9
621646
- ebtables-nft: Support user-defined chain policies
621646
621646
* Thu Feb 07 2019 Phil Sutter - 1.8.2-8
621646
- arptables.8: Document --set-counters option
621646
621646
* Thu Feb 07 2019 Phil Sutter - 1.8.2-7
621646
- arptables: Support --set-counters option
621646
621646
* Fri Feb 01 2019 Phil Sutter - 1.8.2-6
621646
- Improve performance with large rulesets
621646
- Fix for changes in arptables output
621646
- Fix for inserting rules at wrong position
621646
- Fix segfault when comparing rules with standard target
621646
- Fix ebtables output for negated values
621646
- Document missing arptables FORWARD chain
621646
621646
* Tue Dec 18 2018 Phil Sutter - 1.8.2-5
621646
- Drop change to test snippet not included in tarball from Patch4
621646
621646
* Tue Dec 18 2018 Phil Sutter - 1.8.2-4
621646
- Fix iptables init script for nftables-backend
621646
- Drop references to unsupported broute table from ebtables man page
621646
- xtables: Don't use native nftables comments
621646
621646
* Thu Dec 06 2018 Phil Sutter - 1.8.2-3
621646
- Drop change to test snippet not included in tarball from Patch3
621646
621646
* Thu Dec 06 2018 Phil Sutter - 1.8.2-2
621646
- Point out that nftables-variants are installed in package description
621646
- Fix for deleting arptables rules by referencing them
621646
621646
* Thu Dec 06 2018 Phil Sutter - 1.8.2-1
621646
- Rebase onto upstream version 1.8.2
621646
621646
* Thu Oct 25 2018 Phil Sutter - 1.8.1-2
621646
- Add upstream fixes to 1.8.1 release
621646
621646
* Thu Oct 25 2018 Phil Sutter - 1.8.1-1
621646
- Rebase onto upstream version 1.8.1
621646
621646
* Thu Sep 27 2018 Phil Sutter - 1.8.0-11
621646
- Fix for covscan warnings in init scripts
621646
621646
* Wed Sep 26 2018 Phil Sutter - 1.8.0-10
621646
- Fix short name of Artistic Licence
621646
621646
* Wed Sep 26 2018 Phil Sutter - 1.8.0-9
621646
- Add further fixes for issues identified by covscan
621646
- Fix for bogus "is incompatible" warnings
621646
- Fix layout in License tag
621646
- Replace "Fedora" with "RHEL" in description
621646
- Make devel sub-package depend on libs sub-package
621646
621646
* Mon Sep 17 2018 Phil Sutter - 1.8.0-8
621646
- Fix issues identified by covscan
621646
- xtables-restore: Fix flushing referenced custom chains
621646
- xtables: Accept --wait in iptables-nft-restore
621646
621646
* Mon Sep 03 2018 Phil Sutter - 1.8.0-7
621646
- xtables: Align return codes with legacy iptables
621646
- xtables: Drop use of IP6T_F_PROTO
621646
621646
* Wed Aug 29 2018 Phil Sutter - 1.8.0-6
621646
- xtables: Fix for deleting rules with comment
621646
621646
* Fri Aug 24 2018 Phil Sutter - 1.8.0-5
621646
- xtables: Use meta l4proto for -p match
621646
- ebtables: Fix for listing of non-existent chains
621646
- xtables: Fix for no output in iptables-nft -S
621646
621646
* Sat Aug 18 2018 Phil Sutter - 1.8.0-4
621646
- xtables: Fix for segfault in iptables-nft
621646
- ebtables: Fix entries count in chain listing
621646
- Use %%autosetup macro in %%prep
621646
621646
* Fri Aug 17 2018 Phil Sutter - 1.8.0-3
621646
- xtables: Make 'iptables -S nonexisting' return non-zero
621646
621646
* Fri Aug 10 2018 Phil Sutter - 1.8.0-2
621646
- Rebase onto upstream master commit 514de4801b731db4712
621646
- Add arptables and ebtables sub-packages
621646
621646
* Wed Jul 11 2018 Phil Sutter - 1.8.0-1
621646
- New upstream version 1.8.0
621646
- Drop compat sub-package
621646
- Use nft tool versions, drop legacy ones
621646
621646
* Thu Mar 01 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-2
621646
- Kill module unloading support
621646
- Support /etc/sysctl.d
621646
- Don't restart services after package update
621646
- Add support for --wait options to restore commands
621646
621646
* Wed Feb 21 2018 Michael Cronenworth <mike@cchtml.com> - 1.6.2-1
621646
- New upstream version 1.6.2
621646
  http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt
621646
621646
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-6
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
621646
621646
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 1.6.1-5
621646
- Rebuild for new libnftnl
621646
621646
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
621646
621646
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-3
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
621646
621646
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
621646
621646
* Thu Feb 02 2017 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
621646
- New upstream version 1.6.1 with enhanced translation to nft support and
621646
  several fixes (RHBZ#1417323)
621646
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.1.txt
621646
- Enable parallel build again
621646
621646
* Thu Feb 02 2017 Petr Ĺ abata <contyk@redhat.com> - 1.6.0-4
621646
- Disabling parallel build to avoid build issues with xtables
621646
- See http://patchwork.alpinelinux.org/patch/1787/ for reference
621646
- This should be fixed in 1.6.1; parallel build can be restored after the
621646
  update
621646
621646
* Mon Dec 19 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-3
621646
- Dropped bad provides for iptables in services sub package (RHBZ#1327786)
621646
621646
* Fri Jul 22 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-2
621646
- /etc/ethertypes has been moved into the setup package for F-25+.
621646
  (RHBZ#1329256)
621646
621646
* Wed Apr 13 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-1
621646
- New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990)
621646
  Upstream changelog:
621646
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
621646
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
621646
- Using scripts form RHEL-7 (RHBZ#1240366)
621646
- New compat sub package for nftables compatibility
621646
- Install iptables-apply (RHBZ#912047)
621646
- Fixed module uninstall (RHBZ#1324101)
621646
- Incorporated changes by Petr Pisar
621646
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
621646
621646
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.21-16
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
621646
621646
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-15
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
621646
621646
* Mon Dec 01 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-14
621646
- add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
621646
621646
* Mon Nov 03 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-13
621646
- iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
621646
621646
* Mon Sep 29 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-12
621646
- ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272)
621646
621646
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-11
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
621646
621646
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.21-10
621646
- fix license handling
621646
621646
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-9
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
621646
621646
* Wed Mar 12 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-8
621646
- add missing reload and panic actions
621646
- BuildRequires: pkgconfig(x) instead of x-devel
621646
- no need to specify file mode bits twice (in %%install and %%files)
621646
621646
* Sun Jan 19 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.4.21-7
621646
- Don't order services after syslog.target.
621646
621646
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
621646
- Enable connlabel support again, needs libnetfilter_conntrack
621646
621646
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
621646
- fixed update from RHEL-6 to RHEL-7 (RHBZ#1043901)
621646
621646
* Tue Jan 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-5
621646
- chmod /etc/sysconfig/ip[6]tables 755 -> 600
621646
621646
* Fri Jan 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-4
621646
- drop virtual provide for xtables.so.9
621646
- add default /etc/sysconfig/ip[6]tables (RHBZ#1034494)
621646
621646
* Thu Jan 09 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-3
621646
- no need to support the pre-systemd things
621646
- use systemd macros (#850166)
621646
- remove scriptlets for migrating to a systemd unit from a SysV initscripts
621646
- ./configure -> %%configure
621646
- spec clean up
621646
- fix self-obsoletion
621646
621646
* Thu Jan  9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-2
621646
- fixed system hang at shutdown if root device is network based (RHBZ#1007934)
621646
  Thanks to Rodrigo A B Freire for the patch
621646
621646
* Thu Jan  9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-1
621646
- no connlabel.conf upstream anymore
621646
- new version 1.4.21
621646
  - doc: clarify DEBUG usage macro
621646
  - iptables: use autoconf to process .in man pages
621646
  - extensions: libipt_ULOG: man page should mention NFLOG as replacement
621646
  - extensions: libxt_connlabel: use libnetfilter_conntrack
621646
  - Introduce a new revision for the set match with the counters support
621646
  - libxt_CT: Add the "NOTRACK" alias
621646
  - libip6t_mh: Correct command to list named mh types in manpage
621646
  - extensions: libxt_DNAT, libxt_REDIRECT, libxt_NETMAP, libxt_SNAT, libxt_MASQUERADE, libxt_LOG: rename IPv4 manpage and tell about IPv6 support
621646
  - extensions: libxt_LED: fix parsing of delay
621646
  - ip{6}tables-restore: fix breakage due to new locking approach
621646
  - libxt_recent: restore minimum value for --seconds
621646
  - iptables-xml: fix parameter parsing (similar to 2165f38)
621646
  - extensions: add copyright statements
621646
  - xtables: improve get_modprobe handling
621646
  - ip[6]tables: Add locking to prevent concurrent instances
621646
  - iptables: Fix connlabel.conf install location
621646
  - ip6tables: don't print out /128
621646
  - libip6t_LOG: target output is different to libipt_LOG
621646
  - build: additional include path required after UAPI changes
621646
  - iptables: iptables-xml: Fix various parsing bugs
621646
  - libxt_recent: restore reap functionality to recent module
621646
  - build: fail in configure on missing dependency with --enable-bpf-compiler
621646
  - extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter
621646
  - extensions: libxt_set, libxt_SET: check the set family too
621646
  - ip6tables: Use consistent exit code for EAGAIN
621646
  - iptables: libxt_hashlimit.man: correct address
621646
  - iptables: libxt_conntrack.man extraneous commas
621646
  - iptables: libip(6)t_REJECT.man default icmp types
621646
  - iptables: iptables-xm1.1 correct man section
621646
  - iptables: libxt_recent.{c,man} dead URL
621646
  - iptables: libxt_string.man add examples
621646
  - extensions: libxt_LOG: use generic syslog reference in manpage
621646
  - iptables: extensions/GNUMakefile.in use CPPFLAGS
621646
  - iptables: correctly reference generated file
621646
  - ip[6]tables: fix incorrect alignment in commands_v_options
621646
  - build: add software version to manpage first line at configure stage
621646
  - extensions: libxt_cluster: add note on arptables-jf
621646
  - utils: nfsynproxy: fix error while compiling the BPF filter
621646
  - extensions: add SYNPROXY extension
621646
  - utils: add nfsynproxy tool
621646
  - iptables: state match incompatibilty across versions
621646
  - libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
621646
  - iptables: improve chain name validation
621646
  - iptables: spurious error in load_extension
621646
  - xtables: trivial spelling fix
621646
621646
* Sun Dec 22 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.19.1-2
621646
- Drop INSTALL from docs, escape macros in %%changelog.
621646
621646
* Wed Jul 31 2013 Thomas Woerner <twoerner@redhat.com> 1.4.19.1-1
621646
- new version 1.4.19.1
621646
  - libxt_NFQUEUE: fix bypass option documentation
621646
  - extensions: add connlabel match
621646
  - extensions: add connlabel match
621646
  - ip[6]tables: show --protocol instead of --proto in usage
621646
  - libxt_recent: Fix missing space in manpage for --mask option
621646
  - extensions: libxt_multiport: Update manpage to list valid protocols
621646
  - utils: nfnl_osf: use the right nfnetlink lib
621646
  - libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency
621646
  - Revert "build: resolve link failure for ip6t_NETMAP"
621646
  - libxt_osf: fix missing --ttl and --log in save output
621646
  - libxt_osf: fix bad location for location in --genre
621646
  - libip6t_SNPT: add manpage
621646
  - libip6t_DNPT: add manpage
621646
  - utils: updates .gitignore to include nfbpf_compile
621646
  - extensions: libxt_bpf: clarify --bytecode argument
621646
  - libxtables: fix parsing of dotted network mask format
621646
  - build: bump version to 1.4.19
621646
  - libxt_conntrack: fix state match alias state parsing
621646
  - extensions: add libxt_bpf extension
621646
  - utils: nfbpf_compile
621646
  - doc: mention SNAT in INPUT chain since kernel 2.6.36
621646
- fixed changelog date weekdays where needed
621646
621646
* Mon Mar  4 2013 Thomas Woerner <twoerner@redhat.com> 1.4.18-1
621646
- new version 1.4.18 
621646
  - lots of documentation changes
621646
  - Introduce match/target aliases
621646
  - Add the "state" alias to the "conntrack" match
621646
  - iptables: remove unused leftover definitions
621646
  - libxtables: add xtables_rule_matches_free
621646
  - libxtables: add xtables_print_num
621646
  - extensions: libip6t_DNPT: fix wording in DNPT target
621646
  - extension: libip6t_DNAT: allow port DNAT without address
621646
  - extensions: libip6t_DNAT: set IPv6 DNAT --to-destination
621646
  - extensions: S/DNPT: add missing save function
621646
- changes of 1.4.17:
621646
  - libxt_time: add support to ignore day transition
621646
  - Convert the NAT targets to use the kernel supplied nf_nat.h header
621646
  - extensions: add IPv6 MASQUERADE extension
621646
  - extensions: add IPv6 SNAT extension
621646
  - extensions: add IPv6 DNAT target
621646
  - extensions: add IPv6 REDIRECT extension
621646
  - extensions: add IPv6 NETMAP extension
621646
  - extensions: add NPT extension
621646
  - extensions: libxt_statistic: Fix save output
621646
621646
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.16.2-7
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
621646
621646
* Wed Jan 16 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.16.2-6
621646
- Own unowned -services libexec dirs (#894464, Michael Scherer).
621646
- Fix -services unit file permissions (#732936, Michal Schmidt).
621646
621646
* Thu Nov  8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-5
621646
- fixed path of ip6tables.init in ip6tables.service
621646
621646
* Fri Nov  2 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-4
621646
- fixed missing services for update of pre F-18 installations (rhbz#867960)
621646
  - provide and obsolete old main package in services sub package
621646
  - provide and obsolete old ipv6 sub package (pre F-17) in services sub package
621646
621646
* Sun Oct 14 2012 Dan Horák <dan[at]dany.cz> 1.4.16.2-3
621646
- fix the compat provides for all 64-bit arches
621646
621646
* Fri Oct 12 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-2
621646
- new sub package services providing the systemd services (RHBZ#862922)
621646
- new sub package utils: provides nfnl_osf and the pf.os database
621646
- using %%{_libexecdir}/iptables as script path for the original init scripts
621646
- added service iptables save funcitonality using the new way provided by 
621646
  initscripts 9.37.1 (RHBZ#748134)
621646
- added virtual provide for libxtables.so.7
621646
621646
* Mon Oct  8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-1
621646
- new version 1.4.16.2
621646
  - build: support for automake-1.12
621646
  - build: separate AC variable replacements from xtables.h
621646
  - build: have `make clean` remove dep files too
621646
  - doc: grammatical updates to libxt_SET
621646
  - doc: clean up interpunction in state list for xt_conntrack
621646
  - doc: deduplicate extension descriptions into a new manpage
621646
  - doc: trim "state" manpage and reference conntrack instead
621646
  - doc: have NOTRACK manpage point to CT instead
621646
  - doc: mention iptables-apply in the SEE ALSO sections
621646
  - extensions: libxt_addrtype: fix type in help message
621646
  - include: add missing linux/netfilter_ipv4/ip_queue.h
621646
  - iptables: fix wrong error messages
621646
  - iptables: support for match aliases
621646
  - iptables: support for target aliases
621646
  - iptables-restore: warn about -t in rule lines
621646
  - ip[6]tables-restore: cleanup to reduce one level of indentation
621646
  - libip6t_frag: match any frag id by default
621646
  - libxtables: consolidate preference logic
621646
  - libxt_devgroup: consolidate devgroup specification parsing
621646
  - libxt_devgroup: guard against negative numbers
621646
  - libxt_LED: guard against negative numbers
621646
  - libxt_NOTRACK: replace as an alias to CT --notrack
621646
  - libxt_state: replace as an alias to xt_conntrack
621646
  - libxt_tcp: print space before, not after "flags:"
621646
  - libxt_u32: do bounds checking for @'s operands
621646
  - libxt_*limit: avoid division by zero
621646
  - Merge branch 'master' of git://git.inai.de/iptables
621646
  - Merge remote-tracking branch 'nf/stable'
621646
  - New set match revision with --return-nomatch flag support
621646
- dropped fixrestore patch, upstream
621646
621646
* Wed Aug  1 2012 Thomas Woerner <twoerner@redhat.com> 1.4.15-1
621646
- new version 1.4.15
621646
  - extensions: add HMARK target
621646
  - iptables-restore: fix parameter parsing (shows up with gcc-4.7)
621646
  - iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)
621646
  - libxtables: add xtables_ip[6]mask_to_cidr
621646
  - libxt_devgroup: add man page snippet
621646
  - libxt_hashlimit: add support for byte-based operation
621646
  - libxt_recent: add --mask netmask
621646
  - libxt_recent: remove unused variable
621646
  - libxt_HMARK: correct a number of errors introduced by Pablo's rework
621646
  - libxt_HMARK: fix ct case example
621646
  - libxt_HMARK: fix output of iptables -L
621646
  - Revert "iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)"
621646
621646
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-3
621646
- added fixrestore patch submitted to upstream by fryasu (nfbz#774) 
621646
  (RHBZ#825796)
621646
621646
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-2
621646
- disabled libipq, removed upstream, not provided by kernel anymore
621646
621646
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-1
621646
- new version 1.4.14
621646
  - extensions: add IPv6 capable ECN match extension
621646
  - extensions: add nfacct match
621646
  - extensions: add rpfilter module
621646
  - extensions: libxt_rateest: output all options in save hook
621646
  - iptables: missing free() in function cache_add_entry()
621646
  - iptables: missing free() in function delete_entry()
621646
  - libiptc: fix retry path in TC_INIT
621646
  - libiptc: Returns the position the entry was inserted
621646
  - libipt_ULOG: fix --ulog-cprange
621646
  - libxt_CT: add --timeout option
621646
  - ip(6)tables-restore: make sure argv is NULL terminated
621646
  - Revert "libiptc: Returns the position the entry was inserted"
621646
  - src: mark newly opened fds as FD_CLOEXEC (close on exec)
621646
  - tests: add rateest match rules
621646
- dropped patch5 (cloexec), merged upstream
621646
621646
* Mon Apr 23 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-5
621646
- reenable iptables default services
621646
621646
* Wed Feb 29 2012 Harald Hoyer <harald@redhat.com> 1.4.12.2-4
621646
- install everything in /usr
621646
  https://fedoraproject.org/wiki/Features/UsrMove
621646
621646
* Thu Feb 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-3
621646
- fixed auto enable check for Fedora > 16 and added rhel > 6 check
621646
621646
* Wed Feb 15 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-2
621646
- disabled autostart and auto enable for iptables.service and ip6tables.service
621646
  for Fedora > 16
621646
621646
* Mon Jan 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-1
621646
- new version 1.4.12.2 with new pkgconfig/libip4tc.pc and pkgconfig/libip6tc.pc
621646
  - build: make check stage not fail when building statically
621646
  - build: restore build order of modules
621646
  - build: scan for unreferenced symbols
621646
  - build: sort file list before build
621646
  - doc: clarification on the meaning of -p 0
621646
  - doc: document iptables-restore's -T option
621646
  - doc: fix undesired newline in ip6tables-restore(8)
621646
  - ip6tables-restore: implement missing -T option
621646
  - iptables: move kernel version find routing into libxtables
621646
  - libiptc: provide separate pkgconfig files
621646
  - libipt_SAME: set PROTO_RANDOM on all ranges
621646
  - libxtables: Fix file descriptor leak in xtables_lmap_init on error
621646
  - libxt_connbytes: fix handling of --connbytes FROM
621646
  - libxt_CONNSECMARK: fix spacing in output
621646
  - libxt_conntrack: improve error message on parsing violation
621646
  - libxt_NFQUEUE: fix --queue-bypass ipt-save output
621646
  - libxt_RATEEST: link with -lm
621646
  - libxt_statistic: link with -lm
621646
  - Merge branch 'stable'
621646
  - Merge branch 'stable' of git://dev.medozas.de/iptables
621646
  - nfnl_osf: add missing libnfnetlink_CFLAGS to compile process
621646
  - xtoptions: fill in fallback value for nvals
621646
  - xtoptions: simplify xtables_parse_interface
621646
621646
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.12.1-2
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
621646
621646
* Mon Dec 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12.1-1
621646
- new version 1.4.12.1 with new pkgconfig/libipq.pc
621646
  - build: abort autogen on subcommand failure
621646
  - build: strengthen check for overlong lladdr components
621646
  - build: workaround broken linux-headers on RHEL-5
621646
  - doc: clarify libxt_connlimit defaults
621646
  - doc: fix typo in libxt_TRACE
621646
  - extensions: use multi-target registration
621646
  - libip6t_dst: restore setting IP6T_OPTS_LEN flag
621646
  - libip6t_frag: restore inversion support
621646
  - libip6t_hbh: restore setting IP6T_OPTS_LEN flag
621646
  - libipq: add pkgconfig file
621646
  - libipt_ttl: document that negation is available
621646
  - libxt_conntrack: fix --ctproto 0 output
621646
  - libxt_conntrack: remove one misleading comment
621646
  - libxt_dccp: fix deprecated intrapositional ordering of !
621646
  - libxt_dccp: fix random output of ! on --dccp-option
621646
  - libxt_dccp: provide man pages options in short help too
621646
  - libxt_dccp: restore missing XTOPT_INVERT tags for options
621646
  - libxt_dccp: spell out option name on save
621646
  - libxt_dscp: restore inversion support
621646
  - libxt_hashlimit: default htable-expire must be in milliseconds
621646
  - libxt_hashlimit: observe new default gc-expire time when saving
621646
  - libxt_hashlimit: remove inversion from hashlimit rev 0
621646
  - libxt_owner: restore inversion support
621646
  - libxt_physdev: restore inversion support
621646
  - libxt_policy: remove superfluous inversion
621646
  - libxt_set: put differing variable names in directly
621646
  - libxt_set: update man page about kernel support on the feature
621646
  - libxt_string: define _GNU_SOURCE for strnlen
621646
  - libxt_string: escape the escaping char too
621646
  - libxt_string: fix space around arguments
621646
  - libxt_string: replace hex codes by char equivalents
621646
  - libxt_string: simplify hex output routine
621646
  - libxt_tcp: always print the mask parts
621646
  - libxt_TCPMSS: restore build with IPv6-less libcs
621646
  - libxt_TOS: update linux kernel version list for backported fix
621646
  - libxt_u32: fix missing allowance for inversion
621646
  - src: remove unused IPTABLES_MULTI define
621646
  - tests: add negation tests for libxt_statistic
621646
  - xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT
621646
- removed include/linux/types.h before build to be able to compile
621646
621646
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-2
621646
- dropped temporary provide again
621646
621646
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1.1
621646
- added temporary provides for libxtables.so.6 to be able to rebuild iproute,
621646
  which is part of the standard build environment
621646
621646
* Mon Jul 25 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1
621646
- new version 1.4.12 with support of all new features of kernel 3.0
621646
  - build: attempt to fix building under Linux 2.4
621646
  - build: bump soversion for recent data structure change
621646
  - build: install modules in arch-dependent location
621646
  - doc: fix group range in libxt_NFLOG's man
621646
  - doc: fix version string in ip6tables.8
621646
  - doc: include matches/targets in manpage again
621646
  - doc: mention multiple verbosity flags
621646
  - doc: the -m option cannot be inverted
621646
  - extensions: support for per-extension instance global variable space
621646
  - iptables-apply: select default rule file depending on call name
621646
  - iptables: consolidate target/match init call
621646
  - iptables: Coverity: DEADCODE
621646
  - iptables: Coverity: NEGATIVE_RETURNS
621646
  - iptables: Coverity: RESOURCE_LEAK
621646
  - iptables: Coverity: REVERSE_INULL
621646
  - iptables: Coverity: VARARGS
621646
  - iptables: restore negation for -f
621646
  - libip6t_HL: fix option names from ttl -> hl
621646
  - libipt_LOG: fix ignoring all but last flags
621646
  - libxtables: ignore whitespace in the multiaddress argument parser
621646
  - libxtables: properly reject empty hostnames
621646
  - libxtables: set clone's initial data to NULL
621646
  - libxt_conntrack: move more data into the xt_option_entry
621646
  - libxt_conntrack: restore network-byte order for v1,v2
621646
  - libxt_hashlimit: use a more obvious expiry value by default
621646
  - libxt_rateest: abolish global variables
621646
  - libxt_RATEEST: abolish global variables
621646
  - libxt_RATEEST: fix userspacesize field
621646
  - libxt_RATEEST: use guided option parser
621646
  - libxt_state: fix regression about inversion of main option
621646
  - option: remove last traces of intrapositional negation
621646
- complete changelog:
621646
  http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.12.txt
621646
621646
* Thu Jul 21 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-4
621646
- merged ipv6 sub package into main package
621646
- renamed init scripts to /usr/libexec/ip*tables.init
621646
621646
* Fri Jul 15 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-3
621646
- added support for native systemd file (rhbz#694738)
621646
  - new iptables.service file
621646
  - additional requires
621646
  - moved sysv init scripts to /usr/libexec
621646
  - added new post, preun and postun scripts and triggers
621646
621646
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-2
621646
- dropped temporary provide again
621646
- enabled smp build
621646
621646
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1.1
621646
-  added temporary provides for libxtables.so.5 to be able to rebuild iproute,
621646
   which is part of the standard build environment
621646
621646
* Mon Jul 11 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1
621646
- new version 1.4.11.1, bug and doc fix release for 1.4.11
621646
621646
* Tue Jun  7 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11-1
621646
- new version 1.4.11 with all new features of 2.6.37-39 (not usable)
621646
  - lots of changes and bugfixes for base and extensions
621646
  - complete changelog:
621646
    http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.11.txt
621646
621646
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.10-2
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
621646
621646
* Mon Jan 10 2011 Thomas Woerner <twoerner@redhat.com> 1.4.10-1
621646
- new version 1.4.10 with all new features of 2.6.36
621646
  - all: consistent syntax use in struct option
621646
  - build: fix static linking
621646
  - doc: let man(1) autoalign the text in xt_cpu
621646
  - doc: remove extra empty line from xt_cpu
621646
  - doc: minimal spelling updates to xt_cpu
621646
  - doc: consistent use of markup
621646
  - extensions: libxt_quota: don't ignore the quota value on deletion
621646
  - extensions: REDIRECT: add random help
621646
  - extensions: add xt_cpu match
621646
  - extensions: add idletimer xt target extension
621646
  - extensions: libxt_IDLETIMER: use xtables_param_act when checking options
621646
  - extensions: libxt_CHECKSUM extension
621646
  - extensions: libipt_LOG/libip6t_LOG: support macdecode option
621646
  - extensions: fix compilation of the new CHECKSUM target
621646
  - extensions: libxt_ipvs: user-space lib for netfilter matcher xt_ipvs
621646
  - iptables-xml: resolve compiler warnings
621646
  - iptables: limit chain name length to be consistent with targets
621646
  - libiptc: add Libs.private to pkgconfig files
621646
  - libiptc: build with -Wl,--no-as-needed
621646
  - xtables: remove unnecessary cast
621646
- dropped xt_CHECKSUM, added upstream
621646
621646
* Tue Oct 12 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-2
621646
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
621646
621646
* Wed Aug  4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
621646
- new version 1.4.9 with all new features of 2.6.35
621646
  - doc: xt_hashlimit: fix a typo
621646
  - doc: xt_LED: nroff formatting requirements
621646
  - doc: xt_string: correct copy-and-pasting in manpage
621646
  - extensions: add the LED target
621646
  - extensions: libxt_quota.c: Support option negation
621646
  - extensions: libxt_rateest: fix bps options for iptables-save
621646
  - extensions: libxt_rateest: fix typo in the man page
621646
  - extensions: REDIRECT: add random help
621646
  - includes: sync header files from Linux 2.6.35-rc1
621646
  - libxt_conntrack: do print netmask
621646
  - libxt_hashlimit: always print burst value
621646
  - libxt_set: new revision added
621646
  - utils: add missing include flags to Makefile
621646
  - xtables: another try at chain name length checking
621646
  - xtables: remove xtables_set_revision function
621646
  - xt_quota: also document negation
621646
  - xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
621646
  - xt_sctp: support FORWARD_TSN chunk type
621646
621646
* Fri Jul  2 2010 Thomas Woerner <twoerner@redhat.com> 1.4.8-1
621646
- new version 1.4.8 all new features of 2.6.34 (rhbz#)
621646
  - extensions: REDIRECT: fix --to-ports parser
621646
  - iptables: add noreturn attribute to exit_tryhelp()
621646
  - extensions: MASQUERADE: fix --to-ports parser
621646
  - libxt_comment: avoid use of IPv4-specific examples
621646
  - libxt_CT: add a manpage
621646
  - iptables: correctly check for too-long chain/target/match names
621646
  - doc: libxt_MARK: no longer restricted to mangle table
621646
  - doc: remove claim that TCPMSS is limited to mangle
621646
  - libxt_recent: add a missing space in output
621646
  - doc: add manpage for libxt_osf
621646
  - libxt_osf: import nfnl_osf program
621646
  - extensions: add support for xt_TEE
621646
  - CT: fix --ctevents parsing
621646
  - extensions: add CT extension
621646
  - libxt_CT: print conntrack zone in ->print/->save
621646
  - xtables: fix compilation when debugging is enabled
621646
  - libxt_conntrack: document --ctstate UNTRACKED
621646
  - iprange: fix xt_iprange v0 parsing
621646
621646
* Wed Mar 24 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-2
621646
- added default values for IPTABLES_STATUS_VERBOSE and
621646
  IPTABLES_STATUS_LINENUMBERS in init script
621646
- added missing lsb keywords Required-Start and Required-Stop to init script
621646
621646
* Fri Mar  5 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-1
621646
- new version 1.4.7 with support for all new features of 2.6.33 (rhbz#570767)
621646
  - libip4tc: Add static qualifier to dump_entry()
621646
  - libipq: build as shared library
621646
  - recent: reorder cases in code (cosmetic cleanup)
621646
  - several man page and documentation fixes
621646
  - policy: fix error message showing wrong option
621646
  - includes: header updates
621646
  - Lift restrictions on interface names
621646
- fixed license and moved iptables-xml into base package according to review
621646
621646
* Wed Jan 27 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-2
621646
- moved libip*tc and libxtables libs to /lib[64], added symlinks for .so libs
621646
  to /usr/lib[64] for compatibility (rhbz#558796)
621646
621646
* Wed Jan 13 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-1
621646
- new version 1.4.6 with support for all new features of 2.6.32
621646
  - several man page fixes
621646
  - Support for nommu arches
621646
  - realm: remove static initializations
621646
  - libiptc: remove unused functions
621646
  - libiptc: avoid strict-aliasing warnings
621646
  - iprange: do accept non-ranges for xt_iprange v1
621646
  - iprange: warn on reverse range
621646
  - iprange: roll address parsing into a loop
621646
  - iprange: do accept non-ranges for xt_iprange v1 (log)
621646
  - iprange: warn on reverse range (log)
621646
  - libiptc: fix wrong maptype of base chain counters on restore
621646
  - iptables: fix undersized deletion mask creation
621646
  - style: reduce indent in xtables_check_inverse
621646
  - libxtables: hand argv to xtables_check_inverse
621646
  - iptables/extensions: make bundled options work again
621646
  - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
621646
  - iptables: take masks into consideration for replace command
621646
  - doc: explain experienced --hitcount limit
621646
  - doc: name resolution clarification
621646
  - iptables: expose option to zero packet/byte counters for a specific rule
621646
  - build: restore --disable-ipv6 functionality on system w/o v6 headers
621646
  - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark
621646
  - DNAT: fix incorrect check during parsing
621646
  - extensions: add osf extension
621646
  - conntrack: fix --expires parsing
621646
621646
* Thu Dec 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-2
621646
- dropped nf_ext_init remains from cloexec patch
621646
621646
* Thu Sep 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-1
621646
- new version 1.4.5 with support for all new features of 2.6.31
621646
  - libxt_NFQUEUE: add new v1 version with queue-balance option
621646
  - xt_conntrack: revision 2 for enlarged state_mask member
621646
  - libxt_helper: fix invalid passed option to check_inverse
621646
  - libiptc: split v4 and v6
621646
  - extensions: collapse registration structures
621646
  - iptables: allow for parse-less extensions
621646
  - iptables: allow for help-less extensions
621646
  - extensions: remove empty help and parse functions
621646
  - xtables: add multi-registration functions
621646
  - extensions: collapse data variables to use multi-reg calls
621646
  - xtables: warn of missing version identifier in extensions
621646
  - multi binary: allow subcommand via argv[1]
621646
  - iptables: accept multiple IP address specifications for -s, -d
621646
  - several build fixes
621646
  - several man page fixes
621646
- fixed two leaked file descriptors on sockets (rhbz#521397)
621646
621646
* Mon Aug 24 2009 Thomas Woerner <twoerner@redhat.com> 1.4.4-1
621646
- new version 1.4.4 with support for all new features of 2.6.30
621646
  - several man page fixes
621646
  - iptables: replace open-coded sizeof by ARRAY_SIZE
621646
  - libip6t_policy: remove redundant functions
621646
  - policy: use direct xt_policy_info instead of ipt/ip6t
621646
  - policy: merge ipv6 and ipv4 variant
621646
  - extensions: add `cluster' match support
621646
  - extensions: add const qualifiers in print/save functions
621646
  - extensions: use NFPROTO_UNSPEC for .family field
621646
  - extensions: remove redundant casts
621646
  - iptables: close open file descriptors
621646
  - fix segfault if incorrect protocol name is used
621646
  - replace open-coded sizeof by ARRAY_SIZE
621646
  - do not include v4-only modules in ip6tables manpage
621646
  - use direct xt_policy_info instead of ipt/ip6t
621646
  - xtables: fix segfault if incorrect protocol name is used
621646
  - libxt_connlimit: initialize v6_mask
621646
  - SNAT/DNAT: add support for persistent multi-range NAT mappings
621646
621646
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3.2-2
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
621646
621646
* Wed Apr 15 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.2-1
621646
- new version 1.4.3.2
621646
- also install iptables/internal.h, needed for iptables.h and ip6tables.h
621646
621646
* Mon Mar 30 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.1-1
621646
- new version 1.4.3.1
621646
  - libiptc is now shared
621646
  - supports all new features of the 2.6.29 kernel
621646
- dropped typo_latter patch
621646
621646
* Thu Mar  5 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-3
621646
- still more review fixes (rhbz#225906)
621646
  - consistent macro usage
621646
  - use sed instead of perl for rpath removal
621646
  - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
621646
621646
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
621646
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
621646
621646
* Fri Feb 20 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-1
621646
- new version 1.4.2
621646
- removed TOS value mask patch (upstream)
621646
- more review fixes (rhbz#225906)
621646
- install all header files (rhbz#462207)
621646
- dropped nf_ext_init (rhbz#472548)
621646
621646
* Tue Jul 22 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-2
621646
- fixed TOS value mask problem (rhbz#456244) (upstream patch)
621646
- two more cloexec fixes
621646
621646
* Tue Jul  1 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-1
621646
- upstream bug fix release 1.4.1.1
621646
- dropped extra patch for 1.4.1 - not needed anymore
621646
621646
* Tue Jun 10 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1-1
621646
- new version 1.4.1 with new build environment
621646
- additional ipv6 network mask patch from Jan Engelhardt
621646
- spec file cleanup
621646
- removed old patches
621646
621646
* Fri Jun  6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
621646
- use normal kernel headers, not linux/compiler.h
621646
- change BuildRequires: kernel-devel to kernel-headers
621646
- We need to do this to be able to build for both sparcv9 and sparc64 
621646
  (there is no kernel-devel.sparcv9)
621646
621646
* Thu Mar 20 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-4
621646
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
621646
621646
* Mon Mar  3 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-3
621646
- use the kernel headers from the build tree for iptables for now to be able to 
621646
  compile this package, but this makes the package more kernel dependant
621646
- use s6_addr32 instead of in6_u.u6_addr32
621646
621646
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
621646
- Autorebuild for GCC 4.3
621646
621646
* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-1
621646
- new version 1.4.0
621646
- fixed condrestart (rhbz#428148)
621646
- report the module in rmmod_r if there is an error
621646
- use nf_ext_init instead of my_init for extension constructors
621646
621646
* Mon Nov  5 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-6
621646
- fixed leaked file descriptor before fork/exec (rhbz#312191)
621646
- blacklisting is not working, use "install X /bin/(true|false)" test instead
621646
- return private exit code 150 for disabled ipv6 support
621646
- use script name for output messages
621646
621646
* Tue Oct 16 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-5
621646
- fixed error code for stopping a already stopped firewall (rhbz#321751)
621646
- moved blacklist test into start
621646
621646
* Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
621646
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
621646
- use simpler fix for (rhbz#295611)
621646
  Thanks to Linus Torvalds for the patch.
621646
621646
* Mon Sep 24 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4
621646
- fixed IPv6 reject type (rhbz#295181)
621646
- fixed init script: start, stop and status
621646
- support netfilter compiled into kernel in init script (rhbz#295611)
621646
- dropped inversion for limit modules from man pages (rhbz#220780)
621646
- fixed typo in ip6tables man page (rhbz#236185)
621646
621646
* Wed Sep 19 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-3
621646
- do not depend on local_fs in lsb header - this delayes start after network
621646
- fixed exit code for initscript usage
621646
621646
* Mon Sep 17 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2.1
621646
- do not use lock file for condrestart test
621646
621646
* Thu Aug 23 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2
621646
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
621646
- provide iptc interface again, but unsupported (rhbz#216733)
621646
- compile all extension, which are supported by the kernel-headers package
621646
- review fixes (rhbz#225906)
621646
621646
* Tue Jul 31 2007 Thomas Woerner <twoerner@redhat.com>
621646
- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888)
621646
621646
* Fri Jul 13 2007 Steve Conklin <sconklin@redhat.com> - 1.3.8-1
621646
- New version 1.3.8
621646
621646
* Mon Apr 23 2007 Jeremy Katz <katzj@redhat.com> - 1.3.7-2
621646
- fix error when ipv6 support isn't loaded in the kernel (#236888)
621646
621646
* Wed Jan 10 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1.1
621646
- fixed installation of secmark modules
621646
621646
* Tue Jan  9 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1
621646
- new verison 1.3.7
621646
- iptc is not a public interface and therefore not installed anymore
621646
- dropped upstream secmark patch
621646
621646
* Tue Sep 19 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-2
621646
- added secmark iptables patches (#201573)
621646
621646
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2.1
621646
- rebuild
621646
621646
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2
621646
- bump again for double-long bug on ppc(64)
621646
621646
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.1
621646
- rebuilt for new gcc4.1 snapshot and glibc changes
621646
621646
* Thu Feb  2 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-1
621646
- new version 1.3.5
621646
- fixed init script to set policy for raw tables, too (#179094)
621646
621646
* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 1.3.4-3
621646
- added important iptables header files to devel package
621646
621646
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
621646
- rebuilt
621646
621646
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-2
621646
- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and 
621646
  replace "_init" with "__attribute((constructor)) my_init"
621646
621646
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1.1
621646
- rebuild due to unresolved symbols in shared libraries
621646
621646
* Fri Nov 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1
621646
- new version 1.3.4
621646
- dropped free_opts patch (upstream fixed)
621646
- made libipq PIC (#158623)
621646
- additional configuration options for iptables startup script (#172929)
621646
  Thanks to Jan Gruenwald for the patch
621646
- spec file cleanup (dropped linux_header define and usage)
621646
621646
* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.2-1
621646
- new version 1.3.2 with additional patch for the misplaced free_opts call
621646
  from Marcus Sundberg
621646
621646
* Wed May 11 2005 Thomas Woerner <twoerner@redhat.com> 1.3.1-1
621646
- new version 1.3.1
621646
621646
* Fri Mar 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-2
621646
- Remove unnecessary explicit kernel dep (#146142)
621646
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
621646
  for the patch
621646
- Adapted iptables-config to reference to modprobe.conf (#150143)
621646
- Remove misleading message (#140154): Thanks to Ulrich Drepper
621646
  for the patch
621646
621646
* Mon Feb 21 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-1
621646
- new version 1.3.0
621646
621646
* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
621646
- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
621646
621646
* Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
621646
- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
621646
- modified config file to match this change and un-commented variables with
621646
  default values
621646
621646
* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3
621646
- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
621646
  for the patch
621646
621646
* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
621646
- fixed free bug in iptables (#128322)
621646
621646
* Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
621646
- new version 1.2.11
621646
621646
* Thu Jun 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
621646
- new version 1.2.10
621646
621646
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
621646
- rebuilt
621646
621646
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
621646
- rebuilt
621646
621646
* Thu Feb 26 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-2.3
621646
- fixed iptables-restore -c fault if there are no counters (#116421)
621646
621646
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
621646
- rebuilt
621646
621646
* Sun Jan  25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
621646
- Close File descriptors to prevent SELinux error message
621646
621646
* Wed Jan  7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
621646
- rebuild
621646
621646
* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
621646
- vew version 1.2.9
621646
- new config options in ipXtables-config:
621646
  IPTABLES_MODULES_UNLOAD
621646
- more documentation in ipXtables-config
621646
- fix for netlink security issue in libipq (devel package)
621646
- print fix for libipt_icmp (#109546)
621646
621646
* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
621646
- marked all messages in iptables init script for translation (#107462)
621646
- enabled devel package (#105884, #106101)
621646
- bumped build for fedora for libipt_recent.so (#106002)
621646
621646
* Tue Sep 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-12.1
621646
- fixed lost udp port range in ip6tables-save (#104484)
621646
- fixed non numeric multiport port output in ipXtables-savs
621646
621646
* Mon Sep 22 2003 Florian La Roche <Florian.LaRoche@redhat.de> 1.2.8-11
621646
- do not link against -lnsl
621646
621646
* Wed Sep 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-10
621646
- made variables in rmmod_r local
621646
621646
* Tue Jul 22 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-9
621646
- fixed permission for init script
621646
621646
* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-8
621646
- fixed save when iptables file is missing and iptables-config permissions
621646
621646
* Tue Jul  8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
621646
- fixes for ip6tables: module unloading, setting policy only for existing 
621646
  tables
621646
621646
* Thu Jul  3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
621646
- IPTABLES_SAVE_COUNTER defaults to no, now
621646
- install config file in /etc/sysconfig
621646
- exchange unload of ip_tables and ip_conntrack
621646
- fixed start function
621646
621646
* Wed Jul  2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
621646
- new config option IPTABLES_SAVE_ON_RESTART
621646
- init script: new status, save and restart
621646
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
621646
621646
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
621646
- new config option IPTABLES_STATUS_NUMERIC
621646
- cleared IPTABLES_MODULES in iptables-config
621646
621646
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
621646
- new init scripts
621646
621646
* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
621646
- remove check for very old kernel versions in init scripts
621646
- sync up both init scripts and remove some further ugly things
621646
- add some docu into rpm
621646
621646
* Thu Jun 26  2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
621646
- rebuild
621646
621646
* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
621646
- update to 1.2.8
621646
621646
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
621646
- rebuilt
621646
621646
* Mon Jan 13 2003 Bill Nottingham <notting@redhat.com> 1.2.7a-1
621646
- update to 1.2.7a
621646
- add a plethora of bugfixes courtesy Michael Schwendt <mschewndt@yahoo.com>
621646
621646
* Fri Dec 13 2002 Elliot Lee <sopwith@redhat.com> 1.2.6a-3
621646
- Fix multilib
621646
621646
* Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de>
621646
- fixed iptables and ip6tables initscript output, based on #70511
621646
- check return status of all iptables calls, not just the last one
621646
  in a 'for' loop.
621646
621646
* Mon Jul 29 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.6a-1
621646
- 1.2.6a (bugfix release, #69747)
621646
621646
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
621646
- automated rebuild
621646
621646
* Thu May 23 2002 Tim Powers <timp@redhat.com>
621646
- automated rebuild
621646
621646
* Mon Mar  4 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-3
621646
- Add some fixes from CVS, fixing bug #60465
621646
621646
* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-2
621646
- Merge ip6tables improvements from Ian Prowell <iprowell@prowell.org>
621646
  #59402
621646
- Update URL (#59354)
621646
- Use /sbin/chkconfig rather than chkconfig in %%postun script
621646
621646
* Fri Jan 11 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-1
621646
- 1.2.5
621646
621646
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
621646
- automated rebuild
621646
621646
* Mon Nov  5 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-2
621646
- Fix %%preun script
621646
621646
* Tue Oct 30 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-1
621646
- Update to 1.2.4 (various fixes, including security fixes; among others:
621646
  #42990, #50500, #53325, #54280)
621646
- Fix init script (#31133)
621646
621646
* Mon Sep  3 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.3-1
621646
- 1.2.3 (5 security fixes, some other fixes)
621646
- Fix updating (#53032)
621646
621646
* Mon Aug 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-4
621646
- Fix #50990
621646
- Add some fixes from current CVS; should fix #52620
621646
621646
* Mon Jul 16 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-3
621646
- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
621646
  issues
621646
621646
* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-2
621646
- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt
621646
  <mschwendt@yahoo.com>
621646
621646
* Tue May  8 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-1
621646
- 1.2.2
621646
621646
* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- 1.2.1a, fixes #28412, #31136, #31460, #31133
621646
621646
* Thu Mar  1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- Yet another initscript fix (#30173)
621646
- Fix the fixes; they fixed some issues but broke more important
621646
  stuff :/ (#30176)
621646
621646
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- Fix up initscript (#27962)
621646
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
621646
621646
* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
621646
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
621646
621646
* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
621646
- fix bugzilla #25986 (initscript not marked as config file)
621646
- fix bugzilla #25962 (iptables-restore)
621646
- mv chkconfig --del from postun to preun
621646
621646
* Thu Feb  1 2001 Trond Eivind Glomsrød <teg@redhat.com>
621646
- Fix check for ipchains
621646
621646
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- Some fixes to init scripts
621646
621646
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- Add some fixes from CVS, fixes among other things Bug #24732
621646
621646
* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- Add missing man pages, fix up init script (Bug #17676)
621646
621646
* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
621646
- add init script
621646
621646
* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- 1.2
621646
- fix up ipv6 split
621646
- add init script
621646
- Move the plugins from /usr/lib/iptables to /lib/iptables.
621646
  This needs to work before /usr is mounted...
621646
- Use -O1 on alpha (compiler bug)
621646
621646
* Sat Jan  6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- 1.1.2
621646
- Add IPv6 support (in separate package)
621646
621646
* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
621646
- build everywhere
621646
621646
* Tue Jul 25 2000 Bernhard Rosenkraenzer <bero@redhat.com>
621646
- 1.1.1
621646
621646
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
621646
- automatic rebuild
621646
621646
* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
621646
- move iptables to /sbin.
621646
- excludearch alpha for now, not building there because of compiler bug(?)
621646
621646
* Fri Jun  9 2000 Bill Nottingham <notting@redhat.com>
621646
- don't obsolete ipchains either
621646
- update to 1.1.0
621646
621646
* Sun Jun  4 2000 Bill Nottingham <notting@redhat.com>
621646
- remove explicit kernel requirement
621646
621646
* Tue May  2 2000 Bernhard Rosenkränzer <bero@redhat.com>
621646
- initial package