File nftables.changes of Package nftables

-------------------------------------------------------------------
Mon Aug 19 12:37:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Update to new upstream release 0.9.2
  * Transport header port matching, e.g. "th dport 53"
  * Support for matching on IPv4 options
  * Support for synproxy

-------------------------------------------------------------------
Sat Jan 19 20:53:09 UTC 2019 - Stefan BrĂ¼ns <stefan.bruens@rwth-aachen.de>

- Remove unused dblatex BuildRequires, only needed for the optional
  and disabled PDF generation (same contents as shipped manpage).

-------------------------------------------------------------------
Sat Jun  9 07:28:57 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.9.0
  * Support to check if packet matches an existing socket.
  * Support to limit number of active connections by arbitrary
    criteria, such as ip addresses, networks, conntrack zones or
    any combination thereof.
  * Added support for "audit" logging.

-------------------------------------------------------------------
Fri May 11 07:30:10 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.8.5
  * support to add/insert a rule at a given index position
  * meter statement now supports a configureable upper max size
  * timeouts for sets can now be specified in milliseconds
  * re-add iptables-like empty skeleton rulesets

-------------------------------------------------------------------
Wed May  2 06:08:00 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.8.4
  * Support to match IPv6 segment routing headers.
  * New "meta ibrname" and "meta obrname" arguments to match the
    name of the logical bridge a packet is passing through.
    These new names replace the old (misnamed) "ibriport"/"obriport".
  * `nft -a` will now show handle identifier for all objects,
    including tables and chains.
  * nft can now delete objects by their handle number.
  * Support to update maps from the ruleset (packet path).
  * the "--echo" option now prints handle id for tables and
    object too.
  * `nft -f -` will now read from standard input
  * Support for flow tables, cf. man page or
    https://lwn.net/Articles/738214/ .

-------------------------------------------------------------------
Sat Mar  3 22:59:01 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.8.3
  * raw payload support to match headers that do not yet have
    received a mnemonic.

-------------------------------------------------------------------
Sat Feb  3 14:26:36 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.8.2
  * add secpath support

-------------------------------------------------------------------
Tue Jan 16 14:16:40 UTC 2018 - jengelh@inai.de

- Update to new upstream release 0.8.1
  * This release deprecates the "flow table" syntax in favor
    of "meter".

-------------------------------------------------------------------
Fri Oct 13 08:39:41 UTC 2017 - jengelh@inai.de

- Update to new upstream release 0.8
  * This release contains new features available up to the
    (upcoming) Linux 4.14 kernel release:
  * Support for stateful objects, these objects are uniquely
    identified by a user-defined name, you can refer to them from
    rules, and there is a well established interface to operate
    with them.
  * Sort set elements when listing them, from lower to largest.
  * TCP option matching and mangling support. This includes TCP
    maximum segment size mangling.
  * Add new "-s" option for listings without stateful information.
  * Add new -c/--check option for nft, to tests if your ruleset
    loads fine, into the kernel, this is a dry run mode.
  * Connection tracking helper support.
  * Add --echo option, to print the handle that the kernel
    allocates to uniquely identify rules.
  * Conntrack zone support
  * Symmetric hash support
  * Add support to include directories from nft natives scripts,
    files are loaded in alphanumerical order.
  * Allow to check if IPv6 extension header or TCP option exists
    or is missing.
  * Extend quota support to display used bytes.
  * Add ct average matching, to match average bytes per packet a
    connection has transferred so far, to map the existing
    feature available in the iptables connbytes match.
  * Allow to flush maps and flow tables.
  * Allow to embed set definition into an existing set.
  * Conntrack event filtering support via rule.

-------------------------------------------------------------------
Tue Dec 20 22:35:41 UTC 2016 - jengelh@inai.de

- Update to new upstream release 0.7
  * Add new fib expression, which can be used to obtain the
    output interface from the route table based on either source
    or destination address of a packet.
  * Support hashing of any arbitrary key combination, eg.
  * Add number generation support. Useful for round-robin packet
    mark setting.
  * Add quota support, eg.
  * Introduce routing expression, for routing related data with
    support for nexthop
  * Notrack support, to explicitly skip connection tracking for
    matching packets.
  * Support to set non-byte bound packet header fields, including
    checksum adjustment.
  * Add 'create set' and 'create element' commands.
  * Allow to use variable reference for set element definitions.
  * Allow to use variable definitions from element commands.
  * Add support to flush set. You can use this new command to
    remove all existing elements in a set.
  * Inverted set lookups.
  * Honor absolute and relative paths via include file, where:
  * Support log flags, to enable logging TCP sequence and options.
  * tc classid parser support, eg.
  * Allow numeric connlabels, so if connlabel still works with
    undefined labels.

-------------------------------------------------------------------
Thu Jun  2 18:31:23 UTC 2016 - jengelh@inai.de

- Update to new upstream release 0.6
* Rules may be replaced now
* Flow table support (requires Linux >= 4.3)
* Support for tracing
* Ratelimiting now supports units like bytes/second.
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol

-------------------------------------------------------------------
Thu Sep 17 21:16:31 UTC 2015 - jengelh@inai.de

- Update to new upstream release 0.5
* Support combinations of two or more selectors to build a tuple
* Timeout support for sets
* Dormant flag for tables
* Default chain policy specifiable on creation

-------------------------------------------------------------------
Sat May 23 23:06:12 UTC 2015 - mrueckert@suse.de

- set the url to the project page
- pass --disable-silent-rules to configure to allow gcc post build
  check to work

-------------------------------------------------------------------
Tue Dec 16 01:25:00 UTC 2014 - jengelh@inai.de

- Update to new upstream release 0.4
* Since Linux 3.18: support for global ruleset operations
* Since 3.17: full logging support for all the families,
  including nfnetlink_log
* 3.16: automatic selection of the optimal set implementation
* 3.14: reject support for ip, ip6 and inet
* 3.18: reject support for bridge, and reject icmpx abstraction
* 3.18: masquerade support
* 3.19: redirect support
* Extend meta to support pkttype, cpu and devgroup matching.

-------------------------------------------------------------------
Fri Jun 27 17:08:46 UTC 2014 - jengelh@inai.de

- Update to new upstream release 0.3
* More compact syntax for the queue action
* Match input and output bridge interface name through "meta
  ibriport" and "meta obriport"
* netlink event monitor, to monitor ruleset events, set changes, etc.
* New transaction infrastructure - fully atomic updates for all
  object available in the upcoming 3.16.

-------------------------------------------------------------------
Mon Jan 13 09:05:35 UTC 2014 - jengelh@inai.de

- Initial package for build.opensuse.org