File iptables.spec of Package iptables
#
# spec file for package iptables (Version 1.4.1.91)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
%define real_ver 1.4.2-rc1
Name: iptables
License: GPL v2 or later
Group: Productivity/Networking/Security
AutoReqProv: on
Version: 1.4.1.91
Release: 1
Summary: IP Packet Filter Administration
Source0: %{name}-%{real_ver}.tar.bz2
Source1: %{name}-%{real_ver}-debian-howtos.tar.bz2
Patch0: %{name}-batch.patch
Url: http://www.iptables.org
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: linux-kernel-headers sgmltool
%description
Iptables is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel. This version requires kernel
2.4.0 or newer.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%package devel
License: GPL v2 or later
Summary: Libraries, Headers and Development Man Pages for libipq
Group: Development/Libraries/C and C++
AutoReqProv: on
Requires: %{name} = %{version}
%description devel
These libraries are needed to compile programs against libipq.
Authors:
--------
Netfilter Core Team <netfilter-core@linuxcare.com.au>
%prep
%setup -q -a 1 -n %{name}-%{real_ver}
%patch0
%build
autoreconf -f -i
%configure \
--enable-libipq
make %{?jobs:-j%jobs}
# build howtos
cd howtos
make
%install
make DESTDIR=$RPM_BUILD_ROOT install
# install -m755 iptables-batch ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc COPYING INCOMPATIBILITIES howtos/*.html
%doc %{_mandir}/man8/*
%{_bindir}/iptables*
%{_sbindir}/iptables*
%{_sbindir}/ip6tables*
%dir %{_libdir}/xtables
%{_libdir}/xtables/*
%files devel
%defattr(-,root,root)
%doc %{_mandir}/man3/*
%{_libdir}/*.a
%{_includedir}/*
%changelog
* Wed Sep 10 2008 prusnak@suse.cz
- updated to 1.4.2-rc1
* libxt_TOS: make sure --set-tos value/mask is recognized
* libiptc: fix scalability performance issue during initial ruleset parsing
* xt_string: string extension case insensitive matching
* ip6tables: add --goto support
* Wed Sep 10 2008 prusnak@suse.cz
- updated to 1.4.1.1
* iptables: fix printing of line numbers with --line-numbers arg
* ip6tables: fix printing of ipv6 network masks
* build: fix `make install` when --disable-shared is used
* iprange: kernel flags were not set
* Wed Sep 10 2008 prusnak@suse.cz
- updated to 1.4.1
* iptables: use C99 lists for struct options
* Make iptables-restore usable over a pipe
* Add support for --set-counters to iptables -P
* iptables --list-rules command
* iptables --list chain rulenum
* Make --set-counters (-c) accept comma separated counters
* libxt_iprange: Fix IP validation logic
* fix ip6tables dest address printing
* Converts the iptables build infrastructure to autotools.
* Introduce strtonum(), which works like string_to_number(), but passes
* print warning when dlopen fails
* libxt_owner: UID/GID range support
* Fix compilation of iptables-static build
* xtables.h: move non-exported parts to internal.h
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
* manpages: fix broken markup (missing close tags)
* manpages: update to reflect fine-grained control
* configure: split --enable-libipq from --enable-devel
* Add all necessary header files - compilation fix for various cases
* Install libiptc header files because xtables.h depends on it
* Implement AF_UNSPEC as a wildcard for extensions
* Combine ipt and ip6t manpages
* Resolve warnings on 64-bit compile
* Wrap dlopen code into NO_SHARED_LIBS
* Remove support for compilation of conditional extensions
* Resolve libipt_set warnings
* Update documentation about building the package
* configure.ac: AC_SUBST must be separate
* Dynamically create xtables.h.in with version
* configure.ac: remove already-defined variables
* Remove old functions, constants
* Makefile.am: use PACKAGE_TARNAME
* iptables out-of-tree build directory
* Introduce a counter for number of user defined chains.
* Solving scalability issue: for chain list "name" searching.
* REDIRECT: Allow symbolic port in REDIRECT --to-port
* Fix iptables-save output of libxt_owner match
* allow empty strings in argument parser
* Fix define value of SCTP chunk type.
* cleanup several code wraparounds
* Add RATEEST target extension
* Add rateest match extension
* Properly initialize revision for ip6tables targets
* Resync header files with kernel
* libiptc: move variable definitions to head of function
* Fix CONNMARK mask initialisation
* iptables-save:remove unnecessary code.
* Don't assume /bin/sh is bash
* Add xtables version defines.
* Use s6_addr32 to access bits in int6_addr instead of incompatible name
* Tue Jan 08 2008 prusnak@suse.cz
- updated to 1.4.0:
* Add support for generic xtables infrastructure (improved IPv6 support!)
* Deletes empty ->final_check() functions
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
* Remove last vestiges of NFC
* Make @msg argument a const char *, just like printf
* Makes it possible to omit extra_opts of matches/targets if unnecessary
* Fix "iptables getsockopt failed strangely" when querying revisions
for non-existant matches and targets
* Introduces DEST_IPT_LIBDIR in Makefile
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
* Fix unused function warning
* Don't use dlfcn.h if NO_SHARED_LIBS is defined
* Fix showing help text for matches/targets with revision as user
* Print warnings to stderr
* Fix sscanf type errors
* Always print mask in iptables-save
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
* Adds --table to iptables-restore
* Make DO_MULTI=1 work for ip6tables* binaries
* Add ip6tables-{save,restore} to non-experimental target,
fix strict aliasing warnings
* Introducing libxt_*.man files. Sorted matches and modules
* Install ip6tables-{save,restore} manpages
* Performance optimization in sorting chain during pull-out
* Fix sockfd use accounting for kernels without autoloading
* use <linux/types.h>
* Fix make/compile error for iptables-1.4.0rc1
* Fix for --random option in DNAT and REDIRECT
* Document xt_statistic
* sctp: fix - mistake to pass a pointer where array is required
* Fix connlimit output for inverted --connlimit-above:
! > is <=, not <
* Add NFLOG manpage
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
* fix check_inverse() call
- removed obsolete patch:
* strict-aliasing-fix.diff (included in update)
* Tue Jul 31 2007 prusnak@suse.cz
- removed sed scripts in %%prep section from last update
* not needed anymore
* Thu Jul 26 2007 prusnak@suse.cz
- updated to 1.3.8
* Fix build error of conntrack match
* Remove whitespace in ip6tables.c
* `-p all' and `-p 0' should be allowed in ip6tables
* hashlimit doc update
* add --random option to DNAT and REDIRECT
* Makefile uses POSIX conform directory check
* Fix missing newlines in iptables-save/restore output
* Update quota manpage for SMP
* Output for unspecified proto is `all' instead of `0'
* Fix iptables-save with --random option
* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs
* Remove libnsl from LDLIBS
* Fix problem with iptables-restore and quotes
* Remove unnecessary includes
* Fix --modprobe parameter
* ip6tables-restore should output error of modprobe after failed to load
* Add random option to SNAT
* Fix missing space in error message
* Fixes for manpages of tcp, udp, and icmp{,6}
* Add ip6tables mh extension
* Fix tcpmss manpage
* Add ip6tables TCPMSS extension
* Add UDPLITE multiport support
* Fix missing space in ruleset listing
* Remove extensions for unmaintained/obsolete patchlets
* Fix greedy debug grep
* Fix type in manpage
* Fix compile/install error for iptables-xml with DO_MULTI=1
- dropped obsolete patches:
* newlines.diff (included in update)
* shlibs.diff (done by sed in %%prep section)
* extensions.diff
* Wed May 09 2007 prusnak@suse.cz
- added newlines to error messages (newlines.diff) [#271847]
* Tue Mar 13 2007 prusnak@suse.cz
- added initial setting of KERNEL_DIR variable in %%install section of spec file
* Tue Jan 09 2007 prusnak@suse.cz
- added experimental tools and extensions (removed by last update)
* Wed Jan 03 2007 prusnak@suse.cz
- updated to 1.3.7
* Add revision support for ip6tables
* Add port range support for ip6tables multiport match
* Add sctp match extension for ip6tables
* Add iptables-xml tool
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
* Bugfixes
- updated debian-docs and moved into tar.bz2
* Thu Nov 16 2006 mjancar@suse.cz
- allow setting KERNEL_DIR on commandline for build (#220851)
* Tue Oct 17 2006 anosek@suse.cz
- updated to version 1.3.6
* Support multiple matches of the same type within a single rule
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
* SELinux SECMARK target (needs kernel >= 2.6.18)
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
* Add support for statistic match (needs kernel >= 2.6.18)
* Optionally read realm values from /etc/iproute2/rt_realms
* Bugfixes
* Wed Feb 01 2006 lnussel@suse.de
- updated to version 1.3.5
* supports ip6tables state and conntrack \o/ (#145758)
* Fri Jan 27 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 schwab@suse.de
- Fix building of shared libraries.
* Tue Jan 17 2006 postadal@suse.cz
- updated policy extension from upstream (policy-1.3.4.patch)
* ported for changes in kernel
* Tue Nov 15 2005 postadal@suse.cz
- updated to version 1.3.4
- added RPM_OPT_FLAGS to CFLAGS
- fixed strict aliasing (strict-aliasing-fix.patch)
* Mon Aug 01 2005 lnussel@suse.de
- add iptables-batch and ip6tables-batch
* Mon Aug 01 2005 postadal@suse.cz
- updated to version 1.3.3
* Wed Jul 27 2005 postadal@suse.cz
- updated to version 1.3.2
* Wed Mar 09 2005 postadal@suse.cz
- updated to version 1.3.1 (bug fixes)
* Thu Feb 17 2005 postadal@suse.cz
- updated to version 1.3.0
- removed obsoleted patch modules-secfix
* Tue Nov 02 2004 postadal@suse.cz
- fixed uninitialised variable [#47850] - CAN-2004-0986
* Tue Aug 17 2004 mludvig@suse.cz
- Fixed mode for extensions/.policy-test6
* Thu Aug 05 2004 mludvig@suse.cz
- Added IPv6 support to the 'policy' match.
* Wed Aug 04 2004 postadal@suse.cz
- updated to version 1.2.11
- removed obsoleted patch clusterip
* Sat Apr 24 2004 lmb@suse.de
- Add support for Cluster IP functionality.
* Wed Apr 21 2004 mludvig@suse.cz
- Added module for IPv6 conntrack from USAGI.
* Wed Mar 24 2004 mludvig@suse.cz
- Added policy module from patch-o-matic
* Fri Feb 06 2004 postadal@suse.cz
- updated to version 1.2.9.
* Sat Jan 10 2004 adrian@suse.de
- add %%defattr
* Wed Jul 23 2003 postadal@suse.cz
- updated to 1.2.8
* Tue Apr 08 2003 schwab@suse.de
- Prefer sanitized kernel headers.
* Thu Sep 05 2002 postadal@suse.cz
- updated to bugfixed 1.2.7a version
* Wed Aug 28 2002 postadal@suse.cz
- added Requires %%{name} = %%{version} to devel package
* Thu Aug 08 2002 nadvornik@suse.cz
- updated to 1.2.7
* Wed Mar 27 2002 postadal@suse.cz
- revert to compile it with kernel headers (#15448)
* Fri Feb 01 2002 nadvornik@suse.cz
- compiled with kernel headers from glibc
* Tue Jan 15 2002 nadvornik@suse.cz
- update to 1.2.5
* Wed Nov 14 2001 nadvornik@suse.cz
- updated to 1.2.4 [bug #12104]
- fixed problems with iptables-save/restore
- iptables-1.2.4.debian.diff.bz2 contains documentation only,
Makefile changes moved to separate patch
* Sat Sep 22 2001 garloff@suse.de
- Fix ipt_string support (compile fix).
* Tue Jul 17 2001 garloff@suse.de
- Update to iptables-1.2.2
- Appply debian patch: mostly docu stuff
- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
.spec file to compile and install ip(6)tables-save/restore apps.
* Fri Apr 06 2001 kukuk@suse.de
- changed neededforbuild from lx_suse to kernel-source
* Wed Mar 28 2001 lmuelle@suse.de
- update to 1.2.1a
- add devel package with libipq stuff
- minor spec file cleanup
* Sun Jan 28 2001 olh@suse.de
- update to 1.2, needed for ppc and sparc
* Tue Dec 19 2000 nadvornik@suse.cz
- compiled with lx_suse
* Tue Oct 17 2000 nadvornik@suse.cz
- update to 1.1.2
* Fri Sep 22 2000 ro@suse.de
- up to 1.1.1
* Fri Jun 09 2000 ro@suse.de
- fixed neededforbuild
* Wed Jun 07 2000 nadvornik@suse.cz
- new package 1.1.0
