Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
iptables
iptables.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File iptables.changes of Package iptables
------------------------------------------------------------------- Sat Oct 21 06:03:26 UTC 2023 - Jan Engelhardt <jengelh@inai.de> - The presence of nftables does not mandate that iptables use backend-nft [bsc#1206383]. ------------------------------------------------------------------- Tue Oct 10 11:43:57 UTC 2023 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.10 * xtables-translate: support rule insert with index * broute table support in ebtables-nft * nft-variants' debug output (pass multiple ``-v`` flags) now contains sets if present * Add mld-listener type names to icmp6 match ------------------------------------------------------------------- Mon Feb 13 14:29:48 UTC 2023 - Danilo Spinella <danilo.spinella@suse.com> - Use nftables backend by default when nftables is installed, bsc#1206383 ------------------------------------------------------------------- Thu Jan 12 22:58:50 UTC 2023 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.9 * arptables-nft: Support --exact flag * Support more chunk types in the "sctp" extension * Print `--` in ip6tables' "opt" column for consistency with iptables * More verbose error messages if iptables-nft-restore fails * Support `-p Length` with ebtables-nft, needed for 802_3 extension. ------------------------------------------------------------------- Thu Jul 21 12:43:02 UTC 2022 - Ludwig Nussel <lnussel@suse.com> - add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so ------------------------------------------------------------------- Fri May 13 15:39:33 UTC 2022 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.8 * Add iptables-translate support for: sctp match's --chunk-types option, connlimit match, multiport match's --ports option, and the tcpmss match. * Reject setuid executables in libxtables for safety reasons * Extended arptables-nft with -C, -I, -R, -S cmomands and the "-c N,M" counter syntax. * Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times * Improved performance of iptables-save and -restore ------------------------------------------------------------------- Thu Dec 30 15:05:20 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com> - Only use nftables backend when iptables-backend-nft is installed when using libalternatives ------------------------------------------------------------------- Fri Nov 19 11:17:27 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com> - Fix libalternatives configuration for ebtables and arptables by keeping argv0, fixes bsc#1192799. ------------------------------------------------------------------- Wed Oct 20 11:15:19 UTC 2021 - Stefan Schubert <schubi@suse.de> - Added alts requirements for iptables-backend-nft package. ------------------------------------------------------------------- Thu Sep 16 11:40:45 UTC 2021 - Stefan Schubert <schubi@suse.com> - Removed update-alternatives dependency in libalternatives mode. ------------------------------------------------------------------- Tue Aug 3 07:13:19 UTC 2021 - Stefan Schubert <schubi@suse.com> - Use libalternatives instead of update-alternatives. ------------------------------------------------------------------- Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.7 * iptables-nft: * Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance. * Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable. * Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains. ------------------------------------------------------------------- Sun Nov 1 12:31:34 UTC 2020 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.6 * iptables-nft had pointlessly added "bitwise" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases). * iptables-nft-restore: Support basechain policy value of "-" (indicating to not change the chain's policy). * nft-translte: Fix translation of ICMP type "any" match. ------------------------------------------------------------------- Wed Jun 3 13:21:57 UTC 2020 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.5 * IDLETIMER: Add alarm timer option * nft: CT: add translation for NOTRACK - Drop iptables-apply-mktemp-fix.patch (seemingly applied) ------------------------------------------------------------------- Mon Dec 2 20:01:25 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Update to release 1.8.4 * Fix for wrong counter format in `ebtables-nft-save -c` output. * Print typical iptables-save comments in arptables- and ebtables-save, too. * xt_owner: add --suppl-groups option * Remove support for /etc/xtables.conf * Restore support for "-4" and "-6" options in rule lines. ------------------------------------------------------------------- Mon Sep 30 13:21:38 UTC 2019 - Kristyna Streitova <kstreitova@suse.com> - Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update. ------------------------------------------------------------------- Fri Sep 6 10:19:25 UTC 2019 - Kristyna Streitova <kstreitova@suse.com> - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft) ------------------------------------------------------------------- Tue May 28 08:37:39 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 1.8.3 * ebtables: Fix rule listing with counters * ebtables-nft: Support user-defined chain policies - Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed) ------------------------------------------------------------------- Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821] ------------------------------------------------------------------- Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová <kstreitova@suse.com> - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where 'iptables -L' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751]. ------------------------------------------------------------------- Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 1.8.2 * Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft. ------------------------------------------------------------------- Tue Oct 23 14:25:53 UTC 2018 - Jan Engelhardt <jengelh@inai.de> - Update to new upstream release 1.8.1 * New cgroup match revision with reduced memory footprint ------------------------------------------------------------------- Mon Sep 24 08:14:16 UTC 2018 - astieger@suse.com - note build-time dependency on libnftnl >= 1.1.1 ------------------------------------------------------------------- Tue Sep 4 08:08:22 UTC 2018 - Markos Chandras <mchandras@suse.de> - Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency. ------------------------------------------------------------------- Mon Jul 9 09:38:13 UTC 2018 - jengelh@inai.de - Update to new upstream release 1.8.0 and snapshot 1.8.0.g75 * The ipv6 "srh" match can now match previous/next/last sid * CONNMARK target now supports bit-shifting for restore,set and save-mark. * DNAT now supports shifted portmap ranges. * iptables now comes in two backends: legacy and nft. ------------------------------------------------------------------- Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de - Use %license instead of %doc [bsc#1082318] ------------------------------------------------------------------- Mon Mar 12 10:08:53 UTC 2018 - matthias.gerstner@suse.com - Fix ethertypes ownership, should be %exclude, not %ghost. ------------------------------------------------------------------- Thu Feb 22 16:21:38 UTC 2018 - matthias.gerstner@suse.com - Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520 ------------------------------------------------------------------- Sat Feb 3 14:02:59 UTC 2018 - jengelh@inai.de - Update to new upstream release 1.6.2 * add support for the "srh" match * add randomize-full for the "MASQUERADE" target * add rate match mode to the "hashlimit" match ------------------------------------------------------------------- Thu Jun 22 15:34:40 UTC 2017 - matthias.gerstner@suse.com - Add iptables-batch-lock.patch: Fix a locking issue of iptables-batch which can cause it to spuriously fail when other programs modify the iptables rules in parallel (bnc#1045130). This can especially affect SuSEfirewall2 during startup. ------------------------------------------------------------------- Fri Jan 27 22:53:14 UTC 2017 - jengelh@inai.de - Update to new upstream release 1.6.1 * add support for hashlimit rev 2 for higher pps rates * add support for cgroup2 path matching * translation program for nft ------------------------------------------------------------------- Fri Dec 18 20:06:41 UTC 2015 - jengelh@inai.de - Update to final release 1.6.0 * Only a build fix, no new significant changes. ------------------------------------------------------------------- Mon Nov 23 11:07:15 UTC 2015 - jengelh@inai.de - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~] * -m ah/esp/rt: restore matching "any SPI id" by default (they unexpectedly defaulted to --spi 0 rather than --spi ALL) * -m cgroup: new module * -m dst: make ! --dst-len work * -m ipcomp: new module * -m socket: add --restore-skmark option * -j CT: add support for new zone options * -j REJECT: add missing ICMPv6 codes * -j TEE: make it possible to delete rules with -D ... -j * -j SNAT/DNAT: add randomize-full support ------------------------------------------------------------------- Thu Apr 24 09:54:12 UTC 2014 - dmueller@suse.com - remove dependency on gpg-offline (blocks rebuilds and tarball integrity is checked by source-validator anyway) ------------------------------------------------------------------- Wed Apr 23 16:20:02 UTC 2014 - dmueller@suse.com - remove dependency on sgmltool: doesn't seem to be used and reduces rebuild time on aarch64 by 8 hours ------------------------------------------------------------------- Sat Nov 23 04:39:31 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.21 * --nowildcard option for xt_socket, available since Linux kernel 3.11 * SYNPROXY support, available since Linux kernel 3.12 ------------------------------------------------------------------- Wed Aug 7 13:19:02 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.20 * Introduce a new revision for the set match with the counters support * Add locking to prevent concurrent instances ------------------------------------------------------------------- Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.19.1 * New connlabel and bpf matches - Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch, 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch (are upstream) ------------------------------------------------------------------- Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de - libxt_state.so symlink was not installed (bnc#815182); fix by removing 0001-build-also-use-libtool-for-install-stage.patch, removing 0001-build-do-not-dereference-symlinks-on-installation.patch, adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch, adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch ------------------------------------------------------------------- Wed Mar 20 08:22:20 UTC 2013 - cfarrell@suse.com - license update: GPL-2.0 and Artistic-2.0 GPL version does not have ^or later^ due to inclusion of numerous GPL 2 ^only^ files. Also, aggregation of Artistic-2.0 content ------------------------------------------------------------------- Mon Mar 4 21:42:12 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.18 * documentation updates - Create subpackage xtables-plugins, to aid packaging of xtadm - Add 0001-build-do-not-dereference-symlinks-on-installation.patch as a prerequisite for: - Add 0001-build-also-use-libtool-for-install-stage.patch to kill of undesired DT_RPATH entries ------------------------------------------------------------------- Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.17 * libxt_time: add support to ignore day transition * libxt_statistic: fix save output ------------------------------------------------------------------- Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz - Verify GPG signature ------------------------------------------------------------------- Thu Nov 15 16:06:15 UTC 2012 - lnussel@suse.de - list all required binaries explicitly to make sure all of them are actually compiled ------------------------------------------------------------------- Thu Nov 15 14:15:48 UTC 2012 - jengelh@inai.de - Always regenerate files due to SUSE's iptables-batch patch ------------------------------------------------------------------- Mon Oct 8 12:42:37 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.16.3 * This release includes aliasing support which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well. ------------------------------------------------------------------- Tue Jul 31 12:08:07 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.15 * libxt_recent: add --mask netmask * libxt_hashlimit: add support for byte-based operation ------------------------------------------------------------------- Sat May 26 19:35:38 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.14 * Support for the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT target. ------------------------------------------------------------------- Tue Mar 27 13:29:31 UTC 2012 - jengelh@medozas.de - Update to new upstream release 1.4.13 * Add the rpfilter, nfacct and IPv6 ECN extensions ------------------------------------------------------------------- Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de - Update to newer git snapshot (v1.4.12.2-28-g2117f2b, but master branch), tag locally as 1.4.12.90. * ships missing pkgconfig files, compile fix for libnfnetlink * libxt_NFQUEUE: fix --queue-bypass ipt-save output * libxt_connbytes: fix handling of --connbytes FROM * libxt_recent: Add support for --reap option - split iptables-devel into libiptc-devel and libxtables-devel ------------------------------------------------------------------- Wed Dec 28 09:50:23 UTC 2011 - puzel@suse.com - iptables-apply-mktemp-fix.patch (bnc#730161) ------------------------------------------------------------------- Wed Nov 30 14:28:11 UTC 2011 - coolo@suse.com - add automake as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Tue Oct 4 23:01:57 UTC 2011 - jengelh@medozas.de - Update to a newer git snapshot of the stable branch (to v1.4.12.1-16-gd2b0eaa) * resolve failure to load extensions that depend on libm.so - rediff of iptables-batch due to fuzz - relax runtime requires ------------------------------------------------------------------- Thu Sep 1 17:09:05 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.12.1 * regression fixes for the new (stricter) command-line parser - restore --includedir= in spec file - Put libxtables into its own subpackage so that one does not need a lockstep update of iproute2 on a new iptables package - Remove redundant fields (Autoreqprov defaults to on, License is inherited from main package) ------------------------------------------------------------------- Sat Aug 13 01:39:38 CEST 2011 - draht@suse.de - include path is /usr/include ------------------------------------------------------------------- Mon Aug 8 00:42:53 UTC 2011 - jengelh@medozas.de - Put include files into a separate directory to flag up missing CFLAGS. libipq.pc will now be provided. - Enable build of nfnl_osf, a tool to upload OS fingerprints to the kernel for use with xt_osf. ------------------------------------------------------------------- Fri Jul 22 13:12:50 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.12 * Include lost match/target descriptions in manpage again * libxt_LOG: fix ignorance of all but the last flag * libxt_HL: restore hl-* option names * libxt_hashlimit: use a more obvious expiry value by default * libxt_RATEEST: fix find-and-delete of rules with -j RATEEST * ipv4: restore negation for the -f option * Reject empty host specifications (e.g. -s "") * libxt_conntrack: restore network byteordering for ABI v1 & v2 * Documentation updates ------------------------------------------------------------------- Wed Jun 8 10:20:57 UTC 2011 - jengelh@medozas.de - Update to snapshot 1.4.11+git16 * libxt_owner: restore inversion support * option: fix ignored negation before implicit extension loading * build: fix installation of symlinks * build: fix absence of xml translator in IPv6-only builds - Drop merged patches ------------------------------------------------------------------- Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.11 * stricter option parsing * support for the current xt_SET target as contained in 2.6.39 * support for the new xt_devgroup match * support for the new xt_AUDIT target * support for a new NFQUEUE bypass option, allowing to bypass the queue if no userspace listener is present * a new iptables option "-C" to check for existence of a rules - Fixes on top * allow negation of --uid-owner/--gid-owner again * fix installation of symlinks - Run spec-beautifier ------------------------------------------------------------------- Fri Oct 29 17:56:48 UTC 2010 - jengelh@medozas.de - Update to new upstream release 1.4.10 * this is the release for the Linux 2.6.36 kernel * support for the cpu match, which can be used to improve cache locality when running multiple server instances * support for the IDLETIMER target, which can be used to notify userspace of interfaces being idle * support for the CHECKSUM target * support for the ipvs match * a fix for deletion of rules using the quota match ------------------------------------------------------------------- Mon Aug 9 07:21:28 UTC 2010 - puzel@novell.com - update to new upstream release 1.4.9.1 * fixes a compilation problem with static linking in the 1.4.9 release ------------------------------------------------------------------- Wed Aug 4 09:56:11 UTC 2010 - puzel@novell.com - update to new upstream release 1.4.9 * this is the release for the Linux 2.6.35 kernel * support for the LED target * a new version of the set extension for the upcoming release supporting IPv6 * negation support for the quota match * support for the SACK-IMMEDIATELY SCTP extension and FORWARD_TSN chunk type in the sctp match * documentation updates and various smaller bugfixes ------------------------------------------------------------------- Wed May 26 15:20:25 UTC 2010 - jengelh@medozas.de - update to new upstream release 1.4.8 * this is the release for the Linux 2.6.34 kernel * add support for the new xt_CT extension * import the nfnl_osf program required for proper operation of the xt_osf extension ------------------------------------------------------------------- Sat Apr 24 11:38:18 UTC 2010 - coolo@novell.com - buildrequire pkg-config to fix provides ------------------------------------------------------------------- Mon Mar 1 15:43:30 UTC 2010 - jengelh@medozas.de - update to new upstream release 1.4.7 * libipq is built as a shared library * removal of some restrictions on interface names * documentation updates - rebase and fix linking of iptables-batch - fix libdir->libexecdir ------------------------------------------------------------------- Mon Feb 22 13:09:03 UTC 2010 - jengelh@medozas.de - only run configure when needed - use %_smp_mflags - use newer git snapshot to fix compile error due to missing ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32) ------------------------------------------------------------------- Wed Dec 30 13:01:52 UTC 2009 - puzel@novell.com - fix bnc#561793 - do not include unclean module documentation in iptables manpage ------------------------------------------------------------------- Tue Dec 22 18:09:11 CET 2009 - jengelh@medozas.de - update specfile descriptions (bnc#553801) - update to iptables 1.4.6: * combine iptables subprograms into a new multi-purpose binary * support for new implementations: NFQUEUE v1, conntrack v2 * helper: fix invalid passed option to check_inverse * iprange accepts single host specifications again * iprange: do accept non-ranges for xt_iprange v1 * iprange: warn on reverse range * libiptc: fix wrong maptype of base chain counters on restore * iptables: fix undersized deletion mask creation * iptables/extensions: make bundled options work again * iptables: take masks into consideration for replace command * xtables: warn of missing version identifier in extensions * documentation updates - refresh iptables-batch ------------------------------------------------------------------- Thu Nov 12 08:21:35 UTC 2009 - puzel@novell.com - remove outdated howtos (bnc#551748) ------------------------------------------------------------------- Wed Jul 15 17:53:13 CEST 2009 - kay.sievers@novell.com - fix libdir/libexecdir on 64bit installation ------------------------------------------------------------------- Wed Jun 17 17:23:48 CEST 2009 - puzel@novell.com - install iptables-apply ------------------------------------------------------------------- Wed Jun 17 12:15:58 CEST 2009 - puzel@suse.cz - update to iptables-1.4.4 * support for the new features in the 2.6.30 kernel, namely the cluster match and persistent multi-range NAT mappings * support for the ipset set match and target * various minor fixes and cleanups * documentation updates ------------------------------------------------------------------- Mon May 11 17:12:57 CEST 2009 - puzel@suse.cz - make explicit 'commit' in iptables-batch do nothing (bnc#500990) ------------------------------------------------------------------- Tue Apr 21 14:15:16 CEST 2009 - puzel@suse.cz - update to 1.4.3.2 - numerous documentation updates and bugfixes - set of changes to move some of the iptables functionality to a shared library for tc and m_ipt - make libiptc available as shared library (closes bnc#487629) - IPv6 support for the recent match - TPROXY support - SCTP/DCCP NAT support - INCOMPATIBILITY: This release starts enforcing the deprecation of NAT filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will cause an error instead of a warning from now on. - rework iptables-batch.patch (libiptc interface has changed) - update howtos ------------------------------------------------------------------- Fri Jan 16 14:57:14 CET 2009 - prusnak@suse.cz - updated to 1.4.2 * remove dependency on libiptc headers * fix segmentation fault with -tanything * warn about use of DROP in nat table * do allow --rttl for --update * run ldconfig on `make install` * fix invalid iptables-save output * fix hashlimit output ------------------------------------------------------------------- Wed Sep 10 13:36:30 CEST 2008 - prusnak@suse.cz - updated to 1.4.2-rc1 * libxt_TOS: make sure --set-tos value/mask is recognized * libiptc: fix scalability performance issue during initial ruleset parsing * xt_string: string extension case insensitive matching * ip6tables: add --goto support ------------------------------------------------------------------- Wed Sep 10 12:02:03 CEST 2008 - prusnak@suse.cz - updated to 1.4.1.1 * iptables: fix printing of line numbers with --line-numbers arg * ip6tables: fix printing of ipv6 network masks * build: fix `make install` when --disable-shared is used * iprange: kernel flags were not set ------------------------------------------------------------------- Wed Sep 10 11:59:58 CEST 2008 - prusnak@suse.cz - updated to 1.4.1 * iptables: use C99 lists for struct options * Make iptables-restore usable over a pipe * Add support for --set-counters to iptables -P * iptables --list-rules command * iptables --list chain rulenum * Make --set-counters (-c) accept comma separated counters * libxt_iprange: Fix IP validation logic * fix ip6tables dest address printing * Converts the iptables build infrastructure to autotools. * Introduce strtonum(), which works like string_to_number(), but passes * print warning when dlopen fails * libxt_owner: UID/GID range support * Fix compilation of iptables-static build * xtables.h: move non-exported parts to internal.h * Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR * manpages: fix broken markup (missing close tags) * manpages: update to reflect fine-grained control * configure: split --enable-libipq from --enable-devel * Add all necessary header files - compilation fix for various cases * Install libiptc header files because xtables.h depends on it * Implement AF_UNSPEC as a wildcard for extensions * Combine ipt and ip6t manpages * Resolve warnings on 64-bit compile * Wrap dlopen code into NO_SHARED_LIBS * Remove support for compilation of conditional extensions * Resolve libipt_set warnings * Update documentation about building the package * configure.ac: AC_SUBST must be separate * Dynamically create xtables.h.in with version * configure.ac: remove already-defined variables * Remove old functions, constants * Makefile.am: use PACKAGE_TARNAME * iptables out-of-tree build directory * Introduce a counter for number of user defined chains. * Solving scalability issue: for chain list "name" searching. * REDIRECT: Allow symbolic port in REDIRECT --to-port * Fix iptables-save output of libxt_owner match * allow empty strings in argument parser * Fix define value of SCTP chunk type. * cleanup several code wraparounds * Add RATEEST target extension * Add rateest match extension * Properly initialize revision for ip6tables targets * Resync header files with kernel * libiptc: move variable definitions to head of function * Fix CONNMARK mask initialisation * iptables-save:remove unnecessary code. * Don't assume /bin/sh is bash * Add xtables version defines. * Use s6_addr32 to access bits in int6_addr instead of incompatible name ------------------------------------------------------------------- Tue Jan 8 17:10:54 CET 2008 - prusnak@suse.cz - updated to 1.4.0: * Add support for generic xtables infrastructure (improved IPv6 support!) * Deletes empty ->final_check() functions * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes * Remove last vestiges of NFC * Make @msg argument a const char *, just like printf * Makes it possible to omit extra_opts of matches/targets if unnecessary * Fix "iptables getsockopt failed strangely" when querying revisions for non-existant matches and targets * Introduces DEST_IPT_LIBDIR in Makefile * Change default KERNEL_DIR location and add KBUILD_OUTPUT * Removes obsolete KERNEL_64_USERSPACE_32 definitions * Fix unused function warning * Don't use dlfcn.h if NO_SHARED_LIBS is defined * Fix showing help text for matches/targets with revision as user * Print warnings to stderr * Fix sscanf type errors * Always print mask in iptables-save * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names * Adds --table to iptables-restore * Make DO_MULTI=1 work for ip6tables* binaries * Add ip6tables-{save,restore} to non-experimental target, fix strict aliasing warnings * Introducing libxt_*.man files. Sorted matches and modules * Install ip6tables-{save,restore} manpages * Performance optimization in sorting chain during pull-out * Fix sockfd use accounting for kernels without autoloading * use <linux/types.h> * Fix make/compile error for iptables-1.4.0rc1 * Fix for --random option in DNAT and REDIRECT * Document xt_statistic * sctp: fix - mistake to pass a pointer where array is required * Fix connlimit output for inverted --connlimit-above: ! > is <=, not < * Add NFLOG manpage * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 * fix check_inverse() call - removed obsolete patch: * strict-aliasing-fix.diff (included in update) ------------------------------------------------------------------- Tue Jul 31 13:10:56 CEST 2007 - prusnak@suse.cz - removed sed scripts in %prep section from last update * not needed anymore ------------------------------------------------------------------- Thu Jul 26 16:20:40 CEST 2007 - prusnak@suse.cz - updated to 1.3.8 * Fix build error of conntrack match * Remove whitespace in ip6tables.c * `-p all' and `-p 0' should be allowed in ip6tables * hashlimit doc update * add --random option to DNAT and REDIRECT * Makefile uses POSIX conform directory check * Fix missing newlines in iptables-save/restore output * Update quota manpage for SMP * Output for unspecified proto is `all' instead of `0' * Fix iptables-save with --random option * Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs * Remove libnsl from LDLIBS * Fix problem with iptables-restore and quotes * Remove unnecessary includes * Fix --modprobe parameter * ip6tables-restore should output error of modprobe after failed to load * Add random option to SNAT * Fix missing space in error message * Fixes for manpages of tcp, udp, and icmp{,6} * Add ip6tables mh extension * Fix tcpmss manpage * Add ip6tables TCPMSS extension * Add UDPLITE multiport support * Fix missing space in ruleset listing * Remove extensions for unmaintained/obsolete patchlets * Fix greedy debug grep * Fix type in manpage * Fix compile/install error for iptables-xml with DO_MULTI=1 - dropped obsolete patches: * newlines.diff (included in update) * shlibs.diff (done by sed in %prep section) * extensions.diff ------------------------------------------------------------------- Wed May 9 13:39:08 CEST 2007 - prusnak@suse.cz - added newlines to error messages (newlines.diff) [#271847] ------------------------------------------------------------------- Tue Mar 13 14:08:25 CET 2007 - prusnak@suse.cz - added initial setting of KERNEL_DIR variable in %install section of spec file ------------------------------------------------------------------- Tue Jan 9 14:52:15 CET 2007 - prusnak@suse.cz - added experimental tools and extensions (removed by last update) ------------------------------------------------------------------- Wed Jan 3 17:58:09 CET 2007 - prusnak@suse.cz - updated to 1.3.7 * Add revision support for ip6tables * Add port range support for ip6tables multiport match * Add sctp match extension for ip6tables * Add iptables-xml tool * Add hashlimit support for ip6tables (needs kernel > 2.6.19) * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19) * Bugfixes - updated debian-docs and moved into tar.bz2 ------------------------------------------------------------------- Thu Nov 16 11:06:55 CET 2006 - mjancar@suse.cz - allow setting KERNEL_DIR on commandline for build (#220851) ------------------------------------------------------------------- Tue Oct 17 17:47:47 CEST 2006 - anosek@suse.cz - updated to version 1.3.6 * Support multiple matches of the same type within a single rule * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18) * SELinux SECMARK target (needs kernel >= 2.6.18) * SELinux CONNSECMARK target (needs kernel >= 2.6.18) * Add support for statistic match (needs kernel >= 2.6.18) * Optionally read realm values from /etc/iproute2/rt_realms * Bugfixes ------------------------------------------------------------------- Wed Feb 1 15:26:39 CET 2006 - lnussel@suse.de - updated to version 1.3.5 * supports ip6tables state and conntrack \o/ (#145758) ------------------------------------------------------------------- Fri Jan 27 01:50:25 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 24 15:00:31 CET 2006 - schwab@suse.de - Fix building of shared libraries. ------------------------------------------------------------------- Tue Jan 17 15:11:43 CET 2006 - postadal@suse.cz - updated policy extension from upstream (policy-1.3.4.patch) * ported for changes in kernel ------------------------------------------------------------------- Tue Nov 15 17:09:38 CET 2005 - postadal@suse.cz - updated to version 1.3.4 - added RPM_OPT_FLAGS to CFLAGS - fixed strict aliasing (strict-aliasing-fix.patch) ------------------------------------------------------------------- Mon Aug 1 16:36:26 CEST 2005 - lnussel@suse.de - add iptables-batch and ip6tables-batch ------------------------------------------------------------------- Mon Aug 1 10:14:00 CEST 2005 - postadal@suse.cz - updated to version 1.3.3 ------------------------------------------------------------------- Wed Jul 27 15:38:26 CEST 2005 - postadal@suse.cz - updated to version 1.3.2 ------------------------------------------------------------------- Wed Mar 9 11:28:10 CET 2005 - postadal@suse.cz - updated to version 1.3.1 (bug fixes) ------------------------------------------------------------------- Thu Feb 17 10:02:14 CET 2005 - postadal@suse.cz - updated to version 1.3.0 - removed obsoleted patch modules-secfix ------------------------------------------------------------------- Tue Nov 02 17:00:05 CET 2004 - postadal@suse.cz - fixed uninitialised variable [#47850] - CAN-2004-0986 ------------------------------------------------------------------- Tue Aug 17 15:15:44 CEST 2004 - mludvig@suse.cz - Fixed mode for extensions/.policy-test6 ------------------------------------------------------------------- Thu Aug 05 14:15:52 CEST 2004 - mludvig@suse.cz - Added IPv6 support to the 'policy' match. ------------------------------------------------------------------- Wed Aug 04 15:44:06 CEST 2004 - postadal@suse.cz - updated to version 1.2.11 - removed obsoleted patch clusterip ------------------------------------------------------------------- Sat Apr 24 08:45:00 CEST 2004 - lmb@suse.de - Add support for Cluster IP functionality. ------------------------------------------------------------------- Wed Apr 21 16:51:03 CEST 2004 - mludvig@suse.cz - Added module for IPv6 conntrack from USAGI. ------------------------------------------------------------------- Wed Mar 24 15:47:24 CET 2004 - mludvig@suse.cz - Added policy module from patch-o-matic ------------------------------------------------------------------- Fri Feb 06 18:09:42 CET 2004 - postadal@suse.cz - updated to version 1.2.9. ------------------------------------------------------------------- Sat Jan 10 20:33:48 CET 2004 - adrian@suse.de - add %defattr ------------------------------------------------------------------- Wed Jul 23 15:08:45 CEST 2003 - postadal@suse.cz - updated to 1.2.8 ------------------------------------------------------------------- Tue Apr 8 21:33:42 CEST 2003 - schwab@suse.de - Prefer sanitized kernel headers. ------------------------------------------------------------------- Thu Sep 05 11:13:51 CEST 2002 - postadal@suse.cz - updated to bugfixed 1.2.7a version ------------------------------------------------------------------- Wed Aug 28 18:20:07 CEST 2002 - postadal@suse.cz - added Requires %{name} = %{version} to devel package ------------------------------------------------------------------- Thu Aug 08 13:03:46 CEST 2002 - nadvornik@suse.cz - updated to 1.2.7 ------------------------------------------------------------------- Wed Mar 27 11:10:32 CET 2002 - postadal@suse.cz - revert to compile it with kernel headers (#15448) ------------------------------------------------------------------- Fri Feb 1 14:14:49 CET 2002 - nadvornik@suse.cz - compiled with kernel headers from glibc ------------------------------------------------------------------- Tue Jan 15 15:30:31 CET 2002 - nadvornik@suse.cz - update to 1.2.5 ------------------------------------------------------------------- Wed Nov 14 13:51:38 CET 2001 - nadvornik@suse.cz - updated to 1.2.4 [bug #12104] - fixed problems with iptables-save/restore - iptables-1.2.4.debian.diff.bz2 contains documentation only, Makefile changes moved to separate patch ------------------------------------------------------------------- Sat Sep 22 02:04:31 MEST 2001 - garloff@suse.de - Fix ipt_string support (compile fix). ------------------------------------------------------------------- Tue Jul 17 10:55:30 MEST 2001 - garloff@suse.de - Update to iptables-1.2.2 - Appply debian patch: mostly docu stuff - Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM .spec file to compile and install ip(6)tables-save/restore apps. ------------------------------------------------------------------- Fri Apr 6 15:28:00 CEST 2001 - kukuk@suse.de - changed neededforbuild from lx_suse to kernel-source ------------------------------------------------------------------- Tue Mar 27 23:24:15 CEST 2001 - lmuelle@suse.de - update to 1.2.1a - add devel package with libipq stuff - minor spec file cleanup ------------------------------------------------------------------- Sun Jan 28 16:40:08 CET 2001 - olh@suse.de - update to 1.2, needed for ppc and sparc ------------------------------------------------------------------- Tue Dec 19 09:33:37 CET 2000 - nadvornik@suse.cz - compiled with lx_suse ------------------------------------------------------------------- Tue Oct 17 16:15:51 CEST 2000 - nadvornik@suse.cz - update to 1.1.2 ------------------------------------------------------------------- Fri Sep 22 02:34:07 CEST 2000 - ro@suse.de - up to 1.1.1 ------------------------------------------------------------------- Fri Jun 9 08:58:25 CEST 2000 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Wed Jun 7 08:33:45 CEST 2000 - nadvornik@suse.cz - new package 1.1.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor