------------------------------------------------------------------- Thu Jan 12 22:58:50 UTC 2023 - Jan Engelhardt - Update to release 1.8.9 * arptables-nft: Support --exact flag * Support more chunk types in the "sctp" extension * Print `--` in ip6tables' "opt" column for consistency with iptables * More verbose error messages if iptables-nft-restore fails * Support `-p Length` with ebtables-nft, needed for 802_3 extension. ------------------------------------------------------------------- Thu Jul 21 12:43:02 UTC 2022 - Ludwig Nussel - add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so ------------------------------------------------------------------- Fri May 13 15:39:33 UTC 2022 - Jan Engelhardt - Update to release 1.8.8 * Add iptables-translate support for: sctp match's --chunk-types option, connlimit match, multiport match's --ports option, and the tcpmss match. * Reject setuid executables in libxtables for safety reasons * Extended arptables-nft with -C, -I, -R, -S cmomands and the "-c N,M" counter syntax. * Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times * Improved performance of iptables-save and -restore ------------------------------------------------------------------- Thu Dec 30 15:05:20 UTC 2021 - Danilo Spinella - Only use nftables backend when iptables-backend-nft is installed when using libalternatives ------------------------------------------------------------------- Fri Nov 19 11:17:27 UTC 2021 - Danilo Spinella - Fix libalternatives configuration for ebtables and arptables by keeping argv0, fixes bsc#1192799. ------------------------------------------------------------------- Wed Oct 20 11:15:19 UTC 2021 - Stefan Schubert - Added alts requirements for iptables-backend-nft package. ------------------------------------------------------------------- Thu Sep 16 11:40:45 UTC 2021 - Stefan Schubert - Removed update-alternatives dependency in libalternatives mode. ------------------------------------------------------------------- Tue Aug 3 07:13:19 UTC 2021 - Stefan Schubert - Use libalternatives instead of update-alternatives. ------------------------------------------------------------------- Fri Jan 15 22:34:25 UTC 2021 - Jan Engelhardt - Update to release 1.8.7 * iptables-nft: * Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance. * Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable. * Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains. ------------------------------------------------------------------- Sun Nov 1 12:31:34 UTC 2020 - Jan Engelhardt - Update to release 1.8.6 * iptables-nft had pointlessly added "bitwise" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases). * iptables-nft-restore: Support basechain policy value of "-" (indicating to not change the chain's policy). * nft-translte: Fix translation of ICMP type "any" match. ------------------------------------------------------------------- Wed Jun 3 13:21:57 UTC 2020 - Jan Engelhardt - Update to release 1.8.5 * IDLETIMER: Add alarm timer option * nft: CT: add translation for NOTRACK - Drop iptables-apply-mktemp-fix.patch (seemingly applied) ------------------------------------------------------------------- Mon Dec 2 20:01:25 UTC 2019 - Jan Engelhardt - Update to release 1.8.4 * Fix for wrong counter format in `ebtables-nft-save -c` output. * Print typical iptables-save comments in arptables- and ebtables-save, too. * xt_owner: add --suppl-groups option * Remove support for /etc/xtables.conf * Restore support for "-4" and "-6" options in rule lines. ------------------------------------------------------------------- Mon Sep 30 13:21:38 UTC 2019 - Kristyna Streitova - Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update. ------------------------------------------------------------------- Fri Sep 6 10:19:25 UTC 2019 - Kristyna Streitova - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft) ------------------------------------------------------------------- Tue May 28 08:37:39 UTC 2019 - Jan Engelhardt - Update to new upstream release 1.8.3 * ebtables: Fix rule listing with counters * ebtables-nft: Support user-defined chain policies - Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed) ------------------------------------------------------------------- Wed May 22 16:15:28 UTC 2019 - Jan Engelhardt - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821] ------------------------------------------------------------------- Thu Apr 4 11:44:31 UTC 2019 - Kristýna Streitová - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where 'iptables -L' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751]. ------------------------------------------------------------------- Tue Nov 13 12:09:24 UTC 2018 - Jan Engelhardt - Update to new upstream release 1.8.2 * Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft. ------------------------------------------------------------------- Tue Oct 23 14:25:53 UTC 2018 - Jan Engelhardt - Update to new upstream release 1.8.1 * New cgroup match revision with reduced memory footprint ------------------------------------------------------------------- Mon Sep 24 08:14:16 UTC 2018 - astieger@suse.com - note build-time dependency on libnftnl >= 1.1.1 ------------------------------------------------------------------- Tue Sep 4 08:08:22 UTC 2018 - Markos Chandras - Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency. ------------------------------------------------------------------- Mon Jul 9 09:38:13 UTC 2018 - jengelh@inai.de - Update to new upstream release 1.8.0 and snapshot 1.8.0.g75 * The ipv6 "srh" match can now match previous/next/last sid * CONNMARK target now supports bit-shifting for restore,set and save-mark. * DNAT now supports shifted portmap ranges. * iptables now comes in two backends: legacy and nft. ------------------------------------------------------------------- Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de - Use %license instead of %doc [bsc#1082318] ------------------------------------------------------------------- Mon Mar 12 10:08:53 UTC 2018 - matthias.gerstner@suse.com - Fix ethertypes ownership, should be %exclude, not %ghost. ------------------------------------------------------------------- Thu Feb 22 16:21:38 UTC 2018 - matthias.gerstner@suse.com - Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520 ------------------------------------------------------------------- Sat Feb 3 14:02:59 UTC 2018 - jengelh@inai.de - Update to new upstream release 1.6.2 * add support for the "srh" match * add randomize-full for the "MASQUERADE" target * add rate match mode to the "hashlimit" match ------------------------------------------------------------------- Thu Jun 22 15:34:40 UTC 2017 - matthias.gerstner@suse.com - Add iptables-batch-lock.patch: Fix a locking issue of iptables-batch which can cause it to spuriously fail when other programs modify the iptables rules in parallel (bnc#1045130). This can especially affect SuSEfirewall2 during startup. ------------------------------------------------------------------- Fri Jan 27 22:53:14 UTC 2017 - jengelh@inai.de - Update to new upstream release 1.6.1 * add support for hashlimit rev 2 for higher pps rates * add support for cgroup2 path matching * translation program for nft ------------------------------------------------------------------- Fri Dec 18 20:06:41 UTC 2015 - jengelh@inai.de - Update to final release 1.6.0 * Only a build fix, no new significant changes. ------------------------------------------------------------------- Mon Nov 23 11:07:15 UTC 2015 - jengelh@inai.de - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~] * -m ah/esp/rt: restore matching "any SPI id" by default (they unexpectedly defaulted to --spi 0 rather than --spi ALL) * -m cgroup: new module * -m dst: make ! --dst-len work * -m ipcomp: new module * -m socket: add --restore-skmark option * -j CT: add support for new zone options * -j REJECT: add missing ICMPv6 codes * -j TEE: make it possible to delete rules with -D ... -j * -j SNAT/DNAT: add randomize-full support ------------------------------------------------------------------- Thu Apr 24 09:54:12 UTC 2014 - dmueller@suse.com - remove dependency on gpg-offline (blocks rebuilds and tarball integrity is checked by source-validator anyway) ------------------------------------------------------------------- Wed Apr 23 16:20:02 UTC 2014 - dmueller@suse.com - remove dependency on sgmltool: doesn't seem to be used and reduces rebuild time on aarch64 by 8 hours ------------------------------------------------------------------- Sat Nov 23 04:39:31 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.21 * --nowildcard option for xt_socket, available since Linux kernel 3.11 * SYNPROXY support, available since Linux kernel 3.12 ------------------------------------------------------------------- Wed Aug 7 13:19:02 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.20 * Introduce a new revision for the set match with the counters support * Add locking to prevent concurrent instances ------------------------------------------------------------------- Fri May 31 20:00:39 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.19.1 * New connlabel and bpf matches - Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch, 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch (are upstream) ------------------------------------------------------------------- Mon Apr 15 06:19:21 UTC 2013 - jengelh@inai.de - libxt_state.so symlink was not installed (bnc#815182); fix by removing 0001-build-also-use-libtool-for-install-stage.patch, removing 0001-build-do-not-dereference-symlinks-on-installation.patch, adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch, adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch ------------------------------------------------------------------- Wed Mar 20 08:22:20 UTC 2013 - cfarrell@suse.com - license update: GPL-2.0 and Artistic-2.0 GPL version does not have ^or later^ due to inclusion of numerous GPL 2 ^only^ files. Also, aggregation of Artistic-2.0 content ------------------------------------------------------------------- Mon Mar 4 21:42:12 UTC 2013 - jengelh@inai.de - Update to new upstream release 1.4.18 * documentation updates - Create subpackage xtables-plugins, to aid packaging of xtadm - Add 0001-build-do-not-dereference-symlinks-on-installation.patch as a prerequisite for: - Add 0001-build-also-use-libtool-for-install-stage.patch to kill of undesired DT_RPATH entries ------------------------------------------------------------------- Tue Dec 25 22:47:56 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.17 * libxt_time: add support to ignore day transition * libxt_statistic: fix save output ------------------------------------------------------------------- Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz - Verify GPG signature ------------------------------------------------------------------- Thu Nov 15 16:06:15 UTC 2012 - lnussel@suse.de - list all required binaries explicitly to make sure all of them are actually compiled ------------------------------------------------------------------- Thu Nov 15 14:15:48 UTC 2012 - jengelh@inai.de - Always regenerate files due to SUSE's iptables-batch patch ------------------------------------------------------------------- Mon Oct 8 12:42:37 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.16.3 * This release includes aliasing support which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well. ------------------------------------------------------------------- Tue Jul 31 12:08:07 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.15 * libxt_recent: add --mask netmask * libxt_hashlimit: add support for byte-based operation ------------------------------------------------------------------- Sat May 26 19:35:38 UTC 2012 - jengelh@inai.de - Update to new upstream release 1.4.14 * Support for the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT target. ------------------------------------------------------------------- Tue Mar 27 13:29:31 UTC 2012 - jengelh@medozas.de - Update to new upstream release 1.4.13 * Add the rpfilter, nfacct and IPv6 ECN extensions ------------------------------------------------------------------- Mon Jan 2 21:30:38 UTC 2012 - jengelh@medozas.de - Update to newer git snapshot (v1.4.12.2-28-g2117f2b, but master branch), tag locally as 1.4.12.90. * ships missing pkgconfig files, compile fix for libnfnetlink * libxt_NFQUEUE: fix --queue-bypass ipt-save output * libxt_connbytes: fix handling of --connbytes FROM * libxt_recent: Add support for --reap option - split iptables-devel into libiptc-devel and libxtables-devel ------------------------------------------------------------------- Wed Dec 28 09:50:23 UTC 2011 - puzel@suse.com - iptables-apply-mktemp-fix.patch (bnc#730161) ------------------------------------------------------------------- Wed Nov 30 14:28:11 UTC 2011 - coolo@suse.com - add automake as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Tue Oct 4 23:01:57 UTC 2011 - jengelh@medozas.de - Update to a newer git snapshot of the stable branch (to v1.4.12.1-16-gd2b0eaa) * resolve failure to load extensions that depend on libm.so - rediff of iptables-batch due to fuzz - relax runtime requires ------------------------------------------------------------------- Thu Sep 1 17:09:05 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.12.1 * regression fixes for the new (stricter) command-line parser - restore --includedir= in spec file - Put libxtables into its own subpackage so that one does not need a lockstep update of iproute2 on a new iptables package - Remove redundant fields (Autoreqprov defaults to on, License is inherited from main package) ------------------------------------------------------------------- Sat Aug 13 01:39:38 CEST 2011 - draht@suse.de - include path is /usr/include ------------------------------------------------------------------- Mon Aug 8 00:42:53 UTC 2011 - jengelh@medozas.de - Put include files into a separate directory to flag up missing CFLAGS. libipq.pc will now be provided. - Enable build of nfnl_osf, a tool to upload OS fingerprints to the kernel for use with xt_osf. ------------------------------------------------------------------- Fri Jul 22 13:12:50 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.12 * Include lost match/target descriptions in manpage again * libxt_LOG: fix ignorance of all but the last flag * libxt_HL: restore hl-* option names * libxt_hashlimit: use a more obvious expiry value by default * libxt_RATEEST: fix find-and-delete of rules with -j RATEEST * ipv4: restore negation for the -f option * Reject empty host specifications (e.g. -s "") * libxt_conntrack: restore network byteordering for ABI v1 & v2 * Documentation updates ------------------------------------------------------------------- Wed Jun 8 10:20:57 UTC 2011 - jengelh@medozas.de - Update to snapshot 1.4.11+git16 * libxt_owner: restore inversion support * option: fix ignored negation before implicit extension loading * build: fix installation of symlinks * build: fix absence of xml translator in IPv6-only builds - Drop merged patches ------------------------------------------------------------------- Sun May 29 23:56:33 UTC 2011 - jengelh@medozas.de - Update to new upstream release 1.4.11 * stricter option parsing * support for the current xt_SET target as contained in 2.6.39 * support for the new xt_devgroup match * support for the new xt_AUDIT target * support for a new NFQUEUE bypass option, allowing to bypass the queue if no userspace listener is present * a new iptables option "-C" to check for existence of a rules - Fixes on top * allow negation of --uid-owner/--gid-owner again * fix installation of symlinks - Run spec-beautifier ------------------------------------------------------------------- Fri Oct 29 17:56:48 UTC 2010 - jengelh@medozas.de - Update to new upstream release 1.4.10 * this is the release for the Linux 2.6.36 kernel * support for the cpu match, which can be used to improve cache locality when running multiple server instances * support for the IDLETIMER target, which can be used to notify userspace of interfaces being idle * support for the CHECKSUM target * support for the ipvs match * a fix for deletion of rules using the quota match ------------------------------------------------------------------- Mon Aug 9 07:21:28 UTC 2010 - puzel@novell.com - update to new upstream release 1.4.9.1 * fixes a compilation problem with static linking in the 1.4.9 release ------------------------------------------------------------------- Wed Aug 4 09:56:11 UTC 2010 - puzel@novell.com - update to new upstream release 1.4.9 * this is the release for the Linux 2.6.35 kernel * support for the LED target * a new version of the set extension for the upcoming release supporting IPv6 * negation support for the quota match * support for the SACK-IMMEDIATELY SCTP extension and FORWARD_TSN chunk type in the sctp match * documentation updates and various smaller bugfixes ------------------------------------------------------------------- Wed May 26 15:20:25 UTC 2010 - jengelh@medozas.de - update to new upstream release 1.4.8 * this is the release for the Linux 2.6.34 kernel * add support for the new xt_CT extension * import the nfnl_osf program required for proper operation of the xt_osf extension ------------------------------------------------------------------- Sat Apr 24 11:38:18 UTC 2010 - coolo@novell.com - buildrequire pkg-config to fix provides ------------------------------------------------------------------- Mon Mar 1 15:43:30 UTC 2010 - jengelh@medozas.de - update to new upstream release 1.4.7 * libipq is built as a shared library * removal of some restrictions on interface names * documentation updates - rebase and fix linking of iptables-batch - fix libdir->libexecdir ------------------------------------------------------------------- Mon Feb 22 13:09:03 UTC 2010 - jengelh@medozas.de - only run configure when needed - use %_smp_mflags - use newer git snapshot to fix compile error due to missing ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32) ------------------------------------------------------------------- Wed Dec 30 13:01:52 UTC 2009 - puzel@novell.com - fix bnc#561793 - do not include unclean module documentation in iptables manpage ------------------------------------------------------------------- Tue Dec 22 18:09:11 CET 2009 - jengelh@medozas.de - update specfile descriptions (bnc#553801) - update to iptables 1.4.6: * combine iptables subprograms into a new multi-purpose binary * support for new implementations: NFQUEUE v1, conntrack v2 * helper: fix invalid passed option to check_inverse * iprange accepts single host specifications again * iprange: do accept non-ranges for xt_iprange v1 * iprange: warn on reverse range * libiptc: fix wrong maptype of base chain counters on restore * iptables: fix undersized deletion mask creation * iptables/extensions: make bundled options work again * iptables: take masks into consideration for replace command * xtables: warn of missing version identifier in extensions * documentation updates - refresh iptables-batch ------------------------------------------------------------------- Thu Nov 12 08:21:35 UTC 2009 - puzel@novell.com - remove outdated howtos (bnc#551748) ------------------------------------------------------------------- Wed Jul 15 17:53:13 CEST 2009 - kay.sievers@novell.com - fix libdir/libexecdir on 64bit installation ------------------------------------------------------------------- Wed Jun 17 17:23:48 CEST 2009 - puzel@novell.com - install iptables-apply ------------------------------------------------------------------- Wed Jun 17 12:15:58 CEST 2009 - puzel@suse.cz - update to iptables-1.4.4 * support for the new features in the 2.6.30 kernel, namely the cluster match and persistent multi-range NAT mappings * support for the ipset set match and target * various minor fixes and cleanups * documentation updates ------------------------------------------------------------------- Mon May 11 17:12:57 CEST 2009 - puzel@suse.cz - make explicit 'commit' in iptables-batch do nothing (bnc#500990) ------------------------------------------------------------------- Tue Apr 21 14:15:16 CEST 2009 - puzel@suse.cz - update to 1.4.3.2 - numerous documentation updates and bugfixes - set of changes to move some of the iptables functionality to a shared library for tc and m_ipt - make libiptc available as shared library (closes bnc#487629) - IPv6 support for the recent match - TPROXY support - SCTP/DCCP NAT support - INCOMPATIBILITY: This release starts enforcing the deprecation of NAT filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will cause an error instead of a warning from now on. - rework iptables-batch.patch (libiptc interface has changed) - update howtos ------------------------------------------------------------------- Fri Jan 16 14:57:14 CET 2009 - prusnak@suse.cz - updated to 1.4.2 * remove dependency on libiptc headers * fix segmentation fault with -tanything * warn about use of DROP in nat table * do allow --rttl for --update * run ldconfig on `make install` * fix invalid iptables-save output * fix hashlimit output ------------------------------------------------------------------- Wed Sep 10 13:36:30 CEST 2008 - prusnak@suse.cz - updated to 1.4.2-rc1 * libxt_TOS: make sure --set-tos value/mask is recognized * libiptc: fix scalability performance issue during initial ruleset parsing * xt_string: string extension case insensitive matching * ip6tables: add --goto support ------------------------------------------------------------------- Wed Sep 10 12:02:03 CEST 2008 - prusnak@suse.cz - updated to 1.4.1.1 * iptables: fix printing of line numbers with --line-numbers arg * ip6tables: fix printing of ipv6 network masks * build: fix `make install` when --disable-shared is used * iprange: kernel flags were not set ------------------------------------------------------------------- Wed Sep 10 11:59:58 CEST 2008 - prusnak@suse.cz - updated to 1.4.1 * iptables: use C99 lists for struct options * Make iptables-restore usable over a pipe * Add support for --set-counters to iptables -P * iptables --list-rules command * iptables --list chain rulenum * Make --set-counters (-c) accept comma separated counters * libxt_iprange: Fix IP validation logic * fix ip6tables dest address printing * Converts the iptables build infrastructure to autotools. * Introduce strtonum(), which works like string_to_number(), but passes * print warning when dlopen fails * libxt_owner: UID/GID range support * Fix compilation of iptables-static build * xtables.h: move non-exported parts to internal.h * Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR * manpages: fix broken markup (missing close tags) * manpages: update to reflect fine-grained control * configure: split --enable-libipq from --enable-devel * Add all necessary header files - compilation fix for various cases * Install libiptc header files because xtables.h depends on it * Implement AF_UNSPEC as a wildcard for extensions * Combine ipt and ip6t manpages * Resolve warnings on 64-bit compile * Wrap dlopen code into NO_SHARED_LIBS * Remove support for compilation of conditional extensions * Resolve libipt_set warnings * Update documentation about building the package * configure.ac: AC_SUBST must be separate * Dynamically create xtables.h.in with version * configure.ac: remove already-defined variables * Remove old functions, constants * Makefile.am: use PACKAGE_TARNAME * iptables out-of-tree build directory * Introduce a counter for number of user defined chains. * Solving scalability issue: for chain list "name" searching. * REDIRECT: Allow symbolic port in REDIRECT --to-port * Fix iptables-save output of libxt_owner match * allow empty strings in argument parser * Fix define value of SCTP chunk type. * cleanup several code wraparounds * Add RATEEST target extension * Add rateest match extension * Properly initialize revision for ip6tables targets * Resync header files with kernel * libiptc: move variable definitions to head of function * Fix CONNMARK mask initialisation * iptables-save:remove unnecessary code. * Don't assume /bin/sh is bash * Add xtables version defines. * Use s6_addr32 to access bits in int6_addr instead of incompatible name ------------------------------------------------------------------- Tue Jan 8 17:10:54 CET 2008 - prusnak@suse.cz - updated to 1.4.0: * Add support for generic xtables infrastructure (improved IPv6 support!) * Deletes empty ->final_check() functions * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes * Remove last vestiges of NFC * Make @msg argument a const char *, just like printf * Makes it possible to omit extra_opts of matches/targets if unnecessary * Fix "iptables getsockopt failed strangely" when querying revisions for non-existant matches and targets * Introduces DEST_IPT_LIBDIR in Makefile * Change default KERNEL_DIR location and add KBUILD_OUTPUT * Removes obsolete KERNEL_64_USERSPACE_32 definitions * Fix unused function warning * Don't use dlfcn.h if NO_SHARED_LIBS is defined * Fix showing help text for matches/targets with revision as user * Print warnings to stderr * Fix sscanf type errors * Always print mask in iptables-save * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names * Adds --table to iptables-restore * Make DO_MULTI=1 work for ip6tables* binaries * Add ip6tables-{save,restore} to non-experimental target, fix strict aliasing warnings * Introducing libxt_*.man files. Sorted matches and modules * Install ip6tables-{save,restore} manpages * Performance optimization in sorting chain during pull-out * Fix sockfd use accounting for kernels without autoloading * use * Fix make/compile error for iptables-1.4.0rc1 * Fix for --random option in DNAT and REDIRECT * Document xt_statistic * sctp: fix - mistake to pass a pointer where array is required * Fix connlimit output for inverted --connlimit-above: ! > is <=, not < * Add NFLOG manpage * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 * fix check_inverse() call - removed obsolete patch: * strict-aliasing-fix.diff (included in update) ------------------------------------------------------------------- Tue Jul 31 13:10:56 CEST 2007 - prusnak@suse.cz - removed sed scripts in %prep section from last update * not needed anymore ------------------------------------------------------------------- Thu Jul 26 16:20:40 CEST 2007 - prusnak@suse.cz - updated to 1.3.8 * Fix build error of conntrack match * Remove whitespace in ip6tables.c * `-p all' and `-p 0' should be allowed in ip6tables * hashlimit doc update * add --random option to DNAT and REDIRECT * Makefile uses POSIX conform directory check * Fix missing newlines in iptables-save/restore output * Update quota manpage for SMP * Output for unspecified proto is `all' instead of `0' * Fix iptables-save with --random option * Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs * Remove libnsl from LDLIBS * Fix problem with iptables-restore and quotes * Remove unnecessary includes * Fix --modprobe parameter * ip6tables-restore should output error of modprobe after failed to load * Add random option to SNAT * Fix missing space in error message * Fixes for manpages of tcp, udp, and icmp{,6} * Add ip6tables mh extension * Fix tcpmss manpage * Add ip6tables TCPMSS extension * Add UDPLITE multiport support * Fix missing space in ruleset listing * Remove extensions for unmaintained/obsolete patchlets * Fix greedy debug grep * Fix type in manpage * Fix compile/install error for iptables-xml with DO_MULTI=1 - dropped obsolete patches: * newlines.diff (included in update) * shlibs.diff (done by sed in %prep section) * extensions.diff ------------------------------------------------------------------- Wed May 9 13:39:08 CEST 2007 - prusnak@suse.cz - added newlines to error messages (newlines.diff) [#271847] ------------------------------------------------------------------- Tue Mar 13 14:08:25 CET 2007 - prusnak@suse.cz - added initial setting of KERNEL_DIR variable in %install section of spec file ------------------------------------------------------------------- Tue Jan 9 14:52:15 CET 2007 - prusnak@suse.cz - added experimental tools and extensions (removed by last update) ------------------------------------------------------------------- Wed Jan 3 17:58:09 CET 2007 - prusnak@suse.cz - updated to 1.3.7 * Add revision support for ip6tables * Add port range support for ip6tables multiport match * Add sctp match extension for ip6tables * Add iptables-xml tool * Add hashlimit support for ip6tables (needs kernel > 2.6.19) * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19) * Bugfixes - updated debian-docs and moved into tar.bz2 ------------------------------------------------------------------- Thu Nov 16 11:06:55 CET 2006 - mjancar@suse.cz - allow setting KERNEL_DIR on commandline for build (#220851) ------------------------------------------------------------------- Tue Oct 17 17:47:47 CEST 2006 - anosek@suse.cz - updated to version 1.3.6 * Support multiple matches of the same type within a single rule * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18) * SELinux SECMARK target (needs kernel >= 2.6.18) * SELinux CONNSECMARK target (needs kernel >= 2.6.18) * Add support for statistic match (needs kernel >= 2.6.18) * Optionally read realm values from /etc/iproute2/rt_realms * Bugfixes ------------------------------------------------------------------- Wed Feb 1 15:26:39 CET 2006 - lnussel@suse.de - updated to version 1.3.5 * supports ip6tables state and conntrack \o/ (#145758) ------------------------------------------------------------------- Fri Jan 27 01:50:25 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Jan 24 15:00:31 CET 2006 - schwab@suse.de - Fix building of shared libraries. ------------------------------------------------------------------- Tue Jan 17 15:11:43 CET 2006 - postadal@suse.cz - updated policy extension from upstream (policy-1.3.4.patch) * ported for changes in kernel ------------------------------------------------------------------- Tue Nov 15 17:09:38 CET 2005 - postadal@suse.cz - updated to version 1.3.4 - added RPM_OPT_FLAGS to CFLAGS - fixed strict aliasing (strict-aliasing-fix.patch) ------------------------------------------------------------------- Mon Aug 1 16:36:26 CEST 2005 - lnussel@suse.de - add iptables-batch and ip6tables-batch ------------------------------------------------------------------- Mon Aug 1 10:14:00 CEST 2005 - postadal@suse.cz - updated to version 1.3.3 ------------------------------------------------------------------- Wed Jul 27 15:38:26 CEST 2005 - postadal@suse.cz - updated to version 1.3.2 ------------------------------------------------------------------- Wed Mar 9 11:28:10 CET 2005 - postadal@suse.cz - updated to version 1.3.1 (bug fixes) ------------------------------------------------------------------- Thu Feb 17 10:02:14 CET 2005 - postadal@suse.cz - updated to version 1.3.0 - removed obsoleted patch modules-secfix ------------------------------------------------------------------- Tue Nov 02 17:00:05 CET 2004 - postadal@suse.cz - fixed uninitialised variable [#47850] - CAN-2004-0986 ------------------------------------------------------------------- Tue Aug 17 15:15:44 CEST 2004 - mludvig@suse.cz - Fixed mode for extensions/.policy-test6 ------------------------------------------------------------------- Thu Aug 05 14:15:52 CEST 2004 - mludvig@suse.cz - Added IPv6 support to the 'policy' match. ------------------------------------------------------------------- Wed Aug 04 15:44:06 CEST 2004 - postadal@suse.cz - updated to version 1.2.11 - removed obsoleted patch clusterip ------------------------------------------------------------------- Sat Apr 24 08:45:00 CEST 2004 - lmb@suse.de - Add support for Cluster IP functionality. ------------------------------------------------------------------- Wed Apr 21 16:51:03 CEST 2004 - mludvig@suse.cz - Added module for IPv6 conntrack from USAGI. ------------------------------------------------------------------- Wed Mar 24 15:47:24 CET 2004 - mludvig@suse.cz - Added policy module from patch-o-matic ------------------------------------------------------------------- Fri Feb 06 18:09:42 CET 2004 - postadal@suse.cz - updated to version 1.2.9. ------------------------------------------------------------------- Sat Jan 10 20:33:48 CET 2004 - adrian@suse.de - add %defattr ------------------------------------------------------------------- Wed Jul 23 15:08:45 CEST 2003 - postadal@suse.cz - updated to 1.2.8 ------------------------------------------------------------------- Tue Apr 8 21:33:42 CEST 2003 - schwab@suse.de - Prefer sanitized kernel headers. ------------------------------------------------------------------- Thu Sep 05 11:13:51 CEST 2002 - postadal@suse.cz - updated to bugfixed 1.2.7a version ------------------------------------------------------------------- Wed Aug 28 18:20:07 CEST 2002 - postadal@suse.cz - added Requires %{name} = %{version} to devel package ------------------------------------------------------------------- Thu Aug 08 13:03:46 CEST 2002 - nadvornik@suse.cz - updated to 1.2.7 ------------------------------------------------------------------- Wed Mar 27 11:10:32 CET 2002 - postadal@suse.cz - revert to compile it with kernel headers (#15448) ------------------------------------------------------------------- Fri Feb 1 14:14:49 CET 2002 - nadvornik@suse.cz - compiled with kernel headers from glibc ------------------------------------------------------------------- Tue Jan 15 15:30:31 CET 2002 - nadvornik@suse.cz - update to 1.2.5 ------------------------------------------------------------------- Wed Nov 14 13:51:38 CET 2001 - nadvornik@suse.cz - updated to 1.2.4 [bug #12104] - fixed problems with iptables-save/restore - iptables-1.2.4.debian.diff.bz2 contains documentation only, Makefile changes moved to separate patch ------------------------------------------------------------------- Sat Sep 22 02:04:31 MEST 2001 - garloff@suse.de - Fix ipt_string support (compile fix). ------------------------------------------------------------------- Tue Jul 17 10:55:30 MEST 2001 - garloff@suse.de - Update to iptables-1.2.2 - Appply debian patch: mostly docu stuff - Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM .spec file to compile and install ip(6)tables-save/restore apps. ------------------------------------------------------------------- Fri Apr 6 15:28:00 CEST 2001 - kukuk@suse.de - changed neededforbuild from lx_suse to kernel-source ------------------------------------------------------------------- Tue Mar 27 23:24:15 CEST 2001 - lmuelle@suse.de - update to 1.2.1a - add devel package with libipq stuff - minor spec file cleanup ------------------------------------------------------------------- Sun Jan 28 16:40:08 CET 2001 - olh@suse.de - update to 1.2, needed for ppc and sparc ------------------------------------------------------------------- Tue Dec 19 09:33:37 CET 2000 - nadvornik@suse.cz - compiled with lx_suse ------------------------------------------------------------------- Tue Oct 17 16:15:51 CEST 2000 - nadvornik@suse.cz - update to 1.1.2 ------------------------------------------------------------------- Fri Sep 22 02:34:07 CEST 2000 - ro@suse.de - up to 1.1.1 ------------------------------------------------------------------- Fri Jun 9 08:58:25 CEST 2000 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Wed Jun 7 08:33:45 CEST 2000 - nadvornik@suse.cz - new package 1.1.0