Sync from SUSE:SLFO:Main nftables revision 1b451e0a95ff95804a3c101bcf911a3a
This commit is contained in:
commit
5f01a038a1
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
24
0001-Revert-py-replace-distutils-with-setuptools.patch
Normal file
24
0001-Revert-py-replace-distutils-with-setuptools.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From 2125091e724c399d653790af854d9daba0218b99 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Engelhardt <jengelh@inai.de>
|
||||||
|
Date: Mon, 17 Jul 2023 12:13:05 +0200
|
||||||
|
Subject: [PATCH] Revert "py: replace distutils with setuptools"
|
||||||
|
|
||||||
|
This reverts commit 1acc2fd48c755a8931fa87b8d0560b750316059f.
|
||||||
|
---
|
||||||
|
py/setup.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/py/setup.py b/py/setup.py
|
||||||
|
index 8ad73e7b..72fc8fd9 100755
|
||||||
|
--- a/py/setup.py
|
||||||
|
+++ b/py/setup.py
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
-from setuptools import setup
|
||||||
|
+from distutils.core import setup
|
||||||
|
from nftables import NFTABLES_VERSION
|
||||||
|
|
||||||
|
setup(name='nftables',
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
BIN
nftables-1.0.8.tar.xz
(Stored with Git LFS)
Normal file
BIN
nftables-1.0.8.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
nftables-1.0.8.tar.xz.sig
Normal file
BIN
nftables-1.0.8.tar.xz.sig
Normal file
Binary file not shown.
376
nftables.changes
Normal file
376
nftables.changes
Normal file
@ -0,0 +1,376 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 14 11:56:43 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.8
|
||||||
|
* Support for setting meta and ct mark from other fields in
|
||||||
|
rules, e.g. set meta mark to ip dscp header field.
|
||||||
|
* Enhacements for -o/--optimize to deal with NAT statements, to
|
||||||
|
compact masquerade statements.
|
||||||
|
* Support for stateful statements in anonymous maps, such as
|
||||||
|
counters.
|
||||||
|
* Support for resetting stateful expressions in sets, maps and
|
||||||
|
elements, e.g. counters.
|
||||||
|
* broute support to short-circuit bridge logic from the bridge
|
||||||
|
prerouting hook and pass up packets to the local IP stack.
|
||||||
|
* JSON support for table and chain comments.
|
||||||
|
- Added 0001-Revert-py-replace-distutils-with-setuptools.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 13 20:47:53 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.7
|
||||||
|
* Support for vxlan/geneve/gre/gretap matching
|
||||||
|
* auto-merge support for partial set element deletion
|
||||||
|
* Allow for NAT mapping with concatenation and ranges
|
||||||
|
* Support for quota in sets
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 21 23:47:26 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.6
|
||||||
|
* Fix bytecode generation for concatenation of intervals where
|
||||||
|
selectors use different byteorder datatypes, e.g. IPv4
|
||||||
|
(network byte order).
|
||||||
|
* Fix match of uncommon protocol matches with raw expressions
|
||||||
|
* Unbreak insertion of rules with intervals ("sport {
|
||||||
|
3478-3497, 16384-16387 }")
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Aug 17 19:21:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.0.5:
|
||||||
|
* Fixes for the -o/--optimize, run this --optimize option to automagically
|
||||||
|
compact your ruleset using sets, maps and concatenations
|
||||||
|
* Fix ethernet and vlan concatenations, eg. define a dynamic set which
|
||||||
|
is populated from the packet path
|
||||||
|
* Fix ruleset listing with interface wildcard map
|
||||||
|
* Fix several regressions in the input lexer which broke valid rulesets.
|
||||||
|
* Fix slowdown with large lists of singleton interval elements.
|
||||||
|
* Fix set automerge feature for large lists of singleton interval elements.
|
||||||
|
* Fix bogus error reporting for exact overlaps.
|
||||||
|
* Fix segfault when adding elements to invalid set.
|
||||||
|
* fix device parsing in netdev family in json.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 7 14:55:21 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.4
|
||||||
|
* Fixed a segfault in -o/--optimize with unsupported statements.
|
||||||
|
* Bogus datatype mismatch error report in sets was fixed.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 31 13:34:12 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.3
|
||||||
|
* Support for wildcard interface name matching with sets
|
||||||
|
* Support for runtime auto-merge of set elements.
|
||||||
|
* Enhancements for the ruleset optimization -o/--optimize
|
||||||
|
option which allows to coalesce several NAT rules into map.
|
||||||
|
* Support for raw expressions in concatenations.
|
||||||
|
* Support for integer type protocol header fields in concatenations.
|
||||||
|
* Allow to reset TCP options (requires Linux kernel >= 5.18)
|
||||||
|
- Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 22 04:39:01 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.2
|
||||||
|
* New ruleset optimization -o/--optimize option.
|
||||||
|
* Support for IP and TCP options and SCTP chunks in sets.
|
||||||
|
* Support for tcp fastopen, md5sig and mptcp options.
|
||||||
|
* MP-TCP subtype matching support.
|
||||||
|
* JSON support for flowtables.
|
||||||
|
- Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 18 22:15:03 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.1
|
||||||
|
* Reduce memory footprint when loading large sets/maps.
|
||||||
|
* Speed up reload of large sets/maps.
|
||||||
|
* Speed up listing of specific tables in large ruleset, e.g.
|
||||||
|
large ruleset with ~100k lines.
|
||||||
|
* Speed up --terse option when listing a ruleset large sets/maps.
|
||||||
|
* Print raw payload expression in hexadecimal, e.g.
|
||||||
|
"@ll,0,8 & 0x80 == 0x80"
|
||||||
|
* egress hook support (available since 5.16-rc1).
|
||||||
|
* Allow matching and update bytes at inner header/payload
|
||||||
|
offset (available since 5.16-rc1).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 19 18:06:29 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.0.0
|
||||||
|
* Catch-all set element support.
|
||||||
|
* The command-line option --define is now recognized.
|
||||||
|
* Stateful expressions in maps.
|
||||||
|
* Allow combination of jhash, symhash and numgen expressions with
|
||||||
|
the queue statement.
|
||||||
|
* Allow combination of verdict maps with interval concatenations.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 25 23:20:59 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.9
|
||||||
|
* Flowtable hardware offload support
|
||||||
|
* Support for the table owner flag.
|
||||||
|
* 802.1ad (QinQ) support
|
||||||
|
* cgroupsv2 support.
|
||||||
|
* match on SCTP packet chunks (dependent on Linux 5.14)
|
||||||
|
* Allow to use verdict in set/map typeof definitions
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 15 22:28:26 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.8
|
||||||
|
* Complete support for matching ICMP header content fields.
|
||||||
|
* Added raw tcp option match support.
|
||||||
|
* Added ability to check for the presence of any tcp option.
|
||||||
|
* Support for rejecting traffic from the ingress chain.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 27 12:08:37 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.7
|
||||||
|
* Support for implicit chains
|
||||||
|
* Support for ingress inet chains
|
||||||
|
* Support for reject from prerouting chain
|
||||||
|
* Support for --terse option in json
|
||||||
|
* Support for the reset command with json
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 16 13:37:28 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.6
|
||||||
|
* Fix two ASAN runtime errors
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jun 6 12:03:35 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.5
|
||||||
|
* Support for set counters.
|
||||||
|
* Support for restoring set element counters via nft -f.
|
||||||
|
* Counter support for flowtables.
|
||||||
|
* typeof concatenations support for sets.
|
||||||
|
* Support for concatenated ranges in anonymous sets.
|
||||||
|
* Allow to reject packets with 802.1q from the bridge family.
|
||||||
|
* Support for matching on the conntrack ID.
|
||||||
|
- Drop anonset-crashfix.patch (upstream solved differently)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 7 11:41:07 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Add anonset-crashfix.patch [boo#1171321]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 1 18:48:56 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.4
|
||||||
|
* Add a helper for concat expression handling.
|
||||||
|
* Add "typeof" build/parse/print support.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 9 09:39:52 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Add json, python [boo#1158723]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 3 09:09:28 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 0.9.3
|
||||||
|
* meta: Introduce new conditions "time", "day" and "hour".
|
||||||
|
* src: add ability to set/get secmarks to/from connection.
|
||||||
|
* flowtable: add support for named flowtable listing.
|
||||||
|
* flowtable: add support for delete command by handle.
|
||||||
|
* json: add support for element deletion.
|
||||||
|
* Add `-T` as the short option for `--numeric-time`.
|
||||||
|
* meta: add ibrpvid and ibrvproto support
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 19 12:37:45 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to new upstream release 0.9.2
|
||||||
|
* Transport header port matching, e.g. "th dport 53"
|
||||||
|
* Support for matching on IPv4 options
|
||||||
|
* Support for synproxy
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jan 19 20:53:09 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||||
|
|
||||||
|
- Remove unused dblatex BuildRequires, only needed for the optional
|
||||||
|
and disabled PDF generation (same contents as shipped manpage).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jun 9 07:28:57 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.9.0
|
||||||
|
* Support to check if packet matches an existing socket.
|
||||||
|
* Support to limit number of active connections by arbitrary
|
||||||
|
criteria, such as ip addresses, networks, conntrack zones or
|
||||||
|
any combination thereof.
|
||||||
|
* Added support for "audit" logging.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 11 07:30:10 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8.5
|
||||||
|
* support to add/insert a rule at a given index position
|
||||||
|
* meter statement now supports a configureable upper max size
|
||||||
|
* timeouts for sets can now be specified in milliseconds
|
||||||
|
* re-add iptables-like empty skeleton rulesets
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 2 06:08:00 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8.4
|
||||||
|
* Support to match IPv6 segment routing headers.
|
||||||
|
* New "meta ibrname" and "meta obrname" arguments to match the
|
||||||
|
name of the logical bridge a packet is passing through.
|
||||||
|
These new names replace the old (misnamed) "ibriport"/"obriport".
|
||||||
|
* `nft -a` will now show handle identifier for all objects,
|
||||||
|
including tables and chains.
|
||||||
|
* nft can now delete objects by their handle number.
|
||||||
|
* Support to update maps from the ruleset (packet path).
|
||||||
|
* the "--echo" option now prints handle id for tables and
|
||||||
|
object too.
|
||||||
|
* `nft -f -` will now read from standard input
|
||||||
|
* Support for flow tables, cf. man page or
|
||||||
|
https://lwn.net/Articles/738214/ .
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Mar 3 22:59:01 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8.3
|
||||||
|
* raw payload support to match headers that do not yet have
|
||||||
|
received a mnemonic.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Feb 3 14:26:36 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8.2
|
||||||
|
* add secpath support
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 16 14:16:40 UTC 2018 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8.1
|
||||||
|
* This release deprecates the "flow table" syntax in favor
|
||||||
|
of "meter".
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 13 08:39:41 UTC 2017 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.8
|
||||||
|
* This release contains new features available up to the
|
||||||
|
(upcoming) Linux 4.14 kernel release:
|
||||||
|
* Support for stateful objects, these objects are uniquely
|
||||||
|
identified by a user-defined name, you can refer to them from
|
||||||
|
rules, and there is a well established interface to operate
|
||||||
|
with them.
|
||||||
|
* Sort set elements when listing them, from lower to largest.
|
||||||
|
* TCP option matching and mangling support. This includes TCP
|
||||||
|
maximum segment size mangling.
|
||||||
|
* Add new "-s" option for listings without stateful information.
|
||||||
|
* Add new -c/--check option for nft, to tests if your ruleset
|
||||||
|
loads fine, into the kernel, this is a dry run mode.
|
||||||
|
* Connection tracking helper support.
|
||||||
|
* Add --echo option, to print the handle that the kernel
|
||||||
|
allocates to uniquely identify rules.
|
||||||
|
* Conntrack zone support
|
||||||
|
* Symmetric hash support
|
||||||
|
* Add support to include directories from nft natives scripts,
|
||||||
|
files are loaded in alphanumerical order.
|
||||||
|
* Allow to check if IPv6 extension header or TCP option exists
|
||||||
|
or is missing.
|
||||||
|
* Extend quota support to display used bytes.
|
||||||
|
* Add ct average matching, to match average bytes per packet a
|
||||||
|
connection has transferred so far, to map the existing
|
||||||
|
feature available in the iptables connbytes match.
|
||||||
|
* Allow to flush maps and flow tables.
|
||||||
|
* Allow to embed set definition into an existing set.
|
||||||
|
* Conntrack event filtering support via rule.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 20 22:35:41 UTC 2016 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.7
|
||||||
|
* Add new fib expression, which can be used to obtain the
|
||||||
|
output interface from the route table based on either source
|
||||||
|
or destination address of a packet.
|
||||||
|
* Support hashing of any arbitrary key combination, eg.
|
||||||
|
* Add number generation support. Useful for round-robin packet
|
||||||
|
mark setting.
|
||||||
|
* Add quota support, eg.
|
||||||
|
* Introduce routing expression, for routing related data with
|
||||||
|
support for nexthop
|
||||||
|
* Notrack support, to explicitly skip connection tracking for
|
||||||
|
matching packets.
|
||||||
|
* Support to set non-byte bound packet header fields, including
|
||||||
|
checksum adjustment.
|
||||||
|
* Add 'create set' and 'create element' commands.
|
||||||
|
* Allow to use variable reference for set element definitions.
|
||||||
|
* Allow to use variable definitions from element commands.
|
||||||
|
* Add support to flush set. You can use this new command to
|
||||||
|
remove all existing elements in a set.
|
||||||
|
* Inverted set lookups.
|
||||||
|
* Honor absolute and relative paths via include file, where:
|
||||||
|
* Support log flags, to enable logging TCP sequence and options.
|
||||||
|
* tc classid parser support, eg.
|
||||||
|
* Allow numeric connlabels, so if connlabel still works with
|
||||||
|
undefined labels.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 2 18:31:23 UTC 2016 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.6
|
||||||
|
* Rules may be replaced now
|
||||||
|
* Flow table support (requires Linux >= 4.3)
|
||||||
|
* Support for tracing
|
||||||
|
* Ratelimiting now supports units like bytes/second.
|
||||||
|
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 17 21:16:31 UTC 2015 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.5
|
||||||
|
* Support combinations of two or more selectors to build a tuple
|
||||||
|
* Timeout support for sets
|
||||||
|
* Dormant flag for tables
|
||||||
|
* Default chain policy specifiable on creation
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat May 23 23:06:12 UTC 2015 - mrueckert@suse.de
|
||||||
|
|
||||||
|
- set the url to the project page
|
||||||
|
- pass --disable-silent-rules to configure to allow gcc post build
|
||||||
|
check to work
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 16 01:25:00 UTC 2014 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.4
|
||||||
|
* Since Linux 3.18: support for global ruleset operations
|
||||||
|
* Since 3.17: full logging support for all the families,
|
||||||
|
including nfnetlink_log
|
||||||
|
* 3.16: automatic selection of the optimal set implementation
|
||||||
|
* 3.14: reject support for ip, ip6 and inet
|
||||||
|
* 3.18: reject support for bridge, and reject icmpx abstraction
|
||||||
|
* 3.18: masquerade support
|
||||||
|
* 3.19: redirect support
|
||||||
|
* Extend meta to support pkttype, cpu and devgroup matching.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 27 17:08:46 UTC 2014 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Update to new upstream release 0.3
|
||||||
|
* More compact syntax for the queue action
|
||||||
|
* Match input and output bridge interface name through "meta
|
||||||
|
ibriport" and "meta obriport"
|
||||||
|
* netlink event monitor, to monitor ruleset events, set changes, etc.
|
||||||
|
* New transaction infrastructure - fully atomic updates for all
|
||||||
|
object available in the upcoming 3.16.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 13 09:05:35 UTC 2014 - jengelh@inai.de
|
||||||
|
|
||||||
|
- Initial package for build.opensuse.org
|
64
nftables.keyring
Normal file
64
nftables.keyring
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
|
||||||
|
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
|
||||||
|
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
|
||||||
|
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
|
||||||
|
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
|
||||||
|
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
|
||||||
|
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
|
||||||
|
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
|
||||||
|
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
|
||||||
|
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
|
||||||
|
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
|
||||||
|
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
|
||||||
|
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
|
||||||
|
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
|
||||||
|
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
|
||||||
|
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
|
||||||
|
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
|
||||||
|
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
|
||||||
|
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
|
||||||
|
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
|
||||||
|
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
|
||||||
|
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
|
||||||
|
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
|
||||||
|
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
|
||||||
|
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
|
||||||
|
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
|
||||||
|
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
|
||||||
|
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
|
||||||
|
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
|
||||||
|
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
|
||||||
|
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
|
||||||
|
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
|
||||||
|
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
|
||||||
|
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
|
||||||
|
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
|
||||||
|
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
|
||||||
|
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
|
||||||
|
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
|
||||||
|
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
|
||||||
|
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
|
||||||
|
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
|
||||||
|
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
|
||||||
|
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
|
||||||
|
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
|
||||||
|
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
|
||||||
|
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
|
||||||
|
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
|
||||||
|
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
|
||||||
|
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
|
||||||
|
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
|
||||||
|
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
|
||||||
|
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
|
||||||
|
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
|
||||||
|
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
|
||||||
|
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
|
||||||
|
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
|
||||||
|
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
|
||||||
|
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
|
||||||
|
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
|
||||||
|
rlbu70nh2kSJrg==
|
||||||
|
=wukb
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
129
nftables.spec
Normal file
129
nftables.spec
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
#
|
||||||
|
# spec file for package nftables
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
Name: nftables
|
||||||
|
Version: 1.0.8
|
||||||
|
Release: 0
|
||||||
|
Summary: Userspace utility to access the nf_tables packet filter
|
||||||
|
License: GPL-2.0-only
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://netfilter.org/projects/nftables/
|
||||||
|
|
||||||
|
#Git-Clone: git://git.netfilter.org/nftables
|
||||||
|
Source: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz
|
||||||
|
Source2: http://ftp.netfilter.org/pub/%name/%name-%version.tar.xz.sig
|
||||||
|
Source3: %name.keyring
|
||||||
|
Patch1: 0001-Revert-py-replace-distutils-with-setuptools.patch
|
||||||
|
BuildRequires: asciidoc
|
||||||
|
BuildRequires: bison
|
||||||
|
BuildRequires: flex
|
||||||
|
BuildRequires: gmp-devel
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: pkg-config >= 0.21
|
||||||
|
BuildRequires: python3-base
|
||||||
|
BuildRequires: pkgconfig(jansson)
|
||||||
|
BuildRequires: pkgconfig(libedit)
|
||||||
|
BuildRequires: pkgconfig(libmnl) >= 1.0.4
|
||||||
|
BuildRequires: pkgconfig(libnftnl) >= 1.2.6
|
||||||
|
BuildRequires: pkgconfig(xtables) >= 1.6.1
|
||||||
|
|
||||||
|
%description
|
||||||
|
nf_tables is a firewalling mechanism in the Linux kernel, running
|
||||||
|
independently of and parallel to ip_tables, ip6_tables,
|
||||||
|
arp_tables and ebtables. nftables is the corresponsing userspace
|
||||||
|
frontend.
|
||||||
|
|
||||||
|
The nftables frontend features support for sets and dictionaries of arbitrary
|
||||||
|
types, meta data types, atomic incremental and full ruleset updates, and,
|
||||||
|
similar to iptables, support for different protocols, access to connection
|
||||||
|
tracking and NAT and logging.
|
||||||
|
|
||||||
|
%package -n libnftables1
|
||||||
|
Summary: nftables firewalling command interface
|
||||||
|
Group: System/Libraries
|
||||||
|
|
||||||
|
%description -n libnftables1
|
||||||
|
libnftables is the nftables command line interface placed into a
|
||||||
|
library.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for the nftables command line interface
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: libnftables1 = %version
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
libnftables is the nftables command line interface placed into a
|
||||||
|
library.
|
||||||
|
|
||||||
|
This package contains the header files for the library.
|
||||||
|
|
||||||
|
%package -n python3-nftables
|
||||||
|
Summary: Python interface for nftables
|
||||||
|
Group: Development/Languages/Python
|
||||||
|
|
||||||
|
%description -n python3-nftables
|
||||||
|
A Python module for nftables.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
autoreconf -fi
|
||||||
|
mkdir bin
|
||||||
|
ln -s "%_bindir/docbook-to-man" bin/docbook2x-man
|
||||||
|
export PATH="$PATH:$PWD/bin"
|
||||||
|
mkdir obj
|
||||||
|
pushd obj/
|
||||||
|
%define _configure ../configure
|
||||||
|
%configure --disable-silent-rules --disable-static --docdir="%_docdir/%name" \
|
||||||
|
--includedir="%_includedir/%name" --with-json \
|
||||||
|
--enable-python --with-python-bin="$(which python3)"
|
||||||
|
%make_build
|
||||||
|
popd
|
||||||
|
|
||||||
|
%install
|
||||||
|
b="%buildroot"
|
||||||
|
%make_install -C obj
|
||||||
|
rm -f "%buildroot/%_libdir"/*.la
|
||||||
|
mkdir -p "$b/%_docdir/%name/examples"
|
||||||
|
mv -v "$b/%_datadir/nftables"/*.nft "$b/%_docdir/%name/examples/"
|
||||||
|
|
||||||
|
%post -n libnftables1 -p /sbin/ldconfig
|
||||||
|
%postun -n libnftables1 -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING
|
||||||
|
%_sysconfdir/nftables/
|
||||||
|
%_sbindir/nft
|
||||||
|
%_mandir/man5/*.5*
|
||||||
|
%_mandir/man8/nft*
|
||||||
|
%_docdir/%name/
|
||||||
|
|
||||||
|
%files -n libnftables1
|
||||||
|
%_libdir/libnftables.so.1*
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%_includedir/%name/
|
||||||
|
%_libdir/libnftables.so
|
||||||
|
%_libdir/pkgconfig/*.pc
|
||||||
|
%_mandir/man3/*.3*
|
||||||
|
|
||||||
|
%files -n python3-nftables
|
||||||
|
%python3_sitelib/nftables*
|
||||||
|
|
||||||
|
%changelog
|
Loading…
Reference in New Issue
Block a user