OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=104

_service

@@ -2,7 +2,7 @@
 	<service name="tar_scm" mode="disabled">
  		<param name="scm">git</param>
 		<param name="url">git://netfilter.org/iptables</param>
-		<param name="revision">5ee03e6df41727652e0dc6ffaef8411b8840d812</param>
+		<param name="revision">0800d9b46b377bc24f15af2c6ae22550b954b6e2</param>
 		<param name="versionformat">1.8.0.g@TAG_OFFSET@</param>
 	</service>
 	<service name="recompress" mode="disabled">

iptables-1.8.0.g75.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:26f9008e04273175350eecdd8591321211e935bfc397fcb7eaed70f96b7fce88
-size 364668

iptables-1.8.0.g85.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0479c1b53a84f66eda0d9484d1a15c9a644049635bfe866af829df0976a1c737
+size 364504

iptables.spec

@@ -17,7 +17,7 @@
 
 
 Name:           iptables
-Version:        1.8.0.g75
+Version:        1.8.0.g85
 Release:        0
 Summary:        IP packet filter administration utilities
 License:        GPL-2.0-only AND Artistic-2.0
@@ -52,6 +52,28 @@ Requires:       xtables-plugins = %version-%release
 iptables is used to set up, maintain, and inspect the rule tables of
 the various Netfilter packet filter engines inside the Linux kernel.
 
+%package backend-legacy
+Summary:        Metapackage to make x_tables the default backend for iptables
+Group:          Productivity/Networking/Security
+Provides:       iptables-default-backend
+
+%description backend-legacy
+Installation of this package adds alternatives symlinks (cf.
+update-alternatives) that make the iptables and ip6tables commands
+point to a program variant that uses the classic kernel interface
+provided by ip_tables.ko and ip6_tables.ko.
+
+%package backend-nft
+Summary:        Metapackage to make nft the default backend for iptables/arptables/ebtables
+Group:          Productivity/Networking/Security
+Provides:       iptables-default-backend
+
+%description backend-nft
+Installation of this package adds higher priority alternatives (cf.
+update-alternatives) that makes the iptables, ip6tables, arptables
+and ebtables commands point to a program variant that uses the
+nftables kernel interface.
+
 %package -n xtables-plugins
 Summary:        Match and target extension plugins for iptables
 Group:          Productivity/Networking/Security
@@ -88,12 +110,12 @@ be modified in userspace prior to reinjection back into the kernel.
 ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
 
 %package -n libiptc0
-Summary:        Library for low-level ruleset generation and parsing
+Summary:        Library for the ip_tables low-level ruleset generation and parsing
 Group:          System/Libraries
 
 %description -n libiptc0
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
-construct, and load new rulesets into the kernel.
+construct, and load rulesets into the kernel.
 
 %package -n libiptc-devel
 Summary:        Development files for libiptc, a packet filter ruleset library
@@ -102,10 +124,10 @@ Requires:       libiptc0 = %version
 
 %description -n libiptc-devel
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
-construct, and load new rulesets into the kernel.
+construct, and load rulesets into the kernel.
 
 %package -n libxtables12
-Summary:        iptables extension interface
+Summary:        The iptables plugin interface
 Group:          System/Libraries
 
 %description -n libxtables12
@@ -148,12 +170,45 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
 install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
 rm -f "$b/%_libdir"/*.la
 rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
+find "$b/%_sbindir/iptables" -type l -delete
 mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
 mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
+mv "$b/%_sbindir/arptables-restore" "$b/%_sbindir/arptables-nft-restore"
+mv "$b/%_sbindir/ebtables-restore" "$b/%_sbindir/ebtables-nft-restore"
+mv "$b/%_sbindir/arptables-save" "$b/%_sbindir/arptables-nft-save"
+mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save"
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif
 
+%post backend-legacy
+update-alternatives \
+	--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
+	--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
+
+%postun
+update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
+
+%post backend-nft
+update-alternatives \
+	--install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \
+	--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
+update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2
+update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2
+
+%postun backend-nft
+update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
+update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
+update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
+
 %post   -n libipq0 -p /sbin/ldconfig
 %postun -n libipq0 -p /sbin/ldconfig
 %post   -n libiptc0 -p /sbin/ldconfig
@@ -163,11 +218,60 @@ mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
 
 %files
 %license COPYING
-%_bindir/*tables*
-%_sbindir/*tables*
+%_bindir/iptables-xml
+%_sbindir/iptables-apply
+%_sbindir/iptables-legacy*
+%_sbindir/iptables-nft*
+%_sbindir/iptables-*translate*
+%_sbindir/ip6tables-legacy*
+%_sbindir/ip6tables-nft*
+%_sbindir/ip6tables-*translate*
+%_sbindir/arptables-nft*
+%_sbindir/ebtables-nft*
+%_sbindir/xtables*
 %_mandir/man1/*tables*
 %_mandir/man8/*tables*
 
+%files backend-legacy
+%ghost %_sysconfdir/alternatives/iptables
+%ghost %_sysconfdir/alternatives/iptables-restore
+%ghost %_sysconfdir/alternatives/iptables-save
+%ghost %_sysconfdir/alternatives/ip6tables
+%ghost %_sysconfdir/alternatives/ip6tables-restore
+%ghost %_sysconfdir/alternatives/ip6tables-save
+%ghost %_sbindir/iptables
+%ghost %_sbindir/iptables-restore
+%ghost %_sbindir/iptables-save
+%ghost %_sbindir/ip6tables
+%ghost %_sbindir/ip6tables-restore
+%ghost %_sbindir/ip6tables-save
+
+%files backend-nft
+%ghost %_sysconfdir/alternatives/iptables
+%ghost %_sysconfdir/alternatives/iptables-restore
+%ghost %_sysconfdir/alternatives/iptables-save
+%ghost %_sysconfdir/alternatives/ip6tables
+%ghost %_sysconfdir/alternatives/ip6tables-restore
+%ghost %_sysconfdir/alternatives/ip6tables-save
+%ghost %_sysconfdir/alternatives/arptables
+%ghost %_sysconfdir/alternatives/arptables-restore
+%ghost %_sysconfdir/alternatives/arptables-save
+%ghost %_sysconfdir/alternatives/ebtables
+%ghost %_sysconfdir/alternatives/ebtables-restore
+%ghost %_sysconfdir/alternatives/ebtables-save
+%ghost %_sbindir/iptables
+%ghost %_sbindir/iptables-restore
+%ghost %_sbindir/iptables-save
+%ghost %_sbindir/ip6tables
+%ghost %_sbindir/ip6tables-restore
+%ghost %_sbindir/ip6tables-save
+%ghost %_sbindir/arptables
+%ghost %_sbindir/arptables-restore
+%ghost %_sbindir/arptables-save
+%ghost %_sbindir/ebtables
+%ghost %_sbindir/ebtables-restore
+%ghost %_sbindir/ebtables-save
+
 %files -n xtables-plugins
 %_libdir/xtables/
 %_sbindir/nfnl_osf