From 11586c0cb73d138eaf01c966895e4979454f10b6121d082fa418489424f7faab Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 20 Jul 2018 14:30:45 +0000
Subject: [PATCH 01/16] - Update to new upstream release 1.8.0

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=102
---
 iptables-1.6.2.tar.bz2     |   3 --
 iptables-1.6.2.tar.bz2.sig | Bin 543 -> 0 bytes
 iptables-1.8.0.tar.bz2     |   3 ++
 iptables-1.8.0.tar.bz2.sig | Bin 0 -> 590 bytes
 iptables-batch.patch       |  38 +++++++++----------
 iptables.changes           |  10 +++++
 iptables.spec              |  76 ++++++++++---------------------------
 7 files changed, 49 insertions(+), 81 deletions(-)
 delete mode 100644 iptables-1.6.2.tar.bz2
 delete mode 100644 iptables-1.6.2.tar.bz2.sig
 create mode 100644 iptables-1.8.0.tar.bz2
 create mode 100644 iptables-1.8.0.tar.bz2.sig

diff --git a/iptables-1.6.2.tar.bz2 b/iptables-1.6.2.tar.bz2
deleted file mode 100644
index 2d4ae79..0000000
--- a/iptables-1.6.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:55d02dfa46263343a401f297d44190f2a3e5113c8933946f094ed40237053733
-size 639785
diff --git a/iptables-1.6.2.tar.bz2.sig b/iptables-1.6.2.tar.bz2.sig
deleted file mode 100644
index 9e4819d8ab2cb574a00510766f61a1a02daaab20377d335f4f99df3519673405..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p-=hh6(@*2@tDBRiP%*lH|&m5Bv>gHC)c|rt*N>wz=Jg
zPf~^<N4S^{&T(g;(g2Y(OvpPyo#77nm$LR8T^~qhAQBzlde|xPLw2Ofr-p_5ob`b`
zTCOj}%OBwDJpjw6?Vy=4J0dLm>>v_T?y*yh{P>9x8MS7<tk&y>s`f(3p+ik*6mG`7
zW%A7)fbfqqL&1c1eUd*1?zOFuL2e$e0F**c?*yiXJ-p=akdI)L$j1&onBStn<N8g~
zZazieF)0qgj@kOr%)B*+a*6Ev%xgT$7=)+)kCXx9kE%hXdp9E?WmP{Q7^Y6P>d-7y
zN?m$HLu4$BQSR~8EA2YW+cujj4)-Q<Za~qrh~_pw*soJWoO-^xWmpym65rqG?&L*0
zSbNn!mw25m6>~-JU*V>^RGfHur6Hd;ev2Dr6Wft~mKERpv>WPbC1yGMz}P^jXIUYJ
zIGJtF^G@TKsIIDXYYTy~Lai`8rId)fOOo9uQ?}etfJo!!P4o60J}dZ^FdR7m|FYXN
zZ7u?$dUBLA0R+U+?i!!28`b)0TP@xok^*>)tC1G<rhQK7{C;@#<Dt`LZak%1Ljx70
za7ex$OfV@w_Lw50v&Ez2tmcq<XJ87^9FTK6%k2qVL#^BqrRxV>2kWsCcuDl3GNsI?
h!@D_Im^GH&bVaDFcV0Pzjzz%P0+`~8ctE7ze1?tG4R`<m

diff --git a/iptables-1.8.0.tar.bz2 b/iptables-1.8.0.tar.bz2
new file mode 100644
index 0000000..e064c98
--- /dev/null
+++ b/iptables-1.8.0.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c4cbfa187c4296e4bc2e347ebbc21e309def7274773f20f0df0b8feaf7e8de50
+size 677980
diff --git a/iptables-1.8.0.tar.bz2.sig b/iptables-1.8.0.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..652e88617a8426e03040767ed10096ceb81853ed9d13442133e2033a84d5ccbd
GIT binary patch
literal 590
zcmV-U0<ryx0!st{0SEv!79j+{ow5c$9dI<dVN$KDMpdCE(vsu_0$V>F_!k^wZ*paH
zWnpbVZe?_4X>4?5axQOjX8;Nb5UWO2p(fIj<XR#R{yA5N9-C9>6SI`x>n@jn+9ZpF
z|Iz9|n39e`?g-XJha`M8EkAhSiF%s;c?rD@z$}875$!=P-=3SO743tgZsL!KcVa`3
z*7Ej*p))2NYAfd-)SA85;VkV~%QHmB^$Ak*K-S}q>b67;MlQlk<>=BRue}8H^ox?n
zm~NoyFl@j6YL|<>6S9vqUlNk@lsdsi9)1P%`s&RKEUh#l#~{91`x#M`dIfX6cYqJ@
zxlrwW+FB1*1j_YcD?r73E~MmNGyGJzH*0HTMZK)1Sd2a&)lHW5Sw@d&uWTHs@sv+F
z?~`?W={kbv(Vv;M9=VB#qkQ1?=>vm+O#|q!CvQ{h8F+SIn~G(^jmcB?o%TSGVZLej
zjh;TheB2z63QyHd@Q<n7X{Uj}!;;W(X|9)som}V@3Pa0yMK#mW40vcZP|q?yKprM{
zy8ry;@PdBYQ#;u)A=tEF5P-0Ly)J<h9C7Tn(ZI&=Oyb-ND8twdF6nI+`nO-^0nelj
zqmkjB|DFEzj75q#`{dag@IOrlm(N_Av-0?ZpHE@Y&nC43Qpb`I?%tK+Pu{RjZ~Z42
z)w8~eiak@5TQH2AZ6ctf4sbT(Y3~V-h;^z+5^FGWN+-uWq8|)zJAges*o_5l#10h_
cr+w3eO48k8{HEvvJ%2ipf!Lcmi1E|qfiVLm$^ZZW

literal 0
HcmV?d00001

diff --git a/iptables-batch.patch b/iptables-batch.patch
index 24c8c7e..0533a27 100644
--- a/iptables-batch.patch
+++ b/iptables-batch.patch
@@ -3,31 +3,27 @@
  iptables/iptables-batch.c |  468 ++++++++++++++++++++++++++++++++++++++++++++++
  2 files changed, 477 insertions(+)
 
-Index: iptables/iptables/Makefile.am
+Index: iptables-1.8.0/iptables/Makefile.am
 ===================================================================
---- iptables.orig/iptables/Makefile.am
-+++ iptables/iptables/Makefile.am
-@@ -48,7 +48,16 @@ xtables_compat_multi_SOURCES += xshared.
- xtables_compat_multi_LDADD   += ../libxtables/libxtables.la -lm
- endif
- 
-+iptables_batch_SOURCES    = iptables-batch.c iptables.c xshared.c
-+iptables_batch_LDFLAGS    = ${xtables_multi_LDFLAGS}
-+iptables_batch_LDADD      = ${xtables_multi_LDADD}
-+ip6tables_batch_SOURCES   = iptables-batch.c ip6tables.c xshared.c
-+ip6tables_batch_CFLAGS    = ${AM_CFLAGS} -DIP6T
-+ip6tables_batch_LDFLAGS   = ${xtables_multi_LDFLAGS}
-+ip6tables_batch_LDADD     = ${xtables_multi_LDADD}
+--- iptables-1.8.0.orig/iptables/Makefile.am
++++ iptables-1.8.0/iptables/Makefile.am
+@@ -98,3 +98,12 @@ install-exec-hook:
+ 	for i in ${v4_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
+ 	for i in ${v6_sbin_links}; do ${LN_S} -f xtables-legacy-multi "${DESTDIR}${sbindir}/$$i"; done;
+ 	for i in ${x_sbin_links}; do ${LN_S} -f xtables-nft-multi "${DESTDIR}${sbindir}/$$i"; done;
 +
- sbin_PROGRAMS    = xtables-multi
-+sbin_PROGRAMS   += iptables-batch ip6tables-batch
- if ENABLE_NFTABLES
- sbin_PROGRAMS	+= xtables-compat-multi
- endif
-Index: iptables/iptables/iptables-batch.c
++iptables_legacy_batch_SOURCES  = iptables-batch.c iptables.c xshared.c
++iptables_legacy_batch_LDFLAGS  = ${xtables_legacy_multi_LDFLAGS}
++iptables_legacy_batch_LDADD    = ${xtables_legacy_multi_LDADD}
++ip6tables_legacy_batch_SOURCES = iptables-batch.c ip6tables.c xshared.c
++ip6tables_legacy_batch_CFLAGS  = ${AM_CFLAGS} -DIP6T
++ip6tables_legacy_batch_LDFLAGS = ${xtables_legacy_multi_LDFLAGS}
++ip6tables_legacy_batch_LDADD   = ${xtables_legacy_multi_LDADD}
++sbin_PROGRAMS += iptables-legacy-batch ip6tables-legacy-batch
+Index: iptables-1.8.0/iptables/iptables-batch.c
 ===================================================================
 --- /dev/null
-+++ iptables/iptables/iptables-batch.c
++++ iptables-1.8.0/iptables/iptables-batch.c
 @@ -0,0 +1,468 @@
 +/*
 + * Author: Ludwig Nussel <ludwig.nussel@suse.de>
diff --git a/iptables.changes b/iptables.changes
index c2460c6..cceac44 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jul  9 09:38:13 UTC 2018 - jengelh@inai.de
+
+- Update to new upstream release 1.8.0
+  * The ipv6 "srh" match can now match previous/next/last sid
+  * CONNMARK target now supports bit-shifting for restore,set
+    and save-mark.
+  * DNAT now supports shifted portmap ranges.
+  * iptables now comes in two backends: legacy and nft.
+
 -------------------------------------------------------------------
 Thu May 24 16:38:53 CEST 2018 - kukuk@suse.de
 
diff --git a/iptables.spec b/iptables.spec
index 2b9154e..755b100 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -17,7 +17,7 @@
 
 
 Name:           iptables
-Version:        1.6.2
+Version:        1.8.0
 Release:        0
 Summary:        IP packet filter administration utilities
 License:        GPL-2.0-only AND Artistic-2.0
@@ -32,14 +32,9 @@ Patch4:         iptables-apply-mktemp-fix.patch
 Patch5:         iptables-batch-lock.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if 0%{?fedora_version} || 0%{?centos_version}
-BuildRequires:  sgml-common
-%endif
-%if 0%{?suse_version}
-BuildRequires:  fdupes
-%endif
 #git#BuildRequires:  autoconf, automake >= 1.10
 BuildRequires:  bison
+BuildRequires:  fdupes
 BuildRequires:  flex >= 2.5.33
 BuildRequires:  libtool
 BuildRequires:  pkg-config >= 0.21
@@ -48,24 +43,13 @@ BuildRequires:  pkgconfig(libmnl) >= 1.0
 BuildRequires:  pkgconfig(libnetfilter_conntrack) >= 1.0.4
 BuildRequires:  pkgconfig(libnfnetlink) >= 1.0.0
 BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
+Requires:       iptables-default-backend
+Requires:       netcfg >= 11.6
 Requires:       xtables-plugins = %version-%release
 
 %description
 iptables is used to set up, maintain, and inspect the rule tables of
-the classic "ip6_tables" and "ip_tables" packet filters in the Linux
-kernel.
-
-%package nft
-Summary:        nft packet filter administration utilties in the style of Xtables
-Group:          Productivity/Networking/Security
-Requires:       netcfg >= 11.6
-Requires:       xtables-plugins = %version-%release
-
-%description nft
-The programs shipped in this subpackage behave like iptables on the
-command line, but instead edits the rules of the nft packet filter in
-the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
-the features.
+the various Netfilter packet filter engines inside the Linux kernel.
 
 %package -n xtables-plugins
 Summary:        Match and target extension plugins for iptables
@@ -147,22 +131,24 @@ xtables --variable=xtlibdir).
 
 %build
 # We have the iptables-batch patch, so always regenerate.
-if true || [ ! -e configure ]; then
-	./autogen.sh
-fi
+./autogen.sh
 # bnc#561793 - do not include unclean module in iptables manpage
 rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
 %configure --includedir="%_includedir/%name" --enable-libipq
-make %{?_smp_mflags}
+make %{?_smp_mflags} V=
 
 %install
-make DESTDIR=%buildroot install
+%make_install
+b="%buildroot"
 # iptables-apply is not installed by upstream Makefile
-install -m0755 iptables/iptables-apply %buildroot%_sbindir/
-install -m0644 iptables/iptables-apply.8 %buildroot%_mandir/man8/
-rm -f "%buildroot/%_libdir"/*.la
+install -m0755 iptables/iptables-apply "$b/%_sbindir/"
+install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
+rm -f "$b/%_libdir"/*.la
+rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
+mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
+mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif
@@ -175,42 +161,22 @@ rm -f "%buildroot/%_libdir"/*.la
 %postun -n libxtables12 -p /sbin/ldconfig
 
 %files
-%defattr(-,root,root)
 %license COPYING
-%doc %_mandir/man1/ip*
-%doc %_mandir/man8/ip*
-%_bindir/iptables-xml
-%_sbindir/iptables
-%_sbindir/iptables-apply
-%_sbindir/iptables-batch
-%_sbindir/iptables-restore
-%_sbindir/iptables-save
-%_sbindir/ip6tables
-%_sbindir/ip6tables-batch
-%_sbindir/ip6tables-restore
-%_sbindir/ip6tables-save
-%_sbindir/xtables-multi
-
-%files nft
-%defattr(-,root,root)
-# is provided by netcfg
-%exclude %_sysconfdir/ethertypes
-%_sbindir/*-compat*
-%_sbindir/*-translate*
+%_bindir/*tables*
+%_sbindir/*tables*
+%_mandir/man1/*tables*
+%_mandir/man8/*tables*
 
 %files -n xtables-plugins
-%defattr(-,root,root)
 %_libdir/xtables/
 %_sbindir/nfnl_osf
 %_mandir/man8/nfnl_osf.8*
 %_datadir/xtables/
 
 %files -n libipq0
-%defattr(-,root,root)
 %_libdir/libipq.so.0*
 
 %files -n libipq-devel
-%defattr(-,root,root)
 %doc %_mandir/man3/libipq*
 %doc %_mandir/man3/ipq*
 %dir %_includedir/%name/
@@ -219,24 +185,20 @@ rm -f "%buildroot/%_libdir"/*.la
 %_libdir/pkgconfig/libipq.pc
 
 %files -n libiptc0
-%defattr(-,root,root)
 %_libdir/libiptc.so.0*
 %_libdir/libip4tc.so.0*
 %_libdir/libip6tc.so.0*
 
 %files -n libiptc-devel
-%defattr(-,root,root)
 %dir %_includedir/%name/
 %_includedir/%name/libiptc*
 %_libdir/libip*tc.so
 %_libdir/pkgconfig/libip*tc.pc
 
 %files -n libxtables12
-%defattr(-,root,root)
 %_libdir/libxtables.so.12*
 
 %files -n libxtables-devel
-%defattr(-,root,root)
 %dir %_includedir/%name/
 %_includedir/%name/xtables.h
 %_includedir/%name/xtables-version.h

From 1a4392eb2e9257041aa37b2708ec01ec04b6b3b97436f73dfbbe69e2b92755d6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 24 Aug 2018 07:45:33 +0000
Subject: [PATCH 02/16] Switch to snapshot to get arptables-nft and
 ebtables-nft support

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=103
---
 _service                   |  13 +++++++++++++
 iptables-1.8.0.g75.tar.xz  |   3 +++
 iptables-1.8.0.tar.bz2     |   3 ---
 iptables-1.8.0.tar.bz2.sig | Bin 590 -> 0 bytes
 iptables.changes           |   2 +-
 iptables.spec              |   7 ++++---
 6 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 _service
 create mode 100644 iptables-1.8.0.g75.tar.xz
 delete mode 100644 iptables-1.8.0.tar.bz2
 delete mode 100644 iptables-1.8.0.tar.bz2.sig

diff --git a/_service b/_service
new file mode 100644
index 0000000..eaeafea
--- /dev/null
+++ b/_service
@@ -0,0 +1,13 @@
+<services>
+	<service name="tar_scm" mode="disabled">
+ 		<param name="scm">git</param>
+		<param name="url">git://netfilter.org/iptables</param>
+		<param name="revision">5ee03e6df41727652e0dc6ffaef8411b8840d812</param>
+		<param name="versionformat">1.8.0.g@TAG_OFFSET@</param>
+	</service>
+	<service name="recompress" mode="disabled">
+		<param name="file">*.tar</param>
+		<param name="compression">xz</param>
+	</service>
+	<service name="set_version" mode="disabled"/>
+</services>
diff --git a/iptables-1.8.0.g75.tar.xz b/iptables-1.8.0.g75.tar.xz
new file mode 100644
index 0000000..4ae1195
--- /dev/null
+++ b/iptables-1.8.0.g75.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:26f9008e04273175350eecdd8591321211e935bfc397fcb7eaed70f96b7fce88
+size 364668
diff --git a/iptables-1.8.0.tar.bz2 b/iptables-1.8.0.tar.bz2
deleted file mode 100644
index e064c98..0000000
--- a/iptables-1.8.0.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c4cbfa187c4296e4bc2e347ebbc21e309def7274773f20f0df0b8feaf7e8de50
-size 677980
diff --git a/iptables-1.8.0.tar.bz2.sig b/iptables-1.8.0.tar.bz2.sig
deleted file mode 100644
index 652e88617a8426e03040767ed10096ceb81853ed9d13442133e2033a84d5ccbd..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 590
zcmV-U0<ryx0!st{0SEv!79j+{ow5c$9dI<dVN$KDMpdCE(vsu_0$V>F_!k^wZ*paH
zWnpbVZe?_4X>4?5axQOjX8;Nb5UWO2p(fIj<XR#R{yA5N9-C9>6SI`x>n@jn+9ZpF
z|Iz9|n39e`?g-XJha`M8EkAhSiF%s;c?rD@z$}875$!=P-=3SO743tgZsL!KcVa`3
z*7Ej*p))2NYAfd-)SA85;VkV~%QHmB^$Ak*K-S}q>b67;MlQlk<>=BRue}8H^ox?n
zm~NoyFl@j6YL|<>6S9vqUlNk@lsdsi9)1P%`s&RKEUh#l#~{91`x#M`dIfX6cYqJ@
zxlrwW+FB1*1j_YcD?r73E~MmNGyGJzH*0HTMZK)1Sd2a&)lHW5Sw@d&uWTHs@sv+F
z?~`?W={kbv(Vv;M9=VB#qkQ1?=>vm+O#|q!CvQ{h8F+SIn~G(^jmcB?o%TSGVZLej
zjh;TheB2z63QyHd@Q<n7X{Uj}!;;W(X|9)som}V@3Pa0yMK#mW40vcZP|q?yKprM{
zy8ry;@PdBYQ#;u)A=tEF5P-0Ly)J<h9C7Tn(ZI&=Oyb-ND8twdF6nI+`nO-^0nelj
zqmkjB|DFEzj75q#`{dag@IOrlm(N_Av-0?ZpHE@Y&nC43Qpb`I?%tK+Pu{RjZ~Z42
z)w8~eiak@5TQH2AZ6ctf4sbT(Y3~V-h;^z+5^FGWN+-uWq8|)zJAges*o_5l#10h_
cr+w3eO48k8{HEvvJ%2ipf!Lcmi1E|qfiVLm$^ZZW

diff --git a/iptables.changes b/iptables.changes
index cceac44..7be6a3e 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Mon Jul  9 09:38:13 UTC 2018 - jengelh@inai.de
 
-- Update to new upstream release 1.8.0
+- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
   * The ipv6 "srh" match can now match previous/next/last sid
   * CONNMARK target now supports bit-shifting for restore,set
     and save-mark.
diff --git a/iptables.spec b/iptables.spec
index 755b100..06929f0 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -17,15 +17,16 @@
 
 
 Name:           iptables
-Version:        1.8.0
+Version:        1.8.0.g75
 Release:        0
 Summary:        IP packet filter administration utilities
 License:        GPL-2.0-only AND Artistic-2.0
 Group:          Productivity/Networking/Security
 Url:            http://netfilter.org/projects/iptables/
 #Git-Clone:     git://git.netfilter.org/iptables
-Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
-Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+#Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
+#Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+Source:         %name-%version.tar.xz
 Source3:        %name.keyring
 Patch3:         iptables-batch.patch
 Patch4:         iptables-apply-mktemp-fix.patch

From 5230699ad37f04717381e4102f20fc26d0a1683b8328ab8da37608d230e192a2 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 27 Aug 2018 11:34:40 +0000
Subject: [PATCH 03/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=104

---
 _service                  |   2 +-
 iptables-1.8.0.g75.tar.xz |   3 -
 iptables-1.8.0.g85.tar.xz |   3 +
 iptables.spec             | 118 +++++++++++++++++++++++++++++++++++---
 4 files changed, 115 insertions(+), 11 deletions(-)
 delete mode 100644 iptables-1.8.0.g75.tar.xz
 create mode 100644 iptables-1.8.0.g85.tar.xz

diff --git a/_service b/_service
index eaeafea..7509fef 100644
--- a/_service
+++ b/_service
@@ -2,7 +2,7 @@
 	<service name="tar_scm" mode="disabled">
  		<param name="scm">git</param>
 		<param name="url">git://netfilter.org/iptables</param>
-		<param name="revision">5ee03e6df41727652e0dc6ffaef8411b8840d812</param>
+		<param name="revision">0800d9b46b377bc24f15af2c6ae22550b954b6e2</param>
 		<param name="versionformat">1.8.0.g@TAG_OFFSET@</param>
 	</service>
 	<service name="recompress" mode="disabled">
diff --git a/iptables-1.8.0.g75.tar.xz b/iptables-1.8.0.g75.tar.xz
deleted file mode 100644
index 4ae1195..0000000
--- a/iptables-1.8.0.g75.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:26f9008e04273175350eecdd8591321211e935bfc397fcb7eaed70f96b7fce88
-size 364668
diff --git a/iptables-1.8.0.g85.tar.xz b/iptables-1.8.0.g85.tar.xz
new file mode 100644
index 0000000..c5d69c4
--- /dev/null
+++ b/iptables-1.8.0.g85.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0479c1b53a84f66eda0d9484d1a15c9a644049635bfe866af829df0976a1c737
+size 364504
diff --git a/iptables.spec b/iptables.spec
index 06929f0..e68661e 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -17,7 +17,7 @@
 
 
 Name:           iptables
-Version:        1.8.0.g75
+Version:        1.8.0.g85
 Release:        0
 Summary:        IP packet filter administration utilities
 License:        GPL-2.0-only AND Artistic-2.0
@@ -52,6 +52,28 @@ Requires:       xtables-plugins = %version-%release
 iptables is used to set up, maintain, and inspect the rule tables of
 the various Netfilter packet filter engines inside the Linux kernel.
 
+%package backend-legacy
+Summary:        Metapackage to make x_tables the default backend for iptables
+Group:          Productivity/Networking/Security
+Provides:       iptables-default-backend
+
+%description backend-legacy
+Installation of this package adds alternatives symlinks (cf.
+update-alternatives) that make the iptables and ip6tables commands
+point to a program variant that uses the classic kernel interface
+provided by ip_tables.ko and ip6_tables.ko.
+
+%package backend-nft
+Summary:        Metapackage to make nft the default backend for iptables/arptables/ebtables
+Group:          Productivity/Networking/Security
+Provides:       iptables-default-backend
+
+%description backend-nft
+Installation of this package adds higher priority alternatives (cf.
+update-alternatives) that makes the iptables, ip6tables, arptables
+and ebtables commands point to a program variant that uses the
+nftables kernel interface.
+
 %package -n xtables-plugins
 Summary:        Match and target extension plugins for iptables
 Group:          Productivity/Networking/Security
@@ -88,12 +110,12 @@ be modified in userspace prior to reinjection back into the kernel.
 ip_queue/libipq is obsoleted by nf_queue/libnetfilter_queue!
 
 %package -n libiptc0
-Summary:        Library for low-level ruleset generation and parsing
+Summary:        Library for the ip_tables low-level ruleset generation and parsing
 Group:          System/Libraries
 
 %description -n libiptc0
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
-construct, and load new rulesets into the kernel.
+construct, and load rulesets into the kernel.
 
 %package -n libiptc-devel
 Summary:        Development files for libiptc, a packet filter ruleset library
@@ -102,10 +124,10 @@ Requires:       libiptc0 = %version
 
 %description -n libiptc-devel
 libiptc ("iptables cache") is used to retrieve from the kernel, parse,
-construct, and load new rulesets into the kernel.
+construct, and load rulesets into the kernel.
 
 %package -n libxtables12
-Summary:        iptables extension interface
+Summary:        The iptables plugin interface
 Group:          System/Libraries
 
 %description -n libxtables12
@@ -148,12 +170,45 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
 install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
 rm -f "$b/%_libdir"/*.la
 rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
+find "$b/%_sbindir/iptables" -type l -delete
 mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
 mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
+mv "$b/%_sbindir/arptables-restore" "$b/%_sbindir/arptables-nft-restore"
+mv "$b/%_sbindir/ebtables-restore" "$b/%_sbindir/ebtables-nft-restore"
+mv "$b/%_sbindir/arptables-save" "$b/%_sbindir/arptables-nft-save"
+mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save"
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif
 
+%post backend-legacy
+update-alternatives \
+	--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
+	--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
+	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
+
+%postun
+update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
+
+%post backend-nft
+update-alternatives \
+	--install "%_sbindir/iptables" iptables "%_sbindir/xtables-nft-multi" 2 \
+	--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/iptables-save" iptables-save "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
+update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2
+update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2
+
+%postun backend-nft
+update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
+update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
+update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
+
 %post   -n libipq0 -p /sbin/ldconfig
 %postun -n libipq0 -p /sbin/ldconfig
 %post   -n libiptc0 -p /sbin/ldconfig
@@ -163,11 +218,60 @@ mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
 
 %files
 %license COPYING
-%_bindir/*tables*
-%_sbindir/*tables*
+%_bindir/iptables-xml
+%_sbindir/iptables-apply
+%_sbindir/iptables-legacy*
+%_sbindir/iptables-nft*
+%_sbindir/iptables-*translate*
+%_sbindir/ip6tables-legacy*
+%_sbindir/ip6tables-nft*
+%_sbindir/ip6tables-*translate*
+%_sbindir/arptables-nft*
+%_sbindir/ebtables-nft*
+%_sbindir/xtables*
 %_mandir/man1/*tables*
 %_mandir/man8/*tables*
 
+%files backend-legacy
+%ghost %_sysconfdir/alternatives/iptables
+%ghost %_sysconfdir/alternatives/iptables-restore
+%ghost %_sysconfdir/alternatives/iptables-save
+%ghost %_sysconfdir/alternatives/ip6tables
+%ghost %_sysconfdir/alternatives/ip6tables-restore
+%ghost %_sysconfdir/alternatives/ip6tables-save
+%ghost %_sbindir/iptables
+%ghost %_sbindir/iptables-restore
+%ghost %_sbindir/iptables-save
+%ghost %_sbindir/ip6tables
+%ghost %_sbindir/ip6tables-restore
+%ghost %_sbindir/ip6tables-save
+
+%files backend-nft
+%ghost %_sysconfdir/alternatives/iptables
+%ghost %_sysconfdir/alternatives/iptables-restore
+%ghost %_sysconfdir/alternatives/iptables-save
+%ghost %_sysconfdir/alternatives/ip6tables
+%ghost %_sysconfdir/alternatives/ip6tables-restore
+%ghost %_sysconfdir/alternatives/ip6tables-save
+%ghost %_sysconfdir/alternatives/arptables
+%ghost %_sysconfdir/alternatives/arptables-restore
+%ghost %_sysconfdir/alternatives/arptables-save
+%ghost %_sysconfdir/alternatives/ebtables
+%ghost %_sysconfdir/alternatives/ebtables-restore
+%ghost %_sysconfdir/alternatives/ebtables-save
+%ghost %_sbindir/iptables
+%ghost %_sbindir/iptables-restore
+%ghost %_sbindir/iptables-save
+%ghost %_sbindir/ip6tables
+%ghost %_sbindir/ip6tables-restore
+%ghost %_sbindir/ip6tables-save
+%ghost %_sbindir/arptables
+%ghost %_sbindir/arptables-restore
+%ghost %_sbindir/arptables-save
+%ghost %_sbindir/ebtables
+%ghost %_sbindir/ebtables-restore
+%ghost %_sbindir/ebtables-save
+
 %files -n xtables-plugins
 %_libdir/xtables/
 %_sbindir/nfnl_osf

From d99609f6817685de350967321e8dff6f5b6f716f285dc05cc4ab5e01e64b0ee1 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 27 Aug 2018 11:45:59 +0000
Subject: [PATCH 04/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=105

---
 iptables.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index e68661e..4702825 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -201,8 +201,12 @@ update-alternatives \
 	--slave "%_sbindir/ip6tables" ip6tables "%_sbindir/xtables-nft-multi" \
 	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-nft-multi" \
 	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
-update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2
-update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2
+update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2 \
+	--slave "%_sbindir/arptables-restore" arptables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/arptables-save" arptables-save "%_sbindir/xtables-nft-multi" \
+update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2 \
+	--slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi" \
 
 %postun backend-nft
 update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"

From 3c84df208f0b70464964aaaf563f1ffd657b1388ae6346df02e7a50b9be9f62b Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 27 Aug 2018 11:56:57 +0000
Subject: [PATCH 05/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=106

---
 iptables.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index 4702825..fea32a8 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -203,10 +203,10 @@ update-alternatives \
 	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-nft-multi"
 update-alternatives --install "%_sbindir/arptables" arptables "%_sbindir/xtables-nft-multi" 2 \
 	--slave "%_sbindir/arptables-restore" arptables-restore "%_sbindir/xtables-nft-multi" \
-	--slave "%_sbindir/arptables-save" arptables-save "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/arptables-save" arptables-save "%_sbindir/xtables-nft-multi"
 update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-nft-multi" 2 \
 	--slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \
-	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi" \
+	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi"
 
 %postun backend-nft
 update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"

From eacc4f7ab66fd24cf91b171907f3757a3527bff4b1f2af3a9a18c5cac8825d79 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 29 Aug 2018 07:43:41 +0000
Subject: [PATCH 06/16] Only call u-a remove when the package is completely
 going away

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=107
---
 iptables.spec | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index fea32a8..6e78faf 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -191,7 +191,9 @@ update-alternatives \
 	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
 
 %postun
-update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
+if test "$1" = 0; then
+	update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
+fi
 
 %post backend-nft
 update-alternatives \
@@ -209,9 +211,11 @@ update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-n
 	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi"
 
 %postun backend-nft
-update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
-update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
-update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
+if test "$1" = 0; then
+	update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
+	update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
+	update-alternatives --remove ebtables "%_sbindir/xtables-nft-multi"
+fi
 
 %post   -n libipq0 -p /sbin/ldconfig
 %postun -n libipq0 -p /sbin/ldconfig

From e3c936d24b800d84e0a781449bea3680c8edb6267d62c3de3b86ac2d443c99a4 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 5 Sep 2018 14:38:38 +0000
Subject: [PATCH 07/16] merge iptables-default-backend into iptables (else
 there will be %post errors because iptables-backend-default gets installed
 before iptables is)

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=108
---
 iptables.spec | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index 6e78faf..888eb0e 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -44,7 +44,6 @@ BuildRequires:  pkgconfig(libmnl) >= 1.0
 BuildRequires:  pkgconfig(libnetfilter_conntrack) >= 1.0.4
 BuildRequires:  pkgconfig(libnfnetlink) >= 1.0.0
 BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
-Requires:       iptables-default-backend
 Requires:       netcfg >= 11.6
 Requires:       xtables-plugins = %version-%release
 
@@ -52,21 +51,10 @@ Requires:       xtables-plugins = %version-%release
 iptables is used to set up, maintain, and inspect the rule tables of
 the various Netfilter packet filter engines inside the Linux kernel.
 
-%package backend-legacy
-Summary:        Metapackage to make x_tables the default backend for iptables
-Group:          Productivity/Networking/Security
-Provides:       iptables-default-backend
-
-%description backend-legacy
-Installation of this package adds alternatives symlinks (cf.
-update-alternatives) that make the iptables and ip6tables commands
-point to a program variant that uses the classic kernel interface
-provided by ip_tables.ko and ip6_tables.ko.
-
 %package backend-nft
 Summary:        Metapackage to make nft the default backend for iptables/arptables/ebtables
 Group:          Productivity/Networking/Security
-Provides:       iptables-default-backend
+Requires:       iptables >= 1.8.0
 
 %description backend-nft
 Installation of this package adds higher priority alternatives (cf.
@@ -181,7 +169,7 @@ mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save"
 %fdupes %buildroot/%_prefix
 %endif
 
-%post backend-legacy
+%post
 update-alternatives \
 	--install "%_sbindir/iptables" iptables "%_sbindir/xtables-legacy-multi" 1 \
 	--slave "%_sbindir/iptables-restore" iptables-restore "%_sbindir/xtables-legacy-multi" \
@@ -239,8 +227,7 @@ fi
 %_sbindir/xtables*
 %_mandir/man1/*tables*
 %_mandir/man8/*tables*
-
-%files backend-legacy
+# backend-legacy (implicit)
 %ghost %_sysconfdir/alternatives/iptables
 %ghost %_sysconfdir/alternatives/iptables-restore
 %ghost %_sysconfdir/alternatives/iptables-save

From 778e2419ae63a18a57d95626611f0b16109215d5a9eefb115a09d280b0a13a88 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 5 Sep 2018 14:59:02 +0000
Subject: [PATCH 08/16] run u-a before links are gone

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=109
---
 iptables.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index 888eb0e..5446ecf 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -178,7 +178,7 @@ update-alternatives \
 	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
 	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
 
-%postun
+%preun
 if test "$1" = 0; then
 	update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
 fi
@@ -198,7 +198,7 @@ update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-n
 	--slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \
 	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi"
 
-%postun backend-nft
+%preun backend-nft
 if test "$1" = 0; then
 	update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
 	update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"

From cd1d76fe364d317148c82a8b343c4d2d3ea71f26d52287fda04b705d4b217ac9 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Thu, 6 Sep 2018 11:05:45 +0000
Subject: [PATCH 09/16] Accepting request 632973 from
 home:markoschandras:branches:security:netfilter

- Add missing update-alternatives dependency to Requires(post)
  section. If this is missing the package fails to install properly
  when it is used as build dependency.

OBS-URL: https://build.opensuse.org/request/show/632973
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=110
---
 iptables.changes | 7 +++++++
 iptables.spec    | 1 +
 2 files changed, 8 insertions(+)

diff --git a/iptables.changes b/iptables.changes
index 7be6a3e..61291d3 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Sep  4 08:08:22 UTC 2018 - Markos Chandras <mchandras@suse.de>
+
+- Add missing update-alternatives dependency to Requires(post)
+  section. If this is missing the package fails to install properly
+  when it is used as build dependency.
+
 -------------------------------------------------------------------
 Mon Jul  9 09:38:13 UTC 2018 - jengelh@inai.de
 
diff --git a/iptables.spec b/iptables.spec
index 5446ecf..f9c26d4 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -46,6 +46,7 @@ BuildRequires:  pkgconfig(libnfnetlink) >= 1.0.0
 BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
 Requires:       netcfg >= 11.6
 Requires:       xtables-plugins = %version-%release
+Requires(post): update-alternatives
 
 %description
 iptables is used to set up, maintain, and inspect the rule tables of

From 93bd5c4922e049997b7ce488c5c2b069b0de9661a2feacff71a0caa5a1d23c62 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Thu, 6 Sep 2018 11:06:12 +0000
Subject: [PATCH 10/16] add more u-a requires

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=111
---
 iptables.spec | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables.spec b/iptables.spec
index f9c26d4..21532fc 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -47,6 +47,7 @@ BuildRequires:  pkgconfig(libnftnl) >= 1.0.5
 Requires:       netcfg >= 11.6
 Requires:       xtables-plugins = %version-%release
 Requires(post): update-alternatives
+Requires(postun): update-alternatives
 
 %description
 iptables is used to set up, maintain, and inspect the rule tables of
@@ -56,6 +57,8 @@ the various Netfilter packet filter engines inside the Linux kernel.
 Summary:        Metapackage to make nft the default backend for iptables/arptables/ebtables
 Group:          Productivity/Networking/Security
 Requires:       iptables >= 1.8.0
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
 
 %description backend-nft
 Installation of this package adds higher priority alternatives (cf.

From f916ded102e084a170229e5dc1063292d64d017d3c1f5e97bff3c431121e31f9 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 7 Sep 2018 11:47:03 +0000
Subject: [PATCH 11/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=112

---
 iptables.spec | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index 21532fc..0405e08 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -24,8 +24,8 @@ License:        GPL-2.0-only AND Artistic-2.0
 Group:          Productivity/Networking/Security
 Url:            http://netfilter.org/projects/iptables/
 #Git-Clone:     git://git.netfilter.org/iptables
-#Source:         http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2
-#Source2:        http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig
+#Source:         http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2
+#Source2:        http://netfilter.org/projects/iptables/files/%%name-%%version.tar.bz2.sig
 Source:         %name-%version.tar.xz
 Source3:        %name.keyring
 Patch3:         iptables-batch.patch
@@ -182,7 +182,7 @@ update-alternatives \
 	--slave "%_sbindir/ip6tables-restore" ip6tables-restore "%_sbindir/xtables-legacy-multi" \
 	--slave "%_sbindir/ip6tables-save" ip6tables-save "%_sbindir/xtables-legacy-multi"
 
-%preun
+%postun
 if test "$1" = 0; then
 	update-alternatives --remove iptables "%_sbindir/xtables-legacy-multi"
 fi
@@ -202,7 +202,7 @@ update-alternatives --install "%_sbindir/ebtables" ebtables "%_sbindir/xtables-n
 	--slave "%_sbindir/ebtables-restore" ebtables-restore "%_sbindir/xtables-nft-multi" \
 	--slave "%_sbindir/ebtables-save" ebtables-save "%_sbindir/xtables-nft-multi"
 
-%preun backend-nft
+%postun backend-nft
 if test "$1" = 0; then
 	update-alternatives --remove iptables "%_sbindir/xtables-nft-multi"
 	update-alternatives --remove arptables "%_sbindir/xtables-nft-multi"
@@ -238,12 +238,12 @@ fi
 %ghost %_sysconfdir/alternatives/ip6tables
 %ghost %_sysconfdir/alternatives/ip6tables-restore
 %ghost %_sysconfdir/alternatives/ip6tables-save
-%ghost %_sbindir/iptables
-%ghost %_sbindir/iptables-restore
-%ghost %_sbindir/iptables-save
-%ghost %_sbindir/ip6tables
-%ghost %_sbindir/ip6tables-restore
-%ghost %_sbindir/ip6tables-save
+%_sbindir/iptables
+%_sbindir/iptables-restore
+%_sbindir/iptables-save
+%_sbindir/ip6tables
+%_sbindir/ip6tables-restore
+%_sbindir/ip6tables-save
 
 %files backend-nft
 %ghost %_sysconfdir/alternatives/iptables
@@ -258,18 +258,18 @@ fi
 %ghost %_sysconfdir/alternatives/ebtables
 %ghost %_sysconfdir/alternatives/ebtables-restore
 %ghost %_sysconfdir/alternatives/ebtables-save
-%ghost %_sbindir/iptables
-%ghost %_sbindir/iptables-restore
-%ghost %_sbindir/iptables-save
-%ghost %_sbindir/ip6tables
-%ghost %_sbindir/ip6tables-restore
-%ghost %_sbindir/ip6tables-save
-%ghost %_sbindir/arptables
-%ghost %_sbindir/arptables-restore
-%ghost %_sbindir/arptables-save
-%ghost %_sbindir/ebtables
-%ghost %_sbindir/ebtables-restore
-%ghost %_sbindir/ebtables-save
+%_sbindir/iptables
+%_sbindir/iptables-restore
+%_sbindir/iptables-save
+%_sbindir/ip6tables
+%_sbindir/ip6tables-restore
+%_sbindir/ip6tables-save
+%_sbindir/arptables
+%_sbindir/arptables-restore
+%_sbindir/arptables-save
+%_sbindir/ebtables
+%_sbindir/ebtables-restore
+%_sbindir/ebtables-save
 
 %files -n xtables-plugins
 %_libdir/xtables/

From 6f2c0af6e13851d9067766602ffaf7e4a78dd75ec8c7847ce8b98dceab618cec Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 7 Sep 2018 12:32:22 +0000
Subject: [PATCH 12/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=113

---
 iptables.spec | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/iptables.spec b/iptables.spec
index 0405e08..c2adae2 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -162,13 +162,6 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
 install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
 rm -f "$b/%_libdir"/*.la
 rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
-find "$b/%_sbindir/iptables" -type l -delete
-mv "$b/%_sbindir/arptables" "$b/%_sbindir/arptables-nft"
-mv "$b/%_sbindir/ebtables" "$b/%_sbindir/ebtables-nft"
-mv "$b/%_sbindir/arptables-restore" "$b/%_sbindir/arptables-nft-restore"
-mv "$b/%_sbindir/ebtables-restore" "$b/%_sbindir/ebtables-nft-restore"
-mv "$b/%_sbindir/arptables-save" "$b/%_sbindir/arptables-nft-save"
-mv "$b/%_sbindir/ebtables-save" "$b/%_sbindir/ebtables-nft-save"
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif

From cca32dede0b818b8accea5ce935efda55703028325f33b0de4999d819cd5a949 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 7 Sep 2018 12:57:54 +0000
Subject: [PATCH 13/16] u-a links

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=114
---
 iptables.spec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/iptables.spec b/iptables.spec
index c2adae2..c5f279f 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -162,6 +162,12 @@ install -m0755 iptables/iptables-apply "$b/%_sbindir/"
 install -m0644 iptables/iptables-apply.8 "$b/%_mandir/man8/"
 rm -f "$b/%_libdir"/*.la
 rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
+
+for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \
+    ip6tables-save arptables arptables-restore arptables-save ebtables \
+    ebtables-restore ebtables-save; do
+	ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/%i"
+done
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix
 %endif

From ee66040bbf106059a3a564a643e66dfe72defdf1f680c2a50d1491cae73c366f Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 7 Sep 2018 13:51:53 +0000
Subject: [PATCH 14/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=115

---
 iptables.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables.spec b/iptables.spec
index c5f279f..8573036 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -166,7 +166,7 @@ rm -f "$b/%_sysconfdir/ethertypes" # -> netcfg
 for i in iptables iptables-restore iptables-save ip6tables ip6tables-restore \
     ip6tables-save arptables arptables-restore arptables-save ebtables \
     ebtables-restore ebtables-save; do
-	ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/%i"
+	ln -fsv "/etc/alternatives/$i" "$b/%_sbindir/$i"
 done
 %if 0%{?suse_version}
 %fdupes %buildroot/%_prefix

From 1ddad2fc9437dc74c8dc8d0cef12cd58504cd6cb127b0525b05bac9858713ec1 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Wed, 12 Sep 2018 12:53:41 +0000
Subject: [PATCH 15/16] reenable standard build

OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=116
---
 iptables.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables.spec b/iptables.spec
index 8573036..6c0fcff 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -152,7 +152,7 @@ rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
 %configure --includedir="%_includedir/%name" --enable-libipq
-make %{?_smp_mflags} V=
+%make_build
 
 %install
 %make_install

From 9d512ba093800ddd8ed4bf107889f4ac3b7bfbc57053938b070160881b8f6bc6 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Sat, 15 Sep 2018 12:44:58 +0000
Subject: [PATCH 16/16] OBS-URL:
 https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=117

---
 iptables.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables.spec b/iptables.spec
index 6c0fcff..224ae8a 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -152,7 +152,7 @@ rm -f extensions/libipt_unclean.man
 # includedir is overriden on purpose to detect projects that
 # fail to include libxtables_CFLAGS
 %configure --includedir="%_includedir/%name" --enable-libipq
-%make_build
+%make_build V=1
 
 %install
 %make_install