diff --git a/iptables-1.8.10.tar.xz b/iptables-1.8.10.tar.xz deleted file mode 100644 index 36f17e6..0000000 --- a/iptables-1.8.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c -size 641168 diff --git a/iptables-1.8.10.tar.xz.sig b/iptables-1.8.10.tar.xz.sig deleted file mode 100644 index 51a3574..0000000 Binary files a/iptables-1.8.10.tar.xz.sig and /dev/null differ diff --git a/iptables-1.8.11.tar.xz b/iptables-1.8.11.tar.xz new file mode 100644 index 0000000..d92db88 --- /dev/null +++ b/iptables-1.8.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d87303d55ef8c92bcad4dd3f978b26d272013642b029425775f5bad1009fe7b2 +size 649284 diff --git a/iptables-1.8.11.tar.xz.sig b/iptables-1.8.11.tar.xz.sig new file mode 100644 index 0000000..44921dc Binary files /dev/null and b/iptables-1.8.11.tar.xz.sig differ diff --git a/iptables-batch-lock.patch b/iptables-batch-lock.patch index fe6f729..100b8f9 100644 --- a/iptables-batch-lock.patch +++ b/iptables-batch-lock.patch @@ -10,10 +10,10 @@ Date: 2017-06-26T10:53:24+0000 iptables/xshared.c | 8 +++++++- 2 files changed, 28 insertions(+), 1 deletion(-) -Index: iptables-1.8.10/iptables/iptables-batch.c +Index: iptables-1.8.11/iptables/iptables-batch.c =================================================================== ---- iptables-1.8.10.orig/iptables/iptables-batch.c -+++ iptables-1.8.10/iptables/iptables-batch.c +--- iptables-1.8.11.orig/iptables/iptables-batch.c ++++ iptables-1.8.11/iptables/iptables-batch.c @@ -44,6 +44,7 @@ #include #endif @@ -49,10 +49,10 @@ Index: iptables-1.8.10/iptables/iptables-batch.c while((r = getline(&iline, &llen, fp)) != -1) { -Index: iptables-1.8.10/iptables/xshared.c +Index: iptables-1.8.11/iptables/xshared.c =================================================================== ---- iptables-1.8.10.orig/iptables/xshared.c -+++ iptables-1.8.10/iptables/xshared.c +--- iptables-1.8.11.orig/iptables/xshared.c ++++ iptables-1.8.11/iptables/xshared.c @@ -255,10 +255,14 @@ static void alarm_ignore(int i) { static int xtables_lock(int wait) @@ -72,8 +72,8 @@ Index: iptables-1.8.10/iptables/xshared.c alarm(wait); } -- if (flock(fd, LOCK_EX) == 0) -+ if (flock(fd, LOCK_EX) == 0) { +- if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0) ++ if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0) { + already_locked = true; return fd; + } diff --git a/iptables-nft-fix-interface-comparisons.patch b/iptables-nft-fix-interface-comparisons.patch new file mode 100644 index 0000000..a87d487 --- /dev/null +++ b/iptables-nft-fix-interface-comparisons.patch @@ -0,0 +1,172 @@ + From 40406dbfaefbc204134452b2747bae4f6a122848 Mon Sep 17 00:00:00 2001 +From: Jeremy Sowden +Date: Mon, 18 Nov 2024 13:56:50 +0000 +Subject: nft: fix interface comparisons in `-C` commands + +Commit 9ccae6397475 ("nft: Leave interface masks alone when parsing from +kernel") removed code which explicitly set interface masks to all ones. The +result of this is that they are zero. However, they are used to mask interfaces +in `is_same_interfaces`. Consequently, the masked values are alway zero, the +comparisons are always true, and check commands which ought to fail succeed: + + # iptables -N test + # iptables -A test -i lo \! -o lo -j REJECT + # iptables -v -L test + Chain test (0 references) + pkts bytes target prot opt in out source destination + 0 0 REJECT all -- lo !lo anywhere anywhere reject-with icmp-port-unreachable + # iptables -v -C test -i abcdefgh \! -o abcdefgh -j REJECT + REJECT all opt -- in lo out !lo 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable + +Remove the mask parameters from `is_same_interfaces`. Add a test-case. + +Fixes: 9ccae6397475 ("nft: Leave interface masks alone when parsing from kernel") +Signed-off-by: Jeremy Sowden +Signed-off-by: Phil Sutter +--- + iptables/nft-arp.c | 10 ++---- + iptables/nft-ipv4.c | 4 +-- + iptables/nft-ipv6.c | 6 +--- + iptables/nft-shared.c | 36 +++++----------------- + iptables/nft-shared.h | 6 +--- + .../testcases/nft-only/0020-compare-interfaces_0 | 9 ++++++ + 6 files changed, 22 insertions(+), 49 deletions(-) + create mode 100755 iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 + +diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c +index 264864c3..c11d64c3 100644 +--- a/iptables/nft-arp.c ++++ b/iptables/nft-arp.c +@@ -385,14 +385,8 @@ static bool nft_arp_is_same(const struct iptables_command_state *cs_a, + return false; + } + +- return is_same_interfaces(a->arp.iniface, +- a->arp.outiface, +- (unsigned char *)a->arp.iniface_mask, +- (unsigned char *)a->arp.outiface_mask, +- b->arp.iniface, +- b->arp.outiface, +- (unsigned char *)b->arp.iniface_mask, +- (unsigned char *)b->arp.outiface_mask); ++ return is_same_interfaces(a->arp.iniface, a->arp.outiface, ++ b->arp.iniface, b->arp.outiface); + } + + static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy) +diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c +index 74092875..0c8bd291 100644 +--- a/iptables/nft-ipv4.c ++++ b/iptables/nft-ipv4.c +@@ -113,9 +113,7 @@ static bool nft_ipv4_is_same(const struct iptables_command_state *a, + } + + return is_same_interfaces(a->fw.ip.iniface, a->fw.ip.outiface, +- a->fw.ip.iniface_mask, a->fw.ip.outiface_mask, +- b->fw.ip.iniface, b->fw.ip.outiface, +- b->fw.ip.iniface_mask, b->fw.ip.outiface_mask); ++ b->fw.ip.iniface, b->fw.ip.outiface); + } + + static void nft_ipv4_set_goto_flag(struct iptables_command_state *cs) +diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c +index b184f8af..4dbb2af2 100644 +--- a/iptables/nft-ipv6.c ++++ b/iptables/nft-ipv6.c +@@ -99,11 +99,7 @@ static bool nft_ipv6_is_same(const struct iptables_command_state *a, + } + + return is_same_interfaces(a->fw6.ipv6.iniface, a->fw6.ipv6.outiface, +- a->fw6.ipv6.iniface_mask, +- a->fw6.ipv6.outiface_mask, +- b->fw6.ipv6.iniface, b->fw6.ipv6.outiface, +- b->fw6.ipv6.iniface_mask, +- b->fw6.ipv6.outiface_mask); ++ b->fw6.ipv6.iniface, b->fw6.ipv6.outiface); + } + + static void nft_ipv6_set_goto_flag(struct iptables_command_state *cs) +diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c +index 6775578b..2c29e68f 100644 +--- a/iptables/nft-shared.c ++++ b/iptables/nft-shared.c +@@ -220,36 +220,16 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, + } + + bool is_same_interfaces(const char *a_iniface, const char *a_outiface, +- unsigned const char *a_iniface_mask, +- unsigned const char *a_outiface_mask, +- const char *b_iniface, const char *b_outiface, +- unsigned const char *b_iniface_mask, +- unsigned const char *b_outiface_mask) ++ const char *b_iniface, const char *b_outiface) + { +- int i; +- +- for (i = 0; i < IFNAMSIZ; i++) { +- if (a_iniface_mask[i] != b_iniface_mask[i]) { +- DEBUGP("different iniface mask %x, %x (%d)\n", +- a_iniface_mask[i] & 0xff, b_iniface_mask[i] & 0xff, i); +- return false; +- } +- if ((a_iniface[i] & a_iniface_mask[i]) +- != (b_iniface[i] & b_iniface_mask[i])) { +- DEBUGP("different iniface\n"); +- return false; +- } +- if (a_outiface_mask[i] != b_outiface_mask[i]) { +- DEBUGP("different outiface mask\n"); +- return false; +- } +- if ((a_outiface[i] & a_outiface_mask[i]) +- != (b_outiface[i] & b_outiface_mask[i])) { +- DEBUGP("different outiface\n"); +- return false; +- } ++ if (strncmp(a_iniface, b_iniface, IFNAMSIZ)) { ++ DEBUGP("different iniface\n"); ++ return false; ++ } ++ if (strncmp(a_outiface, b_outiface, IFNAMSIZ)) { ++ DEBUGP("different outiface\n"); ++ return false; + } +- + return true; + } + +diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h +index 51d1e460..b57aee1f 100644 +--- a/iptables/nft-shared.h ++++ b/iptables/nft-shared.h +@@ -105,11 +105,7 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, uint8_t proto, uint + void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv); + + bool is_same_interfaces(const char *a_iniface, const char *a_outiface, +- unsigned const char *a_iniface_mask, +- unsigned const char *a_outiface_mask, +- const char *b_iniface, const char *b_outiface, +- unsigned const char *b_iniface_mask, +- unsigned const char *b_outiface_mask); ++ const char *b_iniface, const char *b_outiface); + + void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op); + void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); +diff --git a/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 +new file mode 100755 +index 00000000..278cd648 +--- /dev/null ++++ b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 +@@ -0,0 +1,9 @@ ++#!/bin/bash ++ ++[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; } ++ ++$XT_MULTI iptables -N test ++$XT_MULTI iptables -A test -i lo \! -o lo -j REJECT ++$XT_MULTI iptables -C test -i abcdefgh \! -o abcdefgh -j REJECT 2>/dev/null && exit 1 ++ ++exit 0 +-- +cgit v1.2.3 + diff --git a/iptables.changes b/iptables.changes index 663aad5..77aac07 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Dec 2 13:40:26 UTC 2024 - Antonio Teixeira + +- Add iptables-nft-fix-interface-comparisons.patch + * fix '-C' commands for nft backend (bsc#1233690) + +------------------------------------------------------------------- +Fri Nov 8 16:14:22 UTC 2024 - Jan Engelhardt + +- Update to release 1.8.11 + * New arptables-translate tool + * ebtables-nft: support --replace and --list-rules commands + * iptables-translate: support socket match and TPROXY target + ------------------------------------------------------------------- Fri May 24 15:07:24 UTC 2024 - Jan Engelhardt diff --git a/iptables.keyring b/iptables.keyring index 34ba618..fd5e67f 100644 --- a/iptables.keyring +++ b/iptables.keyring @@ -1,64 +1,64 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded -660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi -V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2 -zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t -Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh -KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3 -dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi -WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg -9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj -+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR -U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB +mQINBGcLlIQBEADH+pWx2d5XgY2JCOHTVaOpbNlNfp1k9Ul0W5zaZ7EFHIGSj06E +o3+OM0eI6+d51PnqwRE+WbV4T3ooGnfgXN4fmKgq2TwkxlhKeFSzNGMuzzuoEwD+ +2cvSF9VIrwif1o9oa9KMNfKTY/qjuWZS0QWZ08thPAf/tWpoaA3gaqYQUshj5G3w +nTMdYlHUj7wkZCMg63tDygAe/7fDT3zurKCMbFoyiyQkp7V1SLxZpvuyuyPH6HtQ +P5xcbXsp5ots0BgN+BplMX89DrspxJXqi7AsTf4QnC78KbchMJJxLKZQS759dQHF +qHUTb3YdlxXFou6Si5LiBzvmqBRFj6m/WV1a8mDy5fPDkOLoTCUFHLmgvYHPJdtK +5EqNkwYAbSnZKe9aSeVa4XhaZqyyQb9vIsKyOnwdJ/l222J95qHQapZSLcRdqgQz +ZgxuEdOHacEaJ1IJ21CE8EtJfFA5DMZtkZNIGF3OFlXhw7YxJoPgsodtlVspQsfX +u2FGP9yg0fd4zLgHnotKqfJQ9ZjMB6bbJUd6Au9jv0SiM+kVGeVfyaaX7TDeQ3TT +/e44uFvkHkbYFQPcqsTalxtre6v7pMG2iu2mbkhQOC7qbL5MKMSdA93w/lF7w20b +cwyDavEoKk9vgDjSkVjaffvdy4cESa5JY4lM4ZmzoujnAZMwbzQeGcBtqQARAQAB tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC -VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ -CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6 -+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd -RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6 -4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN -IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w -bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf -Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj -QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3 -wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb -4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET -tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP -n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV -oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9 -o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S -ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU -tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp -HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM -FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/ -diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid -R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK -uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv -Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl -UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q -KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO -RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc -wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0 -0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+ -q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU -k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk -pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY -plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC -qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu -iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p -jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O -ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1 -CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag -8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB -bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM -jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR -rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg -3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ -7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1 -7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/ -yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8 -leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6 -U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+ -rlbu70nh2kSJrg== -=wukb +VAQTAQoAPhYhBIxfcUahdXpl4kIqlNcNGmZqzyshBQJnC5SEAhsDBQkHhM4ABQsJ +CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENcNGmZqzyshRE4P/AknD3DAWuCT7x7L +LFIUCkfl7WUou9zMQKy62JRK/+/lNyG1dkmvBu7XWLl/+IRv1uIb25I4xwaze6GF +8yhZDNXZLhUjComr864fMEdKNdXInAClLRNY0InkFmHw/SizvwDld4PgsLzoS+qL +5JY4FBlYEnd4wlIwH/w3gPycmdmQNVOjeWJhDrYKGLnjolpGRQPYRME4kjasWPbK +AWG/lpINQEB1DgtK8e6kcbUA8wSU6MMEsJjPY0o7lr9NvPfRpPXq34LjoFUXk3Hi +Bt8OuVVMo+wTmlZWkXdknFKS4IPVxUA53oJOVMFW8divmF/l676KBogSnczoX4vR +VW8sgDEKqb0NicKWJ2Fou+/KueY5OXsO8aZrZtXOsXIAMberdrNDYhyTUSYF8mZF +RdL6Jcm5GbQB/zOQElgzMwPQq5AD7SkziMzGOusWjqGmu9qphed/FimVbyRhMl5B +uDvGHthhy1KlPkqVcddN6i3/Kd/AMqXAuWMZH9FXJkUUWe+VAyeNHfEuBtSK2rqE +zf8TYGg5Gz+oNspWuqEyWUwoH7eQkRx2GIbwu2rwcIzrh8L0rsyu+6FNNHnQfnNq +ytbE888dxKkXeJ5T09Pp/hPwkNM8X8ZLcTTsAknrvqLNp2As49dP6iJwysfYLf/v +3Cyvz23JNeSQiTcC4YfKLs4LtCFkiQIzBBABCgAdFiEEN9lkrMBJgcdVAPub1V2X +iooUIOQFAmcLlJ0ACgkQ1V2XiooUIOQGJRAAsz/jYoNkSAhzvrY1t/5kSaa3Hyqi +wpaJNIb6YCNT9JFlEvfsIlikjK28I+LNqVrWoLZyX1np8h0AGfNUPo/rLzVXzqZ/ +UHZi5AjzXM6BVnR84LahFVVLISBtjt3DvY4xvl8cIh03ShJe/yAKIXZUbxXevtnj +M0/5bLaLjlVf3KldR+gFjUaTT1nxfkQnzxbk2yKe+1tuQzFsYPLG9Elzyagb4QYm +97CTxim3QcO0qWweoeusBqCkh7qD/ght76JrSnzq859XS//2jaq3A5ZsX5UJk5/E +FkzL4zersQZwQE10BByBBJbxC8DzMuGeV+eTVVHKU81cEnzZFxfyOtQBD+oHBauW +IC/v509TiH4qhZshJwcznsDZK1xAxxm3mryVtHbfSDSqzc5r/kNQt9mijD6wdsRb +0yQy1P2xkk1zyvOw3BRI2NVXq6+642cp21tjsY136JT/3a6KwIlIIdzIUqejbLoF +GgGZPJiQXthfmLpDgvduD6YgaSHyhtJesX3SIGvYBdCGT69blrB7lHazYRE/xKNu +bhnVzsaWlOXg52ChAMzsAAi5DV1669xUqRgj7zJHUq72bItZWdAvDSTIrQB4z7u8 +QW+XZsveWM2sKjzpLZjQaxdS7dFvGepYY5liA01w7Bx2lU75ejgaWrm/hlaT//RD +Al9IQzw14mOtm0e5Ag0EZwuUhAEQANmO+fv67llu3nOZh9mcTbKa0MTT6cNjpEVU +3MDImbN7pKTc/P+s6TVYBYn1q1U0XTXQlfh2HGdrLebAOdWW0Wcz4Kj9oOlRHOAR +yq3mRzb9hiCB89mJcw5xNIn83d5L/IJqONSaVLKnTwfwnTVaCJYuF5yIqDMOSXgS +C3sbGLx/yEchAhQEWUG8nm9WTybFfq98mFrHEKRGsSgfCHq6KMNn9NuhW149ZK+K +klPXZqFyDoRHdyivt9j9hfA0lr4t6sfXEfJedzjNO2f0Z8r2sQhmw3ykYDkzEF8I +zkgiik1Ke4+TmpD/4uL/hfgbkoVxZV6gI3M9rqs5o1glAuSFjsrGyog1EkUXplST +Qn4ea/vQ6t1iBkTb2r3qzhK+VL7GWlvZa9DGq8btNAiOjKKqa0+3zRTXyPJAdMQM +X+FBAhmaHJoylArEHdzv5haB7rv0aGjKV4O1ifonSGE2pllmSDbTO3exIeslLgDh +5GqVmQW30K5JvecKnb871c0utzRLHBF34HOYgRWBcl18DGD+SzXKj1//+4AatcAB +woNJHTEh6N3/mD3fJyWkyMwLJzo1x43Pmm1DkzioO9VMSxG7ReaH9WRDty3R83gT +njEI0CDkG7m0nXctrsDcmBCYMSnvriWVr7kNYQ9tSi9WUa8Cs0xCmy49fF+7ihIl +yANR2aMrABEBAAGJAjwEGAEKACYWIQSMX3FGoXV6ZeJCKpTXDRpmas8rIQUCZwuU +hAIbDAUJB4TOAAAKCRDXDRpmas8rIZPuD/4qYhAdmCtaicOjeuMI0EhKA0O0cnXv +BRwKXKGISZ6bt/f5fify78NQ4VdQzcpsRk1VvaEHRF5H+qxCQJ8MdzKcYpolCphj +ir1gE+zNP7gtzH4HOBzz3/q6GK5HmqwWth3X35ySrgrhnUZZX+plm9gRIRIqmijh +hdDp/3/2FcskQzr9UvIQDB14TbbSVAsDx5cQUM5F1nS1AAJNSrebuEcBeeM0N1HP +tqWmcJuAHtTlk+K5yk02cgbP9926vlty1uI46UyI4t/xOxmIY6gXlcSMbBnVmB0s +E+sKJTE7QrDpRRNiseCNLZcr/TNp9lrFpaUXz/JwXc+c1VC8UmARk9NLHsfoGz5H +fvhiUwl96wtvu1YKIev9nfVp1bb3/XeNAVJd+hNxOlkv68s3feutvv7vQR14E8cv +CVTXK7aAZKkWJl2n8pPohsXs5vwrsG36oFSH98jehLtzLrpgtWj6N7U8SWhI9JlT +EaIpEL/C1foVJeSZs8Tq1sqYaw81lovDFk8wuS1eFhWeEVodJQsfCPBgsQGZ46oZ +gWz3AU3KrB4ruNxjkJJxfgKu39pHDrv3o5ZufAHoIAHRdPTPlcH1Wi/1LLgLqHVC +9+i7N1ClsO1/VgtYmZwzxWxsEJOcE2+vOROoVzgMh5lGhCLh6/3VTL96hIjcMp4W +oD8ElPP+m/v6iA== +=70vD -----END PGP PUBLIC KEY BLOCK----- diff --git a/iptables.spec b/iptables.spec index c6cb679..0804eea 100644 --- a/iptables.spec +++ b/iptables.spec @@ -23,7 +23,7 @@ %endif Name: iptables -Version: 1.8.10 +Version: 1.8.11 Release: 0 Summary: IP packet filter administration utilities License: Artistic-2.0 AND GPL-2.0-only @@ -37,6 +37,7 @@ Source4: baselibs.conf Patch1: iptables-batch.patch Patch2: iptables-batch-lock.patch Patch3: iptables-1.8.2-dont_read_garbage.patch +Patch4: iptables-nft-fix-interface-comparisons.patch BuildRequires: bison BuildRequires: fdupes @@ -47,7 +48,7 @@ BuildRequires: xz BuildRequires: pkgconfig(libmnl) >= 1.0 BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 -BuildRequires: pkgconfig(libnftnl) >= 1.1.6 +BuildRequires: pkgconfig(libnftnl) >= 1.2.6 Requires: netcfg >= 11.6 Requires: xtables-plugins = %version-%release %if %{with libalternatives} @@ -319,6 +320,7 @@ fi %files %license COPYING %_bindir/iptables-xml +%_sbindir/arptables-*translate* %_sbindir/iptables-apply %_sbindir/iptables-legacy* %_sbindir/iptables-nft*