fix '-C' commands for nft backend (bsc#1233690) #1
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c
|
|
||||||
size 641168
|
|
Binary file not shown.
BIN
iptables-1.8.11.tar.xz
(Stored with Git LFS)
Normal file
BIN
iptables-1.8.11.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
iptables-1.8.11.tar.xz.sig
Normal file
BIN
iptables-1.8.11.tar.xz.sig
Normal file
Binary file not shown.
@ -10,10 +10,10 @@ Date: 2017-06-26T10:53:24+0000
|
|||||||
iptables/xshared.c | 8 +++++++-
|
iptables/xshared.c | 8 +++++++-
|
||||||
2 files changed, 28 insertions(+), 1 deletion(-)
|
2 files changed, 28 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
Index: iptables-1.8.10/iptables/iptables-batch.c
|
Index: iptables-1.8.11/iptables/iptables-batch.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- iptables-1.8.10.orig/iptables/iptables-batch.c
|
--- iptables-1.8.11.orig/iptables/iptables-batch.c
|
||||||
+++ iptables-1.8.10/iptables/iptables-batch.c
|
+++ iptables-1.8.11/iptables/iptables-batch.c
|
||||||
@@ -44,6 +44,7 @@
|
@@ -44,6 +44,7 @@
|
||||||
#include <iptables.h>
|
#include <iptables.h>
|
||||||
#endif
|
#endif
|
||||||
@ -49,10 +49,10 @@ Index: iptables-1.8.10/iptables/iptables-batch.c
|
|||||||
|
|
||||||
while((r = getline(&iline, &llen, fp)) != -1)
|
while((r = getline(&iline, &llen, fp)) != -1)
|
||||||
{
|
{
|
||||||
Index: iptables-1.8.10/iptables/xshared.c
|
Index: iptables-1.8.11/iptables/xshared.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- iptables-1.8.10.orig/iptables/xshared.c
|
--- iptables-1.8.11.orig/iptables/xshared.c
|
||||||
+++ iptables-1.8.10/iptables/xshared.c
|
+++ iptables-1.8.11/iptables/xshared.c
|
||||||
@@ -255,10 +255,14 @@ static void alarm_ignore(int i) {
|
@@ -255,10 +255,14 @@ static void alarm_ignore(int i) {
|
||||||
|
|
||||||
static int xtables_lock(int wait)
|
static int xtables_lock(int wait)
|
||||||
@ -72,8 +72,8 @@ Index: iptables-1.8.10/iptables/xshared.c
|
|||||||
alarm(wait);
|
alarm(wait);
|
||||||
}
|
}
|
||||||
|
|
||||||
- if (flock(fd, LOCK_EX) == 0)
|
- if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0)
|
||||||
+ if (flock(fd, LOCK_EX) == 0) {
|
+ if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0) {
|
||||||
+ already_locked = true;
|
+ already_locked = true;
|
||||||
return fd;
|
return fd;
|
||||||
+ }
|
+ }
|
||||||
|
172
iptables-nft-fix-interface-comparisons.patch
Normal file
172
iptables-nft-fix-interface-comparisons.patch
Normal file
@ -0,0 +1,172 @@
|
|||||||
|
From 40406dbfaefbc204134452b2747bae4f6a122848 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jeremy Sowden <jeremy@azazel.net>
|
||||||
|
Date: Mon, 18 Nov 2024 13:56:50 +0000
|
||||||
|
Subject: nft: fix interface comparisons in `-C` commands
|
||||||
|
|
||||||
|
Commit 9ccae6397475 ("nft: Leave interface masks alone when parsing from
|
||||||
|
kernel") removed code which explicitly set interface masks to all ones. The
|
||||||
|
result of this is that they are zero. However, they are used to mask interfaces
|
||||||
|
in `is_same_interfaces`. Consequently, the masked values are alway zero, the
|
||||||
|
comparisons are always true, and check commands which ought to fail succeed:
|
||||||
|
|
||||||
|
# iptables -N test
|
||||||
|
# iptables -A test -i lo \! -o lo -j REJECT
|
||||||
|
# iptables -v -L test
|
||||||
|
Chain test (0 references)
|
||||||
|
pkts bytes target prot opt in out source destination
|
||||||
|
0 0 REJECT all -- lo !lo anywhere anywhere reject-with icmp-port-unreachable
|
||||||
|
# iptables -v -C test -i abcdefgh \! -o abcdefgh -j REJECT
|
||||||
|
REJECT all opt -- in lo out !lo 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
|
||||||
|
|
||||||
|
Remove the mask parameters from `is_same_interfaces`. Add a test-case.
|
||||||
|
|
||||||
|
Fixes: 9ccae6397475 ("nft: Leave interface masks alone when parsing from kernel")
|
||||||
|
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
||||||
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||||
|
---
|
||||||
|
iptables/nft-arp.c | 10 ++----
|
||||||
|
iptables/nft-ipv4.c | 4 +--
|
||||||
|
iptables/nft-ipv6.c | 6 +---
|
||||||
|
iptables/nft-shared.c | 36 +++++-----------------
|
||||||
|
iptables/nft-shared.h | 6 +---
|
||||||
|
.../testcases/nft-only/0020-compare-interfaces_0 | 9 ++++++
|
||||||
|
6 files changed, 22 insertions(+), 49 deletions(-)
|
||||||
|
create mode 100755 iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||||
|
|
||||||
|
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
||||||
|
index 264864c3..c11d64c3 100644
|
||||||
|
--- a/iptables/nft-arp.c
|
||||||
|
+++ b/iptables/nft-arp.c
|
||||||
|
@@ -385,14 +385,8 @@ static bool nft_arp_is_same(const struct iptables_command_state *cs_a,
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
- return is_same_interfaces(a->arp.iniface,
|
||||||
|
- a->arp.outiface,
|
||||||
|
- (unsigned char *)a->arp.iniface_mask,
|
||||||
|
- (unsigned char *)a->arp.outiface_mask,
|
||||||
|
- b->arp.iniface,
|
||||||
|
- b->arp.outiface,
|
||||||
|
- (unsigned char *)b->arp.iniface_mask,
|
||||||
|
- (unsigned char *)b->arp.outiface_mask);
|
||||||
|
+ return is_same_interfaces(a->arp.iniface, a->arp.outiface,
|
||||||
|
+ b->arp.iniface, b->arp.outiface);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy)
|
||||||
|
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
|
||||||
|
index 74092875..0c8bd291 100644
|
||||||
|
--- a/iptables/nft-ipv4.c
|
||||||
|
+++ b/iptables/nft-ipv4.c
|
||||||
|
@@ -113,9 +113,7 @@ static bool nft_ipv4_is_same(const struct iptables_command_state *a,
|
||||||
|
}
|
||||||
|
|
||||||
|
return is_same_interfaces(a->fw.ip.iniface, a->fw.ip.outiface,
|
||||||
|
- a->fw.ip.iniface_mask, a->fw.ip.outiface_mask,
|
||||||
|
- b->fw.ip.iniface, b->fw.ip.outiface,
|
||||||
|
- b->fw.ip.iniface_mask, b->fw.ip.outiface_mask);
|
||||||
|
+ b->fw.ip.iniface, b->fw.ip.outiface);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void nft_ipv4_set_goto_flag(struct iptables_command_state *cs)
|
||||||
|
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
|
||||||
|
index b184f8af..4dbb2af2 100644
|
||||||
|
--- a/iptables/nft-ipv6.c
|
||||||
|
+++ b/iptables/nft-ipv6.c
|
||||||
|
@@ -99,11 +99,7 @@ static bool nft_ipv6_is_same(const struct iptables_command_state *a,
|
||||||
|
}
|
||||||
|
|
||||||
|
return is_same_interfaces(a->fw6.ipv6.iniface, a->fw6.ipv6.outiface,
|
||||||
|
- a->fw6.ipv6.iniface_mask,
|
||||||
|
- a->fw6.ipv6.outiface_mask,
|
||||||
|
- b->fw6.ipv6.iniface, b->fw6.ipv6.outiface,
|
||||||
|
- b->fw6.ipv6.iniface_mask,
|
||||||
|
- b->fw6.ipv6.outiface_mask);
|
||||||
|
+ b->fw6.ipv6.iniface, b->fw6.ipv6.outiface);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void nft_ipv6_set_goto_flag(struct iptables_command_state *cs)
|
||||||
|
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
|
||||||
|
index 6775578b..2c29e68f 100644
|
||||||
|
--- a/iptables/nft-shared.c
|
||||||
|
+++ b/iptables/nft-shared.c
|
||||||
|
@@ -220,36 +220,16 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r,
|
||||||
|
}
|
||||||
|
|
||||||
|
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
|
||||||
|
- unsigned const char *a_iniface_mask,
|
||||||
|
- unsigned const char *a_outiface_mask,
|
||||||
|
- const char *b_iniface, const char *b_outiface,
|
||||||
|
- unsigned const char *b_iniface_mask,
|
||||||
|
- unsigned const char *b_outiface_mask)
|
||||||
|
+ const char *b_iniface, const char *b_outiface)
|
||||||
|
{
|
||||||
|
- int i;
|
||||||
|
-
|
||||||
|
- for (i = 0; i < IFNAMSIZ; i++) {
|
||||||
|
- if (a_iniface_mask[i] != b_iniface_mask[i]) {
|
||||||
|
- DEBUGP("different iniface mask %x, %x (%d)\n",
|
||||||
|
- a_iniface_mask[i] & 0xff, b_iniface_mask[i] & 0xff, i);
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
- if ((a_iniface[i] & a_iniface_mask[i])
|
||||||
|
- != (b_iniface[i] & b_iniface_mask[i])) {
|
||||||
|
- DEBUGP("different iniface\n");
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
- if (a_outiface_mask[i] != b_outiface_mask[i]) {
|
||||||
|
- DEBUGP("different outiface mask\n");
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
- if ((a_outiface[i] & a_outiface_mask[i])
|
||||||
|
- != (b_outiface[i] & b_outiface_mask[i])) {
|
||||||
|
- DEBUGP("different outiface\n");
|
||||||
|
- return false;
|
||||||
|
- }
|
||||||
|
+ if (strncmp(a_iniface, b_iniface, IFNAMSIZ)) {
|
||||||
|
+ DEBUGP("different iniface\n");
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ if (strncmp(a_outiface, b_outiface, IFNAMSIZ)) {
|
||||||
|
+ DEBUGP("different outiface\n");
|
||||||
|
+ return false;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
|
||||||
|
index 51d1e460..b57aee1f 100644
|
||||||
|
--- a/iptables/nft-shared.h
|
||||||
|
+++ b/iptables/nft-shared.h
|
||||||
|
@@ -105,11 +105,7 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, uint8_t proto, uint
|
||||||
|
void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv);
|
||||||
|
|
||||||
|
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
|
||||||
|
- unsigned const char *a_iniface_mask,
|
||||||
|
- unsigned const char *a_outiface_mask,
|
||||||
|
- const char *b_iniface, const char *b_outiface,
|
||||||
|
- unsigned const char *b_iniface_mask,
|
||||||
|
- unsigned const char *b_outiface_mask);
|
||||||
|
+ const char *b_iniface, const char *b_outiface);
|
||||||
|
|
||||||
|
void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op);
|
||||||
|
void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
|
||||||
|
diff --git a/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||||
|
new file mode 100755
|
||||||
|
index 00000000..278cd648
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+#!/bin/bash
|
||||||
|
+
|
||||||
|
+[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
|
||||||
|
+
|
||||||
|
+$XT_MULTI iptables -N test
|
||||||
|
+$XT_MULTI iptables -A test -i lo \! -o lo -j REJECT
|
||||||
|
+$XT_MULTI iptables -C test -i abcdefgh \! -o abcdefgh -j REJECT 2>/dev/null && exit 1
|
||||||
|
+
|
||||||
|
+exit 0
|
||||||
|
--
|
||||||
|
cgit v1.2.3
|
||||||
|
|
@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 2 13:40:26 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
||||||
|
|
||||||
|
- Add iptables-nft-fix-interface-comparisons.patch
|
||||||
|
* fix '-C' commands for nft backend (bsc#1233690)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 8 16:14:22 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 1.8.11
|
||||||
|
* New arptables-translate tool
|
||||||
|
* ebtables-nft: support --replace and --list-rules commands
|
||||||
|
* iptables-translate: support socket match and TPROXY target
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 24 15:07:24 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Fri May 24 15:07:24 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
120
iptables.keyring
120
iptables.keyring
@ -1,64 +1,64 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
|
mQINBGcLlIQBEADH+pWx2d5XgY2JCOHTVaOpbNlNfp1k9Ul0W5zaZ7EFHIGSj06E
|
||||||
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
|
o3+OM0eI6+d51PnqwRE+WbV4T3ooGnfgXN4fmKgq2TwkxlhKeFSzNGMuzzuoEwD+
|
||||||
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
|
2cvSF9VIrwif1o9oa9KMNfKTY/qjuWZS0QWZ08thPAf/tWpoaA3gaqYQUshj5G3w
|
||||||
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
|
nTMdYlHUj7wkZCMg63tDygAe/7fDT3zurKCMbFoyiyQkp7V1SLxZpvuyuyPH6HtQ
|
||||||
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
|
P5xcbXsp5ots0BgN+BplMX89DrspxJXqi7AsTf4QnC78KbchMJJxLKZQS759dQHF
|
||||||
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
|
qHUTb3YdlxXFou6Si5LiBzvmqBRFj6m/WV1a8mDy5fPDkOLoTCUFHLmgvYHPJdtK
|
||||||
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
|
5EqNkwYAbSnZKe9aSeVa4XhaZqyyQb9vIsKyOnwdJ/l222J95qHQapZSLcRdqgQz
|
||||||
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
|
ZgxuEdOHacEaJ1IJ21CE8EtJfFA5DMZtkZNIGF3OFlXhw7YxJoPgsodtlVspQsfX
|
||||||
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
|
u2FGP9yg0fd4zLgHnotKqfJQ9ZjMB6bbJUd6Au9jv0SiM+kVGeVfyaaX7TDeQ3TT
|
||||||
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
|
/e44uFvkHkbYFQPcqsTalxtre6v7pMG2iu2mbkhQOC7qbL5MKMSdA93w/lF7w20b
|
||||||
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
|
cwyDavEoKk9vgDjSkVjaffvdy4cESa5JY4lM4ZmzoujnAZMwbzQeGcBtqQARAQAB
|
||||||
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
|
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
|
||||||
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
|
VAQTAQoAPhYhBIxfcUahdXpl4kIqlNcNGmZqzyshBQJnC5SEAhsDBQkHhM4ABQsJ
|
||||||
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
|
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENcNGmZqzyshRE4P/AknD3DAWuCT7x7L
|
||||||
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
|
LFIUCkfl7WUou9zMQKy62JRK/+/lNyG1dkmvBu7XWLl/+IRv1uIb25I4xwaze6GF
|
||||||
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
|
8yhZDNXZLhUjComr864fMEdKNdXInAClLRNY0InkFmHw/SizvwDld4PgsLzoS+qL
|
||||||
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
|
5JY4FBlYEnd4wlIwH/w3gPycmdmQNVOjeWJhDrYKGLnjolpGRQPYRME4kjasWPbK
|
||||||
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
|
AWG/lpINQEB1DgtK8e6kcbUA8wSU6MMEsJjPY0o7lr9NvPfRpPXq34LjoFUXk3Hi
|
||||||
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
|
Bt8OuVVMo+wTmlZWkXdknFKS4IPVxUA53oJOVMFW8divmF/l676KBogSnczoX4vR
|
||||||
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
|
VW8sgDEKqb0NicKWJ2Fou+/KueY5OXsO8aZrZtXOsXIAMberdrNDYhyTUSYF8mZF
|
||||||
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
|
RdL6Jcm5GbQB/zOQElgzMwPQq5AD7SkziMzGOusWjqGmu9qphed/FimVbyRhMl5B
|
||||||
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
|
uDvGHthhy1KlPkqVcddN6i3/Kd/AMqXAuWMZH9FXJkUUWe+VAyeNHfEuBtSK2rqE
|
||||||
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
|
zf8TYGg5Gz+oNspWuqEyWUwoH7eQkRx2GIbwu2rwcIzrh8L0rsyu+6FNNHnQfnNq
|
||||||
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
|
ytbE888dxKkXeJ5T09Pp/hPwkNM8X8ZLcTTsAknrvqLNp2As49dP6iJwysfYLf/v
|
||||||
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
|
3Cyvz23JNeSQiTcC4YfKLs4LtCFkiQIzBBABCgAdFiEEN9lkrMBJgcdVAPub1V2X
|
||||||
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
|
iooUIOQFAmcLlJ0ACgkQ1V2XiooUIOQGJRAAsz/jYoNkSAhzvrY1t/5kSaa3Hyqi
|
||||||
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
|
wpaJNIb6YCNT9JFlEvfsIlikjK28I+LNqVrWoLZyX1np8h0AGfNUPo/rLzVXzqZ/
|
||||||
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
|
UHZi5AjzXM6BVnR84LahFVVLISBtjt3DvY4xvl8cIh03ShJe/yAKIXZUbxXevtnj
|
||||||
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
|
M0/5bLaLjlVf3KldR+gFjUaTT1nxfkQnzxbk2yKe+1tuQzFsYPLG9Elzyagb4QYm
|
||||||
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
|
97CTxim3QcO0qWweoeusBqCkh7qD/ght76JrSnzq859XS//2jaq3A5ZsX5UJk5/E
|
||||||
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
|
FkzL4zersQZwQE10BByBBJbxC8DzMuGeV+eTVVHKU81cEnzZFxfyOtQBD+oHBauW
|
||||||
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
|
IC/v509TiH4qhZshJwcznsDZK1xAxxm3mryVtHbfSDSqzc5r/kNQt9mijD6wdsRb
|
||||||
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
|
0yQy1P2xkk1zyvOw3BRI2NVXq6+642cp21tjsY136JT/3a6KwIlIIdzIUqejbLoF
|
||||||
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
|
GgGZPJiQXthfmLpDgvduD6YgaSHyhtJesX3SIGvYBdCGT69blrB7lHazYRE/xKNu
|
||||||
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
|
bhnVzsaWlOXg52ChAMzsAAi5DV1669xUqRgj7zJHUq72bItZWdAvDSTIrQB4z7u8
|
||||||
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
|
QW+XZsveWM2sKjzpLZjQaxdS7dFvGepYY5liA01w7Bx2lU75ejgaWrm/hlaT//RD
|
||||||
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
|
Al9IQzw14mOtm0e5Ag0EZwuUhAEQANmO+fv67llu3nOZh9mcTbKa0MTT6cNjpEVU
|
||||||
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
|
3MDImbN7pKTc/P+s6TVYBYn1q1U0XTXQlfh2HGdrLebAOdWW0Wcz4Kj9oOlRHOAR
|
||||||
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
|
yq3mRzb9hiCB89mJcw5xNIn83d5L/IJqONSaVLKnTwfwnTVaCJYuF5yIqDMOSXgS
|
||||||
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
|
C3sbGLx/yEchAhQEWUG8nm9WTybFfq98mFrHEKRGsSgfCHq6KMNn9NuhW149ZK+K
|
||||||
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
|
klPXZqFyDoRHdyivt9j9hfA0lr4t6sfXEfJedzjNO2f0Z8r2sQhmw3ykYDkzEF8I
|
||||||
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
|
zkgiik1Ke4+TmpD/4uL/hfgbkoVxZV6gI3M9rqs5o1glAuSFjsrGyog1EkUXplST
|
||||||
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
|
Qn4ea/vQ6t1iBkTb2r3qzhK+VL7GWlvZa9DGq8btNAiOjKKqa0+3zRTXyPJAdMQM
|
||||||
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
|
X+FBAhmaHJoylArEHdzv5haB7rv0aGjKV4O1ifonSGE2pllmSDbTO3exIeslLgDh
|
||||||
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
|
5GqVmQW30K5JvecKnb871c0utzRLHBF34HOYgRWBcl18DGD+SzXKj1//+4AatcAB
|
||||||
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
|
woNJHTEh6N3/mD3fJyWkyMwLJzo1x43Pmm1DkzioO9VMSxG7ReaH9WRDty3R83gT
|
||||||
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
|
njEI0CDkG7m0nXctrsDcmBCYMSnvriWVr7kNYQ9tSi9WUa8Cs0xCmy49fF+7ihIl
|
||||||
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
|
yANR2aMrABEBAAGJAjwEGAEKACYWIQSMX3FGoXV6ZeJCKpTXDRpmas8rIQUCZwuU
|
||||||
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
|
hAIbDAUJB4TOAAAKCRDXDRpmas8rIZPuD/4qYhAdmCtaicOjeuMI0EhKA0O0cnXv
|
||||||
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
|
BRwKXKGISZ6bt/f5fify78NQ4VdQzcpsRk1VvaEHRF5H+qxCQJ8MdzKcYpolCphj
|
||||||
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
|
ir1gE+zNP7gtzH4HOBzz3/q6GK5HmqwWth3X35ySrgrhnUZZX+plm9gRIRIqmijh
|
||||||
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
|
hdDp/3/2FcskQzr9UvIQDB14TbbSVAsDx5cQUM5F1nS1AAJNSrebuEcBeeM0N1HP
|
||||||
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
|
tqWmcJuAHtTlk+K5yk02cgbP9926vlty1uI46UyI4t/xOxmIY6gXlcSMbBnVmB0s
|
||||||
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
|
E+sKJTE7QrDpRRNiseCNLZcr/TNp9lrFpaUXz/JwXc+c1VC8UmARk9NLHsfoGz5H
|
||||||
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
|
fvhiUwl96wtvu1YKIev9nfVp1bb3/XeNAVJd+hNxOlkv68s3feutvv7vQR14E8cv
|
||||||
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
|
CVTXK7aAZKkWJl2n8pPohsXs5vwrsG36oFSH98jehLtzLrpgtWj6N7U8SWhI9JlT
|
||||||
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
|
EaIpEL/C1foVJeSZs8Tq1sqYaw81lovDFk8wuS1eFhWeEVodJQsfCPBgsQGZ46oZ
|
||||||
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
|
gWz3AU3KrB4ruNxjkJJxfgKu39pHDrv3o5ZufAHoIAHRdPTPlcH1Wi/1LLgLqHVC
|
||||||
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
|
9+i7N1ClsO1/VgtYmZwzxWxsEJOcE2+vOROoVzgMh5lGhCLh6/3VTL96hIjcMp4W
|
||||||
rlbu70nh2kSJrg==
|
oD8ElPP+m/v6iA==
|
||||||
=wukb
|
=70vD
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: iptables
|
Name: iptables
|
||||||
Version: 1.8.10
|
Version: 1.8.11
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: IP packet filter administration utilities
|
Summary: IP packet filter administration utilities
|
||||||
License: Artistic-2.0 AND GPL-2.0-only
|
License: Artistic-2.0 AND GPL-2.0-only
|
||||||
@ -37,6 +37,7 @@ Source4: baselibs.conf
|
|||||||
Patch1: iptables-batch.patch
|
Patch1: iptables-batch.patch
|
||||||
Patch2: iptables-batch-lock.patch
|
Patch2: iptables-batch-lock.patch
|
||||||
Patch3: iptables-1.8.2-dont_read_garbage.patch
|
Patch3: iptables-1.8.2-dont_read_garbage.patch
|
||||||
|
Patch4: iptables-nft-fix-interface-comparisons.patch
|
||||||
|
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
@ -47,7 +48,7 @@ BuildRequires: xz
|
|||||||
BuildRequires: pkgconfig(libmnl) >= 1.0
|
BuildRequires: pkgconfig(libmnl) >= 1.0
|
||||||
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
|
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
|
||||||
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
|
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
|
||||||
BuildRequires: pkgconfig(libnftnl) >= 1.1.6
|
BuildRequires: pkgconfig(libnftnl) >= 1.2.6
|
||||||
Requires: netcfg >= 11.6
|
Requires: netcfg >= 11.6
|
||||||
Requires: xtables-plugins = %version-%release
|
Requires: xtables-plugins = %version-%release
|
||||||
%if %{with libalternatives}
|
%if %{with libalternatives}
|
||||||
@ -319,6 +320,7 @@ fi
|
|||||||
%files
|
%files
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%_bindir/iptables-xml
|
%_bindir/iptables-xml
|
||||||
|
%_sbindir/arptables-*translate*
|
||||||
%_sbindir/iptables-apply
|
%_sbindir/iptables-apply
|
||||||
%_sbindir/iptables-legacy*
|
%_sbindir/iptables-legacy*
|
||||||
%_sbindir/iptables-nft*
|
%_sbindir/iptables-nft*
|
||||||
|
Loading…
Reference in New Issue
Block a user