fix '-C' commands for nft backend (bsc#1233690) #1
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c
|
||||
size 641168
|
Binary file not shown.
BIN
iptables-1.8.11.tar.xz
(Stored with Git LFS)
Normal file
BIN
iptables-1.8.11.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
BIN
iptables-1.8.11.tar.xz.sig
Normal file
BIN
iptables-1.8.11.tar.xz.sig
Normal file
Binary file not shown.
@ -10,10 +10,10 @@ Date: 2017-06-26T10:53:24+0000
|
||||
iptables/xshared.c | 8 +++++++-
|
||||
2 files changed, 28 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: iptables-1.8.10/iptables/iptables-batch.c
|
||||
Index: iptables-1.8.11/iptables/iptables-batch.c
|
||||
===================================================================
|
||||
--- iptables-1.8.10.orig/iptables/iptables-batch.c
|
||||
+++ iptables-1.8.10/iptables/iptables-batch.c
|
||||
--- iptables-1.8.11.orig/iptables/iptables-batch.c
|
||||
+++ iptables-1.8.11/iptables/iptables-batch.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <iptables.h>
|
||||
#endif
|
||||
@ -49,10 +49,10 @@ Index: iptables-1.8.10/iptables/iptables-batch.c
|
||||
|
||||
while((r = getline(&iline, &llen, fp)) != -1)
|
||||
{
|
||||
Index: iptables-1.8.10/iptables/xshared.c
|
||||
Index: iptables-1.8.11/iptables/xshared.c
|
||||
===================================================================
|
||||
--- iptables-1.8.10.orig/iptables/xshared.c
|
||||
+++ iptables-1.8.10/iptables/xshared.c
|
||||
--- iptables-1.8.11.orig/iptables/xshared.c
|
||||
+++ iptables-1.8.11/iptables/xshared.c
|
||||
@@ -255,10 +255,14 @@ static void alarm_ignore(int i) {
|
||||
|
||||
static int xtables_lock(int wait)
|
||||
@ -72,8 +72,8 @@ Index: iptables-1.8.10/iptables/xshared.c
|
||||
alarm(wait);
|
||||
}
|
||||
|
||||
- if (flock(fd, LOCK_EX) == 0)
|
||||
+ if (flock(fd, LOCK_EX) == 0) {
|
||||
- if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0)
|
||||
+ if (flock(fd, LOCK_EX | (wait ? 0 : LOCK_NB)) == 0) {
|
||||
+ already_locked = true;
|
||||
return fd;
|
||||
+ }
|
||||
|
172
iptables-nft-fix-interface-comparisons.patch
Normal file
172
iptables-nft-fix-interface-comparisons.patch
Normal file
@ -0,0 +1,172 @@
|
||||
From 40406dbfaefbc204134452b2747bae4f6a122848 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Sowden <jeremy@azazel.net>
|
||||
Date: Mon, 18 Nov 2024 13:56:50 +0000
|
||||
Subject: nft: fix interface comparisons in `-C` commands
|
||||
|
||||
Commit 9ccae6397475 ("nft: Leave interface masks alone when parsing from
|
||||
kernel") removed code which explicitly set interface masks to all ones. The
|
||||
result of this is that they are zero. However, they are used to mask interfaces
|
||||
in `is_same_interfaces`. Consequently, the masked values are alway zero, the
|
||||
comparisons are always true, and check commands which ought to fail succeed:
|
||||
|
||||
# iptables -N test
|
||||
# iptables -A test -i lo \! -o lo -j REJECT
|
||||
# iptables -v -L test
|
||||
Chain test (0 references)
|
||||
pkts bytes target prot opt in out source destination
|
||||
0 0 REJECT all -- lo !lo anywhere anywhere reject-with icmp-port-unreachable
|
||||
# iptables -v -C test -i abcdefgh \! -o abcdefgh -j REJECT
|
||||
REJECT all opt -- in lo out !lo 0.0.0.0/0 -> 0.0.0.0/0 reject-with icmp-port-unreachable
|
||||
|
||||
Remove the mask parameters from `is_same_interfaces`. Add a test-case.
|
||||
|
||||
Fixes: 9ccae6397475 ("nft: Leave interface masks alone when parsing from kernel")
|
||||
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
|
||||
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
||||
---
|
||||
iptables/nft-arp.c | 10 ++----
|
||||
iptables/nft-ipv4.c | 4 +--
|
||||
iptables/nft-ipv6.c | 6 +---
|
||||
iptables/nft-shared.c | 36 +++++-----------------
|
||||
iptables/nft-shared.h | 6 +---
|
||||
.../testcases/nft-only/0020-compare-interfaces_0 | 9 ++++++
|
||||
6 files changed, 22 insertions(+), 49 deletions(-)
|
||||
create mode 100755 iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||
|
||||
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
||||
index 264864c3..c11d64c3 100644
|
||||
--- a/iptables/nft-arp.c
|
||||
+++ b/iptables/nft-arp.c
|
||||
@@ -385,14 +385,8 @@ static bool nft_arp_is_same(const struct iptables_command_state *cs_a,
|
||||
return false;
|
||||
}
|
||||
|
||||
- return is_same_interfaces(a->arp.iniface,
|
||||
- a->arp.outiface,
|
||||
- (unsigned char *)a->arp.iniface_mask,
|
||||
- (unsigned char *)a->arp.outiface_mask,
|
||||
- b->arp.iniface,
|
||||
- b->arp.outiface,
|
||||
- (unsigned char *)b->arp.iniface_mask,
|
||||
- (unsigned char *)b->arp.outiface_mask);
|
||||
+ return is_same_interfaces(a->arp.iniface, a->arp.outiface,
|
||||
+ b->arp.iniface, b->arp.outiface);
|
||||
}
|
||||
|
||||
static void nft_arp_save_chain(const struct nftnl_chain *c, const char *policy)
|
||||
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
|
||||
index 74092875..0c8bd291 100644
|
||||
--- a/iptables/nft-ipv4.c
|
||||
+++ b/iptables/nft-ipv4.c
|
||||
@@ -113,9 +113,7 @@ static bool nft_ipv4_is_same(const struct iptables_command_state *a,
|
||||
}
|
||||
|
||||
return is_same_interfaces(a->fw.ip.iniface, a->fw.ip.outiface,
|
||||
- a->fw.ip.iniface_mask, a->fw.ip.outiface_mask,
|
||||
- b->fw.ip.iniface, b->fw.ip.outiface,
|
||||
- b->fw.ip.iniface_mask, b->fw.ip.outiface_mask);
|
||||
+ b->fw.ip.iniface, b->fw.ip.outiface);
|
||||
}
|
||||
|
||||
static void nft_ipv4_set_goto_flag(struct iptables_command_state *cs)
|
||||
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
|
||||
index b184f8af..4dbb2af2 100644
|
||||
--- a/iptables/nft-ipv6.c
|
||||
+++ b/iptables/nft-ipv6.c
|
||||
@@ -99,11 +99,7 @@ static bool nft_ipv6_is_same(const struct iptables_command_state *a,
|
||||
}
|
||||
|
||||
return is_same_interfaces(a->fw6.ipv6.iniface, a->fw6.ipv6.outiface,
|
||||
- a->fw6.ipv6.iniface_mask,
|
||||
- a->fw6.ipv6.outiface_mask,
|
||||
- b->fw6.ipv6.iniface, b->fw6.ipv6.outiface,
|
||||
- b->fw6.ipv6.iniface_mask,
|
||||
- b->fw6.ipv6.outiface_mask);
|
||||
+ b->fw6.ipv6.iniface, b->fw6.ipv6.outiface);
|
||||
}
|
||||
|
||||
static void nft_ipv6_set_goto_flag(struct iptables_command_state *cs)
|
||||
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
|
||||
index 6775578b..2c29e68f 100644
|
||||
--- a/iptables/nft-shared.c
|
||||
+++ b/iptables/nft-shared.c
|
||||
@@ -220,36 +220,16 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r,
|
||||
}
|
||||
|
||||
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
|
||||
- unsigned const char *a_iniface_mask,
|
||||
- unsigned const char *a_outiface_mask,
|
||||
- const char *b_iniface, const char *b_outiface,
|
||||
- unsigned const char *b_iniface_mask,
|
||||
- unsigned const char *b_outiface_mask)
|
||||
+ const char *b_iniface, const char *b_outiface)
|
||||
{
|
||||
- int i;
|
||||
-
|
||||
- for (i = 0; i < IFNAMSIZ; i++) {
|
||||
- if (a_iniface_mask[i] != b_iniface_mask[i]) {
|
||||
- DEBUGP("different iniface mask %x, %x (%d)\n",
|
||||
- a_iniface_mask[i] & 0xff, b_iniface_mask[i] & 0xff, i);
|
||||
- return false;
|
||||
- }
|
||||
- if ((a_iniface[i] & a_iniface_mask[i])
|
||||
- != (b_iniface[i] & b_iniface_mask[i])) {
|
||||
- DEBUGP("different iniface\n");
|
||||
- return false;
|
||||
- }
|
||||
- if (a_outiface_mask[i] != b_outiface_mask[i]) {
|
||||
- DEBUGP("different outiface mask\n");
|
||||
- return false;
|
||||
- }
|
||||
- if ((a_outiface[i] & a_outiface_mask[i])
|
||||
- != (b_outiface[i] & b_outiface_mask[i])) {
|
||||
- DEBUGP("different outiface\n");
|
||||
- return false;
|
||||
- }
|
||||
+ if (strncmp(a_iniface, b_iniface, IFNAMSIZ)) {
|
||||
+ DEBUGP("different iniface\n");
|
||||
+ return false;
|
||||
+ }
|
||||
+ if (strncmp(a_outiface, b_outiface, IFNAMSIZ)) {
|
||||
+ DEBUGP("different outiface\n");
|
||||
+ return false;
|
||||
}
|
||||
-
|
||||
return true;
|
||||
}
|
||||
|
||||
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
|
||||
index 51d1e460..b57aee1f 100644
|
||||
--- a/iptables/nft-shared.h
|
||||
+++ b/iptables/nft-shared.h
|
||||
@@ -105,11 +105,7 @@ void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, uint8_t proto, uint
|
||||
void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv);
|
||||
|
||||
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,
|
||||
- unsigned const char *a_iniface_mask,
|
||||
- unsigned const char *a_outiface_mask,
|
||||
- const char *b_iniface, const char *b_outiface,
|
||||
- unsigned const char *b_iniface_mask,
|
||||
- unsigned const char *b_outiface_mask);
|
||||
+ const char *b_iniface, const char *b_outiface);
|
||||
|
||||
void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op);
|
||||
void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv);
|
||||
diff --git a/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0 b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||
new file mode 100755
|
||||
index 00000000..278cd648
|
||||
--- /dev/null
|
||||
+++ b/iptables/tests/shell/testcases/nft-only/0020-compare-interfaces_0
|
||||
@@ -0,0 +1,9 @@
|
||||
+#!/bin/bash
|
||||
+
|
||||
+[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }
|
||||
+
|
||||
+$XT_MULTI iptables -N test
|
||||
+$XT_MULTI iptables -A test -i lo \! -o lo -j REJECT
|
||||
+$XT_MULTI iptables -C test -i abcdefgh \! -o abcdefgh -j REJECT 2>/dev/null && exit 1
|
||||
+
|
||||
+exit 0
|
||||
--
|
||||
cgit v1.2.3
|
||||
|
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 2 13:40:26 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
||||
|
||||
- Add iptables-nft-fix-interface-comparisons.patch
|
||||
* fix '-C' commands for nft backend (bsc#1233690)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 8 16:14:22 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Update to release 1.8.11
|
||||
* New arptables-translate tool
|
||||
* ebtables-nft: support --replace and --list-rules commands
|
||||
* iptables-translate: support socket match and TPROXY target
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 24 15:07:24 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
|
120
iptables.keyring
120
iptables.keyring
@ -1,64 +1,64 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
|
||||
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
|
||||
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
|
||||
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
|
||||
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
|
||||
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
|
||||
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
|
||||
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
|
||||
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
|
||||
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
|
||||
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
|
||||
mQINBGcLlIQBEADH+pWx2d5XgY2JCOHTVaOpbNlNfp1k9Ul0W5zaZ7EFHIGSj06E
|
||||
o3+OM0eI6+d51PnqwRE+WbV4T3ooGnfgXN4fmKgq2TwkxlhKeFSzNGMuzzuoEwD+
|
||||
2cvSF9VIrwif1o9oa9KMNfKTY/qjuWZS0QWZ08thPAf/tWpoaA3gaqYQUshj5G3w
|
||||
nTMdYlHUj7wkZCMg63tDygAe/7fDT3zurKCMbFoyiyQkp7V1SLxZpvuyuyPH6HtQ
|
||||
P5xcbXsp5ots0BgN+BplMX89DrspxJXqi7AsTf4QnC78KbchMJJxLKZQS759dQHF
|
||||
qHUTb3YdlxXFou6Si5LiBzvmqBRFj6m/WV1a8mDy5fPDkOLoTCUFHLmgvYHPJdtK
|
||||
5EqNkwYAbSnZKe9aSeVa4XhaZqyyQb9vIsKyOnwdJ/l222J95qHQapZSLcRdqgQz
|
||||
ZgxuEdOHacEaJ1IJ21CE8EtJfFA5DMZtkZNIGF3OFlXhw7YxJoPgsodtlVspQsfX
|
||||
u2FGP9yg0fd4zLgHnotKqfJQ9ZjMB6bbJUd6Au9jv0SiM+kVGeVfyaaX7TDeQ3TT
|
||||
/e44uFvkHkbYFQPcqsTalxtre6v7pMG2iu2mbkhQOC7qbL5MKMSdA93w/lF7w20b
|
||||
cwyDavEoKk9vgDjSkVjaffvdy4cESa5JY4lM4ZmzoujnAZMwbzQeGcBtqQARAQAB
|
||||
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
|
||||
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
|
||||
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
|
||||
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
|
||||
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
|
||||
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
|
||||
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
|
||||
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
|
||||
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
|
||||
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
|
||||
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
|
||||
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
|
||||
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
|
||||
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
|
||||
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
|
||||
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
|
||||
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
|
||||
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
|
||||
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
|
||||
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
|
||||
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
|
||||
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
|
||||
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
|
||||
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
|
||||
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
|
||||
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
|
||||
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
|
||||
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
|
||||
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
|
||||
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
|
||||
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
|
||||
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
|
||||
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
|
||||
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
|
||||
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
|
||||
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
|
||||
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
|
||||
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
|
||||
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
|
||||
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
|
||||
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
|
||||
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
|
||||
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
|
||||
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
|
||||
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
|
||||
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
|
||||
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
|
||||
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
|
||||
rlbu70nh2kSJrg==
|
||||
=wukb
|
||||
VAQTAQoAPhYhBIxfcUahdXpl4kIqlNcNGmZqzyshBQJnC5SEAhsDBQkHhM4ABQsJ
|
||||
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENcNGmZqzyshRE4P/AknD3DAWuCT7x7L
|
||||
LFIUCkfl7WUou9zMQKy62JRK/+/lNyG1dkmvBu7XWLl/+IRv1uIb25I4xwaze6GF
|
||||
8yhZDNXZLhUjComr864fMEdKNdXInAClLRNY0InkFmHw/SizvwDld4PgsLzoS+qL
|
||||
5JY4FBlYEnd4wlIwH/w3gPycmdmQNVOjeWJhDrYKGLnjolpGRQPYRME4kjasWPbK
|
||||
AWG/lpINQEB1DgtK8e6kcbUA8wSU6MMEsJjPY0o7lr9NvPfRpPXq34LjoFUXk3Hi
|
||||
Bt8OuVVMo+wTmlZWkXdknFKS4IPVxUA53oJOVMFW8divmF/l676KBogSnczoX4vR
|
||||
VW8sgDEKqb0NicKWJ2Fou+/KueY5OXsO8aZrZtXOsXIAMberdrNDYhyTUSYF8mZF
|
||||
RdL6Jcm5GbQB/zOQElgzMwPQq5AD7SkziMzGOusWjqGmu9qphed/FimVbyRhMl5B
|
||||
uDvGHthhy1KlPkqVcddN6i3/Kd/AMqXAuWMZH9FXJkUUWe+VAyeNHfEuBtSK2rqE
|
||||
zf8TYGg5Gz+oNspWuqEyWUwoH7eQkRx2GIbwu2rwcIzrh8L0rsyu+6FNNHnQfnNq
|
||||
ytbE888dxKkXeJ5T09Pp/hPwkNM8X8ZLcTTsAknrvqLNp2As49dP6iJwysfYLf/v
|
||||
3Cyvz23JNeSQiTcC4YfKLs4LtCFkiQIzBBABCgAdFiEEN9lkrMBJgcdVAPub1V2X
|
||||
iooUIOQFAmcLlJ0ACgkQ1V2XiooUIOQGJRAAsz/jYoNkSAhzvrY1t/5kSaa3Hyqi
|
||||
wpaJNIb6YCNT9JFlEvfsIlikjK28I+LNqVrWoLZyX1np8h0AGfNUPo/rLzVXzqZ/
|
||||
UHZi5AjzXM6BVnR84LahFVVLISBtjt3DvY4xvl8cIh03ShJe/yAKIXZUbxXevtnj
|
||||
M0/5bLaLjlVf3KldR+gFjUaTT1nxfkQnzxbk2yKe+1tuQzFsYPLG9Elzyagb4QYm
|
||||
97CTxim3QcO0qWweoeusBqCkh7qD/ght76JrSnzq859XS//2jaq3A5ZsX5UJk5/E
|
||||
FkzL4zersQZwQE10BByBBJbxC8DzMuGeV+eTVVHKU81cEnzZFxfyOtQBD+oHBauW
|
||||
IC/v509TiH4qhZshJwcznsDZK1xAxxm3mryVtHbfSDSqzc5r/kNQt9mijD6wdsRb
|
||||
0yQy1P2xkk1zyvOw3BRI2NVXq6+642cp21tjsY136JT/3a6KwIlIIdzIUqejbLoF
|
||||
GgGZPJiQXthfmLpDgvduD6YgaSHyhtJesX3SIGvYBdCGT69blrB7lHazYRE/xKNu
|
||||
bhnVzsaWlOXg52ChAMzsAAi5DV1669xUqRgj7zJHUq72bItZWdAvDSTIrQB4z7u8
|
||||
QW+XZsveWM2sKjzpLZjQaxdS7dFvGepYY5liA01w7Bx2lU75ejgaWrm/hlaT//RD
|
||||
Al9IQzw14mOtm0e5Ag0EZwuUhAEQANmO+fv67llu3nOZh9mcTbKa0MTT6cNjpEVU
|
||||
3MDImbN7pKTc/P+s6TVYBYn1q1U0XTXQlfh2HGdrLebAOdWW0Wcz4Kj9oOlRHOAR
|
||||
yq3mRzb9hiCB89mJcw5xNIn83d5L/IJqONSaVLKnTwfwnTVaCJYuF5yIqDMOSXgS
|
||||
C3sbGLx/yEchAhQEWUG8nm9WTybFfq98mFrHEKRGsSgfCHq6KMNn9NuhW149ZK+K
|
||||
klPXZqFyDoRHdyivt9j9hfA0lr4t6sfXEfJedzjNO2f0Z8r2sQhmw3ykYDkzEF8I
|
||||
zkgiik1Ke4+TmpD/4uL/hfgbkoVxZV6gI3M9rqs5o1glAuSFjsrGyog1EkUXplST
|
||||
Qn4ea/vQ6t1iBkTb2r3qzhK+VL7GWlvZa9DGq8btNAiOjKKqa0+3zRTXyPJAdMQM
|
||||
X+FBAhmaHJoylArEHdzv5haB7rv0aGjKV4O1ifonSGE2pllmSDbTO3exIeslLgDh
|
||||
5GqVmQW30K5JvecKnb871c0utzRLHBF34HOYgRWBcl18DGD+SzXKj1//+4AatcAB
|
||||
woNJHTEh6N3/mD3fJyWkyMwLJzo1x43Pmm1DkzioO9VMSxG7ReaH9WRDty3R83gT
|
||||
njEI0CDkG7m0nXctrsDcmBCYMSnvriWVr7kNYQ9tSi9WUa8Cs0xCmy49fF+7ihIl
|
||||
yANR2aMrABEBAAGJAjwEGAEKACYWIQSMX3FGoXV6ZeJCKpTXDRpmas8rIQUCZwuU
|
||||
hAIbDAUJB4TOAAAKCRDXDRpmas8rIZPuD/4qYhAdmCtaicOjeuMI0EhKA0O0cnXv
|
||||
BRwKXKGISZ6bt/f5fify78NQ4VdQzcpsRk1VvaEHRF5H+qxCQJ8MdzKcYpolCphj
|
||||
ir1gE+zNP7gtzH4HOBzz3/q6GK5HmqwWth3X35ySrgrhnUZZX+plm9gRIRIqmijh
|
||||
hdDp/3/2FcskQzr9UvIQDB14TbbSVAsDx5cQUM5F1nS1AAJNSrebuEcBeeM0N1HP
|
||||
tqWmcJuAHtTlk+K5yk02cgbP9926vlty1uI46UyI4t/xOxmIY6gXlcSMbBnVmB0s
|
||||
E+sKJTE7QrDpRRNiseCNLZcr/TNp9lrFpaUXz/JwXc+c1VC8UmARk9NLHsfoGz5H
|
||||
fvhiUwl96wtvu1YKIev9nfVp1bb3/XeNAVJd+hNxOlkv68s3feutvv7vQR14E8cv
|
||||
CVTXK7aAZKkWJl2n8pPohsXs5vwrsG36oFSH98jehLtzLrpgtWj6N7U8SWhI9JlT
|
||||
EaIpEL/C1foVJeSZs8Tq1sqYaw81lovDFk8wuS1eFhWeEVodJQsfCPBgsQGZ46oZ
|
||||
gWz3AU3KrB4ruNxjkJJxfgKu39pHDrv3o5ZufAHoIAHRdPTPlcH1Wi/1LLgLqHVC
|
||||
9+i7N1ClsO1/VgtYmZwzxWxsEJOcE2+vOROoVzgMh5lGhCLh6/3VTL96hIjcMp4W
|
||||
oD8ElPP+m/v6iA==
|
||||
=70vD
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
@ -23,7 +23,7 @@
|
||||
%endif
|
||||
|
||||
Name: iptables
|
||||
Version: 1.8.10
|
||||
Version: 1.8.11
|
||||
Release: 0
|
||||
Summary: IP packet filter administration utilities
|
||||
License: Artistic-2.0 AND GPL-2.0-only
|
||||
@ -37,6 +37,7 @@ Source4: baselibs.conf
|
||||
Patch1: iptables-batch.patch
|
||||
Patch2: iptables-batch-lock.patch
|
||||
Patch3: iptables-1.8.2-dont_read_garbage.patch
|
||||
Patch4: iptables-nft-fix-interface-comparisons.patch
|
||||
|
||||
BuildRequires: bison
|
||||
BuildRequires: fdupes
|
||||
@ -47,7 +48,7 @@ BuildRequires: xz
|
||||
BuildRequires: pkgconfig(libmnl) >= 1.0
|
||||
BuildRequires: pkgconfig(libnetfilter_conntrack) >= 1.0.4
|
||||
BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0
|
||||
BuildRequires: pkgconfig(libnftnl) >= 1.1.6
|
||||
BuildRequires: pkgconfig(libnftnl) >= 1.2.6
|
||||
Requires: netcfg >= 11.6
|
||||
Requires: xtables-plugins = %version-%release
|
||||
%if %{with libalternatives}
|
||||
@ -319,6 +320,7 @@ fi
|
||||
%files
|
||||
%license COPYING
|
||||
%_bindir/iptables-xml
|
||||
%_sbindir/arptables-*translate*
|
||||
%_sbindir/iptables-apply
|
||||
%_sbindir/iptables-legacy*
|
||||
%_sbindir/iptables-nft*
|
||||
|
Loading…
Reference in New Issue
Block a user