Jan Engelhardt
62e1254ee8
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/nftables?expand=0&rev=22
118 lines
4.9 KiB
Plaintext
118 lines
4.9 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Oct 13 08:39:41 UTC 2017 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.8
|
|
* This release contains new features available up to the
|
|
(upcoming) Linux 4.14 kernel release:
|
|
* Support for stateful objects, these objects are uniquely
|
|
identified by a user-defined name, you can refer to them from
|
|
rules, and there is a well established interface to operate
|
|
with them.
|
|
* Sort set elements when listing them, from lower to largest.
|
|
* TCP option matching and mangling support. This includes TCP
|
|
maximum segment size mangling.
|
|
* Add new "-s" option for listings without stateful information.
|
|
* Add new -c/--check option for nft, to tests if your ruleset
|
|
loads fine, into the kernel, this is a dry run mode.
|
|
* Connection tracking helper support.
|
|
* Add --echo option, to print the handle that the kernel
|
|
allocates to uniquely identify rules.
|
|
* Conntrack zone support
|
|
* Symmetric hash support
|
|
* Add support to include directories from nft natives scripts,
|
|
files are loaded in alphanumerical order.
|
|
* Allow to check if IPv6 extension header or TCP option exists
|
|
or is missing.
|
|
* Extend quota support to display used bytes.
|
|
* Add ct average matching, to match average bytes per packet a
|
|
connection has transferred so far, to map the existing
|
|
feature available in the iptables connbytes match.
|
|
* Allow to flush maps and flow tables.
|
|
* Allow to embed set definition into an existing set.
|
|
* Conntrack event filtering support via rule.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 20 22:35:41 UTC 2016 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.7
|
|
* Add new fib expression, which can be used to obtain the
|
|
output interface from the route table based on either source
|
|
or destination address of a packet.
|
|
* Support hashing of any arbitrary key combination, eg.
|
|
* Add number generation support. Useful for round-robin packet
|
|
mark setting.
|
|
* Add quota support, eg.
|
|
* Introduce routing expression, for routing related data with
|
|
support for nexthop
|
|
* Notrack support, to explicitly skip connection tracking for
|
|
matching packets.
|
|
* Support to set non-byte bound packet header fields, including
|
|
checksum adjustment.
|
|
* Add 'create set' and 'create element' commands.
|
|
* Allow to use variable reference for set element definitions.
|
|
* Allow to use variable definitions from element commands.
|
|
* Add support to flush set. You can use this new command to
|
|
remove all existing elements in a set.
|
|
* Inverted set lookups.
|
|
* Honor absolute and relative paths via include file, where:
|
|
* Support log flags, to enable logging TCP sequence and options.
|
|
* tc classid parser support, eg.
|
|
* Allow numeric connlabels, so if connlabel still works with
|
|
undefined labels.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 2 18:31:23 UTC 2016 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.6
|
|
* Rules may be replaced now
|
|
* Flow table support (requires Linux >= 4.3)
|
|
* Support for tracing
|
|
* Ratelimiting now supports units like bytes/second.
|
|
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 17 21:16:31 UTC 2015 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.5
|
|
* Support combinations of two or more selectors to build a tuple
|
|
* Timeout support for sets
|
|
* Dormant flag for tables
|
|
* Default chain policy specifiable on creation
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 23 23:06:12 UTC 2015 - mrueckert@suse.de
|
|
|
|
- set the url to the project page
|
|
- pass --disable-silent-rules to configure to allow gcc post build
|
|
check to work
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 16 01:25:00 UTC 2014 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.4
|
|
* Since Linux 3.18: support for global ruleset operations
|
|
* Since 3.17: full logging support for all the families,
|
|
including nfnetlink_log
|
|
* 3.16: automatic selection of the optimal set implementation
|
|
* 3.14: reject support for ip, ip6 and inet
|
|
* 3.18: reject support for bridge, and reject icmpx abstraction
|
|
* 3.18: masquerade support
|
|
* 3.19: redirect support
|
|
* Extend meta to support pkttype, cpu and devgroup matching.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 27 17:08:46 UTC 2014 - jengelh@inai.de
|
|
|
|
- Update to new upstream release 0.3
|
|
* More compact syntax for the queue action
|
|
* Match input and output bridge interface name through "meta
|
|
ibriport" and "meta obriport"
|
|
* netlink event monitor, to monitor ruleset events, set changes, etc.
|
|
* New transaction infrastructure - fully atomic updates for all
|
|
object available in the upcoming 3.16.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 13 09:05:35 UTC 2014 - jengelh@inai.de
|
|
|
|
- Initial package for build.opensuse.org
|