SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for iptables-1.6.2-112.1.x86_64.rpm :
Mon Mar 12 13:00:00 2018 matthias.gerstnerAATTsuse.com
- Fix ethertypes ownership, should be %exclude, not %ghost.

Thu Feb 22 13:00:00 2018 matthias.gerstnerAATTsuse.com
- Resolve conflict with ebtables and obtain ethertypes from new netcfg minor
version. FATE#320520

Sat Feb 3 13:00:00 2018 jengelhAATTinai.de
- Update to new upstream release 1.6.2

* add support for the \"srh\" match

* add randomize-full for the \"MASQUERADE\" target

* add rate match mode to the \"hashlimit\" match

Thu Jun 22 14:00:00 2017 matthias.gerstnerAATTsuse.com
- Add iptables-batch-lock.patch: Fix a locking issue of
iptables-batch which can cause it to spuriously fail when other
programs modify the iptables rules in parallel (bnc#1045130).
This can especially affect SuSEfirewall2 during startup.

Fri Jan 27 13:00:00 2017 jengelhAATTinai.de
- Update to new upstream release 1.6.1

* add support for hashlimit rev 2 for higher pps rates

* add support for cgroup2 path matching

* translation program for nft

Mon Sep 19 14:00:00 2016 mkubecekAATTsuse.cz
- fix SLE_11_
* build

Fri Dec 18 13:00:00 2015 jengelhAATTinai.de
- Update to final release 1.6.0

* Only a build fix, no new significant changes.

Mon Nov 23 13:00:00 2015 jengelhAATTinai.de
- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]

* -m ah/esp/rt: restore matching \"any SPI id\" by default
(they unexpectedly defaulted to --spi 0 rather than --spi ALL)

* -m cgroup: new module

* -m dst: make ! --dst-len work

* -m ipcomp: new module

* -m socket: add --restore-skmark option

* -j CT: add support for new zone options

* -j REJECT: add missing ICMPv6 codes

* -j TEE: make it possible to delete rules with -D ... -j

* -j SNAT/DNAT: add randomize-full support

Thu Apr 24 14:00:00 2014 dmuellerAATTsuse.com
- remove dependency on gpg-offline (blocks rebuilds and
tarball integrity is checked by source-validator anyway)

Wed Apr 23 14:00:00 2014 dmuellerAATTsuse.com
- remove dependency on sgmltool: doesn\'t seem to be used
and reduces rebuild time on aarch64 by 8 hours

Sat Nov 23 13:00:00 2013 jengelhAATTinai.de
- Update to new upstream release 1.4.21

* --nowildcard option for xt_socket, available since Linux kernel 3.11

* SYNPROXY support, available since Linux kernel 3.12

Tue Nov 5 13:00:00 2013 mkubecekAATTsuse.cz
- fix BuildRequires on older systems

Wed Aug 7 14:00:00 2013 jengelhAATTinai.de
- Update to new upstream release 1.4.20

* Introduce a new revision for the set match with the counters support

* Add locking to prevent concurrent instances

Fri May 31 14:00:00 2013 jengelhAATTinai.de
- Update to new upstream release 1.4.19.1

* New connlabel and bpf matches
- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
(are upstream)

Mon Apr 15 14:00:00 2013 jengelhAATTinai.de
- libxt_state.so symlink was not installed (bnc#815182); fix by
removing 0001-build-also-use-libtool-for-install-stage.patch,
removing 0001-build-do-not-dereference-symlinks-on-installation.patch,
adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch,
adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch

Wed Mar 20 13:00:00 2013 cfarrellAATTsuse.com
- license update: GPL-2.0 and Artistic-2.0
GPL version does not have ^or later^ due to inclusion of numerous GPL 2
^only^ files. Also, aggregation of Artistic-2.0 content

Mon Mar 4 13:00:00 2013 jengelhAATTinai.de
- Update to new upstream release 1.4.18

* documentation updates
- Create subpackage xtables-plugins, to aid packaging of xtadm
- Add 0001-build-do-not-dereference-symlinks-on-installation.patch
as a prerequisite for:
- Add 0001-build-also-use-libtool-for-install-stage.patch
to kill of undesired DT_RPATH entries

Tue Dec 25 13:00:00 2012 jengelhAATTinai.de
- Update to new upstream release 1.4.17

* libxt_time: add support to ignore day transition

* libxt_statistic: fix save output

Wed Nov 28 13:00:00 2012 sbrabecAATTsuse.cz
- Verify GPG signature

Thu Nov 15 13:00:00 2012 lnusselAATTsuse.de
- list all required binaries explicitly to make sure all of them are actually
compiled

Thu Nov 15 13:00:00 2012 jengelhAATTinai.de
- Always regenerate files due to SUSE\'s iptables-batch patch

Mon Oct 8 14:00:00 2012 jengelhAATTinai.de
- Update to new upstream release 1.4.16.3

* This release includes aliasing support which translates command
lines using obsolete extensions into new ones. The option parser
now flags illegal negative numbers in some more extensions.
A division by zero was resolved in libxt_limit as well.

Tue Jul 31 14:00:00 2012 jengelhAATTinai.de
- Update to new upstream release 1.4.15

* libxt_recent: add --mask netmask

* libxt_hashlimit: add support for byte-based operation

Sat May 26 14:00:00 2012 jengelhAATTinai.de
- Update to new upstream release 1.4.14

* Support for the new cttimeout infrastructure. This allows you to
attach specific timeout policies to flow via iptables CT target.

Tue Mar 27 14:00:00 2012 jengelhAATTmedozas.de
- Update to new upstream release 1.4.13

* Add the rpfilter, nfacct and IPv6 ECN extensions

Mon Jan 2 13:00:00 2012 jengelhAATTmedozas.de
- Update to newer git snapshot (v1.4.12.2-28-g2117f2b,
but master branch), tag locally as 1.4.12.90.

* ships missing pkgconfig files, compile fix for libnfnetlink

* libxt_NFQUEUE: fix --queue-bypass ipt-save output

* libxt_connbytes: fix handling of --connbytes FROM

* libxt_recent: Add support for --reap option
- split iptables-devel into libiptc-devel and libxtables-devel

Wed Dec 28 13:00:00 2011 puzelAATTsuse.com
- iptables-apply-mktemp-fix.patch (bnc#730161)

Wed Nov 30 13:00:00 2011 cooloAATTsuse.com
- add automake as buildrequire to avoid implicit dependency

Tue Oct 4 14:00:00 2011 jengelhAATTmedozas.de
- Update to a newer git snapshot of the stable branch
(to v1.4.12.1-16-gd2b0eaa)

* resolve failure to load extensions that depend on libm.so
- rediff of iptables-batch due to fuzz
- relax runtime requires

Thu Sep 1 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.12.1

* regression fixes for the new (stricter) command-line parser
- restore --includedir= in spec file
- Put libxtables into its own subpackage so that one does not need
a lockstep update of iproute2 on a new iptables package
- Remove redundant fields (Autoreqprov defaults to on, License is
inherited from main package)

Fri Aug 12 14:00:00 2011 drahtAATTsuse.de
- include path is /usr/include

Mon Aug 8 14:00:00 2011 jengelhAATTmedozas.de
- Put include files into a separate directory to flag up missing
CFLAGS. libipq.pc will now be provided.
- Enable build of nfnl_osf, a tool to upload OS fingerprints to
the kernel for use with xt_osf.

Fri Jul 22 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.12

* Include lost match/target descriptions in manpage again

* libxt_LOG: fix ignorance of all but the last flag

* libxt_HL: restore hl-
* option names

* libxt_hashlimit: use a more obvious expiry value by default

* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST

* ipv4: restore negation for the -f option

* Reject empty host specifications (e.g. -s \"\")

* libxt_conntrack: restore network byteordering for ABI v1 & v2

* Documentation updates

Wed Jun 8 14:00:00 2011 jengelhAATTmedozas.de
- Update to snapshot 1.4.11+git16

* libxt_owner: restore inversion support

* option: fix ignored negation before implicit extension loading

* build: fix installation of symlinks

* build: fix absence of xml translator in IPv6-only builds
- Drop merged patches

Sun May 29 14:00:00 2011 jengelhAATTmedozas.de
- Update to new upstream release 1.4.11

* stricter option parsing

* support for the current xt_SET target as contained in 2.6.39

* support for the new xt_devgroup match

* support for the new xt_AUDIT target

* support for a new NFQUEUE bypass option, allowing to bypass the
queue if no userspace listener is present

* a new iptables option \"-C\" to check for existence of a rules
- Fixes on top

* allow negation of --uid-owner/--gid-owner again

* fix installation of symlinks
- Run spec-beautifier

Fri Oct 29 14:00:00 2010 jengelhAATTmedozas.de
- Update to new upstream release 1.4.10

* this is the release for the Linux 2.6.36 kernel

* support for the cpu match, which can be used to improve cache
locality when running multiple server instances

* support for the IDLETIMER target, which can be used to notify
userspace of interfaces being idle

* support for the CHECKSUM target

* support for the ipvs match

* a fix for deletion of rules using the quota match

Mon Aug 9 14:00:00 2010 puzelAATTnovell.com
- update to new upstream release 1.4.9.1

* fixes a compilation problem with static linking in the 1.4.9
release

Wed Aug 4 14:00:00 2010 puzelAATTnovell.com
- update to new upstream release 1.4.9

* this is the release for the Linux 2.6.35 kernel

* support for the LED target

* a new version of the set extension for the upcoming release
supporting IPv6

* negation support for the quota match

* support for the SACK-IMMEDIATELY SCTP extension and
FORWARD_TSN chunk type in the sctp match

* documentation updates and various smaller bugfixes

Wed May 26 14:00:00 2010 jengelhAATTmedozas.de
- update to new upstream release 1.4.8

* this is the release for the Linux 2.6.34 kernel

* add support for the new xt_CT extension

* import the nfnl_osf program required for proper operation
of the xt_osf extension

Sat Apr 24 14:00:00 2010 cooloAATTnovell.com
- buildrequire pkg-config to fix provides

Mon Mar 1 13:00:00 2010 jengelhAATTmedozas.de
- update to new upstream release 1.4.7

* libipq is built as a shared library

* removal of some restrictions on interface names

* documentation updates
- rebase and fix linking of iptables-batch
- fix libdir->libexecdir

Mon Feb 22 13:00:00 2010 jengelhAATTmedozas.de
- only run configure when needed
- use %_smp_mflags
- use newer git snapshot to fix compile error due to missing
ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)

Wed Dec 30 13:00:00 2009 puzelAATTnovell.com
- fix bnc#561793 - do not include unclean module documentation
in iptables manpage

Tue Dec 22 13:00:00 2009 jengelhAATTmedozas.de
- update specfile descriptions (bnc#553801)
- update to iptables 1.4.6:

* combine iptables subprograms into a new multi-purpose binary

* support for new implementations: NFQUEUE v1, conntrack v2

* helper: fix invalid passed option to check_inverse

* iprange accepts single host specifications again

* iprange: do accept non-ranges for xt_iprange v1

* iprange: warn on reverse range

* libiptc: fix wrong maptype of base chain counters on restore

* iptables: fix undersized deletion mask creation

* iptables/extensions: make bundled options work again

* iptables: take masks into consideration for replace command

* xtables: warn of missing version identifier in extensions

* documentation updates
- refresh iptables-batch

Thu Nov 12 13:00:00 2009 puzelAATTnovell.com
- remove outdated howtos (bnc#551748)

Wed Jul 15 14:00:00 2009 kay.sieversAATTnovell.com
- fix libdir/libexecdir on 64bit installation

Wed Jun 17 14:00:00 2009 puzelAATTnovell.com
- install iptables-apply

Wed Jun 17 14:00:00 2009 puzelAATTsuse.cz
- update to iptables-1.4.4

* support for the new features in the 2.6.30 kernel, namely the
cluster match and persistent multi-range NAT mappings

* support for the ipset set match and target

* various minor fixes and cleanups

* documentation updates

Mon May 11 14:00:00 2009 puzelAATTsuse.cz
- make explicit \'commit\' in iptables-batch do nothing (bnc#500990)

Tue Apr 21 14:00:00 2009 puzelAATTsuse.cz
- update to 1.4.3.2
- numerous documentation updates and bugfixes
- set of changes to move some of the iptables functionality to a shared
library for tc and m_ipt
- make libiptc available as shared library (closes bnc#487629)
- IPv6 support for the recent match
- TPROXY support
- SCTP/DCCP NAT support
- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
cause an error instead of a warning from now on.
- rework iptables-batch.patch (libiptc interface has changed)
- update howtos


 
ICM