RPM Search

Changelog for iptables-1.4.7-9.el6.x86_64.rpm :
Wed Oct 31 13:00:00 2012 Thomas Woerner 1.4.7-9
- make alternatives names arch dependant for multilib (rhbz#860148)
- added virtual provides for base libraries to be able to resolve library file requires

Tue Oct 9 14:00:00 2012 Thomas Woerner 1.4.7-8
- do not use alternatives for the init scripts (rhbz#860148)

Tue Sep 18 14:00:00 2012 Thomas Woerner 1.4.7-7
- Use alternatives to support other iptables versions for MRG kernels
(rhbz#747068)
- Restore sysctl values on service restart (rhbz#800208)
- Added fallback support in case of error in service start (rhbz#808272)
- Added AUDIT targets to to man pages (rhbz#809108)
- Fixed maximum chain name length (rhbz#821441)
- Added missing dependency for poliycoreutils package (rhbz#836286)

Fri Feb 3 13:00:00 2012 Thomas Woerner 1.4.7-6
- reverted upstream patches, because they are breaking the ABI
- created new patch based on upstream but without ABI break (rhbz#725879)

Fri Nov 11 13:00:00 2011 Thomas Woerner 1.4.7-5
- fixed option parser problem (mark matches with mark options) (rhbz#725879)
based on upstream commits:
600f38db82548a683775fd89b6e136673e924097
59e8114c6792242e80785f4461d5e663fb9a3d64
d3b2e391e3b944581e20e216af76339cc87d0590
2d68ae7ce6e40e3977ee11a57296cf76801ae320
1dc27393b7ba401e6228a5ee2472a6eb72836c43
1e128bd804b676ee91beca48312de9b251845d09
fa503ad59f73d20d85f4cdf53324a01d2ad8591e

Fri Jan 7 13:00:00 2011 Thomas Woerner 1.4.7-4
- added IPv6 transparent proxy support (rhbz#590186)
- added auditing support (rhbz#642393)
Thanks to Thomas Graf for the patch
- init: restore context for save and use /etc/sysconfig for temps (rhbz#644273)

Tue Jul 13 14:00:00 2010 Thomas Woerner 1.4.7-3
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)

Tue Jun 29 14:00:00 2010 Thomas Woerner 1.4.7-2
- fixed initscript to be LSB compliant (rhbz#593228)
- added euid 0 check
- reload returns 3 (unimplemented feature)

Wed Mar 24 13:00:00 2010 Thomas Woerner 1.4.7-1
- rebase to version 1.4.7:
- libip4tc: Add static qualifier to dump_entry()
- libipq: build as shared library
- recent: reorder cases in code (cosmetic cleanup)
- several man page and documentation fixes
- policy: fix error message showing wrong option
- includes: header updates
- Lift restrictions on interface names
- fixed license and moved iptables-xml into base package according to review
- added default values for IPTABLES_STATUS_VERBOSE and
IPTABLES_STATUS_LINENUMBERS in init script

Fri Feb 26 13:00:00 2010 Thomas Woerner 1.4.6-4
- changed license to GPLv2
- removed execution bits from iptables.init

Fri Feb 26 13:00:00 2010 Thomas Woerner 1.4.6-3
- fixes according to review:
- fixed license
- moved /bin/iptables-xml to iptables main package fixes dangling symlink in
ipv6 sub-package
- added missing lsb keywords Required-Start and Required-Stop to init script

Wed Jan 27 13:00:00 2010 Thomas Woerner 1.4.6-2
- moved libip
*tc and libxtables libs to /lib[64], added symlinks for .so libs
to /usr/lib[64] for compatibility (rhbz#558796)

Wed Jan 13 13:00:00 2010 Thomas Woerner 1.4.6-1
- new version 1.4.6 with support for all new features of 2.6.32
- several man page fixes
- Support for nommu arches
- realm: remove static initializations
- libiptc: remove unused functions
- libiptc: avoid strict-aliasing warnings
- iprange: do accept non-ranges for xt_iprange v1
- iprange: warn on reverse range
- iprange: roll address parsing into a loop
- iprange: do accept non-ranges for xt_iprange v1 (log)
- iprange: warn on reverse range (log)
- libiptc: fix wrong maptype of base chain counters on restore
- iptables: fix undersized deletion mask creation
- style: reduce indent in xtables_check_inverse
- libxtables: hand argv to xtables_check_inverse
- iptables/extensions: make bundled options work again
- CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
- iptables: take masks into consideration for replace command
- doc: explain experienced --hitcount limit
- doc: name resolution clarification
- iptables: expose option to zero packet/byte counters for a specific rule
- build: restore --disable-ipv6 functionality on system w/o v6 headers
- MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark
- DNAT: fix incorrect check during parsing
- extensions: add osf extension
- conntrack: fix --expires parsing

Thu Dec 17 13:00:00 2009 Thomas Woerner 1.4.5-2
- dropped nf_ext_init remains from cloexec patch

Thu Sep 17 14:00:00 2009 Thomas Woerner 1.4.5-1
- new version 1.4.5 with support for all new features of 2.6.31
- libxt_NFQUEUE: add new v1 version with queue-balance option
- xt_conntrack: revision 2 for enlarged state_mask member
- libxt_helper: fix invalid passed option to check_inverse
- libiptc: split v4 and v6
- extensions: collapse registration structures
- iptables: allow for parse-less extensions
- iptables: allow for help-less extensions
- extensions: remove empty help and parse functions
- xtables: add multi-registration functions
- extensions: collapse data variables to use multi-reg calls
- xtables: warn of missing version identifier in extensions
- multi binary: allow subcommand via argv[1]
- iptables: accept multiple IP address specifications for -s, -d
- several build fixes
- several man page fixes
- fixed two leaked file descriptors on sockets (rhbz#521397)

Mon Aug 24 14:00:00 2009 Thomas Woerner 1.4.4-1
- new version 1.4.4 with support for all new features of 2.6.30
- several man page fixes
- iptables: replace open-coded sizeof by ARRAY_SIZE
- libip6t_policy: remove redundant functions
- policy: use direct xt_policy_info instead of ipt/ip6t
- policy: merge ipv6 and ipv4 variant
- extensions: add `cluster\' match support
- extensions: add const qualifiers in print/save functions
- extensions: use NFPROTO_UNSPEC for .family field
- extensions: remove redundant casts
- iptables: close open file descriptors
- fix segfault if incorrect protocol name is used
- replace open-coded sizeof by ARRAY_SIZE
- do not include v4-only modules in ip6tables manpage
- use direct xt_policy_info instead of ipt/ip6t
- xtables: fix segfault if incorrect protocol name is used
- libxt_connlimit: initialize v6_mask
- SNAT/DNAT: add support for persistent multi-range NAT mappings

Fri Jul 24 14:00:00 2009 Fedora Release Engineering - 1.4.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

Wed Apr 15 14:00:00 2009 Thomas Woerner 1.4.3.2-1
- new version 1.4.3.2
- also install iptables/internal.h, needed for iptables.h and ip6tables.h

Mon Mar 30 14:00:00 2009 Thomas Woerner 1.4.3.1-1
- new version 1.4.3.1
- libiptc is now shared
- supports all new features of the 2.6.29 kernel
- dropped typo_latter patch

Thu Mar 5 13:00:00 2009 Thomas Woerner 1.4.2-3
- still more review fixes (rhbz#225906)
- consistent macro usage
- use sed instead of perl for rpath removal
- use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc
*)

Wed Feb 25 13:00:00 2009 Fedora Release Engineering - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

Fri Feb 20 13:00:00 2009 Thomas Woerner 1.4.2-1
- new version 1.4.2
- removed TOS value mask patch (upstream)
- more review fixes (rhbz#225906)
- install all header files (rhbz#462207)
- dropped nf_ext_init (rhbz#472548)

Tue Jul 22 14:00:00 2008 Thomas Woerner 1.4.1.1-2
- fixed TOS value mask problem (rhbz#456244) (upstream patch)
- two more cloexec fixes

Tue Jul 1 14:00:00 2008 Thomas Woerner 1.4.1.1-1
- upstream bug fix release 1.4.1.1
- dropped extra patch for 1.4.1 - not needed anymore

Tue Jun 10 14:00:00 2008 Thomas Woerner 1.4.1-1
- new version 1.4.1 with new build environment
- additional ipv6 network mask patch from Jan Engelhardt
- spec file cleanup
- removed old patches

Fri Jun 6 14:00:00 2008 Tom \"spot\" Callaway 1.4.0-5
- use normal kernel headers, not linux/compiler.h
- change BuildRequires: kernel-devel to kernel-headers
- We need to do this to be able to build for both sparcv9 and sparc64
(there is no kernel-devel.sparcv9)

Thu Mar 20 13:00:00 2008 Thomas Woerner 1.4.0-4
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)

Mon Mar 3 13:00:00 2008 Thomas Woerner 1.4.0-3
- use the kernel headers from the build tree for iptables for now to be able to
compile this package, but this makes the package more kernel dependant
- use s6_addr32 instead of in6_u.u6_addr32

Wed Feb 20 13:00:00 2008 Fedora Release Engineering - 1.4.0-2
- Autorebuild for GCC 4.3

Mon Feb 11 13:00:00 2008 Thomas Woerner 1.4.0-1
- new version 1.4.0
- fixed condrestart (rhbz#428148)
- report the module in rmmod_r if there is an error
- use nf_ext_init instead of my_init for extension constructors

Mon Nov 5 13:00:00 2007 Thomas Woerner 1.3.8-6
- fixed leaked file descriptor before fork/exec (rhbz#312191)
- blacklisting is not working, use \"install X /bin/(true|false)\" test instead
- return private exit code 150 for disabled ipv6 support
- use script name for output messages

Tue Oct 16 14:00:00 2007 Thomas Woerner 1.3.8-5
- fixed error code for stopping a already stopped firewall (rhbz#321751)
- moved blacklist test into start

Wed Sep 26 14:00:00 2007 Thomas Woerner 1.3.8-4.1
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
- use simpler fix for (rhbz#295611)
Thanks to Linus Torvalds for the patch.

Mon Sep 24 14:00:00 2007 Thomas Woerner 1.3.8-4
- fixed IPv6 reject type (rhbz#295181)
- fixed init script: start, stop and status
- support netfilter compiled into kernel in init script (rhbz#295611)
- dropped inversion for limit modules from man pages (rhbz#220780)
- fixed typo in ip6tables man page (rhbz#236185)

Wed Sep 19 14:00:00 2007 Thomas Woerner 1.3.8-3
- do not depend on local_fs in lsb header - this delayes start after network
- fixed exit code for initscript usage

Mon Sep 17 14:00:00 2007 Thomas Woerner 1.3.8-2.1
- do not use lock file for condrestart test

Thu Aug 23 14:00:00 2007 Thomas Woerner 1.3.8-2
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
- provide iptc interface again, but unsupported (rhbz#216733)
- compile all extension, which are supported by the kernel-headers package
- review fixes (rhbz#225906)

Tue Jul 31 14:00:00 2007 Thomas Woerner
- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888)

Fri Jul 13 14:00:00 2007 Steve Conklin - 1.3.8-1
- New version 1.3.8

Mon Apr 23 14:00:00 2007 Jeremy Katz - 1.3.7-2
- fix error when ipv6 support isn\'t loaded in the kernel (#236888)

Wed Jan 10 13:00:00 2007 Thomas Woerner 1.3.7-1.1
- fixed installation of secmark modules

Tue Jan 9 13:00:00 2007 Thomas Woerner 1.3.7-1
- new verison 1.3.7
- iptc is not a public interface and therefore not installed anymore
- dropped upstream secmark patch

Tue Sep 19 14:00:00 2006 Thomas Woerner 1.3.5-2
- added secmark iptables patches (#201573)

Wed Jul 12 14:00:00 2006 Jesse Keating - 1.3.5-1.2.1
- rebuild

Fri Feb 10 13:00:00 2006 Jesse Keating - 1.3.5-1.2
- bump again for double-long bug on ppc(64)

Tue Feb 7 13:00:00 2006 Jesse Keating - 1.3.5-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes

Thu Feb 2 13:00:00 2006 Thomas Woerner 1.3.5-1
- new version 1.3.5
- fixed init script to set policy for raw tables, too (#179094)

Tue Jan 24 13:00:00 2006 Thomas Woerner 1.3.4-3
- added important iptables header files to devel package

Fri Dec 9 13:00:00 2005 Jesse Keating
- rebuilt

Fri Nov 25 13:00:00 2005 Thomas Woerner 1.3.4-2
- fix for plugin problem: link with \"gcc -shared\" instead of \"ld -shared\" and
replace \"_init\" with \"__attribute((constructor)) my_init\"

Fri Nov 25 13:00:00 2005 Thomas Woerner 1.3.4-1.1
- rebuild due to unresolved symbols in shared libraries

Fri Nov 18 13:00:00 2005 Thomas Woerner 1.3.4-1
- new version 1.3.4
- dropped free_opts patch (upstream fixed)
- made libipq PIC (#158623)
- additional configuration options for iptables startup script (#172929)
Thanks to Jan Gruenwald for the patch
- spec file cleanup (dropped linux_header define and usage)

Mon Jul 18 14:00:00 2005 Thomas Woerner 1.3.2-1
- new version 1.3.2 with additional patch for the misplaced free_opts call
from Marcus Sundberg

Wed May 11 14:00:00 2005 Thomas Woerner 1.3.1-1
- new version 1.3.1

Fri Mar 18 13:00:00 2005 Thomas Woerner 1.3.0-2
- Remove unnecessary explicit kernel dep (#146142)
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
for the patch
- Adapted iptables-config to reference to modprobe.conf (#150143)
- Remove misleading message (#140154): Thanks to Ulrich Drepper
for the patch

Mon Feb 21 13:00:00 2005 Thomas Woerner 1.3.0-1
- new version 1.3.0

Thu Nov 11 13:00:00 2004 Thomas Woerner 1.2.11-3.2
- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)

Fri Sep 17 14:00:00 2004 Thomas Woerner 1.2.11-3.1
- changed default behaviour for IPTABLES_STATUS_NUMERIC to \"yes\" (#129731)
- modified config file to match this change and un-commented variables with
default values

Thu Sep 16 14:00:00 2004 Thomas Woerner 1.2.11-3
- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
for the patch

Wed Aug 25 14:00:00 2004 Thomas Woerner 1.2.11-2
- fixed free bug in iptables (#128322)

Tue Jun 22 14:00:00 2004 Thomas Woerner 1.2.11-1
- new version 1.2.11

Thu Jun 17 14:00:00 2004 Thomas Woerner 1.2.10-1
- new version 1.2.10

Tue Jun 15 14:00:00 2004 Elliot Lee
- rebuilt

Tue Mar 2 13:00:00 2004 Elliot Lee
- rebuilt

Thu Feb 26 13:00:00 2004 Thomas Woerner 1.2.9-2.3
- fixed iptables-restore -c fault if there are no counters (#116421)

Fri Feb 13 13:00:00 2004 Elliot Lee
- rebuilt

Sun Jan 25 13:00:00 2004 Dan Walsh 1.2.9-1.2
- Close File descriptors to prevent SELinux error message

Wed Jan 7 13:00:00 2004 Thomas Woerner 1.2.9-1.1
- rebuild

Wed Dec 17 13:00:00 2003 Thomas Woerner 1.2.9-1
- vew version 1.2.9
- new config options in ipXtables-config:
IPTABLES_MODULES_UNLOAD
- more documentation in ipXtables-config
- fix for netlink security issue in libipq (devel package)
- print fix for libipt_icmp (#109546)

Thu Oct 23 14:00:00 2003 Thomas Woerner 1.2.8-13
- marked all messages in iptables init script for translation (#107462)
- enabled devel package (#105884, #106101)
- bumped build for fedora for libipt_recent.so (#106002)

Tue Sep 23 14:00:00 2003 Thomas Woerner 1.2.8-12.1
- fixed lost udp port range in ip6tables-save (#104484)
- fixed non numeric multiport port output in ipXtables-savs

Mon Sep 22 14:00:00 2003 Florian La Roche 1.2.8-11
- do not link against -lnsl

Wed Sep 17 14:00:00 2003 Thomas Woerner 1.2.8-10
- made variables in rmmod_r local

Tue Jul 22 14:00:00 2003 Thomas Woerner 1.2.8-9
- fixed permission for init script

Sat Jul 19 14:00:00 2003 Thomas Woerner 1.2.8-8
- fixed save when iptables file is missing and iptables-config permissions

Tue Jul 8 14:00:00 2003 Thomas Woerner 1.2.8-7
- fixes for ip6tables: module unloading, setting policy only for existing
tables

Thu Jul 3 14:00:00 2003 Thomas Woerner 1.2.8-6
- IPTABLES_SAVE_COUNTER defaults to no, now
- install config file in /etc/sysconfig
- exchange unload of ip_tables and ip_conntrack
- fixed start function

Wed Jul 2 14:00:00 2003 Thomas Woerner 1.2.8-5
- new config option IPTABLES_SAVE_ON_RESTART
- init script: new status, save and restart
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374

Mon Jun 30 14:00:00 2003 Thomas Woerner 1.2.8-4
- new config option IPTABLES_STATUS_NUMERIC
- cleared IPTABLES_MODULES in iptables-config

Mon Jun 30 14:00:00 2003 Thomas Woerner 1.2.8-3
- new init scripts

Sat Jun 28 14:00:00 2003 Florian La Roche
- remove check for very old kernel versions in init scripts
- sync up both init scripts and remove some further ugly things
- add some docu into rpm

Thu Jun 26 14:00:00 2003 Thomas Woerner 1.2.8-2
- rebuild

Mon Jun 16 14:00:00 2003 Thomas Woerner 1.2.8-1
- update to 1.2.8

Wed Jan 22 13:00:00 2003 Tim Powers
- rebuilt

Mon Jan 13 13:00:00 2003 Bill Nottingham 1.2.7a-1
- update to 1.2.7a
- add a plethora of bugfixes courtesy Michael Schwendt

Fri Dec 13 13:00:00 2002 Elliot Lee 1.2.6a-3
- Fix multilib

Wed Aug 7 14:00:00 2002 Karsten Hopp
- fixed iptables and ip6tables initscript output, based on #70511
- check return status of all iptables calls, not just the last one
in a \'for\' loop.

Mon Jul 29 14:00:00 2002 Bernhard Rosenkraenzer 1.2.6a-1
- 1.2.6a (bugfix release, #69747)

Fri Jun 21 14:00:00 2002 Tim Powers
- automated rebuild

Thu May 23 14:00:00 2002 Tim Powers
- automated rebuild

Mon Mar 4 13:00:00 2002 Bernhard Rosenkraenzer 1.2.5-3
- Add some fixes from CVS, fixing bug #60465

Tue Feb 12 13:00:00 2002 Bernhard Rosenkraenzer 1.2.5-2
- Merge ip6tables improvements from Ian Prowell
- Update URL (#59354)
- Use /sbin/chkconfig rather than chkconfig in %postun script

Fri Jan 11 13:00:00 2002 Bernhard Rosenkraenzer 1.2.5-1
- 1.2.5

Wed Jan 9 13:00:00 2002 Tim Powers
- automated rebuild

Mon Nov 5 13:00:00 2001 Bernhard Rosenkraenzer 1.2.4-2
- Fix %preun script

Tue Oct 30 13:00:00 2001 Bernhard Rosenkraenzer 1.2.4-1
- Update to 1.2.4 (various fixes, including security fixes; among others:
- Fix init script (#31133)

Mon Sep 3 14:00:00 2001 Bernhard Rosenkraenzer 1.2.3-1
- 1.2.3 (5 security fixes, some other fixes)
- Fix updating (#53032)

Mon Aug 27 14:00:00 2001 Bernhard Rosenkraenzer 1.2.2-4
- Fix #50990
- Add some fixes from current CVS; should fix #52620

Mon Jul 16 14:00:00 2001 Bernhard Rosenkraenzer 1.2.2-3
- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
issues

Tue Jun 26 14:00:00 2001 Bernhard Rosenkraenzer 1.2.2-2
- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt

Tue May 8 14:00:00 2001 Bernhard Rosenkraenzer 1.2.2-1
- 1.2.2

Wed Mar 21 13:00:00 2001 Bernhard Rosenkraenzer
- 1.2.1a, fixes #28412, #31136, #31460, #31133

Thu Mar 1 13:00:00 2001 Bernhard Rosenkraenzer
- Yet another initscript fix (#30173)
- Fix the fixes; they fixed some issues but broke more important
stuff :/ (#30176)

Tue Feb 27 13:00:00 2001 Bernhard Rosenkraenzer
- Fix up initscript (#27962)
- Add fixes from CVS to iptables-{restore,save}, fixing #28412

Fri Feb 9 13:00:00 2001 Karsten Hopp
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)

Mon Feb 5 13:00:00 2001 Karsten Hopp
- fix bugzilla #25986 (initscript not marked as config file)
- fix bugzilla #25962 (iptables-restore)
- mv chkconfig --del from postun to preun

Thu Feb 1 13:00:00 2001 Trond Eivind Glomsrød
- Fix check for ipchains

Mon Jan 29 13:00:00 2001 Bernhard Rosenkraenzer
- Some fixes to init scripts

Wed Jan 24 13:00:00 2001 Bernhard Rosenkraenzer
- Add some fixes from CVS, fixes among other things Bug #24732

Wed Jan 17 13:00:00 2001 Bernhard Rosenkraenzer
- Add missing man pages, fix up init script (Bug #17676)

Mon Jan 15 13:00:00 2001 Bill Nottingham
- add init script

Mon Jan 15 13:00:00 2001 Bernhard Rosenkraenzer
- 1.2
- fix up ipv6 split
- add init script
- Move the plugins from /usr/lib/iptables to /lib/iptables.
This needs to work before /usr is mounted...
- Use -O1 on alpha (compiler bug)

Sat Jan 6 13:00:00 2001 Bernhard Rosenkraenzer
- 1.1.2
- Add IPv6 support (in separate package)

Thu Aug 17 14:00:00 2000 Bill Nottingham
- build everywhere

Tue Jul 25 14:00:00 2000 Bernhard Rosenkraenzer
- 1.1.1

Thu Jul 13 14:00:00 2000 Prospector
- automatic rebuild

Tue Jun 27 14:00:00 2000 Preston Brown
- move iptables to /sbin.
- excludearch alpha for now, not building there because of compiler bug(?)

Fri Jun 9 14:00:00 2000 Bill Nottingham
- don\'t obsolete ipchains either
- update to 1.1.0

Sun Jun 4 14:00:00 2000 Bill Nottingham
- remove explicit kernel requirement

Tue May 2 14:00:00 2000 Bernhard Rosenkränzer
- initial package