SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for xtables-plugins-1.8.7-1.1.x86_64.rpm :

* Fri Jan 15 2021 jengelhAATTinai.de- Update to release 1.8.7
* iptables-nft:
* Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance.
* Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable.
* Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 jengelhAATTinai.de- Update to release 1.8.6
* iptables-nft had pointlessly added \"bitwise\" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases).
* iptables-nft-restore: Support basechain policy value of \"-\" (indicating to not change the chain\'s policy).
* nft-translte: Fix translation of ICMP type \"any\" match.
* Wed Jun 03 2020 jengelhAATTinai.de- Update to release 1.8.5
* IDLETIMER: Add alarm timer option
* nft: CT: add translation for NOTRACK- Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 jengelhAATTinai.de- Update to release 1.8.4
* Fix for wrong counter format in `ebtables-nft-save -c` output.
* Print typical iptables-save comments in arptables- and ebtables-save, too.
* xt_owner: add --suppl-groups option
* Remove support for /etc/xtables.conf
* Restore support for \"-4\" and \"-6\" options in rule lines.
* Mon Sep 30 2019 kstreitovaAATTsuse.com- Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update.
* Fri Sep 06 2019 kstreitovaAATTsuse.com- add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 jengelhAATTinai.de- Update to new upstream release 1.8.3
* ebtables: Fix rule listing with counters
* ebtables-nft: Support user-defined chain policies- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed)
* Wed May 22 2019 jengelhAATTinai.de- Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 kstreitovaAATTsuse.com- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where \'iptables -L\' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 jengelhAATTinai.de- Update to new upstream release 1.8.2
* Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 jengelhAATTinai.de- Update to new upstream release 1.8.1
* New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astiegerAATTsuse.com- note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 mchandrasAATTsuse.de- Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency.
* Mon Jul 09 2018 jengelhAATTinai.de- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
* The ipv6 \"srh\" match can now match previous/next/last sid
* CONNMARK target now supports bit-shifting for restore,set and save-mark.
* DNAT now supports shifted portmap ranges.
* iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstnerAATTsuse.com- Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstnerAATTsuse.com- Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 1.6.2
* add support for the \"srh\" match
* add randomize-full for the \"MASQUERADE\" target
* add rate match mode to the \"hashlimit\" match
* Thu Jun 22 2017 matthias.gerstnerAATTsuse.com- Add iptables-batch-lock.patch: Fix a locking issue of iptables-batch which can cause it to spuriously fail when other programs modify the iptables rules in parallel (bnc#1045130). This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017 jengelhAATTinai.de- Update to new upstream release 1.6.1
* add support for hashlimit rev 2 for higher pps rates
* add support for cgroup2 path matching
* translation program for nft
* Fri Dec 18 2015 jengelhAATTinai.de- Update to final release 1.6.0
* Only a build fix, no new significant changes.
* Mon Nov 23 2015 jengelhAATTinai.de- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
* -m ah/esp/rt: restore matching \"any SPI id\" by default (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
* -m cgroup: new module
* -m dst: make ! --dst-len work
* -m ipcomp: new module
* -m socket: add --restore-skmark option
* -j CT: add support for new zone options
* -j REJECT: add missing ICMPv6 codes
* -j TEE: make it possible to delete rules with -D ... -j
* -j SNAT/DNAT: add randomize-full support
  
ICM