SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for xtables-plugins-1.8.9-2.9.x86_64.rpm :

* Thu Jan 12 2023 jengelhAATTinai.de- Update to release 1.8.9
* arptables-nft: Support --exact flag
* Support more chunk types in the \"sctp\" extension
* Print `--` in ip6tables\' \"opt\" column for consistency with iptables
* More verbose error messages if iptables-nft-restore fails
* Support `-p Length` with ebtables-nft, needed for 802_3 extension.
* Thu Jul 21 2022 lnusselAATTsuse.com- add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so
* Fri May 13 2022 jengelhAATTinai.de- Update to release 1.8.8
* Add iptables-translate support for: sctp match\'s - -chunk-types option, connlimit match, multiport match\'s - -ports option, and the tcpmss match.
* Reject setuid executables in libxtables for safety reasons
* Extended arptables-nft with -C, -I, -R, -S cmomands and the \"-c N,M\" counter syntax.
* Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times
* Improved performance of iptables-save and -restore
* Thu Dec 30 2021 danilo.spinellaAATTsuse.com- Only use nftables backend when iptables-backend-nft is installed when using libalternatives
* Fri Nov 19 2021 danilo.spinellaAATTsuse.com- Fix libalternatives configuration for ebtables and arptables by keeping argv0, fixes bsc#1192799.
* Wed Oct 20 2021 schubiAATTsuse.de- Added alts requirements for iptables-backend-nft package.
* Thu Sep 16 2021 schubiAATTsuse.com- Removed update-alternatives dependency in libalternatives mode.
* Tue Aug 03 2021 schubiAATTsuse.com- Use libalternatives instead of update-alternatives.
* Fri Jan 15 2021 jengelhAATTinai.de- Update to release 1.8.7
* iptables-nft:
* Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance.
* Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable.
* Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 jengelhAATTinai.de- Update to release 1.8.6
* iptables-nft had pointlessly added \"bitwise\" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases).
* iptables-nft-restore: Support basechain policy value of \"-\" (indicating to not change the chain\'s policy).
* nft-translte: Fix translation of ICMP type \"any\" match.
* Wed Jun 03 2020 jengelhAATTinai.de- Update to release 1.8.5
* IDLETIMER: Add alarm timer option
* nft: CT: add translation for NOTRACK- Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 jengelhAATTinai.de- Update to release 1.8.4
* Fix for wrong counter format in `ebtables-nft-save -c` output.
* Print typical iptables-save comments in arptables- and ebtables-save, too.
* xt_owner: add --suppl-groups option
* Remove support for /etc/xtables.conf
* Restore support for \"-4\" and \"-6\" options in rule lines.
* Mon Sep 30 2019 kstreitovaAATTsuse.com- Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update.
* Fri Sep 06 2019 kstreitovaAATTsuse.com- add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 jengelhAATTinai.de- Update to new upstream release 1.8.3
* ebtables: Fix rule listing with counters
* ebtables-nft: Support user-defined chain policies- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed)
* Wed May 22 2019 jengelhAATTinai.de- Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 kstreitovaAATTsuse.com- Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where \'iptables -L\' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 jengelhAATTinai.de- Update to new upstream release 1.8.2
* Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 jengelhAATTinai.de- Update to new upstream release 1.8.1
* New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astiegerAATTsuse.com- note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 mchandrasAATTsuse.de- Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency.
* Mon Jul 09 2018 jengelhAATTinai.de- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
* The ipv6 \"srh\" match can now match previous/next/last sid
* CONNMARK target now supports bit-shifting for restore,set and save-mark.
* DNAT now supports shifted portmap ranges.
* iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstnerAATTsuse.com- Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstnerAATTsuse.com- Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 1.6.2
* add support for the \"srh\" match
* add randomize-full for the \"MASQUERADE\" target
* add rate match mode to the \"hashlimit\" match
* Thu Jun 22 2017 matthias.gerstnerAATTsuse.com- Add iptables-batch-lock.patch: Fix a locking issue of iptables-batch which can cause it to spuriously fail when other programs modify the iptables rules in parallel (bnc#1045130). This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017 jengelhAATTinai.de- Update to new upstream release 1.6.1
* add support for hashlimit rev 2 for higher pps rates
* add support for cgroup2 path matching
* translation program for nft
* Fri Dec 18 2015 jengelhAATTinai.de- Update to final release 1.6.0
* Only a build fix, no new significant changes.
* Mon Nov 23 2015 jengelhAATTinai.de- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
* -m ah/esp/rt: restore matching \"any SPI id\" by default (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
* -m cgroup: new module
* -m dst: make ! --dst-len work
* -m ipcomp: new module
* -m socket: add --restore-skmark option
* -j CT: add support for new zone options
* -j REJECT: add missing ICMPv6 codes
* -j TEE: make it possible to delete rules with -D ... -j
* -j SNAT/DNAT: add randomize-full support
* Thu Apr 24 2014 dmuellerAATTsuse.com- remove dependency on gpg-offline (blocks rebuilds and tarball integrity is checked by source-validator anyway)
* Wed Apr 23 2014 dmuellerAATTsuse.com- remove dependency on sgmltool: doesn\'t seem to be used and reduces rebuild time on aarch64 by 8 hours
* Sat Nov 23 2013 jengelhAATTinai.de- Update to new upstream release 1.4.21
* --nowildcard option for xt_socket, available since Linux kernel 3.11
* SYNPROXY support, available since Linux kernel 3.12
* Wed Aug 07 2013 jengelhAATTinai.de- Update to new upstream release 1.4.20
* Introduce a new revision for the set match with the counters support
* Add locking to prevent concurrent instances
* Fri May 31 2013 jengelhAATTinai.de- Update to new upstream release 1.4.19.1
* New connlabel and bpf matches- Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch, 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch (are upstream)
* Mon Apr 15 2013 jengelhAATTinai.de- libxt_state.so symlink was not installed (bnc#815182); fix by removing 0001-build-also-use-libtool-for-install-stage.patch, removing 0001-build-do-not-dereference-symlinks-on-installation.patch, adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch, adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
* Wed Mar 20 2013 cfarrellAATTsuse.com- license update: GPL-2.0 and Artistic-2.0 GPL version does not have ^or later^ due to inclusion of numerous GPL 2 ^only^ files. Also, aggregation of Artistic-2.0 content
* Mon Mar 04 2013 jengelhAATTinai.de- Update to new upstream release 1.4.18
* documentation updates- Create subpackage xtables-plugins, to aid packaging of xtadm- Add 0001-build-do-not-dereference-symlinks-on-installation.patch as a prerequisite for:- Add 0001-build-also-use-libtool-for-install-stage.patch to kill of undesired DT_RPATH entries
* Tue Dec 25 2012 jengelhAATTinai.de- Update to new upstream release 1.4.17
* libxt_time: add support to ignore day transition
* libxt_statistic: fix save output
* Wed Nov 28 2012 sbrabecAATTsuse.cz- Verify GPG signature
* Thu Nov 15 2012 lnusselAATTsuse.de- list all required binaries explicitly to make sure all of them are actually compiled
* Thu Nov 15 2012 jengelhAATTinai.de- Always regenerate files due to SUSE\'s iptables-batch patch
* Mon Oct 08 2012 jengelhAATTinai.de- Update to new upstream release 1.4.16.3
* This release includes aliasing support which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well.
* Tue Jul 31 2012 jengelhAATTinai.de- Update to new upstream release 1.4.15
* libxt_recent: add --mask netmask
* libxt_hashlimit: add support for byte-based operation
* Sat May 26 2012 jengelhAATTinai.de- Update to new upstream release 1.4.14
* Support for the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT target.
* Tue Mar 27 2012 jengelhAATTmedozas.de- Update to new upstream release 1.4.13
* Add the rpfilter, nfacct and IPv6 ECN extensions
* Mon Jan 02 2012 jengelhAATTmedozas.de- Update to newer git snapshot (v1.4.12.2-28-g2117f2b, but master branch), tag locally as 1.4.12.90.
* ships missing pkgconfig files, compile fix for libnfnetlink
* libxt_NFQUEUE: fix --queue-bypass ipt-save output
* libxt_connbytes: fix handling of --connbytes FROM
* libxt_recent: Add support for --reap option- split iptables-devel into libiptc-devel and libxtables-devel
* Wed Dec 28 2011 puzelAATTsuse.com- iptables-apply-mktemp-fix.patch (bnc#730161)
* Wed Nov 30 2011 cooloAATTsuse.com- add automake as buildrequire to avoid implicit dependency
* Tue Oct 04 2011 jengelhAATTmedozas.de- Update to a newer git snapshot of the stable branch (to v1.4.12.1-16-gd2b0eaa)
* resolve failure to load extensions that depend on libm.so- rediff of iptables-batch due to fuzz- relax runtime requires
* Thu Sep 01 2011 jengelhAATTmedozas.de- Update to new upstream release 1.4.12.1
* regression fixes for the new (stricter) command-line parser- restore --includedir= in spec file- Put libxtables into its own subpackage so that one does not need a lockstep update of iproute2 on a new iptables package- Remove redundant fields (Autoreqprov defaults to on, License is inherited from main package)
* Fri Aug 12 2011 drahtAATTsuse.de- include path is /usr/include
* Mon Aug 08 2011 jengelhAATTmedozas.de- Put include files into a separate directory to flag up missing CFLAGS. libipq.pc will now be provided.- Enable build of nfnl_osf, a tool to upload OS fingerprints to the kernel for use with xt_osf.
* Fri Jul 22 2011 jengelhAATTmedozas.de- Update to new upstream release 1.4.12
* Include lost match/target descriptions in manpage again
* libxt_LOG: fix ignorance of all but the last flag
* libxt_HL: restore hl-
* option names
* libxt_hashlimit: use a more obvious expiry value by default
* libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
* ipv4: restore negation for the -f option
* Reject empty host specifications (e.g. -s \"\")
* libxt_conntrack: restore network byteordering for ABI v1 & v2
* Documentation updates
* Wed Jun 08 2011 jengelhAATTmedozas.de- Update to snapshot 1.4.11+git16
* libxt_owner: restore inversion support
* option: fix ignored negation before implicit extension loading
* build: fix installation of symlinks
* build: fix absence of xml translator in IPv6-only builds- Drop merged patches
* Sun May 29 2011 jengelhAATTmedozas.de- Update to new upstream release 1.4.11
* stricter option parsing
* support for the current xt_SET target as contained in 2.6.39
* support for the new xt_devgroup match
* support for the new xt_AUDIT target
* support for a new NFQUEUE bypass option, allowing to bypass the queue if no userspace listener is present
* a new iptables option \"-C\" to check for existence of a rules- Fixes on top
* allow negation of --uid-owner/--gid-owner again
* fix installation of symlinks- Run spec-beautifier
* Fri Oct 29 2010 jengelhAATTmedozas.de- Update to new upstream release 1.4.10
* this is the release for the Linux 2.6.36 kernel
* support for the cpu match, which can be used to improve cache locality when running multiple server instances
* support for the IDLETIMER target, which can be used to notify userspace of interfaces being idle
* support for the CHECKSUM target
* support for the ipvs match
* a fix for deletion of rules using the quota match
* Mon Aug 09 2010 puzelAATTnovell.com- update to new upstream release 1.4.9.1
* fixes a compilation problem with static linking in the 1.4.9 release
* Wed Aug 04 2010 puzelAATTnovell.com- update to new upstream release 1.4.9
* this is the release for the Linux 2.6.35 kernel
* support for the LED target
* a new version of the set extension for the upcoming release supporting IPv6
* negation support for the quota match
* support for the SACK-IMMEDIATELY SCTP extension and FORWARD_TSN chunk type in the sctp match
* documentation updates and various smaller bugfixes
* Wed May 26 2010 jengelhAATTmedozas.de- update to new upstream release 1.4.8
* this is the release for the Linux 2.6.34 kernel
* add support for the new xt_CT extension
* import the nfnl_osf program required for proper operation of the xt_osf extension
* Sat Apr 24 2010 cooloAATTnovell.com- buildrequire pkg-config to fix provides
* Mon Mar 01 2010 jengelhAATTmedozas.de- update to new upstream release 1.4.7
* libipq is built as a shared library
* removal of some restrictions on interface names
* documentation updates- rebase and fix linking of iptables-batch- fix libdir->libexecdir
* Mon Feb 22 2010 jengelhAATTmedozas.de- only run configure when needed- use %_smp_mflags- use newer git snapshot to fix compile error due to missing ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)
* Wed Dec 30 2009 puzelAATTnovell.com- fix bnc#561793 - do not include unclean module documentation in iptables manpage
* Tue Dec 22 2009 jengelhAATTmedozas.de- update specfile descriptions (bnc#553801)- update to iptables 1.4.6:
* combine iptables subprograms into a new multi-purpose binary
* support for new implementations: NFQUEUE v1, conntrack v2
* helper: fix invalid passed option to check_inverse
* iprange accepts single host specifications again
* iprange: do accept non-ranges for xt_iprange v1
* iprange: warn on reverse range
* libiptc: fix wrong maptype of base chain counters on restore
* iptables: fix undersized deletion mask creation
* iptables/extensions: make bundled options work again
* iptables: take masks into consideration for replace command
* xtables: warn of missing version identifier in extensions
* documentation updates- refresh iptables-batch
* Thu Nov 12 2009 puzelAATTnovell.com- remove outdated howtos (bnc#551748)
* Wed Jul 15 2009 kay.sieversAATTnovell.com- fix libdir/libexecdir on 64bit installation
* Wed Jun 17 2009 puzelAATTnovell.com- install iptables-apply
* Wed Jun 17 2009 puzelAATTsuse.cz- update to iptables-1.4.4
* support for the new features in the 2.6.30 kernel, namely the cluster match and persistent multi-range NAT mappings
* support for the ipset set match and target
* various minor fixes and cleanups
* documentation updates
* Mon May 11 2009 puzelAATTsuse.cz- make explicit \'commit\' in iptables-batch do nothing (bnc#500990)
* Tue Apr 21 2009 puzelAATTsuse.cz- update to 1.4.3.2 - numerous documentation updates and bugfixes - set of changes to move some of the iptables functionality to a shared library for tc and m_ipt - make libiptc available as shared library (closes bnc#487629) - IPv6 support for the recent match - TPROXY support - SCTP/DCCP NAT support- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will cause an error instead of a warning from now on.- rework iptables-batch.patch (libiptc interface has changed)- update howtos
* Fri Jan 16 2009 prusnakAATTsuse.cz- updated to 1.4.2
* remove dependency on libiptc headers
* fix segmentation fault with -tanything
* warn about use of DROP in nat table
* do allow --rttl for --update
* run ldconfig on `make install`
* fix invalid iptables-save output
* fix hashlimit output
* Wed Sep 10 2008 prusnakAATTsuse.cz- updated to 1.4.2-rc1
* libxt_TOS: make sure --set-tos value/mask is recognized
* libiptc: fix scalability performance issue during initial ruleset parsing
* xt_string: string extension case insensitive matching
* ip6tables: add --goto support
* Wed Sep 10 2008 prusnakAATTsuse.cz- updated to 1.4.1.1
* iptables: fix printing of line numbers with --line-numbers arg
* ip6tables: fix printing of ipv6 network masks
* build: fix `make install` when --disable-shared is used
* iprange: kernel flags were not set
* Wed Sep 10 2008 prusnakAATTsuse.cz- updated to 1.4.1
* iptables: use C99 lists for struct options
* Make iptables-restore usable over a pipe
* Add support for --set-counters to iptables -P
* iptables --list-rules command
* iptables --list chain rulenum
* Make --set-counters (-c) accept comma separated counters
* libxt_iprange: Fix IP validation logic
* fix ip6tables dest address printing
* Converts the iptables build infrastructure to autotools.
* Introduce strtonum(), which works like string_to_number(), but passes
* print warning when dlopen fails
* libxt_owner: UID/GID range support
* Fix compilation of iptables-static build
* xtables.h: move non-exported parts to internal.h
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
* manpages: fix broken markup (missing close tags)
* manpages: update to reflect fine-grained control
* configure: split --enable-libipq from --enable-devel
* Add all necessary header files - compilation fix for various cases
* Install libiptc header files because xtables.h depends on it
* Implement AF_UNSPEC as a wildcard for extensions
* Combine ipt and ip6t manpages
* Resolve warnings on 64-bit compile
* Wrap dlopen code into NO_SHARED_LIBS
* Remove support for compilation of conditional extensions
* Resolve libipt_set warnings
* Update documentation about building the package
* configure.ac: AC_SUBST must be separate
* Dynamically create xtables.h.in with version
* configure.ac: remove already-defined variables
* Remove old functions, constants
* Makefile.am: use PACKAGE_TARNAME
* iptables out-of-tree build directory
* Introduce a counter for number of user defined chains.
* Solving scalability issue: for chain list \"name\" searching.
* REDIRECT: Allow symbolic port in REDIRECT --to-port
* Fix iptables-save output of libxt_owner match
* allow empty strings in argument parser
* Fix define value of SCTP chunk type.
* cleanup several code wraparounds
* Add RATEEST target extension
* Add rateest match extension
* Properly initialize revision for ip6tables targets
* Resync header files with kernel
* libiptc: move variable definitions to head of function
* Fix CONNMARK mask initialisation
* iptables-save:remove unnecessary code.
* Don\'t assume /bin/sh is bash
* Add xtables version defines.
* Use s6_addr32 to access bits in int6_addr instead of incompatible name
* Tue Jan 08 2008 prusnakAATTsuse.cz- updated to 1.4.0:
* Add support for generic xtables infrastructure (improved IPv6 support!)
* Deletes empty ->final_check() functions
* Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
* Remove last vestiges of NFC
* Make AATTmsg argument a const char
*, just like printf
* Makes it possible to omit extra_opts of matches/targets if unnecessary
* Fix \"iptables getsockopt failed strangely\" when querying revisions for non-existant matches and targets
* Introduces DEST_IPT_LIBDIR in Makefile
* Change default KERNEL_DIR location and add KBUILD_OUTPUT
* Removes obsolete KERNEL_64_USERSPACE_32 definitions
* Fix unused function warning
* Don\'t use dlfcn.h if NO_SHARED_LIBS is defined
* Fix showing help text for matches/targets with revision as user
* Print warnings to stderr
* Fix sscanf type errors
* Always print mask in iptables-save
* Don\'t silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
* Adds --table to iptables-restore
* Make DO_MULTI=1 work for ip6tables
* binaries
* Add ip6tables-{save,restore} to non-experimental target, fix strict aliasing warnings
* Introducing libxt_
*.man files. Sorted matches and modules
* Install ip6tables-{save,restore} manpages
* Performance optimization in sorting chain during pull-out
* Fix sockfd use accounting for kernels without autoloading
* use
* Fix make/compile error for iptables-1.4.0rc1
* Fix for --random option in DNAT and REDIRECT
* Document xt_statistic
* sctp: fix - mistake to pass a pointer where array is required
* Fix connlimit output for inverted --connlimit-above: ! > is <=, not <
* Add NFLOG manpage
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
* fix check_inverse() call- removed obsolete patch:
* strict-aliasing-fix.diff (included in update)
* Tue Jul 31 2007 prusnakAATTsuse.cz- removed sed scripts in %prep section from last update
* not needed anymore
* Thu Jul 26 2007 prusnakAATTsuse.cz- updated to 1.3.8
* Fix build error of conntrack match
* Remove whitespace in ip6tables.c
* `-p all\' and `-p 0\' should be allowed in ip6tables
* hashlimit doc update
* add --random option to DNAT and REDIRECT
* Makefile uses POSIX conform directory check
* Fix missing newlines in iptables-save/restore output
* Update quota manpage for SMP
* Output for unspecified proto is `all\' instead of `0\'
* Fix iptables-save with --random option
* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs
* Remove libnsl from LDLIBS
* Fix problem with iptables-restore and quotes
* Remove unnecessary includes
* Fix --modprobe parameter
* ip6tables-restore should output error of modprobe after failed to load
* Add random option to SNAT
* Fix missing space in error message
* Fixes for manpages of tcp, udp, and icmp{,6}
* Add ip6tables mh extension
* Fix tcpmss manpage
* Add ip6tables TCPMSS extension
* Add UDPLITE multiport support
* Fix missing space in ruleset listing
* Remove extensions for unmaintained/obsolete patchlets
* Fix greedy debug grep
* Fix type in manpage
* Fix compile/install error for iptables-xml with DO_MULTI=1- dropped obsolete patches:
* newlines.diff (included in update)
* shlibs.diff (done by sed in %prep section)
* extensions.diff
* Wed May 09 2007 prusnakAATTsuse.cz- added newlines to error messages (newlines.diff) [#271847]
* Tue Mar 13 2007 prusnakAATTsuse.cz- added initial setting of KERNEL_DIR variable in %install section of spec file
* Tue Jan 09 2007 prusnakAATTsuse.cz- added experimental tools and extensions (removed by last update)
* Wed Jan 03 2007 prusnakAATTsuse.cz- updated to 1.3.7
* Add revision support for ip6tables
* Add port range support for ip6tables multiport match
* Add sctp match extension for ip6tables
* Add iptables-xml tool
* Add hashlimit support for ip6tables (needs kernel > 2.6.19)
* Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
* Bugfixes- updated debian-docs and moved into tar.bz2
* Thu Nov 16 2006 mjancarAATTsuse.cz- allow setting KERNEL_DIR on commandline for build (#220851)
* Tue Oct 17 2006 anosekAATTsuse.cz- updated to version 1.3.6
* Support multiple matches of the same type within a single rule
* DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
* SELinux SECMARK target (needs kernel >= 2.6.18)
* SELinux CONNSECMARK target (needs kernel >= 2.6.18)
* Add support for statistic match (needs kernel >= 2.6.18)
* Optionally read realm values from /etc/iproute2/rt_realms
* Bugfixes
* Wed Feb 01 2006 lnusselAATTsuse.de- updated to version 1.3.5
* supports ip6tables state and conntrack \\o/ (#145758)
* Fri Jan 27 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Tue Jan 24 2006 schwabAATTsuse.de- Fix building of shared libraries.
* Tue Jan 17 2006 postadalAATTsuse.cz- updated policy extension from upstream (policy-1.3.4.patch)
* ported for changes in kernel
* Tue Nov 15 2005 postadalAATTsuse.cz- updated to version 1.3.4- added RPM_OPT_FLAGS to CFLAGS- fixed strict aliasing (strict-aliasing-fix.patch)
* Mon Aug 01 2005 lnusselAATTsuse.de- add iptables-batch and ip6tables-batch
* Mon Aug 01 2005 postadalAATTsuse.cz- updated to version 1.3.3
* Wed Jul 27 2005 postadalAATTsuse.cz- updated to version 1.3.2
* Wed Mar 09 2005 postadalAATTsuse.cz- updated to version 1.3.1 (bug fixes)
* Thu Feb 17 2005 postadalAATTsuse.cz- updated to version 1.3.0- removed obsoleted patch modules-secfix
* Tue Nov 02 2004 postadalAATTsuse.cz- fixed uninitialised variable [#47850] - CAN-2004-0986
* Tue Aug 17 2004 mludvigAATTsuse.cz- Fixed mode for extensions/.policy-test6
* Thu Aug 05 2004 mludvigAATTsuse.cz- Added IPv6 support to the \'policy\' match.
* Wed Aug 04 2004 postadalAATTsuse.cz- updated to version 1.2.11- removed obsoleted patch clusterip
* Sat Apr 24 2004 lmbAATTsuse.de- Add support for Cluster IP functionality.
* Wed Apr 21 2004 mludvigAATTsuse.cz- Added module for IPv6 conntrack from USAGI.
* Wed Mar 24 2004 mludvigAATTsuse.cz- Added policy module from patch-o-matic
* Fri Feb 06 2004 postadalAATTsuse.cz- updated to version 1.2.9.
* Sat Jan 10 2004 adrianAATTsuse.de- add %defattr
* Wed Jul 23 2003 postadalAATTsuse.cz- updated to 1.2.8
* Tue Apr 08 2003 schwabAATTsuse.de- Prefer sanitized kernel headers.
* Thu Sep 05 2002 postadalAATTsuse.cz- updated to bugfixed 1.2.7a version
* Wed Aug 28 2002 postadalAATTsuse.cz- added Requires %{name} = %{version} to devel package
* Thu Aug 08 2002 nadvornikAATTsuse.cz- updated to 1.2.7
* Wed Mar 27 2002 postadalAATTsuse.cz- revert to compile it with kernel headers (#15448)
* Fri Feb 01 2002 nadvornikAATTsuse.cz- compiled with kernel headers from glibc
* Tue Jan 15 2002 nadvornikAATTsuse.cz- update to 1.2.5
* Wed Nov 14 2001 nadvornikAATTsuse.cz- updated to 1.2.4 [bug #12104] - fixed problems with iptables-save/restore- iptables-1.2.4.debian.diff.bz2 contains documentation only, Makefile changes moved to separate patch
* Sat Sep 22 2001 garloffAATTsuse.de- Fix ipt_string support (compile fix).
* Tue Jul 17 2001 garloffAATTsuse.de- Update to iptables-1.2.2- Appply debian patch: mostly docu stuff- Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM .spec file to compile and install ip(6)tables-save/restore apps.
* Fri Apr 06 2001 kukukAATTsuse.de- changed neededforbuild from lx_suse to kernel-source
* Tue Mar 27 2001 lmuelleAATTsuse.de- update to 1.2.1a- add devel package with libipq stuff- minor spec file cleanup
* Sun Jan 28 2001 olhAATTsuse.de- update to 1.2, needed for ppc and sparc
* Tue Dec 19 2000 nadvornikAATTsuse.cz- compiled with lx_suse
* Tue Oct 17 2000 nadvornikAATTsuse.cz- update to 1.1.2
* Fri Sep 22 2000 roAATTsuse.de- up to 1.1.1
* Fri Jun 09 2000 roAATTsuse.de- fixed neededforbuild
* Wed Jun 07 2000 nadvornikAATTsuse.cz- new package 1.1.0
  
ICM