SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nftables-devel-1.0.5-2.1.x86_64.rpm :

* Wed Aug 17 2022 Dirk Müller - update to 1.0.5:
* Fixes for the -o/--optimize, run this --optimize option to automagically compact your ruleset using sets, maps and concatenations
* Fix ethernet and vlan concatenations, eg. define a dynamic set which is populated from the packet path
* Fix ruleset listing with interface wildcard map
* Fix several regressions in the input lexer which broke valid rulesets.
* Fix slowdown with large lists of singleton interval elements.
* Fix set automerge feature for large lists of singleton interval elements.
* Fix bogus error reporting for exact overlaps.
* Fix segfault when adding elements to invalid set.
* fix device parsing in netdev family in json.
* Tue Jun 07 2022 Jan Engelhardt - Update to release 1.0.4
* Fixed a segfault in -o/--optimize with unsupported statements.
* Bogus datatype mismatch error report in sets was fixed.
* Tue May 31 2022 Jan Engelhardt - Update to release 1.0.3
* Support for wildcard interface name matching with sets
* Support for runtime auto-merge of set elements.
* Enhancements for the ruleset optimization -o/--optimize option which allows to coalesce several NAT rules into map.
* Support for raw expressions in concatenations.
* Support for integer type protocol header fields in concatenations.
* Allow to reset TCP options (requires Linux kernel >= 5.18)- Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Tue Feb 22 2022 Jan Engelhardt - Update to release 1.0.2
* New ruleset optimization -o/--optimize option.
* Support for IP and TCP options and SCTP chunks in sets.
* Support for tcp fastopen, md5sig and mptcp options.
* MP-TCP subtype matching support.
* JSON support for flowtables.- Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Thu Nov 18 2021 Jan Engelhardt - Update to release 1.0.1
* Reduce memory footprint when loading large sets/maps.
* Speed up reload of large sets/maps.
* Speed up listing of specific tables in large ruleset, e.g. large ruleset with ~100k lines.
* Speed up --terse option when listing a ruleset large sets/maps.
* Print raw payload expression in hexadecimal, e.g. \"AATTll,0,8 & 0x80 == 0x80\"
* egress hook support (available since 5.16-rc1).
* Allow matching and update bytes at inner header/payload offset (available since 5.16-rc1).
* Thu Aug 19 2021 Jan Engelhardt - Update to release 1.0.0
* Catch-all set element support.
* The command-line option --define is now recognized.
* Stateful expressions in maps.
* Allow combination of jhash, symhash and numgen expressions with the queue statement.
* Allow combination of verdict maps with interval concatenations.
* Tue May 25 2021 Jan Engelhardt - Update to release 0.9.9
* Flowtable hardware offload support
* Support for the table owner flag.
* 802.1ad (QinQ) support
* cgroupsv2 support.
* match on SCTP packet chunks (dependent on Linux 5.14)
* Allow to use verdict in set/map typeof definitions
* Fri Jan 15 2021 Jan Engelhardt - Update to release 0.9.8
* Complete support for matching ICMP header content fields.
* Added raw tcp option match support.
* Added ability to check for the presence of any tcp option.
* Support for rejecting traffic from the ingress chain.
* Tue Oct 27 2020 Jan Engelhardt - Update to release 0.9.7
* Support for implicit chains
* Support for ingress inet chains
* Support for reject from prerouting chain
* Support for --terse option in json
* Support for the reset command with json
* Tue Jun 16 2020 Jan Engelhardt - Update to release 0.9.6
* Fix two ASAN runtime errors
* Sat Jun 06 2020 Jan Engelhardt - Update to release 0.9.5
* Support for set counters.
* Support for restoring set element counters via nft -f.
* Counter support for flowtables.
* typeof concatenations support for sets.
* Support for concatenated ranges in anonymous sets.
* Allow to reject packets with 802.1q from the bridge family.
* Support for matching on the conntrack ID.- Drop anonset-crashfix.patch (upstream solved differently)
* Thu May 07 2020 Jan Engelhardt - Add anonset-crashfix.patch [boo#1171321]
* Wed Apr 01 2020 Jan Engelhardt - Update to release 0.9.4
* Add a helper for concat expression handling.
* Add \"typeof\" build/parse/print support.
* Mon Dec 09 2019 Jan Engelhardt - Add json, python [boo#1158723]
* Tue Dec 03 2019 Jan Engelhardt - Update to release 0.9.3
* meta: Introduce new conditions \"time\", \"day\" and \"hour\".
* src: add ability to set/get secmarks to/from connection.
* flowtable: add support for named flowtable listing.
* flowtable: add support for delete command by handle.
* json: add support for element deletion.
* Add `-T` as the short option for `--numeric-time`.
* meta: add ibrpvid and ibrvproto support
* Mon Aug 19 2019 Jan Engelhardt - Update to new upstream release 0.9.2
* Transport header port matching, e.g. \"th dport 53\"
* Support for matching on IPv4 options
* Support for synproxy
* Sat Jan 19 2019 Stefan Brüns - Remove unused dblatex BuildRequires, only needed for the optional and disabled PDF generation (same contents as shipped manpage).
* Sat Jun 09 2018 jengelhAATTinai.de- Update to new upstream release 0.9.0
* Support to check if packet matches an existing socket.
* Support to limit number of active connections by arbitrary criteria, such as ip addresses, networks, conntrack zones or any combination thereof.
* Added support for \"audit\" logging.
* Fri May 11 2018 jengelhAATTinai.de- Update to new upstream release 0.8.5
* support to add/insert a rule at a given index position
* meter statement now supports a configureable upper max size
* timeouts for sets can now be specified in milliseconds
* re-add iptables-like empty skeleton rulesets
* Wed May 02 2018 jengelhAATTinai.de- Update to new upstream release 0.8.4
* Support to match IPv6 segment routing headers.
* New \"meta ibrname\" and \"meta obrname\" arguments to match the name of the logical bridge a packet is passing through. These new names replace the old (misnamed) \"ibriport\"/\"obriport\".
* `nft -a` will now show handle identifier for all objects, including tables and chains.
* nft can now delete objects by their handle number.
* Support to update maps from the ruleset (packet path).
* the \"--echo\" option now prints handle id for tables and object too.
* `nft -f -` will now read from standard input
* Support for flow tables, cf. man page or https://lwn.net/Articles/738214/ .
* Sat Mar 03 2018 jengelhAATTinai.de- Update to new upstream release 0.8.3
* raw payload support to match headers that do not yet have received a mnemonic.
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 0.8.2
* add secpath support
* Tue Jan 16 2018 jengelhAATTinai.de- Update to new upstream release 0.8.1
* This release deprecates the \"flow table\" syntax in favor of \"meter\".
  
ICM