Changelog for
iptables-backend-nft-1.8.8-1.1.x86_64.rpm :
* Thu Jul 21 2022 Ludwig Nussel
- add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so
* Fri May 13 2022 Jan Engelhardt - Update to release 1.8.8
* Add iptables-translate support for: sctp match\'s - -chunk-types option, connlimit match, multiport match\'s - -ports option, and the tcpmss match.
* Reject setuid executables in libxtables for safety reasons
* Extended arptables-nft with -C, -I, -R, -S cmomands and the \"-c N,M\" counter syntax.
* Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times
* Improved performance of iptables-save and -restore
* Thu Dec 30 2021 Danilo Spinella - Only use nftables backend when iptables-backend-nft is installed when using libalternatives
* Fri Nov 19 2021 Danilo Spinella - Fix libalternatives configuration for ebtables and arptables by keeping argv0, fixes bsc#1192799.
* Wed Oct 20 2021 Stefan Schubert - Added alts requirements for iptables-backend-nft package.
* Thu Sep 16 2021 Stefan Schubert - Removed update-alternatives dependency in libalternatives mode.
* Tue Aug 03 2021 Stefan Schubert - Use libalternatives instead of update-alternatives.
* Fri Jan 15 2021 Jan Engelhardt - Update to release 1.8.7
* iptables-nft:
* Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance.
* Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable.
* Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 Jan Engelhardt - Update to release 1.8.6
* iptables-nft had pointlessly added \"bitwise\" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases).
* iptables-nft-restore: Support basechain policy value of \"-\" (indicating to not change the chain\'s policy).
* nft-translte: Fix translation of ICMP type \"any\" match.
* Wed Jun 03 2020 Jan Engelhardt - Update to release 1.8.5
* IDLETIMER: Add alarm timer option
* nft: CT: add translation for NOTRACK- Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 Jan Engelhardt - Update to release 1.8.4
* Fix for wrong counter format in `ebtables-nft-save -c` output.
* Print typical iptables-save comments in arptables- and ebtables-save, too.
* xt_owner: add --suppl-groups option
* Remove support for /etc/xtables.conf
* Restore support for \"-4\" and \"-6\" options in rule lines.
* Mon Sep 30 2019 Kristyna Streitova - Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update.
* Fri Sep 06 2019 Kristyna Streitova - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 Jan Engelhardt - Update to new upstream release 1.8.3
* ebtables: Fix rule listing with counters
* ebtables-nft: Support user-defined chain policies- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed)
* Wed May 22 2019 Jan Engelhardt - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 Kristýna Streitová - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where \'iptables -L\' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 Jan Engelhardt - Update to new upstream release 1.8.2
* Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 Jan Engelhardt - Update to new upstream release 1.8.1
* New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astiegerAATTsuse.com- note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 Markos Chandras - Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency.
* Mon Jul 09 2018 jengelhAATTinai.de- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
* The ipv6 \"srh\" match can now match previous/next/last sid
* CONNMARK target now supports bit-shifting for restore,set and save-mark.
* DNAT now supports shifted portmap ranges.
* iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstnerAATTsuse.com- Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstnerAATTsuse.com- Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 1.6.2
* add support for the \"srh\" match
* add randomize-full for the \"MASQUERADE\" target
* add rate match mode to the \"hashlimit\" match