|
|
 |
|
|
Changelog for libnftables0-0.9.0-39.2.x86_64.rpm :
* Sat Jan 19 2019 Stefan BrĂ¼ns - Remove unused dblatex BuildRequires, only needed for the optional and disabled PDF generation (same contents as shipped manpage).
* Sat Jun 09 2018 jengelhAATTinai.de- Update to new upstream release 0.9.0
* Support to check if packet matches an existing socket.
* Support to limit number of active connections by arbitrary criteria, such as ip addresses, networks, conntrack zones or any combination thereof.
* Added support for \"audit\" logging.
* Fri May 11 2018 jengelhAATTinai.de- Update to new upstream release 0.8.5
* support to add/insert a rule at a given index position
* meter statement now supports a configureable upper max size
* timeouts for sets can now be specified in milliseconds
* re-add iptables-like empty skeleton rulesets
* Wed May 02 2018 jengelhAATTinai.de- Update to new upstream release 0.8.4
* Support to match IPv6 segment routing headers.
* New \"meta ibrname\" and \"meta obrname\" arguments to match the name of the logical bridge a packet is passing through. These new names replace the old (misnamed) \"ibriport\"/\"obriport\".
* `nft -a` will now show handle identifier for all objects, including tables and chains.
* nft can now delete objects by their handle number.
* Support to update maps from the ruleset (packet path).
* the \"--echo\" option now prints handle id for tables and object too.
* `nft -f -` will now read from standard input
* Support for flow tables, cf. man page or https://lwn.net/Articles/738214/ .
* Sat Mar 03 2018 jengelhAATTinai.de- Update to new upstream release 0.8.3
* raw payload support to match headers that do not yet have received a mnemonic.
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 0.8.2
* add secpath support
* Tue Jan 16 2018 jengelhAATTinai.de- Update to new upstream release 0.8.1
* This release deprecates the \"flow table\" syntax in favor of \"meter\".
* Fri Oct 13 2017 jengelhAATTinai.de- Update to new upstream release 0.8
* This release contains new features available up to the (upcoming) Linux 4.14 kernel release:
* Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them.
* Sort set elements when listing them, from lower to largest.
* TCP option matching and mangling support. This includes TCP maximum segment size mangling.
* Add new \"-s\" option for listings without stateful information.
* Add new -c/--check option for nft, to tests if your ruleset loads fine, into the kernel, this is a dry run mode.
* Connection tracking helper support.
* Add --echo option, to print the handle that the kernel allocates to uniquely identify rules.
* Conntrack zone support
* Symmetric hash support
* Add support to include directories from nft natives scripts, files are loaded in alphanumerical order.
* Allow to check if IPv6 extension header or TCP option exists or is missing.
* Extend quota support to display used bytes.
* Add ct average matching, to match average bytes per packet a connection has transferred so far, to map the existing feature available in the iptables connbytes match.
* Allow to flush maps and flow tables.
* Allow to embed set definition into an existing set.
* Conntrack event filtering support via rule.
* Tue Dec 20 2016 jengelhAATTinai.de- Update to new upstream release 0.7
* Add new fib expression, which can be used to obtain the output interface from the route table based on either source or destination address of a packet.
* Support hashing of any arbitrary key combination, eg.
* Add number generation support. Useful for round-robin packet mark setting.
* Add quota support, eg.
* Introduce routing expression, for routing related data with support for nexthop
* Notrack support, to explicitly skip connection tracking for matching packets.
* Support to set non-byte bound packet header fields, including checksum adjustment.
* Add \'create set\' and \'create element\' commands.
* Allow to use variable reference for set element definitions.
* Allow to use variable definitions from element commands.
* Add support to flush set. You can use this new command to remove all existing elements in a set.
* Inverted set lookups.
* Honor absolute and relative paths via include file, where:
* Support log flags, to enable logging TCP sequence and options.
* tc classid parser support, eg.
* Allow numeric connlabels, so if connlabel still works with undefined labels.
* Thu Jun 02 2016 jengelhAATTinai.de- Update to new upstream release 0.6
* Rules may be replaced now
* Flow table support (requires Linux >= 4.3)
* Support for tracing
* Ratelimiting now supports units like bytes/second.
* Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
* Thu Sep 17 2015 jengelhAATTinai.de- Update to new upstream release 0.5
* Support combinations of two or more selectors to build a tuple
* Timeout support for sets
* Dormant flag for tables
* Default chain policy specifiable on creation
* Sat May 23 2015 mrueckertAATTsuse.de- set the url to the project page- pass --disable-silent-rules to configure to allow gcc post build check to work
* Tue Dec 16 2014 jengelhAATTinai.de- Update to new upstream release 0.4
* Since Linux 3.18: support for global ruleset operations
* Since 3.17: full logging support for all the families, including nfnetlink_log
* 3.16: automatic selection of the optimal set implementation
* 3.14: reject support for ip, ip6 and inet
* 3.18: reject support for bridge, and reject icmpx abstraction
* 3.18: masquerade support
* 3.19: redirect support
* Extend meta to support pkttype, cpu and devgroup matching.
* Fri Jun 27 2014 jengelhAATTinai.de- Update to new upstream release 0.3
* More compact syntax for the queue action
* Match input and output bridge interface name through \"meta ibriport\" and \"meta obriport\"
* netlink event monitor, to monitor ruleset events, set changes, etc.
* New transaction infrastructure - fully atomic updates for all object available in the upcoming 3.16.
* Mon Jan 13 2014 jengelhAATTinai.de- Initial package for build.opensuse.org
|
|
|
