SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for iptables-1.8.10-lp156.174.1.x86_64.rpm :

* Fri May 24 2024 Jan Engelhardt - Edit iptables-batch-lock.patch, cure use of implicit function, fix it to make gcc14 happy.
* Sat Oct 21 2023 Jan Engelhardt - The presence of nftables does not mandate that iptables use backend-nft [bsc#1206383].
* Tue Oct 10 2023 Jan Engelhardt - Update to release 1.8.10
* xtables-translate: support rule insert with index
* broute table support in ebtables-nft
* nft-variants\' debug output (pass multiple ``-v`` flags) now contains sets if present
* Add mld-listener type names to icmp6 match
* Mon Feb 13 2023 Danilo Spinella - Use nftables backend by default when nftables is installed, bsc#1206383
* Thu Jan 12 2023 Jan Engelhardt - Update to release 1.8.9
* arptables-nft: Support --exact flag
* Support more chunk types in the \"sctp\" extension
* Print `--` in ip6tables\' \"opt\" column for consistency with iptables
* More verbose error messages if iptables-nft-restore fails
* Support `-p Length` with ebtables-nft, needed for 802_3 extension.
* Thu Jul 21 2022 Ludwig Nussel - add baselibs.conf for libip4tc2, will be needed by libsystemd-shared-251.so
* Fri May 13 2022 Jan Engelhardt - Update to release 1.8.8
* Add iptables-translate support for: sctp match\'s - -chunk-types option, connlimit match, multiport match\'s - -ports option, and the tcpmss match.
* Reject setuid executables in libxtables for safety reasons
* Extended arptables-nft with -C, -I, -R, -S cmomands and the \"-c N,M\" counter syntax.
* Debug output in iptables-restore (all variants), iptables-nft and ebtables-nft when specifying -v multiple times
* Improved performance of iptables-save and -restore
* Thu Dec 30 2021 Danilo Spinella - Only use nftables backend when iptables-backend-nft is installed when using libalternatives
* Fri Nov 19 2021 Danilo Spinella - Fix libalternatives configuration for ebtables and arptables by keeping argv0, fixes bsc#1192799.
* Wed Oct 20 2021 Stefan Schubert - Added alts requirements for iptables-backend-nft package.
* Thu Sep 16 2021 Stefan Schubert - Removed update-alternatives dependency in libalternatives mode.
* Tue Aug 03 2021 Stefan Schubert - Use libalternatives instead of update-alternatives.
* Fri Jan 15 2021 Jan Engelhardt - Update to release 1.8.7
* iptables-nft:
* Improved performance when matching on IP/MAC address prefixes if the prefix is byte-aligned. In ideal cases, this doubles packet processing performance.
* Dump user-defined chains in lexical order. This way ruleset dumps become stable and easily comparable.
* Avoid pointless table/chain creation. For instance, `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 Jan Engelhardt - Update to release 1.8.6
* iptables-nft had pointlessly added \"bitwise\" expressions to each IP address match, needlessly slowing down run-time performance (by 50% in worst cases).
* iptables-nft-restore: Support basechain policy value of \"-\" (indicating to not change the chain\'s policy).
* nft-translte: Fix translation of ICMP type \"any\" match.
* Wed Jun 03 2020 Jan Engelhardt - Update to release 1.8.5
* IDLETIMER: Add alarm timer option
* nft: CT: add translation for NOTRACK- Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 Jan Engelhardt - Update to release 1.8.4
* Fix for wrong counter format in `ebtables-nft-save -c` output.
* Print typical iptables-save comments in arptables- and ebtables-save, too.
* xt_owner: add --suppl-groups option
* Remove support for /etc/xtables.conf
* Restore support for \"-4\" and \"-6\" options in rule lines.
* Mon Sep 30 2019 Kristyna Streitova - Add Conflicts with iptables-nft = 1.6.2 as during the update to iptables 1.8 ip6tables-restore-translate, ip6tables-translate, iptables-restore-translate and iptables-translate were moved from iptables-nft subpackage (now iptables-backend-nft) to the main package. So we need to add a conflict here otherwise we hit file conflicts error during the update.
* Fri Sep 06 2019 Kristyna Streitova - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 Jan Engelhardt - Update to new upstream release 1.8.3
* ebtables: Fix rule listing with counters
* ebtables-nft: Support user-defined chain policies- Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed)
* Wed May 22 2019 Jan Engelhardt - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 Kristýna Streitová - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where \'iptables -L\' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 Jan Engelhardt - Update to new upstream release 1.8.2
* Fix incorrect handling of various targets and options in iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 Jan Engelhardt - Update to new upstream release 1.8.1
* New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astiegerAATTsuse.com- note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 Markos Chandras - Add missing update-alternatives dependency to Requires(post) section. If this is missing the package fails to install properly when it is used as build dependency.
* Mon Jul 09 2018 jengelhAATTinai.de- Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
* The ipv6 \"srh\" match can now match previous/next/last sid
* CONNMARK target now supports bit-shifting for restore,set and save-mark.
* DNAT now supports shifted portmap ranges.
* iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukukAATTsuse.de- Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstnerAATTsuse.com- Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstnerAATTsuse.com- Resolve conflict with ebtables and obtain ethertypes from new netcfg minor version. FATE#320520
* Sat Feb 03 2018 jengelhAATTinai.de- Update to new upstream release 1.6.2
* add support for the \"srh\" match
* add randomize-full for the \"MASQUERADE\" target
* add rate match mode to the \"hashlimit\" match
* Thu Jun 22 2017 matthias.gerstnerAATTsuse.com- Add iptables-batch-lock.patch: Fix a locking issue of iptables-batch which can cause it to spuriously fail when other programs modify the iptables rules in parallel (bnc#1045130). This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017 jengelhAATTinai.de- Update to new upstream release 1.6.1
* add support for hashlimit rev 2 for higher pps rates
* add support for cgroup2 path matching
* translation program for nft
* Fri Dec 18 2015 jengelhAATTinai.de- Update to final release 1.6.0
* Only a build fix, no new significant changes.
* Mon Nov 23 2015 jengelhAATTinai.de- Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
* -m ah/esp/rt: restore matching \"any SPI id\" by default (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
* -m cgroup: new module
* -m dst: make ! --dst-len work
* -m ipcomp: new module
* -m socket: add --restore-skmark option
* -j CT: add support for new zone options
* -j REJECT: add missing ICMPv6 codes
* -j TEE: make it possible to delete rules with -D ... -j
* -j SNAT/DNAT: add randomize-full support
  
ICM