mbox

iptables: update to 1.6.0

Message ID 20160902084845.11874-1-marcel.lorenz@ipfire.org
State Superseded
Headers

Message

Marcel Lorenz Sept. 2, 2016, 6:48 p.m. UTC 
  Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
---
 config/rootfiles/common/iptables | 14 +++++++++-----
 lfs/iptables                     | 18 ++++++++++--------
 2 files changed, 19 insertions(+), 13 deletions(-)

Comments

Michael Tremer Sept. 24, 2016, 9:44 p.m. UTC | #1 
Hi,

could somebody please build this and give it a good test?

I would especially be interested if the layer 7 extensions (i.e. QoS) are
working fine and matching is still okay.

This is a huge change and I do not feel confident enough yet to merge this into
next.

Best,
-Michael

On Fri, 2016-09-02 at 10:48 +0200, Marcel Lorenz wrote:
> Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
> ---
>  config/rootfiles/common/iptables | 14 +++++++++-----
>  lfs/iptables                     | 18 ++++++++++--------
>  2 files changed, 19 insertions(+), 13 deletions(-)
> 
> diff --git a/config/rootfiles/common/iptables
> b/config/rootfiles/common/iptables
> index 09e827c..17d0c9c 100644
> --- a/config/rootfiles/common/iptables
> +++ b/config/rootfiles/common/iptables
> @@ -16,9 +16,13 @@ lib/libiptc.so.0
>  lib/libiptc.so.0.0.0
>  #lib/libxtables.la
>  lib/libxtables.so
> -lib/libxtables.so.10
> -lib/libxtables.so.10.0.0
> +lib/libxtables.so.11
> +lib/libxtables.so.11.0.0
>  lib/xtables
> +#lib/xtables/libebt_802_3.so
> +#lib/xtables/libebt_ip.so
> +#lib/xtables/libebt_log.so
> +#lib/xtables/libebt_mark_m.so
>  #lib/xtables/libip6t_DNAT.so
>  #lib/xtables/libip6t_DNPT.so
>  #lib/xtables/libip6t_HL.so
> @@ -44,11 +48,9 @@ lib/xtables
>  #lib/xtables/libipt_ECN.so
>  #lib/xtables/libipt_LOG.so
>  #lib/xtables/libipt_MASQUERADE.so
> -#lib/xtables/libipt_MIRROR.so
>  #lib/xtables/libipt_NETMAP.so
>  #lib/xtables/libipt_REDIRECT.so
>  #lib/xtables/libipt_REJECT.so
> -#lib/xtables/libipt_SAME.so
>  #lib/xtables/libipt_SNAT.so
>  #lib/xtables/libipt_TTL.so
>  #lib/xtables/libipt_ULOG.so
> @@ -56,7 +58,6 @@ lib/xtables
>  #lib/xtables/libipt_icmp.so
>  #lib/xtables/libipt_realm.so
>  #lib/xtables/libipt_ttl.so
> -#lib/xtables/libipt_unclean.so
>  #lib/xtables/libxt_AUDIT.so
>  #lib/xtables/libxt_CHECKSUM.so
>  #lib/xtables/libxt_CLASSIFY.so
> @@ -84,6 +85,7 @@ lib/xtables
>  #lib/xtables/libxt_TRACE.so
>  #lib/xtables/libxt_addrtype.so
>  #lib/xtables/libxt_bpf.so
> +#lib/xtables/libxt_cgroup.so
>  #lib/xtables/libxt_cluster.so
>  #lib/xtables/libxt_comment.so
>  #lib/xtables/libxt_connbytes.so
> @@ -99,12 +101,14 @@ lib/xtables
>  #lib/xtables/libxt_esp.so
>  #lib/xtables/libxt_hashlimit.so
>  #lib/xtables/libxt_helper.so
> +#lib/xtables/libxt_ipcomp.so
>  #lib/xtables/libxt_iprange.so
>  #lib/xtables/libxt_ipvs.so
>  #lib/xtables/libxt_layer7.so
>  #lib/xtables/libxt_length.so
>  #lib/xtables/libxt_limit.so
>  #lib/xtables/libxt_mac.so
> +#lib/xtables/libxt_mangle.so
>  #lib/xtables/libxt_mark.so
>  #lib/xtables/libxt_multiport.so
>  #lib/xtables/libxt_nfacct.so
> diff --git a/lfs/iptables b/lfs/iptables
> index b7ce928..5ac7b9c 100644
> --- a/lfs/iptables
> +++ b/lfs/iptables
> @@ -1,7 +1,7 @@
>  #############################################################################
> ##
>  #                                                                            
>  #
>  # IPFire.org - A linux based
> firewall                                         #
> -# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                    
>  #
> +# Copyright (C) 2007-2016  IPFire Team  <info@ipfire.org>                    
>  #
>  #                                                                            
>  #
>  # This program is free software: you can redistribute it and/or
> modify        #
>  # it under the terms of the GNU General Public License as published
> by        #
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 1.4.21
> +VER        = 1.6.0
>  
>  THISAPP    = iptables-$(VER)
>  DL_FILE    = $(THISAPP).tar.bz2
> @@ -36,13 +36,13 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
>  # Top-level Rules
>  #############################################################################
> ##
>  objects = $(DL_FILE) \
> -	netfilter-layer7-v2.22.tar.gz
> +	netfilter-layer7-v2.23.tar.gz
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
> +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz
>  
> -$(DL_FILE)_MD5 = 536d048c8e8eeebcd9757d0863ebb0c0
> -netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
> +$(DL_FILE)_MD5 = 27ba3451cb622467fc9267a176f19a31
> +netfilter-layer7-v2.23.tar.gz_MD5 = 10910b6173d18e426cb56ae7e1300eeb
>  
>  install : $(TARGET)
>  
> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	@cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
>  
>  	# Layer7
> -	cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
> -	cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-
> 1.4.3forward-for-kernel-2.6.20forward/* \
> +	cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
> +	cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-
> 1.4.3forward-for-kernel-2.6.20forward/* \
>  	                 ./extensions/
>  
>  	# imq
> @@ -88,6 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  		--libdir=/lib \
>  		--includedir=/usr/include \
>  		--enable-libipq \
> +		--disable-nftables \
> +		--with-xtlibdir=/lib/xtables \
>  		--libexecdir=/lib \
>  		--bindir=/sbin \
>  		--sbindir=/sbin \