iptables: update to 1.6.0
Message ID | 20160902084845.11874-1-marcel.lorenz@ipfire.org |
---|---|
State | Superseded |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (hedwig.ipfire.org [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 40FB761C2D for <patchwork@ipfire.org>; Fri, 2 Sep 2016 10:49:26 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 7EF0CC2A; Fri, 2 Sep 2016 10:49:23 +0200 (CEST) Received: from localhost.localdomain (mail.ml-systec.de [185.40.172.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id D0D73A74 for <development@lists.ipfire.org>; Fri, 2 Sep 2016 10:49:18 +0200 (CEST) From: Marcel Lorenz <marcel.lorenz@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] iptables: update to 1.6.0 Date: Fri, 2 Sep 2016 10:48:45 +0200 Message-Id: <20160902084845.11874-1-marcel.lorenz@ipfire.org> X-Mailer: git-send-email 2.9.3 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Marcel Lorenz
Sept. 2, 2016, 6:48 p.m. UTC
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
---
config/rootfiles/common/iptables | 14 +++++++++-----
lfs/iptables | 18 ++++++++++--------
2 files changed, 19 insertions(+), 13 deletions(-)
Comments
Hi, could somebody please build this and give it a good test? I would especially be interested if the layer 7 extensions (i.e. QoS) are working fine and matching is still okay. This is a huge change and I do not feel confident enough yet to merge this into next. Best, -Michael On Fri, 2016-09-02 at 10:48 +0200, Marcel Lorenz wrote: > Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> > --- > config/rootfiles/common/iptables | 14 +++++++++----- > lfs/iptables | 18 ++++++++++-------- > 2 files changed, 19 insertions(+), 13 deletions(-) > > diff --git a/config/rootfiles/common/iptables > b/config/rootfiles/common/iptables > index 09e827c..17d0c9c 100644 > --- a/config/rootfiles/common/iptables > +++ b/config/rootfiles/common/iptables > @@ -16,9 +16,13 @@ lib/libiptc.so.0 > lib/libiptc.so.0.0.0 > #lib/libxtables.la > lib/libxtables.so > -lib/libxtables.so.10 > -lib/libxtables.so.10.0.0 > +lib/libxtables.so.11 > +lib/libxtables.so.11.0.0 > lib/xtables > +#lib/xtables/libebt_802_3.so > +#lib/xtables/libebt_ip.so > +#lib/xtables/libebt_log.so > +#lib/xtables/libebt_mark_m.so > #lib/xtables/libip6t_DNAT.so > #lib/xtables/libip6t_DNPT.so > #lib/xtables/libip6t_HL.so > @@ -44,11 +48,9 @@ lib/xtables > #lib/xtables/libipt_ECN.so > #lib/xtables/libipt_LOG.so > #lib/xtables/libipt_MASQUERADE.so > -#lib/xtables/libipt_MIRROR.so > #lib/xtables/libipt_NETMAP.so > #lib/xtables/libipt_REDIRECT.so > #lib/xtables/libipt_REJECT.so > -#lib/xtables/libipt_SAME.so > #lib/xtables/libipt_SNAT.so > #lib/xtables/libipt_TTL.so > #lib/xtables/libipt_ULOG.so > @@ -56,7 +58,6 @@ lib/xtables > #lib/xtables/libipt_icmp.so > #lib/xtables/libipt_realm.so > #lib/xtables/libipt_ttl.so > -#lib/xtables/libipt_unclean.so > #lib/xtables/libxt_AUDIT.so > #lib/xtables/libxt_CHECKSUM.so > #lib/xtables/libxt_CLASSIFY.so > @@ -84,6 +85,7 @@ lib/xtables > #lib/xtables/libxt_TRACE.so > #lib/xtables/libxt_addrtype.so > #lib/xtables/libxt_bpf.so > +#lib/xtables/libxt_cgroup.so > #lib/xtables/libxt_cluster.so > #lib/xtables/libxt_comment.so > #lib/xtables/libxt_connbytes.so > @@ -99,12 +101,14 @@ lib/xtables > #lib/xtables/libxt_esp.so > #lib/xtables/libxt_hashlimit.so > #lib/xtables/libxt_helper.so > +#lib/xtables/libxt_ipcomp.so > #lib/xtables/libxt_iprange.so > #lib/xtables/libxt_ipvs.so > #lib/xtables/libxt_layer7.so > #lib/xtables/libxt_length.so > #lib/xtables/libxt_limit.so > #lib/xtables/libxt_mac.so > +#lib/xtables/libxt_mangle.so > #lib/xtables/libxt_mark.so > #lib/xtables/libxt_multiport.so > #lib/xtables/libxt_nfacct.so > diff --git a/lfs/iptables b/lfs/iptables > index b7ce928..5ac7b9c 100644 > --- a/lfs/iptables > +++ b/lfs/iptables > @@ -1,7 +1,7 @@ > ############################################################################# > ## > # > # > # IPFire.org - A linux based > firewall # > -# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> > # > +# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> > # > # > # > # This program is free software: you can redistribute it and/or > modify # > # it under the terms of the GNU General Public License as published > by # > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.4.21 > +VER = 1.6.0 > > THISAPP = iptables-$(VER) > DL_FILE = $(THISAPP).tar.bz2 > @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP) > # Top-level Rules > ############################################################################# > ## > objects = $(DL_FILE) \ > - netfilter-layer7-v2.22.tar.gz > + netfilter-layer7-v2.23.tar.gz > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz > +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz > > -$(DL_FILE)_MD5 = 536d048c8e8eeebcd9757d0863ebb0c0 > -netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f > +$(DL_FILE)_MD5 = 27ba3451cb622467fc9267a176f19a31 > +netfilter-layer7-v2.23.tar.gz_MD5 = 10910b6173d18e426cb56ae7e1300eeb > > install : $(TARGET) > > @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) > > # Layer7 > - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz > - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables- > 1.4.3forward-for-kernel-2.6.20forward/* \ > + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz > + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables- > 1.4.3forward-for-kernel-2.6.20forward/* \ > ./extensions/ > > # imq > @@ -88,6 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > --libdir=/lib \ > --includedir=/usr/include \ > --enable-libipq \ > + --disable-nftables \ > + --with-xtlibdir=/lib/xtables \ > --libexecdir=/lib \ > --bindir=/sbin \ > --sbindir=/sbin \