| Message ID | 20220522214328.2766670-1-adolf.belka@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 2cc3995bc5132e66fcd97570307f00dca34f1e9a |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4L5v9H2fqlz3wcf for <patchwork@web04.haj.ipfire.org>; Sun, 22 May 2022 21:43:47 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4L5v8z57Ybz2gW; Sun, 22 May 2022 21:43:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4L5v8z4p5Yz301d; Sun, 22 May 2022 21:43:31 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4L5v8z1L0Cz2xxL for <development@lists.ipfire.org>; Sun, 22 May 2022 21:43:31 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4L5v8y6sb8z191; Sun, 22 May 2022 21:43:30 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1653255811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=8DNRqrSKxiaPQRIdHVwFXHQd9vI/jVzTyS4ioM8Voxk=; b=wYPgXvABp0bKJqEdYh0nbvsL8L9+E/q7ZKUVfj0gnq37hzMUJBAWCrL3snUY2HJRGXVWDx 8czg9OIxccUwEWBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1653255811; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=8DNRqrSKxiaPQRIdHVwFXHQd9vI/jVzTyS4ioM8Voxk=; b=Yb3pR3lTY5IVJH9dpUyBvBJ4SryvFHRHilPHpYj8QAx8TLsjeCjb9WMd3kXXVPqL9HoARl F37JH/dKr6gc0aeC46TRtDTF0bQIVSIjHHkTj7A84cEN3Rm4UQwW5qPQa9LyWpMznBWf0D vRKbe4Fl2jFjFeUZK5YO6rR7px6w1sh6BEFMFHafgJomtB2d0uFh8jidYz4srlh3DPLpgy wR8VbnvsdC6/YmTMb4Jr8aeKEQ8uWnSRkh3satOgQGzZ8OZ78eS1ATxDdmaoaYOE7uvT02 +/1MxMMl+k76X6J/LE6Wi0Dl1M1CYT/8Hy4tl5KecfT0jX9GOW3c5kTgCSdcSg== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] iptables: Update to version 1.8.8 Date: Sun, 22 May 2022 23:43:28 +0200 Message-Id: <20220522214328.2766670-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
iptables: Update to version 1.8.8
|
|
Commit Message
Adolf Belka
May 22, 2022, 9:43 p.m. UTC
- Update from version 1.8.7 to 1.8.8
- Update of rootfile
- Changelog
Version 1.8.8
extensions: libxt_conntrack: use bitops for state negation
extensions: libxt_conntrack: use bitops for status negation
xtables: Call init_extensions6() for static builds
xtables: Call init_extensions{,a,b}() for static builds
iptables-nft: fix -Z option
libxtables: exit if called by setuid executeable
iptables-nft: allow removal of empty builtin chains
extensions: tcpmss: add iptables-translate support
nft-shared: set correct register value
nft-shared: support native tcp port delinearize
nft-shared: support native tcp port range delinearize
nft-shared: support native udp port delinearize
nft: prefer native expressions instead of udp match
nft: prefer native expressions instead of tcp match
nft-shared: add tcp flag dissection
nft: add support for native tcp flag matching
tests: shell: fix bashism
nft: fix indentation error.
tests: iptables-test: correct misspelt variable
extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
extensions: libxt_NFLOG: fix typo
tests: iptables-test: rename variable
tests: add `NOMATCH` test result
tests: support explicit variant test result
tests: NFLOG: enable `--nflog-range` tests
xshared: Implement xtables lock timeout using signals
extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
extensions: libxt_NFLOG: don't truncate log prefix on print/save
extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
fix build for missing ETH_ALEN definition
libxtables: extend xlate infrastructure
tests: xlate-test: support multiline expectation
extensions: libxt_connlimit: add translation
extensions: libxt_tcp: rework translation to use flags match representation
extensions: libxt_conntrack: simplify translation using negation
extensions: libxt_multiport: add translation for -m multiport --ports
nft-shared: update context register for bitwise expression
nft: pass struct nft_xt_ctx to parse_meta()
nft: native mark matching support
nft: pass handle to helper functions to build netlink payload
nft: prepare for dynamic register allocation
nft: split gen_payload() to allocate register and initialize expression
configure: bump version for 1.8.8 release
ip6tables: masquerade: use fully-random so that nft can understand the rule
ebtables: Exit gracefully on invalid table names
include: Drop libipulog.h
nft: Fix bitwise expression avoidance detection
xtables-translate: Fix translation of odd netmasks
libxtables: Simplify xtables_ipmask_to_cidr() a bit
nft: cache: Sort chains on demand only
nft: Increase BATCH_PAGE_SIZE to support huge rulesets
extensions: sctp: Explain match types in man page
Eliminate inet_aton() and inet_ntoa()
nft-arp: Make use of ipv4_addr_to_string()
extensions: SECMARK: Implement revision 1
xtables: Make invflags 16bit wide
xshared: Eliminate iptables_command_state->invert
xshared: Merge invflags handling code
ebtables-translate: Use shared ebt_get_current_chain() function
Use proto_to_name() from xshared in more places
extensions: sctp: Fix nftables translation
extensions: sctp: Translate --chunk-types option
libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
extensions: libebt_ip6: Drop unused variables
libxtables: Fix memleak in xtopt_parse_hostmask()
nft: Avoid memleak in error path of nft_cmd_new()
nft: Avoid buffer size warnings copying iface names
iptables-apply: Drop unused variable
extensions: libebt_ip6: Use xtables_ip6parse_any()
libxtables: Introduce xtables_strdup() and use it everywhere
extensions: libxt_string: Avoid buffer size warning for strncpy()
doc: ebtables-nft.8: Adjust for missing atomic-options
ebtables: Dump atomic waste
nft: Fix for non-verbose check command
tests/shell: Assert non-verbose mode is silent
extensions: hashlimit: Fix tests with HZ=100
iptables-test: Make netns spawning more robust
extensions: libxt_mac: Fix for missing space in listing
nft: Use xtables_malloc() in mnl_err_list_node_add()
nft: Use xtables_{m,c}alloc() everywhere
tests: iptables-test: Fix missing chain case
tests: xlate-test: Don't skip any input after the first empty line
tests: xlate-test: Print errors to stderr
tests: iptables-test: Print errors to stderr
tests: xlate-test: Exit non-zero on error
tests: iptables-test: Exit non-zero on error
tests: shell: Return non-zero on error
ebtables: Avoid dropping policy when flushing
tests: iptables-test: Fix conditional colors on stderr
nft: cache: Avoid double free of unrecognized base-chains
nft: Check base-chain compatibility when adding to cache
nft-chain: Introduce base_slot field
nft: Delete builtin chains compatibly
nft: Introduce builtin_tables_lookup()
xshared: Store optstring in xtables_globals
nft-shared: Introduce init_cs family ops callback
xtables: Simplify addr_mask freeing
nft: Add family ops callbacks wrapping different nft_cmd_* functions
xtables-standalone: Drop version number from init errors
libxtables: Introduce xtables_globals print_help callback
arptables: Use standard data structures when parsing
nft-arp: Introduce post_parse callback
nft-shared: Make nft_check_xt_legacy() family agnostic
xtables: Derive xtables_globals from family
xtables: arptables accepts empty interface names
nft: Merge xtables-arp-standalone.c into xtables-standalone.c
Unbreak xtables-translate
xlate-test: Print full path if testing all files
extensions: hashlimit: Fix tests with HZ=1000
xshared: Merge and share parse_chain()
nft: Change whitespace printing in save_rule callback
xshared: Share print_iface() function
xshared: Share save_rule_details() with legacy
xshared: Share save_ipv{4,6}_addr() with legacy
xshared: Share print_rule_details() with legacy
xshared: Share print_fragment() with legacy
xshared: Share print_header() with legacy iptables
nft-shared: Drop unused function print_proto()
xshared: Make load_proto() static
xshared: Share print_match_save() between legacy ip*tables
xshared: Share a common printhelp function
xshared: Share exit_tryhelp()
xtables_globals: Embed variant name in .program_version
libxtables: Extend basic_exit_err()
iptables-*-restore: Drop pointless line reference
xtables: Drop xtables' family on demand feature
xtables: Pull table validity check out of do_parse()
xtables: Move struct nft_xt_cmd_parse to xshared.h
xtables: Pass xtables_args to check_empty_interface()
xtables: Pass xtables_args to check_inverse()
xtables: Do not pass nft_handle to do_parse()
xshared: Move do_parse to shared space
xshared: Store parsed wait and wait_interval in xtables_args
nft: Move proto_parse and post_parse callbacks to xshared
iptables: Use xtables' do_parse() function
ip6tables: Use the shared do_parse, too
extensions: *NAT: Kill multiple IPv4 range support
xshared: Fix response to unprivileged users
nft: Use verbose flag to toggle debug output
iptables-restore: Support for extra debug output
nft: Set NFTNL_CHAIN_FAMILY in new chains
ebtables: Support verbose mode
nft: Add debug output to table creation
nft: cache: Dump rules if debugging
tests: iptables-test: Support variant deviation
iptables.8: Describe the effect of multiple -v flags
libxtables: Register only the highest revision extension
Improve error messages for unsupported extensions
nft: Simplify immediate parsing
nft: Speed up immediate parsing
xshared: Prefer xtables_chain_protos lookup over getprotoent
nft: Don't pass command state opaque to family ops callbacks
libxtables: Fix for warning in xtables_ipmask_to_numeric
Simplify static build extension loading
nft: Review static extension loading
tests: shell: Fix 0004-return-codes_0 for static builds
nft: Reject standard targets as chain names when restoring
libxtables: Implement notargets hash table
libxtables: Boost rule target checks by announcing chain names
xlate-test: Fix for empty source line on failure
man: DNAT: Describe shifted port range feature
Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
extensions: ipt_DNAT: Merge v1 and v2 parsers
extensions: ipt_DNAT: Merge v1/v2 print/save code
extensions: ipt_DNAT: Combine xlate functions also
extensions: DNAT: Rename from libipt to libxt
extensions: Merge IPv4 and IPv6 DNAT targets
extensions: Merge REDIRECT into DNAT
extensions: man: Document service name support in DNAT and REDIRECT
extensions: MARK: Drop extra newline at end of help
xshared: Move arp_opcodes into shared space
xshared: Extend xtables_printhelp() for arptables
libxtables: Drop xtables_globals 'optstring' field
libxtables: Revert change to struct xtables_pprot
extensions: DNAT: Merge core printing functions
man: *NAT: Review --random* option descriptions
extensions: LOG: Document --log-macdecode in man page
nft: Fix EPERM handling for extensions without rev 0
xtables-translate: add missing argument and option to usage
Fix a few doc typos
iptables-test.py: print with color escapes only when stdout isatty
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/iptables | 8 +++-----
lfs/iptables | 4 ++--
2 files changed, 5 insertions(+), 7 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 1.8.7 to 1.8.8 > - Update of rootfile > - Changelog > Version 1.8.8 > extensions: libxt_conntrack: use bitops for state negation > extensions: libxt_conntrack: use bitops for status negation > xtables: Call init_extensions6() for static builds > xtables: Call init_extensions{,a,b}() for static builds > iptables-nft: fix -Z option > libxtables: exit if called by setuid executeable > iptables-nft: allow removal of empty builtin chains > extensions: tcpmss: add iptables-translate support > nft-shared: set correct register value > nft-shared: support native tcp port delinearize > nft-shared: support native tcp port range delinearize > nft-shared: support native udp port delinearize > nft: prefer native expressions instead of udp match > nft: prefer native expressions instead of tcp match > nft-shared: add tcp flag dissection > nft: add support for native tcp flag matching > tests: shell: fix bashism > nft: fix indentation error. > tests: iptables-test: correct misspelt variable > extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases > extensions: libxt_NFLOG: remove extra space when saving targets with prefixes > build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` > extensions: libxt_NFLOG: fix typo > tests: iptables-test: rename variable > tests: add `NOMATCH` test result > tests: support explicit variant test result > tests: NFLOG: enable `--nflog-range` tests > xshared: Implement xtables lock timeout using signals > extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG > extensions: libxt_NFLOG: don't truncate log prefix on print/save > extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases > fix build for missing ETH_ALEN definition > libxtables: extend xlate infrastructure > tests: xlate-test: support multiline expectation > extensions: libxt_connlimit: add translation > extensions: libxt_tcp: rework translation to use flags match representation > extensions: libxt_conntrack: simplify translation using negation > extensions: libxt_multiport: add translation for -m multiport --ports > nft-shared: update context register for bitwise expression > nft: pass struct nft_xt_ctx to parse_meta() > nft: native mark matching support > nft: pass handle to helper functions to build netlink payload > nft: prepare for dynamic register allocation > nft: split gen_payload() to allocate register and initialize expression > configure: bump version for 1.8.8 release > ip6tables: masquerade: use fully-random so that nft can understand the rule > ebtables: Exit gracefully on invalid table names > include: Drop libipulog.h > nft: Fix bitwise expression avoidance detection > xtables-translate: Fix translation of odd netmasks > libxtables: Simplify xtables_ipmask_to_cidr() a bit > nft: cache: Sort chains on demand only > nft: Increase BATCH_PAGE_SIZE to support huge rulesets > extensions: sctp: Explain match types in man page > Eliminate inet_aton() and inet_ntoa() > nft-arp: Make use of ipv4_addr_to_string() > extensions: SECMARK: Implement revision 1 > xtables: Make invflags 16bit wide > xshared: Eliminate iptables_command_state->invert > xshared: Merge invflags handling code > ebtables-translate: Use shared ebt_get_current_chain() function > Use proto_to_name() from xshared in more places > extensions: sctp: Fix nftables translation > extensions: sctp: Translate --chunk-types option > libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() > extensions: libebt_ip6: Drop unused variables > libxtables: Fix memleak in xtopt_parse_hostmask() > nft: Avoid memleak in error path of nft_cmd_new() > nft: Avoid buffer size warnings copying iface names > iptables-apply: Drop unused variable > extensions: libebt_ip6: Use xtables_ip6parse_any() > libxtables: Introduce xtables_strdup() and use it everywhere > extensions: libxt_string: Avoid buffer size warning for strncpy() > doc: ebtables-nft.8: Adjust for missing atomic-options > ebtables: Dump atomic waste > nft: Fix for non-verbose check command > tests/shell: Assert non-verbose mode is silent > extensions: hashlimit: Fix tests with HZ=100 > iptables-test: Make netns spawning more robust > extensions: libxt_mac: Fix for missing space in listing > nft: Use xtables_malloc() in mnl_err_list_node_add() > nft: Use xtables_{m,c}alloc() everywhere > tests: iptables-test: Fix missing chain case > tests: xlate-test: Don't skip any input after the first empty line > tests: xlate-test: Print errors to stderr > tests: iptables-test: Print errors to stderr > tests: xlate-test: Exit non-zero on error > tests: iptables-test: Exit non-zero on error > tests: shell: Return non-zero on error > ebtables: Avoid dropping policy when flushing > tests: iptables-test: Fix conditional colors on stderr > nft: cache: Avoid double free of unrecognized base-chains > nft: Check base-chain compatibility when adding to cache > nft-chain: Introduce base_slot field > nft: Delete builtin chains compatibly > nft: Introduce builtin_tables_lookup() > xshared: Store optstring in xtables_globals > nft-shared: Introduce init_cs family ops callback > xtables: Simplify addr_mask freeing > nft: Add family ops callbacks wrapping different nft_cmd_* functions > xtables-standalone: Drop version number from init errors > libxtables: Introduce xtables_globals print_help callback > arptables: Use standard data structures when parsing > nft-arp: Introduce post_parse callback > nft-shared: Make nft_check_xt_legacy() family agnostic > xtables: Derive xtables_globals from family > xtables: arptables accepts empty interface names > nft: Merge xtables-arp-standalone.c into xtables-standalone.c > Unbreak xtables-translate > xlate-test: Print full path if testing all files > extensions: hashlimit: Fix tests with HZ=1000 > xshared: Merge and share parse_chain() > nft: Change whitespace printing in save_rule callback > xshared: Share print_iface() function > xshared: Share save_rule_details() with legacy > xshared: Share save_ipv{4,6}_addr() with legacy > xshared: Share print_rule_details() with legacy > xshared: Share print_fragment() with legacy > xshared: Share print_header() with legacy iptables > nft-shared: Drop unused function print_proto() > xshared: Make load_proto() static > xshared: Share print_match_save() between legacy ip*tables > xshared: Share a common printhelp function > xshared: Share exit_tryhelp() > xtables_globals: Embed variant name in .program_version > libxtables: Extend basic_exit_err() > iptables-*-restore: Drop pointless line reference > xtables: Drop xtables' family on demand feature > xtables: Pull table validity check out of do_parse() > xtables: Move struct nft_xt_cmd_parse to xshared.h > xtables: Pass xtables_args to check_empty_interface() > xtables: Pass xtables_args to check_inverse() > xtables: Do not pass nft_handle to do_parse() > xshared: Move do_parse to shared space > xshared: Store parsed wait and wait_interval in xtables_args > nft: Move proto_parse and post_parse callbacks to xshared > iptables: Use xtables' do_parse() function > ip6tables: Use the shared do_parse, too > extensions: *NAT: Kill multiple IPv4 range support > xshared: Fix response to unprivileged users > nft: Use verbose flag to toggle debug output > iptables-restore: Support for extra debug output > nft: Set NFTNL_CHAIN_FAMILY in new chains > ebtables: Support verbose mode > nft: Add debug output to table creation > nft: cache: Dump rules if debugging > tests: iptables-test: Support variant deviation > iptables.8: Describe the effect of multiple -v flags > libxtables: Register only the highest revision extension > Improve error messages for unsupported extensions > nft: Simplify immediate parsing > nft: Speed up immediate parsing > xshared: Prefer xtables_chain_protos lookup over getprotoent > nft: Don't pass command state opaque to family ops callbacks > libxtables: Fix for warning in xtables_ipmask_to_numeric > Simplify static build extension loading > nft: Review static extension loading > tests: shell: Fix 0004-return-codes_0 for static builds > nft: Reject standard targets as chain names when restoring > libxtables: Implement notargets hash table > libxtables: Boost rule target checks by announcing chain names > xlate-test: Fix for empty source line on failure > man: DNAT: Describe shifted port range feature > Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified" > extensions: ipt_DNAT: Merge v1 and v2 parsers > extensions: ipt_DNAT: Merge v1/v2 print/save code > extensions: ipt_DNAT: Combine xlate functions also > extensions: DNAT: Rename from libipt to libxt > extensions: Merge IPv4 and IPv6 DNAT targets > extensions: Merge REDIRECT into DNAT > extensions: man: Document service name support in DNAT and REDIRECT > extensions: MARK: Drop extra newline at end of help > xshared: Move arp_opcodes into shared space > xshared: Extend xtables_printhelp() for arptables > libxtables: Drop xtables_globals 'optstring' field > libxtables: Revert change to struct xtables_pprot > extensions: DNAT: Merge core printing functions > man: *NAT: Review --random* option descriptions > extensions: LOG: Document --log-macdecode in man page > nft: Fix EPERM handling for extensions without rev 0 > xtables-translate: add missing argument and option to usage > Fix a few doc typos > iptables-test.py: print with color escapes only when stdout isatty > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/iptables | 8 +++----- > lfs/iptables | 4 ++-- > 2 files changed, 5 insertions(+), 7 deletions(-) > > diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables > index b8bf748a5..ba1621324 100644 > --- a/config/rootfiles/common/iptables > +++ b/config/rootfiles/common/iptables > @@ -13,15 +13,13 @@ lib/libipq.so.0.0.0 > #lib/libxtables.la > lib/libxtables.so > lib/libxtables.so.12 > -lib/libxtables.so.12.4.0 > +lib/libxtables.so.12.6.0 > #lib/xtables > -lib/xtables/libip6t_DNAT.so > lib/xtables/libip6t_DNPT.so > lib/xtables/libip6t_HL.so > lib/xtables/libip6t_LOG.so > lib/xtables/libip6t_MASQUERADE.so > lib/xtables/libip6t_NETMAP.so > -lib/xtables/libip6t_REDIRECT.so > lib/xtables/libip6t_REJECT.so > lib/xtables/libip6t_SNAT.so > lib/xtables/libip6t_SNPT.so > @@ -37,12 +35,10 @@ lib/xtables/libip6t_mh.so > lib/xtables/libip6t_rt.so > lib/xtables/libip6t_srh.so > lib/xtables/libipt_CLUSTERIP.so > -lib/xtables/libipt_DNAT.so > lib/xtables/libipt_ECN.so > lib/xtables/libipt_LOG.so > lib/xtables/libipt_MASQUERADE.so > lib/xtables/libipt_NETMAP.so > -lib/xtables/libipt_REDIRECT.so > lib/xtables/libipt_REJECT.so > lib/xtables/libipt_SNAT.so > lib/xtables/libipt_TTL.so > @@ -57,6 +53,7 @@ lib/xtables/libxt_CLASSIFY.so > lib/xtables/libxt_CONNMARK.so > lib/xtables/libxt_CONNSECMARK.so > lib/xtables/libxt_CT.so > +lib/xtables/libxt_DNAT.so > lib/xtables/libxt_DSCP.so > lib/xtables/libxt_HMARK.so > lib/xtables/libxt_IDLETIMER.so > @@ -66,6 +63,7 @@ lib/xtables/libxt_NFLOG.so > lib/xtables/libxt_NFQUEUE.so > lib/xtables/libxt_NOTRACK.so > lib/xtables/libxt_RATEEST.so > +lib/xtables/libxt_REDIRECT.so > lib/xtables/libxt_SECMARK.so > lib/xtables/libxt_SET.so > lib/xtables/libxt_SYNPROXY.so > diff --git a/lfs/iptables b/lfs/iptables > index c2f0d56c5..275559bfe 100644 > --- a/lfs/iptables > +++ b/lfs/iptables > @@ -24,7 +24,7 @@ > > include Config > > -VER = 1.8.7 > +VER = 1.8.8 > > THISAPP = iptables-$(VER) > DL_FILE = $(THISAPP).tar.bz2 > @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz > > -$(DL_FILE)_BLAKE2 = fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 > +$(DL_FILE)_BLAKE2 = 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 > netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc > > install : $(TARGET)
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index b8bf748a5..ba1621324 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -13,15 +13,13 @@ lib/libipq.so.0.0.0 #lib/libxtables.la lib/libxtables.so lib/libxtables.so.12 -lib/libxtables.so.12.4.0 +lib/libxtables.so.12.6.0 #lib/xtables -lib/xtables/libip6t_DNAT.so lib/xtables/libip6t_DNPT.so lib/xtables/libip6t_HL.so lib/xtables/libip6t_LOG.so lib/xtables/libip6t_MASQUERADE.so lib/xtables/libip6t_NETMAP.so -lib/xtables/libip6t_REDIRECT.so lib/xtables/libip6t_REJECT.so lib/xtables/libip6t_SNAT.so lib/xtables/libip6t_SNPT.so @@ -37,12 +35,10 @@ lib/xtables/libip6t_mh.so lib/xtables/libip6t_rt.so lib/xtables/libip6t_srh.so lib/xtables/libipt_CLUSTERIP.so -lib/xtables/libipt_DNAT.so lib/xtables/libipt_ECN.so lib/xtables/libipt_LOG.so lib/xtables/libipt_MASQUERADE.so lib/xtables/libipt_NETMAP.so -lib/xtables/libipt_REDIRECT.so lib/xtables/libipt_REJECT.so lib/xtables/libipt_SNAT.so lib/xtables/libipt_TTL.so @@ -57,6 +53,7 @@ lib/xtables/libxt_CLASSIFY.so lib/xtables/libxt_CONNMARK.so lib/xtables/libxt_CONNSECMARK.so lib/xtables/libxt_CT.so +lib/xtables/libxt_DNAT.so lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so @@ -66,6 +63,7 @@ lib/xtables/libxt_NFLOG.so lib/xtables/libxt_NFQUEUE.so lib/xtables/libxt_NOTRACK.so lib/xtables/libxt_RATEEST.so +lib/xtables/libxt_REDIRECT.so lib/xtables/libxt_SECMARK.so lib/xtables/libxt_SET.so lib/xtables/libxt_SYNPROXY.so diff --git a/lfs/iptables b/lfs/iptables index c2f0d56c5..275559bfe 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -24,7 +24,7 @@ include Config -VER = 1.8.7 +VER = 1.8.8 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz -$(DL_FILE)_BLAKE2 = fd4dcff142eaadde2a14ce3eb5e45d41c326752553b52900c77fd2e2a20c0685d0a04b95755995e914df47658834d52216d6465c2ae9cd6abc6eb122b95cc976 +$(DL_FILE)_BLAKE2 = 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc install : $(TARGET)