| Message ID | 20230117124131.3559006-1-adolf.belka@ipfire.org |
|---|---|
| State | Accepted |
| Commit | ffec5f3ce15723bec30102474805cd66816f8422 |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Nx7mz5gnMz3wgZ for <patchwork@web04.haj.ipfire.org>; Tue, 17 Jan 2023 12:41:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Nx7my2wkFzmK; Tue, 17 Jan 2023 12:41:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Nx7my1Cdmz30Fx; Tue, 17 Jan 2023 12:41:38 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Nx7mw1LWBz2yVK for <development@lists.ipfire.org>; Tue, 17 Jan 2023 12:41:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Nx7mv37qbzkm; Tue, 17 Jan 2023 12:41:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1673959295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=2+1W8PHBInlVZXcwmjPDJfMRAt6vBPzT+f6CSIyobxA=; b=ZCnD56CwWpQgHvlojT6qXIvxADpqklt22nyFnk2mKCP81mpNeZTyMs5kUGXVxlXG/bO3R2 J59hbK+uYKDgVbCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1673959295; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=2+1W8PHBInlVZXcwmjPDJfMRAt6vBPzT+f6CSIyobxA=; b=ZPGMx4b1L4FoSnghO59RIW96JheWwZrz0avMr2m3ZzTyKYHp8+mW2TwxsAoytKQTrdlSHv iUTIAGlZknoCnRgXn5+7MHcCLTFrE7r+nPKrGDMqnAW6DZQYYkO0cNjRntZFflbKoZiXB0 HaBMqu7rCJWZ5QTLhpk6TaekKabeGM0q+sYRMyrwbuKWGDy4+JcLgPoG701L+oJWH6TQQ8 vBbJzhTURFD1vcBQbHYzlFTvdu+KoWnfbeubSH1EkR7+lGEus/zrcZDkvwB1Zz8w3ReeUO DYfceGuHeugwXEIiRdPFer0pQhcYVwqwPW8MXUYaoq2HnrU0WLLoNuPIAC42qQ== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] iptables: Update to version 1.8.9 Date: Tue, 17 Jan 2023 13:41:31 +0100 Message-Id: <20230117124131.3559006-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
iptables: Update to version 1.8.9
|
|
Commit Message
Adolf Belka
17 Jan 2023, 12:41 p.m. UTC
- Update from version 1.8.8 to 1.8.9
- Update of rootfile
- Changelog
xtables-monitor: add missing spaces in printed str
build: Fix error during out of tree build
iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode
iptables.8: mention that iptables exits when setuid
extensions: libxt_conntrack: remove always-false conditionals
nft: fix ebtables among match when mac+ip addresses are used
nft: support dissection of meta pkktype mode
nft: prefer native 'meta pkttype' instead of xt match
extensions: libxt_pkttype: support otherhost
nft: support ttl/hoplimit dissection
nft: prefer payload to ttl/hl module
nft: un-break among match with concatenation
Revert "nft: prefer payload to ttl/hl module"/'meta pkttype' match.
nft: track each register individually
tests: extend native delinearize script
nft: check for unknown meta keys
iptables-nft: exit nonzero when iptables-save cannot decode all expressions
xlate: get rid of escape_quotes
extensions: change expected output for new format
xlate-test: avoid shell entanglements
nft-bridge: work around recent "among" decode breakage
extensions: add xt_statistics random mode translation
netfilter: add nf_log.h
treewide: use uint* instead of u_int*
nft: replace nftnl_.*_nlmsg_build_hdr() by nftnl_nlmsg_build_hdr()
nft-shared: replace nftnl_expr_get_data() by nftnl_expr_get()
xshared: Fix build for -Werror=format-security
Revert "fix build for missing ETH_ALEN definition"
tests: shell: Check overhead in iptables-save and -restore
libxtables: Unexport init_extensions*() declarations
arptables: Support -x/--exact flag
iptables-legacy: Drop redundant include of xtables-multi.h
xshared: Make some functions static
Makefile: Add --enable-profiling configure option
tests: shell: Add some more rules to 0002-verbose-output_0
tests: shell: Extend iptables-xml test a bit
tests: shell: Extend zero counters test a bit further
extensions: libebt_standard.t: Test logical-{in,out} as well
ebtables-restore: Deny --init-table
extensions: string: Do not print default --to value
extensions: string: Review parse_string() function
extensions: string: Fix and enable tests
nft: Exit if nftnl_alloc_expr fails
libxtables: Move struct xtables_afinfo into xtables.h
libxtables: Define XT_OPTION_OFFSET_SCALE in xtables.h
libxtables: Fix unsupported extension warning corner case
tests: shell: Fix testcases for changed ip6tables opts output
xshared: Fix for missing space after 'prot' column
xshared: Print protocol numbers if --numeric was given
xtables-restore: Extend failure error message
nft: Expand extended error reporting to nft_cmd, too
tests: shell: Test delinearization of native nftables expressions
ebtables: Drop unused OPT_* defines
ebtables: Eliminate OPT_TABLE
ebtables: Merge OPT_* flags with xshared ones
nft-shared: Introduce __get_cmp_data()
ebtables: Support '-p Length'
ebtables: Fix among match
nft: Fix meta statement parsing
nft-bridge: Drop 'sreg_count' variable
tests: iptables-test: Simplify '-N' option a bit
tests: iptables-test: Simplify execute_cmd() calling
tests: iptables-test: Pass netns to execute_cmd()
tests: iptables-test: Test both variants by default
extensions: among: Remove pointless fall through
extensions: among: Fix for use with ebtables-restore
extensions: libebt_stp: Eliminate duplicate space in output
extensions: libip6t_dst: Fix output for empty options
extensions: TCPOPTSTRIP: Do not print empty options
extensions: libebt_log: Avoid empty log-prefix in output
tests: IDLETIMER.t: Fix syntax, support for restore input
tests: libebt_stp.t: Drop duplicate whitespace
tests: shell: Fix expected output for ip6tables dst match
tests: shell: Fix expected ebtables log target output
libiptc: Fix for segfault when renaming a chain
nft: Fix compile with -DDEBUG
extensions: NFQUEUE: Document queue-balance limitation
tests: iptables-test: Implement fast test mode
tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables
tests: *.t: Fix expected output for simple calls
tests: *.t: Fix for hexadecimal output
tests: libebt_redirect.t: Plain redirect prints with trailing whitespace
tests: libxt_length.t: Fix odd use-case output
tests: libxt_recent.t: Add missing default values
tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output
tests: libebt_vlan.t: Drop trailing whitespace from rules
tests: libxt_connlimit.t: Add missing default values
tests: *.t: Add missing all-one's netmasks to expected output
extensions: DNAT: Fix bad IP address error reporting
extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks
extensions: DNAT: Use __DNAT_xlate for REDIRECT, too
extensions: DNAT: Generate print, save and xlate callbacks
extensions: DNAT: Rename some symbols
extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE
tests: xlate-test: Cleanup file reading loop
tests: xlate-test.py: Introduce run_proc()
tests: xlate-test: Replay results for reverse direction testing
xshared: Share make_delete_mask() between ip{,6}tables
nft-shared: Introduce port_match_single_to_range()
extensions: libip*t_LOG: Merge extensions
extensions: libebt_ip: Include kernel header
extensions: libebt_arp, libebt_ip: Use xtables_ipparse_any()
extensions: Collate ICMP types/codes in libxt_icmp.h
extensions: Unify ICMP parser into libxt_icmp.h
Drop extra newline from xtables_error() calls
extensions: mark: Test double bitwise in a rule
extensions: libebt_mark: Fix mark target xlate
extensions: libebt_mark: Fix xlate test case
extensions: libebt_redirect: Fix xlate return code
extensions: libipt_ttl: Sanitize xlate callback
extensions: CONNMARK: Fix xlate callback
extensions: MARK: Sanitize MARK_xlate()
extensions: TCPMSS: Use xlate callback for IPv6, too
extensions: TOS: Fix v1 xlate callback
extensions: ecn: Sanitize xlate callback
extensions: tcp: Translate TCP option match
extensions: libebt_log: Add comment to clarify xlate callback
extensions: frag: Add comment to clarify xlate callback
extensions: ipcomp: Add comment to clarify xlate callback
libxtables: xt_xlate_add() to take care of spacing
extensions: Leverage xlate auto-spacing
extensions: libxt_conntrack: Drop extra whitespace in xlate
extensions: xlate: Format sets consistently
tests: shell: Test selective ebtables flushing
tests: shell: Fix valgrind mode for 0008-unprivileged_0
iptables-restore: Free handle with --test also
iptables-xml: Free allocated chain strings
nft: Plug memleak in nft_rule_zero_counters()
iptables: Plug memleaks in print_firewall()
xtables: Introduce xtables_clear_iptables_command_state()
iptables: Properly clear iptables_command_state object
xshared: Free data after printing help
libiptc: Eliminate garbage access
ebtables: Implement --check command
tests: xlate: Use --check to verify replay
nft: Fix for comparing ifname matches against nft-generated ones
nft: Fix match generator for '! -i +'
nft: Recognize INVAL/D interface name
xtables-translate: Fix for interfaces with asterisk mid-string
ebtables: Fix MAC address match translation
Makefile: Create LZMA-compressed dist-files
Drop INCOMPATIBILITIES file
Drop libiptc/linux_stddef.h
Makefile: Generate ip6tables man pages on the fly
extensions: Makefile: Merge initext targets
iptables/Makefile: Reorg variable assignments
iptables/Makefile: Split nft-variant man page list
Makefile: Fix for 'make distcheck'
Makefile: Generate .tar.xz archive with 'make dist'
include/Makefile: xtables-version.h is generated
tests: Adjust testsuite return codes to automake guidelines
Makefile.am: Integrate testsuites
nft: Parse icmp header matches
arptables: Check the mandatory ar_pln match
nft: Increase rule parser strictness
nft: Make rule parsing errors fatal
nft: Reject tcp/udp extension without proper protocol match
gitignore: Ignore utils/nfsynproxy
gitignore: Ignore generated ip6tables man pages
ebtables-translate: Install symlink
Makefile: Replace brace expansion
configure: Bump version for 1.8.9 release
tests: add ebtables among testcase
xt_sctp: support a couple of new chunk types
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/iptables | 13 ++++++-------
lfs/iptables | 8 ++++----
2 files changed, 10 insertions(+), 11 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - Update from version 1.8.8 to 1.8.9 > - Update of rootfile > - Changelog > xtables-monitor: add missing spaces in printed str > build: Fix error during out of tree build > iptables: xshared: Ouptut '--' in the opt field in ipv6's fake mode > iptables.8: mention that iptables exits when setuid > extensions: libxt_conntrack: remove always-false conditionals > nft: fix ebtables among match when mac+ip addresses are used > nft: support dissection of meta pkktype mode > nft: prefer native 'meta pkttype' instead of xt match > extensions: libxt_pkttype: support otherhost > nft: support ttl/hoplimit dissection > nft: prefer payload to ttl/hl module > nft: un-break among match with concatenation > Revert "nft: prefer payload to ttl/hl module"/'meta pkttype' match. > nft: track each register individually > tests: extend native delinearize script > nft: check for unknown meta keys > iptables-nft: exit nonzero when iptables-save cannot decode all expressions > xlate: get rid of escape_quotes > extensions: change expected output for new format > xlate-test: avoid shell entanglements > nft-bridge: work around recent "among" decode breakage > extensions: add xt_statistics random mode translation > netfilter: add nf_log.h > treewide: use uint* instead of u_int* > nft: replace nftnl_.*_nlmsg_build_hdr() by nftnl_nlmsg_build_hdr() > nft-shared: replace nftnl_expr_get_data() by nftnl_expr_get() > xshared: Fix build for -Werror=format-security > Revert "fix build for missing ETH_ALEN definition" > tests: shell: Check overhead in iptables-save and -restore > libxtables: Unexport init_extensions*() declarations > arptables: Support -x/--exact flag > iptables-legacy: Drop redundant include of xtables-multi.h > xshared: Make some functions static > Makefile: Add --enable-profiling configure option > tests: shell: Add some more rules to 0002-verbose-output_0 > tests: shell: Extend iptables-xml test a bit > tests: shell: Extend zero counters test a bit further > extensions: libebt_standard.t: Test logical-{in,out} as well > ebtables-restore: Deny --init-table > extensions: string: Do not print default --to value > extensions: string: Review parse_string() function > extensions: string: Fix and enable tests > nft: Exit if nftnl_alloc_expr fails > libxtables: Move struct xtables_afinfo into xtables.h > libxtables: Define XT_OPTION_OFFSET_SCALE in xtables.h > libxtables: Fix unsupported extension warning corner case > tests: shell: Fix testcases for changed ip6tables opts output > xshared: Fix for missing space after 'prot' column > xshared: Print protocol numbers if --numeric was given > xtables-restore: Extend failure error message > nft: Expand extended error reporting to nft_cmd, too > tests: shell: Test delinearization of native nftables expressions > ebtables: Drop unused OPT_* defines > ebtables: Eliminate OPT_TABLE > ebtables: Merge OPT_* flags with xshared ones > nft-shared: Introduce __get_cmp_data() > ebtables: Support '-p Length' > ebtables: Fix among match > nft: Fix meta statement parsing > nft-bridge: Drop 'sreg_count' variable > tests: iptables-test: Simplify '-N' option a bit > tests: iptables-test: Simplify execute_cmd() calling > tests: iptables-test: Pass netns to execute_cmd() > tests: iptables-test: Test both variants by default > extensions: among: Remove pointless fall through > extensions: among: Fix for use with ebtables-restore > extensions: libebt_stp: Eliminate duplicate space in output > extensions: libip6t_dst: Fix output for empty options > extensions: TCPOPTSTRIP: Do not print empty options > extensions: libebt_log: Avoid empty log-prefix in output > tests: IDLETIMER.t: Fix syntax, support for restore input > tests: libebt_stp.t: Drop duplicate whitespace > tests: shell: Fix expected output for ip6tables dst match > tests: shell: Fix expected ebtables log target output > libiptc: Fix for segfault when renaming a chain > nft: Fix compile with -DDEBUG > extensions: NFQUEUE: Document queue-balance limitation > tests: iptables-test: Implement fast test mode > tests: iptables-test: Cover for obligatory -j CONTINUE in ebtables > tests: *.t: Fix expected output for simple calls > tests: *.t: Fix for hexadecimal output > tests: libebt_redirect.t: Plain redirect prints with trailing whitespace > tests: libxt_length.t: Fix odd use-case output > tests: libxt_recent.t: Add missing default values > tests: libxt_tos.t, libxt_TOS.t: Add missing masks in output > tests: libebt_vlan.t: Drop trailing whitespace from rules > tests: libxt_connlimit.t: Add missing default values > tests: *.t: Add missing all-one's netmasks to expected output > extensions: DNAT: Fix bad IP address error reporting > extensions: *NAT: Drop NF_NAT_RANGE_PROTO_RANDOM* flag checks > extensions: DNAT: Use __DNAT_xlate for REDIRECT, too > extensions: DNAT: Generate print, save and xlate callbacks > extensions: DNAT: Rename some symbols > extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE > tests: xlate-test: Cleanup file reading loop > tests: xlate-test.py: Introduce run_proc() > tests: xlate-test: Replay results for reverse direction testing > xshared: Share make_delete_mask() between ip{,6}tables > nft-shared: Introduce port_match_single_to_range() > extensions: libip*t_LOG: Merge extensions > extensions: libebt_ip: Include kernel header > extensions: libebt_arp, libebt_ip: Use xtables_ipparse_any() > extensions: Collate ICMP types/codes in libxt_icmp.h > extensions: Unify ICMP parser into libxt_icmp.h > Drop extra newline from xtables_error() calls > extensions: mark: Test double bitwise in a rule > extensions: libebt_mark: Fix mark target xlate > extensions: libebt_mark: Fix xlate test case > extensions: libebt_redirect: Fix xlate return code > extensions: libipt_ttl: Sanitize xlate callback > extensions: CONNMARK: Fix xlate callback > extensions: MARK: Sanitize MARK_xlate() > extensions: TCPMSS: Use xlate callback for IPv6, too > extensions: TOS: Fix v1 xlate callback > extensions: ecn: Sanitize xlate callback > extensions: tcp: Translate TCP option match > extensions: libebt_log: Add comment to clarify xlate callback > extensions: frag: Add comment to clarify xlate callback > extensions: ipcomp: Add comment to clarify xlate callback > libxtables: xt_xlate_add() to take care of spacing > extensions: Leverage xlate auto-spacing > extensions: libxt_conntrack: Drop extra whitespace in xlate > extensions: xlate: Format sets consistently > tests: shell: Test selective ebtables flushing > tests: shell: Fix valgrind mode for 0008-unprivileged_0 > iptables-restore: Free handle with --test also > iptables-xml: Free allocated chain strings > nft: Plug memleak in nft_rule_zero_counters() > iptables: Plug memleaks in print_firewall() > xtables: Introduce xtables_clear_iptables_command_state() > iptables: Properly clear iptables_command_state object > xshared: Free data after printing help > libiptc: Eliminate garbage access > ebtables: Implement --check command > tests: xlate: Use --check to verify replay > nft: Fix for comparing ifname matches against nft-generated ones > nft: Fix match generator for '! -i +' > nft: Recognize INVAL/D interface name > xtables-translate: Fix for interfaces with asterisk mid-string > ebtables: Fix MAC address match translation > Makefile: Create LZMA-compressed dist-files > Drop INCOMPATIBILITIES file > Drop libiptc/linux_stddef.h > Makefile: Generate ip6tables man pages on the fly > extensions: Makefile: Merge initext targets > iptables/Makefile: Reorg variable assignments > iptables/Makefile: Split nft-variant man page list > Makefile: Fix for 'make distcheck' > Makefile: Generate .tar.xz archive with 'make dist' > include/Makefile: xtables-version.h is generated > tests: Adjust testsuite return codes to automake guidelines > Makefile.am: Integrate testsuites > nft: Parse icmp header matches > arptables: Check the mandatory ar_pln match > nft: Increase rule parser strictness > nft: Make rule parsing errors fatal > nft: Reject tcp/udp extension without proper protocol match > gitignore: Ignore utils/nfsynproxy > gitignore: Ignore generated ip6tables man pages > ebtables-translate: Install symlink > Makefile: Replace brace expansion > configure: Bump version for 1.8.9 release > tests: add ebtables among testcase > xt_sctp: support a couple of new chunk types > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/iptables | 13 ++++++------- > lfs/iptables | 8 ++++---- > 2 files changed, 10 insertions(+), 11 deletions(-) > > diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables > index d7d87bee7..06e4ab7b4 100644 > --- a/config/rootfiles/common/iptables > +++ b/config/rootfiles/common/iptables > @@ -13,15 +13,12 @@ lib/libipq.so.0.0.0 > #lib/libxtables.la > lib/libxtables.so > lib/libxtables.so.12 > -lib/libxtables.so.12.6.0 > +lib/libxtables.so.12.7.0 > #lib/xtables > lib/xtables/libip6t_DNPT.so > lib/xtables/libip6t_HL.so > -lib/xtables/libip6t_LOG.so > -lib/xtables/libip6t_MASQUERADE.so > lib/xtables/libip6t_NETMAP.so > lib/xtables/libip6t_REJECT.so > -lib/xtables/libip6t_SNAT.so > lib/xtables/libip6t_SNPT.so > lib/xtables/libip6t_ah.so > lib/xtables/libip6t_dst.so > @@ -36,11 +33,8 @@ lib/xtables/libip6t_rt.so > lib/xtables/libip6t_srh.so > lib/xtables/libipt_CLUSTERIP.so > lib/xtables/libipt_ECN.so > -lib/xtables/libipt_LOG.so > -lib/xtables/libipt_MASQUERADE.so > lib/xtables/libipt_NETMAP.so > lib/xtables/libipt_REJECT.so > -lib/xtables/libipt_SNAT.so > lib/xtables/libipt_TTL.so > lib/xtables/libipt_ULOG.so > lib/xtables/libipt_ah.so > @@ -58,7 +52,10 @@ lib/xtables/libxt_DSCP.so > lib/xtables/libxt_HMARK.so > lib/xtables/libxt_IDLETIMER.so > lib/xtables/libxt_LED.so > +lib/xtables/libxt_LOG.so > lib/xtables/libxt_MARK.so > +lib/xtables/libxt_MASQUERADE.so > +lib/xtables/libxt_NAT.so > lib/xtables/libxt_NFLOG.so > lib/xtables/libxt_NFQUEUE.so > lib/xtables/libxt_NOTRACK.so > @@ -66,6 +63,7 @@ lib/xtables/libxt_RATEEST.so > lib/xtables/libxt_REDIRECT.so > lib/xtables/libxt_SECMARK.so > lib/xtables/libxt_SET.so > +lib/xtables/libxt_SNAT.so > lib/xtables/libxt_SYNPROXY.so > lib/xtables/libxt_TCPMSS.so > lib/xtables/libxt_TCPOPTSTRIP.so > @@ -177,4 +175,5 @@ sbin/xtables-legacy-multi > #usr/share/man/man8/iptables.8 > #usr/share/man/man8/nfnl_osf.8 > #usr/share/xtables > +usr/share/xtables/iptables.xslt > usr/share/xtables/pf.os > diff --git a/lfs/iptables b/lfs/iptables > index 275559bfe..30c6e1d94 100644 > --- a/lfs/iptables > +++ b/lfs/iptables > @@ -24,10 +24,10 @@ > > include Config > > -VER = 1.8.8 > +VER = 1.8.9 > > THISAPP = iptables-$(VER) > -DL_FILE = $(THISAPP).tar.bz2 > +DL_FILE = $(THISAPP).tar.xz > DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz > > -$(DL_FILE)_BLAKE2 = 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 > +$(DL_FILE)_BLAKE2 = 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 > netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc > > install : $(TARGET) > @@ -72,7 +72,7 @@ $(subst %,%_BLAKE2,$(objects)) : > $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @$(PREBUILD) > @rm -rf $(DIR_APP) $(DIR_SRC)/netfilter-layer7* > - @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) > + @cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) > > # Layer7 > cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index d7d87bee7..06e4ab7b4 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -13,15 +13,12 @@ lib/libipq.so.0.0.0 #lib/libxtables.la lib/libxtables.so lib/libxtables.so.12 -lib/libxtables.so.12.6.0 +lib/libxtables.so.12.7.0 #lib/xtables lib/xtables/libip6t_DNPT.so lib/xtables/libip6t_HL.so -lib/xtables/libip6t_LOG.so -lib/xtables/libip6t_MASQUERADE.so lib/xtables/libip6t_NETMAP.so lib/xtables/libip6t_REJECT.so -lib/xtables/libip6t_SNAT.so lib/xtables/libip6t_SNPT.so lib/xtables/libip6t_ah.so lib/xtables/libip6t_dst.so @@ -36,11 +33,8 @@ lib/xtables/libip6t_rt.so lib/xtables/libip6t_srh.so lib/xtables/libipt_CLUSTERIP.so lib/xtables/libipt_ECN.so -lib/xtables/libipt_LOG.so -lib/xtables/libipt_MASQUERADE.so lib/xtables/libipt_NETMAP.so lib/xtables/libipt_REJECT.so -lib/xtables/libipt_SNAT.so lib/xtables/libipt_TTL.so lib/xtables/libipt_ULOG.so lib/xtables/libipt_ah.so @@ -58,7 +52,10 @@ lib/xtables/libxt_DSCP.so lib/xtables/libxt_HMARK.so lib/xtables/libxt_IDLETIMER.so lib/xtables/libxt_LED.so +lib/xtables/libxt_LOG.so lib/xtables/libxt_MARK.so +lib/xtables/libxt_MASQUERADE.so +lib/xtables/libxt_NAT.so lib/xtables/libxt_NFLOG.so lib/xtables/libxt_NFQUEUE.so lib/xtables/libxt_NOTRACK.so @@ -66,6 +63,7 @@ lib/xtables/libxt_RATEEST.so lib/xtables/libxt_REDIRECT.so lib/xtables/libxt_SECMARK.so lib/xtables/libxt_SET.so +lib/xtables/libxt_SNAT.so lib/xtables/libxt_SYNPROXY.so lib/xtables/libxt_TCPMSS.so lib/xtables/libxt_TCPOPTSTRIP.so @@ -177,4 +175,5 @@ sbin/xtables-legacy-multi #usr/share/man/man8/iptables.8 #usr/share/man/man8/nfnl_osf.8 #usr/share/xtables +usr/share/xtables/iptables.xslt usr/share/xtables/pf.os diff --git a/lfs/iptables b/lfs/iptables index 275559bfe..30c6e1d94 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -24,10 +24,10 @@ include Config -VER = 1.8.8 +VER = 1.8.9 THISAPP = iptables-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -41,7 +41,7 @@ objects = $(DL_FILE) \ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz -$(DL_FILE)_BLAKE2 = 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 +$(DL_FILE)_BLAKE2 = 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 netfilter-layer7-v2.23.tar.gz_BLAKE2 = 5c8ab722f6fbc126f2f65ecf401de5fc40560c20e3be52f783db34410446185dcb6781b3148e4a174e8b2d2c290bec0342dea95e8cefc35c39345617fa7a8fdc install : $(TARGET) @@ -72,7 +72,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) $(DIR_SRC)/netfilter-layer7* - @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + @cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) # Layer7 cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz