Commit Graph

171 Commits

Author SHA1 Message Date
Thomas Woerner
28989740b2 iMissing iptables-apply mktemp patch 2016-04-13 19:07:50 +02:00
Thomas Woerner
6791134663 - New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990)
Upstream changelog:
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
- Using scripts form RHEL-7 (RHBZ#1240366)
- New compat sub package for nftables compatibility
- Install iptables-apply (RHBZ#912047)
- Fixed module uninstall (RHBZ#1324101)
- Incorporated changes by Petr Pisar
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
2016-04-13 19:00:02 +02:00
Dennis Gilmore
cea668f0bf - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 00:37:42 +00:00
Jiri Popelka
35929033de %define -> %global 2016-01-04 15:50:43 +01:00
Dennis Gilmore
1fdfc18236 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 11:32:02 +00:00
Jiri Popelka
69f9a1a33c add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
In firewalld it's also allowed by default.
2014-12-01 12:46:00 +01:00
Jiri Popelka
2962b798c0 iptables.init: make sure the subsys directory exists (RHBZ#1159573)
Also use /run/lock/subsys/ instead of /var/lock/subsys/
to be consistent with /usr/lib/tmpfiles.d/legacy.conf
2014-11-03 14:44:32 +01:00
Jiri Popelka
edc59df70f ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272) 2014-09-29 14:10:21 +02:00
Jiri Popelka
bede095d8e Merge branch 'f21' 2014-09-29 14:09:01 +02:00
Peter Robinson
952410fde0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 21:47:17 +00:00
Peter Robinson
466c4fce29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 21:47:05 +00:00
Tom Callaway
d9665f2d1d fix license handling 2014-07-12 18:17:52 -04:00
Tom Callaway
f46436e6be fix license handling 2014-07-12 18:17:33 -04:00
Dennis Gilmore
0ff94dd968 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 17:38:38 -05:00
Jiri Popelka
957e271192 no need to specify file mode bits twice (in %install and %files) 2014-03-12 15:05:45 +01:00
Jiri Popelka
40b71666b9 BuildRequires: pkgconfig(x) instead of x-devel
https://fedoraproject.org/wiki/Packaging:PkgConfigBuildRequires
2014-03-12 14:55:46 +01:00
Jiri Popelka
e4ddd6e657 add missing reload and panic actions 2014-03-12 14:47:42 +01:00
Ville Skyttä
77482a7964 Don't order services after syslog.target.
https://bugzilla.redhat.com/show_bug.cgi?id=1055204
2014-01-20 18:56:12 +01:00
Thomas Woerner
bec2813925 - Enable connlabel support again, needs libnetfilter_conntrack 2014-01-15 16:28:53 +01:00
Thomas Woerner
b16a3888f1 - fixed update from RHEL-6 to RHEL-7 (RHBZ#1043901) 2014-01-15 13:22:39 +01:00
Jiri Popelka
e3b3aa4924 chmod /etc/sysconfig/ip[6]tables 755 -> 600 2014-01-14 16:59:53 +01:00
Jiri Popelka
d94a3dd4be better comment in default /etc/sysconfig/ip[6]tables 2014-01-10 16:37:48 +01:00
Jiri Popelka
77638b4505 fix permission mode value for installing /etc/sysconfig/ip[6]tables-config 2014-01-10 16:25:25 +01:00
Jiri Popelka
840a7d2d37 add default /etc/sysconfig/ip[6]tables (RHBZ#1034494) 2014-01-10 16:19:56 +01:00
Jiri Popelka
208299e925 revert the libtoolize change 2014-01-10 15:48:33 +01:00
Thomas Woerner
85656c6cde - Dropped virtual provide for xtables.so.9 2014-01-10 13:35:50 +01:00
Jiri Popelka
d303677f88 add libtoolize to build properly on ppc64le (RHBZ#1051220) 2014-01-10 13:18:23 +01:00
Jiri Popelka
7922fcbc7d fix self-obsoletion 2014-01-09 16:36:48 +01:00
Jiri Popelka
74edc3b4b2 remove unused patches 2014-01-09 16:34:15 +01:00
Jiri Popelka
ba11125edd spec clean up 2014-01-09 16:28:18 +01:00
Jiri Popelka
791b05803d ./configure -> %configure 2014-01-09 16:19:43 +01:00
Jiri Popelka
9832ccc0c7 remove scriptlets for migrating to a systemd unit from a SysV initscripts
https://lists.fedoraproject.org/pipermail/devel/2013-June/184271.html
2014-01-09 16:17:42 +01:00
Jiri Popelka
52081b603c use systemd macros (#850166) 2014-01-09 16:14:01 +01:00
Jiri Popelka
b848c2b54c no need to support the pre-systemd things 2014-01-09 16:12:00 +01:00
Thomas Woerner
0316b6eed1 - fixed system hang at shutdown if root device is network based (RHBZ#1007934)
Thanks to Rodrigo A B Freire for the patch
2014-01-09 12:53:42 +01:00
Thomas Woerner
9c976a7caa - no connlabel.conf upstream anymore
- new version 1.4.21
  - doc: clarify DEBUG usage macro
  - iptables: use autoconf to process .in man pages
  - extensions: libipt_ULOG: man page should mention NFLOG as replacement
  - extensions: libxt_connlabel: use libnetfilter_conntrack
  - Introduce a new revision for the set match with the counters support
  - libxt_CT: Add the "NOTRACK" alias
  - libip6t_mh: Correct command to list named mh types in manpage
  - extensions: libxt_DNAT, libxt_REDIRECT, libxt_NETMAP, libxt_SNAT, libxt_MASQUERADE, libxt_LOG: rename IPv4 manpage and tell about IPv6 support
  - extensions: libxt_LED: fix parsing of delay
  - ip{6}tables-restore: fix breakage due to new locking approach
  - libxt_recent: restore minimum value for --seconds
  - iptables-xml: fix parameter parsing (similar to 2165f38)
  - extensions: add copyright statements
  - xtables: improve get_modprobe handling
  - ip[6]tables: Add locking to prevent concurrent instances
  - iptables: Fix connlabel.conf install location
  - ip6tables: don't print out /128
  - libip6t_LOG: target output is different to libipt_LOG
  - build: additional include path required after UAPI changes
  - iptables: iptables-xml: Fix various parsing bugs
  - libxt_recent: restore reap functionality to recent module
  - build: fail in configure on missing dependency with --enable-bpf-compiler
  - extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter
  - extensions: libxt_set, libxt_SET: check the set family too
  - ip6tables: Use consistent exit code for EAGAIN
  - iptables: libxt_hashlimit.man: correct address
  - iptables: libxt_conntrack.man extraneous commas
  - iptables: libip(6)t_REJECT.man default icmp types
  - iptables: iptables-xm1.1 correct man section
  - iptables: libxt_recent.{c,man} dead URL
  - iptables: libxt_string.man add examples
  - extensions: libxt_LOG: use generic syslog reference in manpage
  - iptables: extensions/GNUMakefile.in use CPPFLAGS
  - iptables: correctly reference generated file
  - ip[6]tables: fix incorrect alignment in commands_v_options
  - build: add software version to manpage first line at configure stage
  - extensions: libxt_cluster: add note on arptables-jf
  - utils: nfsynproxy: fix error while compiling the BPF filter
  - extensions: add SYNPROXY extension
  - utils: add nfsynproxy tool
  - iptables: state match incompatibilty across versions
  - libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
  - iptables: improve chain name validation
  - iptables: spurious error in load_extension
  - xtables: trivial spelling fix
2014-01-09 11:31:48 +01:00
Ville Skyttä
875d810b85 Drop INSTALL from docs, escape macros in %changelog. 2013-12-22 22:48:34 +02:00
Thomas Woerner
234c14529e - new version 1.4.19.1
- libxt_NFQUEUE: fix bypass option documentation
  - extensions: add connlabel match
  - extensions: add connlabel match
  - ip[6]tables: show --protocol instead of --proto in usage
  - libxt_recent: Fix missing space in manpage for --mask option
  - extensions: libxt_multiport: Update manpage to list valid protocols
  - utils: nfnl_osf: use the right nfnetlink lib
  - libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency
  - Revert "build: resolve link failure for ip6t_NETMAP"
  - libxt_osf: fix missing --ttl and --log in save output
  - libxt_osf: fix bad location for location in --genre
  - libip6t_SNPT: add manpage
  - libip6t_DNPT: add manpage
  - utils: updates .gitignore to include nfbpf_compile
  - extensions: libxt_bpf: clarify --bytecode argument
  - libxtables: fix parsing of dotted network mask format
  - build: bump version to 1.4.19
  - libxt_conntrack: fix state match alias state parsing
  - extensions: add libxt_bpf extension
  - utils: nfbpf_compile
  - doc: mention SNAT in INPUT chain since kernel 2.6.36
- fixed changelog date weekdays where needed
2013-07-31 20:31:24 +02:00
Thomas Woerner
e6060d4640 New version 1.4.18
- lots of documentation changes
  - Introduce match/target aliases
  - Add the "state" alias to the "conntrack" match
  - iptables: remove unused leftover definitions
  - libxtables: add xtables_rule_matches_free
  - libxtables: add xtables_print_num
  - extensions: libip6t_DNPT: fix wording in DNPT target
  - extension: libip6t_DNAT: allow port DNAT without address
  - extensions: libip6t_DNAT: set IPv6 DNAT --to-destination
  - extensions: S/DNPT: add missing save function
- changes of 1.4.17:
  - libxt_time: add support to ignore day transition
  - Convert the NAT targets to use the kernel supplied nf_nat.h header
  - extensions: add IPv6 MASQUERADE extension
  - extensions: add IPv6 SNAT extension
  - extensions: add IPv6 DNAT target
  - extensions: add IPv6 REDIRECT extension
  - extensions: add IPv6 NETMAP extension
  - extensions: add NPT extension
  - extensions: libxt_statistic: Fix save output
2013-03-04 16:37:19 +01:00
Dennis Gilmore
76c313d842 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 20:13:21 -06:00
Ville Skyttä
1920e0d30a Own unowned -services libexec dirs (#894464, Michael Scherer).
- Fix -services unit file permissions (#732936, Michal Schmidt).
2013-01-16 18:38:19 +02:00
Thomas Woerner
e34d762c5c - fixed path of ip6tables.init in ip6tables.service 2012-11-08 13:03:44 +01:00
Thomas Woerner
dd96cc5585 - fixed missing services for update of pre F-18 installations (rhbz#867960)
- provide and obsolete old main package in services sub package
  - provide and obsolete old ipv6 sub package (pre F-17) in services sub package
2012-11-02 13:48:53 +01:00
Dan Hor?k
fa59546b65 fix the compat provides for all 64-bit arches 2012-10-14 17:22:13 +02:00
Thomas Woerner
2fe636d5d4 - new sub package services providing the systemd services (RHBZ#862922)
- new sub package utils: provides nfnl_osf and the pf.os database
- using %{_libexecdir}/iptables as script path for the original init scripts
- added service iptables save funcitonality using the new way provided by
  initscripts 9.37.1 (RHBZ#748134)
- added virtual provide for libxtables.so.7
2012-10-12 16:23:05 +02:00
Thomas Woerner
79f3fa812b - new version 1.4.16.2
- build: support for automake-1.12
  - build: separate AC variable replacements from xtables.h
  - build: have `make clean` remove dep files too
  - doc: grammatical updates to libxt_SET
  - doc: clean up interpunction in state list for xt_conntrack
  - doc: deduplicate extension descriptions into a new manpage
  - doc: trim "state" manpage and reference conntrack instead
  - doc: have NOTRACK manpage point to CT instead
  - doc: mention iptables-apply in the SEE ALSO sections
  - extensions: libxt_addrtype: fix type in help message
  - include: add missing linux/netfilter_ipv4/ip_queue.h
  - iptables: fix wrong error messages
  - iptables: support for match aliases
  - iptables: support for target aliases
  - iptables-restore: warn about -t in rule lines
  - ip[6]tables-restore: cleanup to reduce one level of indentation
  - libip6t_frag: match any frag id by default
  - libxtables: consolidate preference logic
  - libxt_devgroup: consolidate devgroup specification parsing
  - libxt_devgroup: guard against negative numbers
  - libxt_LED: guard against negative numbers
  - libxt_NOTRACK: replace as an alias to CT --notrack
  - libxt_state: replace as an alias to xt_conntrack
  - libxt_tcp: print space before, not after "flags:"
  - libxt_u32: do bounds checking for @'s operands
  - libxt_*limit: avoid division by zero
  - Merge branch 'master' of git://git.inai.de/iptables
  - Merge remote-tracking branch 'nf/stable'
  - New set match revision with --return-nomatch flag support
- dropped fixrestore patch, upstream
2012-10-08 15:36:30 +02:00
Thomas Woerner
0645ca64a7 - added fixrestore patch submitted to upstream by fryasu (nfbz#774)
(RHBZ#825796)

Merge commit '3670a98a72eedbbc76cfcab606b27da7094f7488'

Conflicts:
	iptables.spec
2012-07-18 16:17:58 +02:00
Thomas Woerner
3670a98a72 - added fixrestore patch submitted to upstream by fryasu (nfbz#774)
(RHBZ#825796)
2012-07-18 16:14:07 +02:00
Thomas Woerner
243a920c56 - disabled libipq, removed upstream, not provided by kernel anymore 2012-07-18 10:14:12 +02:00
Thomas Woerner
dde6759990 - new version 1.4.14
- extensions: add IPv6 capable ECN match extension
  - extensions: add nfacct match
  - extensions: add rpfilter module
  - extensions: libxt_rateest: output all options in save hook
  - iptables: missing free() in function cache_add_entry()
  - iptables: missing free() in function delete_entry()
  - libiptc: fix retry path in TC_INIT
  - libiptc: Returns the position the entry was inserted
  - libipt_ULOG: fix --ulog-cprange
  - libxt_CT: add --timeout option
  - ip(6)tables-restore: make sure argv is NULL terminated
  - Revert "libiptc: Returns the position the entry was inserted"
  - src: mark newly opened fds as FD_CLOEXEC (close on exec)
  - tests: add rateest match rules
- dropped patch5 (cloexec), merged upstream
2012-07-18 09:23:34 +02:00