[ANNOUNCE] nftables 0.8.3 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

The Netfilter project proudly presents:

	nftables 0.8.3

This release includes a few fixes since last release plus following
enhancements:
 - ifname_type, so its possible to match interface names via sets:

  table inet t {
    set s {
      type ifname
      elements = { "eth0",
                   "eth1" }
     }
     chain c {
       iifname @s accept
       oifname @s accept
     }
  }

- raw payload support to match headers that do not yet have
a more human-readable mnemonic.  This also allows to match
udp and tcp port numbers in a single rule, because the raw
payload expression doesn't enforce a protocol dependency on
the network header.  Example:

 input meta l4proto {tcp, udp} @th,16,16 { dns, http }

 matches both udp and tcp dport 53 and 80 in single rule.

See ChangeLog that comes attached to this email for more details.

You can download it from:

http://www.netfilter.org/projects/nftables/downloads.html#nftables-0.8.3
ftp://ftp.netfilter.org/pub/nftables/

To build the code, libnftnl 1.0.9 and libmnl >= 1.0.2 are required:

* http://netfilter.org/projects/libnftnl/index.html
* http://netfilter.org/projects/libmnl/index.html

Visit our wikipage for user documentation at:

* http://wiki.nftables.org

For the manpage reference, check man(8) nft.

In case of bugs and feature request, file them via:

* https://bugzilla.netfilter.org

Happy firewalling!
Arturo Borrero Gonzalez (4):
      nftables: rearrange files and examples
      examples: add ct helper examples
      files: add load balance example
      meta: introduce datatype ifname_type

Baruch Siach (1):
      src: fix build with older glibc

David Fabian (1):
      Added undefine/redefine keywords

Duncan Roe (1):
      doc/nft.xml: fix typo

Florian Westphal (16):
      tests: enable sets test case 27
      tests: add test case for sets updated from packet path
      payload: don't decode past last valid template
      include: fix build failure
      tests: meta.t: fix test case for anonymous set automerge
      payload: use integer_type when initializing a raw expression
      payload: don't resolve expressions using the inet pseudoheader
      src: make raw payloads work
      doc: document raw protocol expression
      tests: add raw payload test cases.
      doc: mention meta l4proto and ipv6 nexthdr issue wrt. extension headers
      doc: remove ipv6 address FIXME
      doc: add example for rule add/delete
      parser: use nf_key_proto
      src: datatype: prefer sscanf, avoid strncpy
      build: Bump version to v0.8.3

Harsha Sharma (2):
      libnftables: don't crash when no commands are specified
      src: Use snprintf() over strncpy()

Laura Garcia Liebana (1):
      parser: support of maps with timeout

Pablo Neira Ayuso (11):
      src: pass family to payload_dependency_kill()
      payload: add payload_dependency_release() helper function
      src: add payload_dependency_exists()
      src: get rid of __payload_dependency_kill()
      payload: add payload_may_dependency_kill()
      netlink_delinearize: add meta_may_dependency_kill()
      src: bail out when exporting ruleset with unsupported output
      segtree: check for overlapping elements at insertion
      tests: shell: regression test for bugzilla 1228
      configure: misc updates
      netlink: remove non-batching routines

Phil Sutter (10):
      evaluate: Enable automerge feature for anonymous sets
      Review switch statements for unmarked fall through cases
      monitor: Make trace events respect output_fp
      monitor: Make JSON/XML output respect output_fp
      cli: Drop pointless check in cli_append_multiline()
      erec: Avoid passing negative offset to fseek()
      evaluate: Fix memleak in stmt_reject_gen_dependency()
      hash: Fix potential null-pointer dereference in hash_expr_cmp()
      netlink: Complain if setting O_NONBLOCK fails
      netlink_delinearize: Fix resource leaks

Ville Skyttä (2):
      configure: Make missing docbook2man an error if man build requested
      src: Spelling fixes


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux