[ANNOUNCE] Release of iptables 1.4.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The netfilter coreteam proudly presents:

    iptables version 1.4.1

The header resync turned out to be unproblematic, changes since
-rc3 include fixes for iptables-save output of the owner match,
support for revision 1 of the addrtype match, more manpage
updates and some sparse fixes.

For people updating from 1.4.0, this release brings:

- new build system with better configurability

- scalability improvements for large number of chains

- Support for multiple new matches, targets and revisions
  (supports all features available in the current kernel tree)

- IPv6 support for more matches and targets

- manpage improvements

- lots of minor improvements and fixes all over the place,
  check out the changelog for the full details

Version 1.4.1 can be obtained from (please note that the
webpage hasn't been rebuilt yet, but will be shortly):

http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/
git://git.netfilter.org/iptables.git

On behalf of the Netfilter Core Team.
Happy firewalling!
Jan Engelhardt (2):
      libxt_owner: add spaces to output
      manpage updates

Laszlo Attila Toth (1):
      addrtype match: added revision 1

Lutz Jaenicke (1):
      Fix iptables-save output of libxt_owner match

Patrick McHardy (4):
      libiptc: move variable definitions to head of function
      iptables-xml: sparse fixes
      sparse warning fixes: integer used as pointer
      v1.4.1

Filippo Zangheri (1):
      removes useless white spaces from iptables-xml manpages.

Gáspár Lajos (1):
      iptables: use C99 lists for struct options

Henrik Nordstrom (5):
      Make iptables-restore usable over a pipe
      Add support for --set-counters to iptables -P
      iptables --list-rules command
      iptables --list chain rulenum
      Make --set-counters (-c) accept comma separated counters

James King (1):
      [IPTABLES]: libxt_iprange: Fix IP validation logic

Jamie Strandboge (1):
      fix ip6tables dest address printing

Jan Engelhardt (55):
      Converts the iptables build infrastructure to autotools.
      Introduce strtonum(), which works like string_to_number(), but passes
      common error messages
      libxt_owner
      libxt_tos
      libxt_TOS
      libxt_MARK r2
      libxt_connmark r1
      print warning when dlopen fails
      libxt_conntrack r0
      bunch o' renames
      rename overlapping function names
      libxt_hashlimit checks
      libxt_mark r1
      libxt_iprange r0
      libxt_iprange r1
      Give preference to iptables header files
      Build adjustments
      libxt_CONNMARK revision 1
      [IPTABLES]: libxt_conntrack revision 1
      [IPTABLES]: libxt_owner: UID/GID range support
      Fix compilation of iptables-static build
      Correct the family member value of libxt_mark revision 1
      Makefile: add a "tarball" target
      Drop -W from CFLAGS and some tiny code cleanups
      Fix -Wshadow warnings and clean up xt_sctp.h
      Update the libxt_owner manpage with the UID/GID-range feature
      Fix all remaining warnings (missing declarations, missing prototypes)
      xtables.h: move non-exported parts to internal.h
      Add support for xt_hashlimit match revision 1
      Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
      manpages: fix broken markup (missing close tags)
      manpages: grammar and spelling
      manpages: update to reflect fine-grained control
      configure: split --enable-libipq from --enable-devel
      Add all necessary header files - compilation fix for various cases
      Install libiptc header files because xtables.h depends on it
      RATEEST: add manpage
      Implement AF_UNSPEC as a wildcard for extensions
      Combine ipt and ip6t manpages
      Resolve warnings on 64-bit compile
      Wrap dlopen code into NO_SHARED_LIBS
      Remove support for compilation of conditional extensions
      Resolve libipt_set warnings
      Update documentation about building the package
      configure.ac: AC_SUBST must be separate
      Dynamically create xtables.h.in with version
      configure.ac: remove already-defined variables
      Remove old functions, constants
      Makefile.am: use PACKAGE_TARNAME
      iptables out-of-tree build directory
      Update .gitignore
      build: check for missing feature files
      libxt_owner: add spaces to output
      manpage updates

Jesper Dangaard Brouer (3):
      Inline functions iptcc_is_builtin() and set_changed().
      Introduce a counter for number of user defined chains.
      Solving scalability issue: for chain list "name"	searching.

Kristof Provost (1):
      REDIRECT: Allow symbolic port in REDIRECT --to-port

Laszlo Attila Toth (1):
      addrtype match: added revision 1

Lutz Jaenicke (1):
      Fix iptables-save output of libxt_owner match

Martin F. Krafft (1):
      Import iptables-apply

Max Kellermann (7):
      Fix REDIRECT manpage
      whitespace cleanup
      use size_t
      escape strings
      unescape parameters
      allow empty strings in argument parser
      fix gcc warnings

Naohiro Ooiwa (1):
      Fix define value of SCTP chunk type.

Pablo Neira Ayuso (2):
      - cleanup several code wraparounds
      bump iptables version to prepare 1.4.1 release

Patrick McHardy (16):
      Add RATEEST target extension
      Add rateest match extension
      Remove obsolete file
      Add netfilter.h
      Remove compiler.h inclusions.
      Retry ruleset dump when kernel returns EAGAIN.
      Properly initialize revision for ip6tables targets
      Bump version to 1.4.1-rc1
      iptables 1.4.1-rc2
      manpages: consistent syntax
      Resync header files with kernel
      Bump version
      libiptc: move variable definitions to head of function
      iptables-xml: sparse fixes
      sparse warning fixes: integer used as pointer
      v1.4.1

Peter Warasin (1):
      Fix CONNMARK mask initialisation

Shan Wei (1):
      iptables-save:remove unnecessary code.

Sven Schnelle (1):
      libxt_TCPOPTSTRIP

Thomas Jacob (1):
      Don't assume /bin/sh is bash

Thomas Jarosch (1):
      Add xtables version defines.

Yasuyuki Kozakai (1):
      Use s6_addr32 to access bits in int6_addr instead of incompatible name


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux