Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

iptables-nft-1.6.2-1.12 RPM for ppc64le

From OpenSuSE Leap 15.3 for ppc64le

Name: iptables-nft Distribution: SUSE Linux Enterprise 15
Version: 1.6.2 Vendor: SUSE LLC <>
Release: 1.12 Build date: Fri May 25 22:42:00 2018
Group: Productivity/Networking/Security Build host: nebbiolo
Size: 338744 Source RPM: iptables-1.6.2-1.12.src.rpm
Summary: nft packet filter administration utilties in the style of Xtables
The programs shipped in this subpackage behave like iptables on the
command line, but instead edits the rules of the nft packet filter in
the Linux kernel. Linux kernel 4.2 or newer is recommended to exploit
the features.




GPL-2.0 and Artistic-2.0


* Mon Mar 12 2018
  - Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018
  - Resolve conflict with ebtables and obtain ethertypes from new netcfg minor
    version. FATE#320520
* Sat Feb 03 2018
  - Update to new upstream release 1.6.2
    * add support for the "srh" match
    * add randomize-full for the "MASQUERADE" target
    * add rate match mode to the "hashlimit" match
* Thu Jun 22 2017
  - Add iptables-batch-lock.patch: Fix a locking issue of
    iptables-batch which can cause it to spuriously fail when other
    programs modify the iptables rules in parallel (bnc#1045130).
    This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017
  - Update to new upstream release 1.6.1
    * add support for hashlimit rev 2 for higher pps rates
    * add support for cgroup2 path matching
    * translation program for nft
* Fri Dec 18 2015
  - Update to final release 1.6.0
    * Only a build fix, no new significant changes.
* Mon Nov 23 2015
  - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
    * -m ah/esp/rt: restore matching "any SPI id" by default
    (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
    * -m cgroup: new module
    * -m dst: make ! --dst-len work
    * -m ipcomp: new module
    * -m socket: add --restore-skmark option
    * -j CT: add support for new zone options
    * -j REJECT: add missing ICMPv6 codes
    * -j TEE: make it possible to delete rules with -D ... -j
    * -j SNAT/DNAT: add randomize-full support
* Thu Apr 24 2014
  - remove dependency on gpg-offline (blocks rebuilds and
    tarball integrity is checked by source-validator anyway)
* Wed Apr 23 2014
  - remove dependency on sgmltool: doesn't seem to be used
    and reduces rebuild time on aarch64 by 8 hours
* Sat Nov 23 2013
  - Update to new upstream release 1.4.21
    * --nowildcard option for xt_socket, available since Linux kernel 3.11
    * SYNPROXY support, available since Linux kernel 3.12
* Wed Aug 07 2013
  - Update to new upstream release 1.4.20
    * Introduce a new revision for the set match with the counters support
    * Add locking to prevent concurrent instances
* Fri May 31 2013
  - Update to new upstream release
    * New connlabel and bpf matches
  - Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
    (are upstream)
* Mon Apr 15 2013
  - symlink was not installed (bnc#815182); fix by
    removing 0001-build-also-use-libtool-for-install-stage.patch,
    removing 0001-build-do-not-dereference-symlinks-on-installation.patch,
    adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch,
    adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
* Wed Mar 20 2013
  - license update: GPL-2.0 and Artistic-2.0
    GPL version does not have ^or later^ due to inclusion of numerous GPL 2
    ^only^ files. Also, aggregation of Artistic-2.0 content
* Mon Mar 04 2013
  - Update to new upstream release 1.4.18
    * documentation updates
  - Create subpackage xtables-plugins, to aid packaging of xtadm
  - Add 0001-build-do-not-dereference-symlinks-on-installation.patch
    as a prerequisite for:
  - Add 0001-build-also-use-libtool-for-install-stage.patch
    to kill of undesired DT_RPATH entries
* Tue Dec 25 2012
  - Update to new upstream release 1.4.17
    * libxt_time: add support to ignore day transition
    * libxt_statistic: fix save output
* Wed Nov 28 2012
  - Verify GPG signature
* Thu Nov 15 2012
  - list all required binaries explicitly to make sure all of them are actually
* Thu Nov 15 2012
  - Always regenerate files due to SUSE's iptables-batch patch
* Mon Oct 08 2012
  - Update to new upstream release
    * This release includes aliasing support which translates command
    lines using obsolete extensions into new ones. The option parser
    now flags illegal negative numbers in some more extensions.
    A division by zero was resolved in libxt_limit as well.
* Tue Jul 31 2012
  - Update to new upstream release 1.4.15
    * libxt_recent: add --mask netmask
    * libxt_hashlimit: add support for byte-based operation
* Sat May 26 2012
  - Update to new upstream release 1.4.14
    * Support for the new cttimeout infrastructure. This allows you to
    attach specific timeout policies to flow via iptables CT target.
* Tue Mar 27 2012
  - Update to new upstream release 1.4.13
    * Add the rpfilter, nfacct and IPv6 ECN extensions
* Mon Jan 02 2012
  - Update to newer git snapshot (v1.4.12.2-28-g2117f2b,
    but master branch), tag locally as
    * ships missing pkgconfig files, compile fix for libnfnetlink
    * libxt_NFQUEUE: fix --queue-bypass ipt-save output
    * libxt_connbytes: fix handling of --connbytes FROM
    * libxt_recent: Add support for --reap option
  - split iptables-devel into libiptc-devel and libxtables-devel
* Wed Dec 28 2011
  - iptables-apply-mktemp-fix.patch (bnc#730161)
* Wed Nov 30 2011
  - add automake as buildrequire to avoid implicit dependency
* Tue Oct 04 2011
  - Update to a newer git snapshot of the stable branch
    (to v1.4.12.1-16-gd2b0eaa)
    * resolve failure to load extensions that depend on
  - rediff of iptables-batch due to fuzz
  - relax runtime requires
* Thu Sep 01 2011
  - Update to new upstream release
    * regression fixes for the new (stricter) command-line parser
  - restore --includedir= in spec file
  - Put libxtables into its own subpackage so that one does not need
    a lockstep update of iproute2 on a new iptables package
  - Remove redundant fields (Autoreqprov defaults to on, License is
    inherited from main package)
* Fri Aug 12 2011
  - include path is /usr/include
* Mon Aug 08 2011
  - Put include files into a separate directory to flag up missing
    CFLAGS. libipq.pc will now be provided.
  - Enable build of nfnl_osf, a tool to upload OS fingerprints to
    the kernel for use with xt_osf.
* Fri Jul 22 2011
  - Update to new upstream release 1.4.12
    * Include lost match/target descriptions in manpage again
    * libxt_LOG: fix ignorance of all but the last flag
    * libxt_HL: restore hl-* option names
    * libxt_hashlimit: use a more obvious expiry value by default
    * libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
    * ipv4: restore negation for the -f option
    * Reject empty host specifications (e.g. -s "")
    * libxt_conntrack: restore network byteordering for ABI v1 & v2
    * Documentation updates
* Wed Jun 08 2011
  - Update to snapshot 1.4.11+git16
    * libxt_owner: restore inversion support
    * option: fix ignored negation before implicit extension loading
    * build: fix installation of symlinks
    * build: fix absence of xml translator in IPv6-only builds
  - Drop merged patches
* Sun May 29 2011
  - Update to new upstream release 1.4.11
    * stricter option parsing
    * support for the current xt_SET target as contained in 2.6.39
    * support for the new xt_devgroup match
    * support for the new xt_AUDIT target
    * support for a new NFQUEUE bypass option, allowing to bypass the
    queue if no userspace listener is present
    * a new iptables option "-C" to check for existence of a rules
  - Fixes on top
    * allow negation of --uid-owner/--gid-owner again
    * fix installation of symlinks
  - Run spec-beautifier
* Fri Oct 29 2010
  - Update to new upstream release 1.4.10
    * this is the release for the Linux 2.6.36 kernel
    * support for the cpu match, which can be used to improve cache
    locality when running multiple server instances
    * support for the IDLETIMER target, which can be used to notify
    userspace of interfaces being idle
    * support for the CHECKSUM target
    * support for the ipvs match
    * a fix for deletion of rules using the quota match
* Mon Aug 09 2010
  - update to new upstream release
    * fixes a compilation problem with static linking in the 1.4.9
* Wed Aug 04 2010
  - update to new upstream release 1.4.9
    * this is the release for the Linux 2.6.35 kernel
    * support for the LED target
    * a new version of the set extension for the upcoming release
      supporting IPv6
    * negation support for the quota match
    * support for the SACK-IMMEDIATELY SCTP extension and
      FORWARD_TSN chunk type in the sctp match
    * documentation updates and various smaller bugfixes
* Wed May 26 2010
  - update to new upstream release 1.4.8
    * this is the release for the Linux 2.6.34 kernel
    * add support for the new xt_CT extension
    * import the nfnl_osf program required for proper operation
      of the xt_osf extension
* Sat Apr 24 2010
  - buildrequire pkg-config to fix provides
* Mon Mar 01 2010
  - update to new upstream release 1.4.7
    * libipq is built as a shared library
    * removal of some restrictions on interface names
    * documentation updates
  - rebase and fix linking of iptables-batch
  - fix libdir->libexecdir
* Mon Feb 22 2010
  - only run configure when needed
  - use %_smp_mflags
  - use newer git snapshot to fix compile error due to missing
    ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)
* Wed Dec 30 2009
  - fix bnc#561793 - do not include unclean module documentation
    in iptables manpage
* Tue Dec 22 2009
  - update specfile descriptions (bnc#553801)
  - update to iptables 1.4.6:
    * combine iptables subprograms into a new multi-purpose binary
    * support for new implementations: NFQUEUE v1, conntrack v2
    * helper: fix invalid passed option to check_inverse
    * iprange accepts single host specifications again
    * iprange: do accept non-ranges for xt_iprange v1
    * iprange: warn on reverse range
    * libiptc: fix wrong maptype of base chain counters on restore
    * iptables: fix undersized deletion mask creation
    * iptables/extensions: make bundled options work again
    * iptables: take masks into consideration for replace command
    * xtables: warn of missing version identifier in extensions
    * documentation updates
  - refresh iptables-batch
* Thu Nov 12 2009
  - remove outdated howtos (bnc#551748)
* Wed Jul 15 2009
  - fix libdir/libexecdir on 64bit installation
* Wed Jun 17 2009
  - install iptables-apply
* Wed Jun 17 2009
  - update to iptables-1.4.4
    * support for the new features in the 2.6.30 kernel, namely the
      cluster match and persistent multi-range NAT mappings
    * support for the ipset set match and target
    * various minor fixes and cleanups
    * documentation updates
* Mon May 11 2009
  - make explicit 'commit' in iptables-batch do nothing (bnc#500990)
* Tue Apr 21 2009
  - update to
    - numerous documentation updates and bugfixes
    - set of changes to move some of the iptables functionality to a shared
    library for tc and m_ipt
    - make libiptc available as shared library (closes bnc#487629)
    - IPv6 support for the recent match
    - TPROXY support
    - SCTP/DCCP NAT support
  - INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
    filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
    cause an error instead of a warning from now on.
  - rework iptables-batch.patch (libiptc interface has changed)
  - update howtos



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jun 9 13:40:06 2024