Blame SPECS/iptables.spec

Packit 313676
# install init scripts to /usr/libexec with systemd
Packit 313676
%global script_path %{_libexecdir}/iptables
Packit 313676
Packit 313676
# service legacy actions (RHBZ#748134)
Packit 313676
%global legacy_actions %{_libexecdir}/initscripts/legacy-actions
Packit 313676
Packit 313676
# boostrap mode to assist in libip{4,6}tc SONAME bump
Packit 313676
%global bootstrap 1
Packit 313676
Packit 313676
%if 0%{?bootstrap}
Packit 313676
%global version_old 1.8.2
Packit 313676
%global iptc_so_ver_old 0
Packit 313676
%endif
Packit 313676
%global iptc_so_ver 2
Packit 313676
Packit 313676
Name: iptables
Packit 313676
Summary: Tools for managing Linux kernel packet filtering capabilities
Packit 313676
URL: http://www.netfilter.org/projects/iptables
Packit 313676
Version: 1.8.4
Packit Service 90f340
Release: 16%{?dist}
Packit 313676
Source: %{url}/files/%{name}-%{version}.tar.bz2
Packit 313676
Source1: iptables.init
Packit 313676
Source2: iptables-config
Packit 313676
Source3: iptables.service
Packit 313676
Source4: sysconfig_iptables
Packit 313676
Source5: sysconfig_ip6tables
Packit 313676
Source6: arptables.service
Packit 313676
Source7: arptables-helper
Packit 313676
Source8: ebtables.systemd
Packit 313676
Source9: ebtables.service
Packit 313676
Source10: ebtables-config
Packit 313676
%if 0%{?bootstrap}
Packit 313676
Source11: %{url}/files/%{name}-%{version_old}.tar.bz2
Packit 313676
Source12: 0003-extensions-format-security-fixes-in-libip-6-t_icmp.patch
Packit 313676
%endif
Packit 313676
Packit 313676
Patch01: 0001-iptables-apply-Use-mktemp-instead-of-tempfile.patch
Packit 313676
Patch02: 0002-xtables-restore-Fix-parser-feed-from-line-buffer.patch
Packit 313676
Patch03: 0003-xtables-restore-Avoid-access-of-uninitialized-data.patch
Packit 313676
Patch04: 0004-extensions-time-Avoid-undefined-shift.patch
Packit 313676
Patch05: 0005-extensions-cluster-Avoid-undefined-shift.patch
Packit 313676
Patch06: 0006-libxtables-Avoid-buffer-overrun-in-xtables_compatibl.patch
Packit 313676
Patch07: 0007-xtables-translate-Guard-strcpy-call-in-xlate_ifname.patch
Packit 313676
Patch08: 0008-extensions-among-Check-call-to-fstat.patch
Packit 313676
Patch09: 0009-uapi-netfilter-Avoid-undefined-left-shift-in-xt_sctp.patch
Packit 313676
Patch10: 0010-xtables-translate-Fix-for-interface-name-corner-case.patch
Packit 313676
Patch11: 0011-xtables-translate-Fix-for-iface.patch
Packit 313676
Patch12: 0012-tests-shell-Fix-skip-checks-with-host-mode.patch
Packit 313676
Patch13: 0013-xtables-restore-fix-for-noflush-and-empty-lines.patch
Packit 313676
Patch14: 0014-iptables-test.py-Fix-host-mode.patch
Packit 313676
Patch15: 0015-xtables-Review-nft_init.patch
Packit 313676
Patch16: 0016-nft-cache-Fix-nft_release_cache-under-stress.patch
Packit 313676
Patch17: 0017-nft-cache-Fix-iptables-save-segfault-under-stress.patch
Packit 313676
Patch18: 0018-ebtables-among-Support-mixed-MAC-and-MAC-IP-entries.patch
Packit 313676
Patch19: 0019-xtables-Align-effect-of-4-6-options-with-legacy.patch
Packit 313676
Patch20: 0020-xtables-Drop-4-and-6-support-from-xtables-save-resto.patch
Packit 313676
Patch21: 0021-nfnl_osf-Fix-broken-conversion-to-nfnl_query.patch
Packit 313676
Patch22: 0022-nfnl_osf-Improve-error-handling.patch
Packit 313676
Patch23: 0023-nft-cache-Reset-genid-when-rebuilding-cache.patch
Packit 313676
Patch24: 0024-nft-Fix-for-F-in-iptables-dumps.patch
Packit 313676
Patch25: 0025-tests-shell-Test-F-in-dump-files.patch
Packit Service 90f340
Patch26: 0026-nft-Make-batch_add_chain-return-the-added-batch-obje.patch
Packit Service 90f340
Patch27: 0027-nft-Fix-error-reporting-for-refreshed-transactions.patch
Packit Service 90f340
Patch28: 0028-nft-Fix-for-concurrent-noflush-restore-calls.patch
Packit Service 90f340
Patch29: 0029-tests-shell-Improve-concurrent-noflush-restore-test-.patch
Packit Service 90f340
Patch30: 0030-nft-cache-Make-nft_rebuild_cache-respect-fake-cache.patch
Packit Service 90f340
Patch31: 0031-nft-Fix-for-broken-address-mask-match-detection.patch
Packit Service 90f340
Patch32: 0032-nft-Optimize-class-based-IP-prefix-matches.patch
Packit Service 90f340
Patch33: 0033-ebtables-Optimize-masked-MAC-address-matches.patch
Packit Service 90f340
Patch34: 0034-tests-shell-Add-test-for-bitwise-avoidance-fixes.patch
Packit 313676
Packit 313676
# pf.os: ISC license
Packit 313676
# iptables-apply: Artistic Licence 2.0
Packit 313676
License: GPLv2 and Artistic 2.0 and ISC
Packit 313676
Packit 313676
# libnetfilter_conntrack is needed for xt_connlabel
Packit 313676
BuildRequires: pkgconfig(libnetfilter_conntrack)
Packit 313676
# libnfnetlink-devel is requires for nfnl_osf
Packit 313676
BuildRequires: pkgconfig(libnfnetlink)
Packit 313676
BuildRequires: libselinux-devel
Packit 313676
BuildRequires: kernel-headers
Packit 313676
BuildRequires: systemd
Packit 313676
# libmnl, libnftnl, bison, flex for nftables
Packit 313676
BuildRequires: bison
Packit 313676
BuildRequires: flex
Packit 313676
BuildRequires: gcc
Packit 313676
BuildRequires: pkgconfig(libmnl) >= 1.0
Packit 313676
BuildRequires: pkgconfig(libnftnl) >= 1.1.5-1
Packit 313676
# libpcap-devel for nfbpf_compile
Packit 313676
BuildRequires: libpcap-devel
Packit 313676
BuildRequires:  autoconf
Packit 313676
BuildRequires:  automake
Packit 313676
BuildRequires:  libtool
Packit 313676
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Packit 313676
%if 0%{?fedora} > 24
Packit 313676
Conflicts: setup < 2.10.4-1
Packit 313676
%endif
Packit 313676
Packit 313676
%description
Packit 313676
The iptables utility controls the network packet filtering code in the
Packit 313676
Linux kernel. If you need to set up firewalls and/or IP masquerading,
Packit 313676
you should either install nftables or this package.
Packit 313676
Packit 313676
Note: This package contains the nftables-based variants of iptables and
Packit 313676
ip6tables, which are drop-in replacements of the legacy tools.
Packit 313676
Packit 313676
%package libs
Packit 313676
Summary: iptables libraries
Packit 313676
Group: System Environment/Base
Packit 313676
Packit 313676
%description libs
Packit 313676
iptables libraries.
Packit 313676
Packit 313676
Please remember that libip*tc libraries do neither have a stable API nor a real so version.
Packit 313676
Packit 313676
For more information about this, please have a look at
Packit 313676
Packit 313676
  http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.5
Packit 313676
Packit 313676
Packit 313676
%package devel
Packit 313676
Summary: Development package for iptables
Packit 313676
Group: System Environment/Base
Packit 313676
Requires: %{name}%{?_isa} = %{version}-%{release}
Packit 313676
Requires: iptables-libs = %{version}-%{release}
Packit 313676
Requires: pkgconfig
Packit 313676
Packit 313676
%description devel
Packit 313676
iptables development headers and libraries.
Packit 313676
Packit 313676
The iptc libraries are marked as not public by upstream. The interface is not
Packit 313676
stable and may change with every new version. It is therefore unsupported.
Packit 313676
Packit 313676
%package services
Packit 313676
Summary: iptables and ip6tables services for iptables
Packit 313676
Group: System Environment/Base
Packit 313676
Requires: %{name} = %{version}-%{release}
Packit 313676
Requires(post): systemd
Packit 313676
Requires(preun): systemd
Packit 313676
Requires(postun): systemd
Packit 313676
# obsolete old main package
Packit 313676
Obsoletes: %{name} < 1.4.16.1
Packit 313676
# obsolete ipv6 sub package
Packit 313676
Obsoletes: %{name}-ipv6 < 1.4.11.1
Packit 313676
Packit 313676
%description services
Packit 313676
iptables services for IPv4 and IPv6
Packit 313676
Packit 313676
This package provides the services iptables and ip6tables that have been split
Packit 313676
out of the base package since they are not active by default anymore.
Packit 313676
Packit 313676
%package utils
Packit 313676
Summary: iptables and ip6tables services for iptables
Packit 313676
Group: System Environment/Base
Packit 313676
Requires: %{name} = %{version}-%{release}
Packit 313676
Packit 313676
%description utils
Packit 313676
Utils for iptables.
Packit 313676
Packit 313676
Currently only provides nfnl_osf with the pf.os database.
Packit 313676
Packit 313676
%package arptables
Packit 313676
Summary: User space tool to set up tables of ARP rules in kernel
Packit 313676
Group: System Environment/Base
Packit 313676
Requires: %{name} = %{version}-%{release}
Packit 313676
Obsoletes: arptables
Packit 313676
Provides: arptables
Packit 313676
Packit 313676
%description arptables
Packit 313676
The arptables tool is used to set up and maintain
Packit 313676
the tables of ARP rules in the Linux kernel. These rules inspect
Packit 313676
the ARP frames which they see. arptables is analogous to the iptables
Packit 313676
user space tool, but is less complicated.
Packit 313676
Packit 313676
Note: This package contains the nftables-based variant of arptables, a drop-in
Packit 313676
replacement of the legacy tool.
Packit 313676
Packit 313676
%package ebtables
Packit 313676
Summary: Ethernet Bridge frame table administration tool
Packit 313676
Group: System Environment/Base
Packit 313676
Requires: %{name} = %{version}-%{release}
Packit 313676
Obsoletes: ebtables
Packit 313676
Provides: ebtables
Packit 313676
Packit 313676
%description ebtables
Packit 313676
Ethernet bridge tables is a firewalling tool to transparently filter network
Packit 313676
traffic passing a bridge. The filtering possibilities are limited to link
Packit 313676
layer filtering and some basic filtering on higher network layers.
Packit 313676
Packit 313676
This tool is the userspace control for the bridge and ebtables kernel
Packit 313676
components (built by default in RHEL kernels).
Packit 313676
Packit 313676
The ebtables tool can be used together with the other Linux filtering tools,
Packit 313676
like iptables. There are no known incompatibility issues.
Packit 313676
Packit 313676
Note: This package contains the nftables-based variant of ebtables, a drop-in
Packit 313676
replacement of the legacy tool.
Packit 313676
Packit 313676
%prep
Packit 313676
%autosetup -p1
Packit 313676
Packit 313676
%if 0%{?bootstrap}
Packit 313676
%{__mkdir} -p bootstrap_ver
Packit 313676
pushd bootstrap_ver
Packit 313676
%{__tar} --strip-components=1 -xf %{SOURCE11}
Packit 313676
%{__patch} -p1 <%{SOURCE12}
Packit 313676
popd
Packit 313676
%endif
Packit 313676
Packit 313676
%build
Packit 313676
./autogen.sh
Packit 313676
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
Packit 313676
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
Packit 313676
Packit 313676
# do not use rpath
Packit 313676
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
Packit 313676
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
Packit 313676
Packit 313676
rm -f include/linux/types.h
Packit 313676
Packit 313676
make %{?_smp_mflags} V=1
Packit 313676
Packit 313676
%if 0%{?bootstrap}
Packit 313676
pushd bootstrap_ver
Packit 313676
./autogen.sh
Packit 313676
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
Packit 313676
%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
Packit 313676
Packit 313676
# do not use rpath
Packit 313676
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
Packit 313676
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
Packit 313676
Packit 313676
rm -f include/linux/types.h
Packit 313676
Packit 313676
make %{?_smp_mflags} V=1
Packit 313676
popd
Packit 313676
%endif
Packit 313676
Packit 313676
%install
Packit 313676
%if 0%{?bootstrap}
Packit 313676
%make_install -C bootstrap_ver
Packit 313676
find %{buildroot} -xtype f -not \
Packit 313676
	-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
Packit 313676
find %{buildroot} -type l -not \
Packit 313676
	-name 'libip*tc.so.%{iptc_so_ver_old}*' -delete -print
Packit 313676
%endif
Packit 313676
Packit 313676
make install DESTDIR=%{buildroot} 
Packit 313676
# remove la file(s)
Packit 313676
rm -f %{buildroot}/%{_libdir}/*.la
Packit 313676
Packit 313676
# install ip*tables.h header files
Packit 313676
install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
Packit 313676
install -d -m 755 %{buildroot}%{_includedir}/iptables
Packit 313676
install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
Packit 313676
Packit 313676
# install ipulog header file
Packit 313676
install -d -m 755 %{buildroot}%{_includedir}/libipulog/
Packit 313676
install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
Packit 313676
Packit 313676
# install init scripts and configuration files
Packit 313676
install -d -m 755 %{buildroot}%{script_path}
Packit 313676
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
Packit 313676
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
Packit 313676
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
Packit 313676
install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig
Packit 313676
install -c -m 600 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/iptables-config
Packit 313676
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
Packit 313676
install -c -m 600 ip6tables-config %{buildroot}%{_sysconfdir}/sysconfig/ip6tables-config
Packit 313676
install -c -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
Packit 313676
install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
Packit 313676
Packit 313676
# install systemd service files
Packit 313676
install -d -m 755 %{buildroot}/%{_unitdir}
Packit 313676
install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
Packit 313676
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
Packit 313676
install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}
Packit 313676
Packit 313676
# install legacy actions for service command
Packit 313676
install -d %{buildroot}/%{legacy_actions}/iptables
Packit 313676
install -d %{buildroot}/%{legacy_actions}/ip6tables
Packit 313676
Packit 313676
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/save
Packit 313676
#!/bin/bash
Packit 313676
exec %{script_path}/iptables.init save
Packit 313676
EOF
Packit 313676
chmod 755 %{buildroot}/%{legacy_actions}/iptables/save
Packit 313676
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/save > ip6tabes.save-legacy
Packit 313676
install -c -m 755 ip6tabes.save-legacy %{buildroot}/%{legacy_actions}/ip6tables/save
Packit 313676
Packit 313676
cat << EOF > %{buildroot}/%{legacy_actions}/iptables/panic
Packit 313676
#!/bin/bash
Packit 313676
exec %{script_path}/iptables.init panic
Packit 313676
EOF
Packit 313676
chmod 755 %{buildroot}/%{legacy_actions}/iptables/panic
Packit 313676
sed -e 's;iptables.init;ip6tables.init;g' -e 's;IPTABLES;IP6TABLES;g' < %{buildroot}/%{legacy_actions}/iptables/panic > ip6tabes.panic-legacy
Packit 313676
install -c -m 755 ip6tabes.panic-legacy %{buildroot}/%{legacy_actions}/ip6tables/panic
Packit 313676
Packit 313676
# install iptables-apply with man page
Packit 313676
install -m 755 iptables/iptables-apply %{buildroot}%{_sbindir}/
Packit 313676
install -m 644 iptables/iptables-apply.8 %{buildroot}%{_mandir}/man8/
Packit 313676
Packit 313676
%if 0%{?fedora} > 24
Packit 313676
# Remove /etc/ethertypes (now part of setup)
Packit 313676
rm -f %{buildroot}%{_sysconfdir}/ethertypes
Packit 313676
%endif
Packit 313676
Packit 313676
# drop all legacy tools
Packit 313676
rm -f %{buildroot}%{_sbindir}/*legacy*
Packit 313676
rm -f %{buildroot}%{_bindir}/iptables-xml
Packit 313676
rm -f %{buildroot}%{_mandir}/man1/iptables-xml*
Packit 313676
rm -f %{buildroot}%{_mandir}/man8/xtables-legacy*
Packit 313676
Packit 313676
# rename nft versions to standard name
Packit 313676
pfx=%{buildroot}%{_sbindir}/iptables
Packit 313676
for pfx in %{buildroot}%{_sbindir}/{iptables,ip6tables,arptables,ebtables}; do
Packit 313676
	mv $pfx-nft $pfx
Packit 313676
	mv $pfx-nft-restore $pfx-restore
Packit 313676
	mv $pfx-nft-save $pfx-save
Packit 313676
done
Packit 313676
Packit 313676
# extra sources for arptables
Packit 313676
install -p -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/arptables.service
Packit 313676
mkdir -p %{buildroot}%{_libexecdir}/
Packit 313676
install -p -D -m 755 %{SOURCE7} %{buildroot}%{_libexecdir}/
Packit 313676
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
Packit 313676
echo '# Configure prior to use' > %{buildroot}%{_sysconfdir}/sysconfig/arptables
Packit 313676
for sfx in "" "-restore" "-save"; do
Packit 313676
	echo '.so man8/arptables-nft${sfx}.8' > \
Packit 313676
		%{buildroot}%{_mandir}/man8/arptables${sfx}.8
Packit 313676
done
Packit 313676
Packit 313676
# extra sources for ebtables
Packit 313676
install -p %{SOURCE9} %{buildroot}%{_unitdir}/
Packit 313676
install -m0755 %{SOURCE8} %{buildroot}%{_libexecdir}/ebtables
Packit 313676
install -m0600 %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/ebtables-config
Packit 313676
touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables
Packit 313676
echo '.so man8/ebtables-nft.8' > %{buildroot}%{_mandir}/man8/ebtables.8
Packit 313676
Packit 313676
%if 0%{?rhel}
Packit 313676
%pre
Packit 313676
for p in %{_sysconfdir}/alternatives/{iptables,ip6tables}.*; do
Packit 313676
    if [ -h "$p" ]; then
Packit 313676
        ipt=$(readlink "$p")
Packit 313676
        echo "Removing alternatives for ${p##*/} with path $ipt"
Packit 313676
        %{_sbindir}/alternatives --remove "${p##*/}" "$ipt"
Packit 313676
    fi
Packit 313676
done
Packit 313676
%endif
Packit 313676
Packit 313676
%post -p /sbin/ldconfig
Packit 313676
Packit 313676
%postun -p /sbin/ldconfig
Packit 313676
Packit 313676
%post services
Packit 313676
%systemd_post iptables.service ip6tables.service
Packit 313676
Packit 313676
%preun services
Packit 313676
%systemd_preun iptables.service ip6tables.service
Packit 313676
Packit 313676
%postun services
Packit 313676
/sbin/ldconfig
Packit 313676
%systemd_postun iptables.service ip6tables.service
Packit 313676
Packit 313676
%post arptables
Packit 313676
%systemd_post arptables.service
Packit 313676
Packit 313676
%preun arptables
Packit 313676
%systemd_preun arptables.service
Packit 313676
Packit 313676
%postun arptables
Packit 313676
%systemd_postun arptables.service
Packit 313676
Packit 313676
%post ebtables
Packit 313676
%systemd_post ebtables.service
Packit 313676
Packit 313676
%preun ebtables
Packit 313676
%systemd_preun ebtables.service
Packit 313676
Packit 313676
%postun ebtables
Packit 313676
%systemd_postun_with_restart ebtables.service
Packit 313676
Packit 313676
%files
Packit 313676
%{!?_licensedir:%global license %%doc}
Packit 313676
%license COPYING
Packit 313676
%doc INCOMPATIBILITIES
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/iptables-config
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables-config
Packit 313676
%if 0%{?fedora} <= 24
Packit 313676
%{_sysconfdir}/ethertypes
Packit 313676
%endif
Packit 313676
%{_sbindir}/iptables
Packit 313676
%{_sbindir}/iptables-apply
Packit 313676
%{_sbindir}/iptables-restore
Packit 313676
%{_sbindir}/iptables-restore-translate
Packit 313676
%{_sbindir}/iptables-save
Packit 313676
%{_sbindir}/iptables-translate
Packit 313676
%{_sbindir}/ip6tables
Packit 313676
%{_sbindir}/ip6tables-restore
Packit 313676
%{_sbindir}/ip6tables-restore-translate
Packit 313676
%{_sbindir}/ip6tables-save
Packit 313676
%{_sbindir}/ip6tables-translate
Packit 313676
%{_sbindir}/xtables-monitor
Packit 313676
%{_sbindir}/xtables-nft-multi
Packit 313676
%doc %{_mandir}/man8/iptables*
Packit 313676
%doc %{_mandir}/man8/ip6tables*
Packit 313676
%doc %{_mandir}/man8/xtables-monitor*
Packit 313676
%doc %{_mandir}/man8/xtables-nft*
Packit 313676
%doc %{_mandir}/man8/*tables-translate*
Packit 313676
%doc %{_mandir}/man8/*tables-restore-translate*
Packit 313676
%dir %{_libdir}/xtables
Packit 313676
%{_libdir}/xtables/libarpt*
Packit 313676
%{_libdir}/xtables/libebt*
Packit 313676
%{_libdir}/xtables/libipt*
Packit 313676
%{_libdir}/xtables/libip6t*
Packit 313676
%{_libdir}/xtables/libxt*
Packit 313676
Packit 313676
%files libs
Packit 313676
%{_libdir}/libip*tc.so.%{iptc_so_ver}*
Packit 313676
%if 0%{?bootstrap}
Packit 313676
%{_libdir}/libip*tc.so.%{iptc_so_ver_old}*
Packit 313676
%endif
Packit 313676
%{_libdir}/libxtables.so.12*
Packit 313676
Packit 313676
%files devel
Packit 313676
%dir %{_includedir}/iptables
Packit 313676
%{_includedir}/iptables/*.h
Packit 313676
%{_includedir}/*.h
Packit 313676
%dir %{_includedir}/libiptc
Packit 313676
%{_includedir}/libiptc/*.h
Packit 313676
%dir %{_includedir}/libipulog
Packit 313676
%{_includedir}/libipulog/*.h
Packit 313676
%{_libdir}/libip*tc.so
Packit 313676
%{_libdir}/libxtables.so
Packit 313676
%{_libdir}/pkgconfig/libiptc.pc
Packit 313676
%{_libdir}/pkgconfig/libip4tc.pc
Packit 313676
%{_libdir}/pkgconfig/libip6tc.pc
Packit 313676
%{_libdir}/pkgconfig/xtables.pc
Packit 313676
Packit 313676
%files services
Packit 313676
%dir %{script_path}
Packit 313676
%{script_path}/iptables.init
Packit 313676
%{script_path}/ip6tables.init
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/iptables
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/ip6tables
Packit 313676
%{_unitdir}/iptables.service
Packit 313676
%{_unitdir}/ip6tables.service
Packit 313676
%dir %{legacy_actions}/iptables
Packit 313676
%{legacy_actions}/iptables/save
Packit 313676
%{legacy_actions}/iptables/panic
Packit 313676
%dir %{legacy_actions}/ip6tables
Packit 313676
%{legacy_actions}/ip6tables/save
Packit 313676
%{legacy_actions}/ip6tables/panic
Packit 313676
Packit 313676
%files utils
Packit 313676
%{_sbindir}/nfnl_osf
Packit 313676
%{_sbindir}/nfbpf_compile
Packit 313676
%dir %{_datadir}/xtables
Packit 313676
%{_datadir}/xtables/pf.os
Packit 313676
%doc %{_mandir}/man8/nfnl_osf*
Packit 313676
%doc %{_mandir}/man8/nfbpf_compile*
Packit 313676
Packit 313676
%files arptables
Packit 313676
%{_sbindir}/arptables*
Packit 313676
%{_libexecdir}/arptables-helper
Packit 313676
%{_unitdir}/arptables.service
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/arptables
Packit 313676
%doc %{_mandir}/man8/arptables*.8*
Packit 313676
Packit 313676
%files ebtables
Packit 313676
%{_sbindir}/ebtables*
Packit 313676
%{_libexecdir}/ebtables
Packit 313676
%{_unitdir}/ebtables.service
Packit 313676
%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
Packit 313676
%ghost %{_sysconfdir}/sysconfig/ebtables
Packit 313676
%doc %{_mandir}/man8/ebtables*.8*
Packit 313676
Packit 313676
%changelog
Packit Service 90f340
* Wed Oct 28 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-16
Packit Service 90f340
- tests/shell: Add test for bitwise avoidance fixes
Packit Service 90f340
- ebtables: Optimize masked MAC address matches
Packit Service 90f340
- nft: Optimize class-based IP prefix matches
Packit Service 90f340
- nft: Fix for broken address mask match detection
Packit Service 90f340
- nft: cache: Make nft_rebuild_cache() respect fake cache
Packit Service 90f340
- tests: shell: Improve concurrent noflush restore test a bit
Packit Service 90f340
- nft: Fix for concurrent noflush restore calls
Packit Service 90f340
- nft: Fix error reporting for refreshed transactions
Packit Service 90f340
- nft: Make batch_add_chain() return the added batch object
Packit Service 90f340
Packit 313676
* Sat Aug 15 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-15
Packit 313676
- Ignore sysctl files not suffixed '.conf'
Packit 313676
Packit 313676
* Wed Jun 24 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-14
Packit 313676
- nft: Fix for '-F' in iptables dumps
Packit 313676
- tests: shell: Test -F in dump files
Packit 313676
Packit 313676
* Fri May 29 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-13
Packit 313676
- Fix for endless loop in iptables-restore --test
Packit 313676
Packit 313676
* Tue May 26 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-12
Packit 313676
- Unbreak nfnl_osf tool
Packit 313676
Packit 313676
* Tue May 19 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-11
Packit 313676
- Complete ebtables-nft among match support
Packit 313676
- Replace RHEL-only xtables-monitor fix with upstream solution
Packit 313676
- xtables: Align effect of -4/-6 options with legacy
Packit 313676
- xtables: Drop -4 and -6 support from xtables-{save,restore}
Packit 313676
- Review systemd unit files
Packit 313676
Packit 313676
* Tue Mar 17 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-10
Packit 313676
- Fix for iptables-restore segfault under pressure
Packit 313676
- Fix for iptables-save segfault under pressure
Packit 313676
Packit 313676
* Mon Feb 24 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-9
Packit 313676
- iptables-test.py: Fix --host mode
Packit 313676
- xtables-monitor: Fix segfault when tracing
Packit 313676
Packit 313676
* Sat Feb 15 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-8
Packit 313676
- xtables-translate: Fix for iface++
Packit 313676
- tests: shell: Fix skip checks with --host mode
Packit 313676
- xtables-restore: fix for --noflush and empty lines
Packit 313676
Packit 313676
* Wed Feb 12 2020 Phil Sutter <psutter@redhat.com> - 1.8.4-7
Packit 313676
- xtables-translate: Fix for interface name corner-cases
Packit 313676
Packit 313676
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-6
Packit 313676
- Add missing patch in last release, uAPI covscan fix
Packit 313676
Packit 313676
* Mon Dec 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-5
Packit 313676
- Fix covscan-indicated problems
Packit 313676
Packit 313676
* Wed Dec 04 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-4
Packit 313676
- Fix for broken xtables-restore --noflush
Packit 313676
Packit 313676
* Tue Dec 03 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-3
Packit 313676
- Reduce globbing in library file names to expose future SONAME changes
Packit 313676
- Add bootstrapping for libip*tc SONAME bump
Packit 313676
Packit 313676
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-2
Packit 313676
- Use upstream-provided man pages for ebtables and arptables
Packit 313676
Packit 313676
* Mon Dec 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.4-1
Packit 313676
- Rebase onto upstream release 1.8.4
Packit 313676
Packit 313676
* Thu Aug 08 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-16
Packit 313676
- nft: Set socket receive buffer
Packit 313676
Packit 313676
* Wed Jul 31 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-15
Packit 313676
- doc: Install ip{6,}tables-restore-translate.8 man pages
Packit 313676
Packit 313676
* Tue Jul 02 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-14
Packit 313676
- arptables: Print space before comma and counters
Packit 313676
- extensions: Fix ipvs vproto parsing
Packit 313676
- extensions: Fix ipvs vproto option printing
Packit 313676
- extensions: Add testcase for libxt_ipvs
Packit 313676
Packit 313676
* Mon Jul 01 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-13
Packit 313676
- doc: Install ip{6,}tables-translate.8 manpages
Packit 313676
- nft: Eliminate dead code in __nft_rule_list
Packit 313676
Packit 313676
* Wed Jun 12 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-12
Packit 313676
- Add iptables-test.py testsuite to sources
Packit 313676
- extensions: libip6t_mh: fix bogus translation error
Packit 313676
- extensions: AUDIT: Document ineffective --type option
Packit 313676
- xtables-restore: Fix program names in help texts
Packit 313676
- xtables-save: Point at existing man page in help text
Packit 313676
- utils: Add a manpage for nfbpf_compile
Packit 313676
- Mark man pages in base package as documentation files
Packit 313676
Packit 313676
* Thu May 23 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-11
Packit 313676
- Enable verbose output when building
Packit 313676
Packit 313676
* Thu May 09 2019 Phil Sutter <psutter@redhat.com> - 1.8.2-10
Packit 313676
- arptables-nft: fix decoding of hlen on bigendian platforms
Packit 313676
- xtables-save: Fix table not found error message
Packit 313676
- xtables: Catch errors when zeroing rule rounters
Packit 313676
- extensions: TRACE: Point at xtables-monitor in documentation
Packit 313676
- extensions: libipt_realm: Document allowed realm values
Packit 313676
Packit 313676
* Fri Feb 08 2019 Phil Sutter - 1.8.2-9
Packit 313676
- ebtables-nft: Support user-defined chain policies
Packit 313676
Packit 313676
* Thu Feb 07 2019 Phil Sutter - 1.8.2-8
Packit 313676
- arptables.8: Document --set-counters option
Packit 313676
Packit 313676
* Thu Feb 07 2019 Phil Sutter - 1.8.2-7
Packit 313676
- arptables: Support --set-counters option
Packit 313676
Packit 313676
* Fri Feb 01 2019 Phil Sutter - 1.8.2-6
Packit 313676
- Improve performance with large rulesets
Packit 313676
- Fix for changes in arptables output
Packit 313676
- Fix for inserting rules at wrong position
Packit 313676
- Fix segfault when comparing rules with standard target
Packit 313676
- Fix ebtables output for negated values
Packit 313676
- Document missing arptables FORWARD chain
Packit 313676
Packit 313676
* Tue Dec 18 2018 Phil Sutter - 1.8.2-5
Packit 313676
- Drop change to test snippet not included in tarball from Patch4
Packit 313676
Packit 313676
* Tue Dec 18 2018 Phil Sutter - 1.8.2-4
Packit 313676
- Fix iptables init script for nftables-backend
Packit 313676
- Drop references to unsupported broute table from ebtables man page
Packit 313676
- xtables: Don't use native nftables comments
Packit 313676
Packit 313676
* Thu Dec 06 2018 Phil Sutter - 1.8.2-3
Packit 313676
- Drop change to test snippet not included in tarball from Patch3
Packit 313676
Packit 313676
* Thu Dec 06 2018 Phil Sutter - 1.8.2-2
Packit 313676
- Point out that nftables-variants are installed in package description
Packit 313676
- Fix for deleting arptables rules by referencing them
Packit 313676
Packit 313676
* Thu Dec 06 2018 Phil Sutter - 1.8.2-1
Packit 313676
- Rebase onto upstream version 1.8.2
Packit 313676
Packit 313676
* Thu Oct 25 2018 Phil Sutter - 1.8.1-2
Packit 313676
- Add upstream fixes to 1.8.1 release
Packit 313676
Packit 313676
* Thu Oct 25 2018 Phil Sutter - 1.8.1-1
Packit 313676
- Rebase onto upstream version 1.8.1
Packit 313676
Packit 313676
* Thu Sep 27 2018 Phil Sutter - 1.8.0-11
Packit 313676
- Fix for covscan warnings in init scripts
Packit 313676
Packit 313676
* Wed Sep 26 2018 Phil Sutter - 1.8.0-10
Packit 313676
- Fix short name of Artistic Licence
Packit 313676
Packit 313676
* Wed Sep 26 2018 Phil Sutter - 1.8.0-9
Packit 313676
- Add further fixes for issues identified by covscan
Packit 313676
- Fix for bogus "is incompatible" warnings
Packit 313676
- Fix layout in License tag
Packit 313676
- Replace "Fedora" with "RHEL" in description
Packit 313676
- Make devel sub-package depend on libs sub-package
Packit 313676
Packit 313676
* Mon Sep 17 2018 Phil Sutter - 1.8.0-8
Packit 313676
- Fix issues identified by covscan
Packit 313676
- xtables-restore: Fix flushing referenced custom chains
Packit 313676
- xtables: Accept --wait in iptables-nft-restore
Packit 313676
Packit 313676
* Mon Sep 03 2018 Phil Sutter - 1.8.0-7
Packit 313676
- xtables: Align return codes with legacy iptables
Packit 313676
- xtables: Drop use of IP6T_F_PROTO
Packit 313676
Packit 313676
* Wed Aug 29 2018 Phil Sutter - 1.8.0-6
Packit 313676
- xtables: Fix for deleting rules with comment
Packit 313676
Packit 313676
* Fri Aug 24 2018 Phil Sutter - 1.8.0-5
Packit 313676
- xtables: Use meta l4proto for -p match
Packit 313676
- ebtables: Fix for listing of non-existent chains
Packit 313676
- xtables: Fix for no output in iptables-nft -S
Packit 313676
Packit 313676
* Sat Aug 18 2018 Phil Sutter - 1.8.0-4
Packit 313676
- xtables: Fix for segfault in iptables-nft
Packit 313676
- ebtables: Fix entries count in chain listing
Packit 313676
- Use %%autosetup macro in %%prep
Packit 313676
Packit 313676
* Fri Aug 17 2018 Phil Sutter - 1.8.0-3
Packit 313676
- xtables: Make 'iptables -S nonexisting' return non-zero
Packit 313676
Packit 313676
* Fri Aug 10 2018 Phil Sutter - 1.8.0-2
Packit 313676
- Rebase onto upstream master commit 514de4801b731db4712
Packit 313676
- Add arptables and ebtables sub-packages
Packit 313676
Packit 313676
* Wed Jul 11 2018 Phil Sutter - 1.8.0-1
Packit 313676
- New upstream version 1.8.0
Packit 313676
- Drop compat sub-package
Packit 313676
- Use nft tool versions, drop legacy ones
Packit 313676
Packit 313676
* Thu Mar 01 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-2
Packit 313676
- Kill module unloading support
Packit 313676
- Support /etc/sysctl.d
Packit 313676
- Don't restart services after package update
Packit 313676
- Add support for --wait options to restore commands
Packit 313676
Packit 313676
* Wed Feb 21 2018 Michael Cronenworth <mike@cchtml.com> - 1.6.2-1
Packit 313676
- New upstream version 1.6.2
Packit 313676
  http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.2.txt
Packit 313676
Packit 313676
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-6
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Packit 313676
Packit 313676
* Sun Oct 22 2017 Kevin Fenzi <kevin@scrye.com> - 1.6.1-5
Packit 313676
- Rebuild for new libnftnl
Packit 313676
Packit 313676
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
Packit 313676
Packit 313676
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-3
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Packit 313676
Packit 313676
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
Packit 313676
Packit 313676
* Thu Feb 02 2017 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
Packit 313676
- New upstream version 1.6.1 with enhanced translation to nft support and
Packit 313676
  several fixes (RHBZ#1417323)
Packit 313676
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.1.txt
Packit 313676
- Enable parallel build again
Packit 313676
Packit 313676
* Thu Feb 02 2017 Petr Ĺ abata <contyk@redhat.com> - 1.6.0-4
Packit 313676
- Disabling parallel build to avoid build issues with xtables
Packit 313676
- See http://patchwork.alpinelinux.org/patch/1787/ for reference
Packit 313676
- This should be fixed in 1.6.1; parallel build can be restored after the
Packit 313676
  update
Packit 313676
Packit 313676
* Mon Dec 19 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-3
Packit 313676
- Dropped bad provides for iptables in services sub package (RHBZ#1327786)
Packit 313676
Packit 313676
* Fri Jul 22 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-2
Packit 313676
- /etc/ethertypes has been moved into the setup package for F-25+.
Packit 313676
  (RHBZ#1329256)
Packit 313676
Packit 313676
* Wed Apr 13 2016 Thomas Woerner <twoerner@redhat.com> - 1.6.0-1
Packit 313676
- New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990)
Packit 313676
  Upstream changelog:
Packit 313676
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
Packit 313676
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
Packit 313676
- Using scripts form RHEL-7 (RHBZ#1240366)
Packit 313676
- New compat sub package for nftables compatibility
Packit 313676
- Install iptables-apply (RHBZ#912047)
Packit 313676
- Fixed module uninstall (RHBZ#1324101)
Packit 313676
- Incorporated changes by Petr Pisar
Packit 313676
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
Packit 313676
Packit 313676
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.21-16
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
Packit 313676
Packit 313676
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-15
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
Packit 313676
Packit 313676
* Mon Dec 01 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-14
Packit 313676
- add dhcpv6-client to /etc/sysconfig/ip6tables (RHBZ#1169036)
Packit 313676
Packit 313676
* Mon Nov 03 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-13
Packit 313676
- iptables.init: use /run/lock/subsys/ instead of /var/lock/subsys/ (RHBZ#1159573)
Packit 313676
Packit 313676
* Mon Sep 29 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-12
Packit 313676
- ip[6]tables.init: change shebang from /bin/sh to /bin/bash (RHBZ#1147272)
Packit 313676
Packit 313676
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-11
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
Packit 313676
Packit 313676
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.21-10
Packit 313676
- fix license handling
Packit 313676
Packit 313676
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.21-9
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
Packit 313676
Packit 313676
* Wed Mar 12 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-8
Packit 313676
- add missing reload and panic actions
Packit 313676
- BuildRequires: pkgconfig(x) instead of x-devel
Packit 313676
- no need to specify file mode bits twice (in %%install and %%files)
Packit 313676
Packit 313676
* Sun Jan 19 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.4.21-7
Packit 313676
- Don't order services after syslog.target.
Packit 313676
Packit 313676
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
Packit 313676
- Enable connlabel support again, needs libnetfilter_conntrack
Packit 313676
Packit 313676
* Wed Jan 15 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-6
Packit 313676
- fixed update from RHEL-6 to RHEL-7 (RHBZ#1043901)
Packit 313676
Packit 313676
* Tue Jan 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-5
Packit 313676
- chmod /etc/sysconfig/ip[6]tables 755 -> 600
Packit 313676
Packit 313676
* Fri Jan 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-4
Packit 313676
- drop virtual provide for xtables.so.9
Packit 313676
- add default /etc/sysconfig/ip[6]tables (RHBZ#1034494)
Packit 313676
Packit 313676
* Thu Jan 09 2014 Jiri Popelka <jpopelka@redhat.com> - 1.4.21-3
Packit 313676
- no need to support the pre-systemd things
Packit 313676
- use systemd macros (#850166)
Packit 313676
- remove scriptlets for migrating to a systemd unit from a SysV initscripts
Packit 313676
- ./configure -> %%configure
Packit 313676
- spec clean up
Packit 313676
- fix self-obsoletion
Packit 313676
Packit 313676
* Thu Jan  9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-2
Packit 313676
- fixed system hang at shutdown if root device is network based (RHBZ#1007934)
Packit 313676
  Thanks to Rodrigo A B Freire for the patch
Packit 313676
Packit 313676
* Thu Jan  9 2014 Thomas Woerner <twoerner@redhat.com> 1.4.21-1
Packit 313676
- no connlabel.conf upstream anymore
Packit 313676
- new version 1.4.21
Packit 313676
  - doc: clarify DEBUG usage macro
Packit 313676
  - iptables: use autoconf to process .in man pages
Packit 313676
  - extensions: libipt_ULOG: man page should mention NFLOG as replacement
Packit 313676
  - extensions: libxt_connlabel: use libnetfilter_conntrack
Packit 313676
  - Introduce a new revision for the set match with the counters support
Packit 313676
  - libxt_CT: Add the "NOTRACK" alias
Packit 313676
  - libip6t_mh: Correct command to list named mh types in manpage
Packit 313676
  - extensions: libxt_DNAT, libxt_REDIRECT, libxt_NETMAP, libxt_SNAT, libxt_MASQUERADE, libxt_LOG: rename IPv4 manpage and tell about IPv6 support
Packit 313676
  - extensions: libxt_LED: fix parsing of delay
Packit 313676
  - ip{6}tables-restore: fix breakage due to new locking approach
Packit 313676
  - libxt_recent: restore minimum value for --seconds
Packit 313676
  - iptables-xml: fix parameter parsing (similar to 2165f38)
Packit 313676
  - extensions: add copyright statements
Packit 313676
  - xtables: improve get_modprobe handling
Packit 313676
  - ip[6]tables: Add locking to prevent concurrent instances
Packit 313676
  - iptables: Fix connlabel.conf install location
Packit 313676
  - ip6tables: don't print out /128
Packit 313676
  - libip6t_LOG: target output is different to libipt_LOG
Packit 313676
  - build: additional include path required after UAPI changes
Packit 313676
  - iptables: iptables-xml: Fix various parsing bugs
Packit 313676
  - libxt_recent: restore reap functionality to recent module
Packit 313676
  - build: fail in configure on missing dependency with --enable-bpf-compiler
Packit 313676
  - extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter
Packit 313676
  - extensions: libxt_set, libxt_SET: check the set family too
Packit 313676
  - ip6tables: Use consistent exit code for EAGAIN
Packit 313676
  - iptables: libxt_hashlimit.man: correct address
Packit 313676
  - iptables: libxt_conntrack.man extraneous commas
Packit 313676
  - iptables: libip(6)t_REJECT.man default icmp types
Packit 313676
  - iptables: iptables-xm1.1 correct man section
Packit 313676
  - iptables: libxt_recent.{c,man} dead URL
Packit 313676
  - iptables: libxt_string.man add examples
Packit 313676
  - extensions: libxt_LOG: use generic syslog reference in manpage
Packit 313676
  - iptables: extensions/GNUMakefile.in use CPPFLAGS
Packit 313676
  - iptables: correctly reference generated file
Packit 313676
  - ip[6]tables: fix incorrect alignment in commands_v_options
Packit 313676
  - build: add software version to manpage first line at configure stage
Packit 313676
  - extensions: libxt_cluster: add note on arptables-jf
Packit 313676
  - utils: nfsynproxy: fix error while compiling the BPF filter
Packit 313676
  - extensions: add SYNPROXY extension
Packit 313676
  - utils: add nfsynproxy tool
Packit 313676
  - iptables: state match incompatibilty across versions
Packit 313676
  - libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
Packit 313676
  - iptables: improve chain name validation
Packit 313676
  - iptables: spurious error in load_extension
Packit 313676
  - xtables: trivial spelling fix
Packit 313676
Packit 313676
* Sun Dec 22 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.19.1-2
Packit 313676
- Drop INSTALL from docs, escape macros in %%changelog.
Packit 313676
Packit 313676
* Wed Jul 31 2013 Thomas Woerner <twoerner@redhat.com> 1.4.19.1-1
Packit 313676
- new version 1.4.19.1
Packit 313676
  - libxt_NFQUEUE: fix bypass option documentation
Packit 313676
  - extensions: add connlabel match
Packit 313676
  - extensions: add connlabel match
Packit 313676
  - ip[6]tables: show --protocol instead of --proto in usage
Packit 313676
  - libxt_recent: Fix missing space in manpage for --mask option
Packit 313676
  - extensions: libxt_multiport: Update manpage to list valid protocols
Packit 313676
  - utils: nfnl_osf: use the right nfnetlink lib
Packit 313676
  - libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency
Packit 313676
  - Revert "build: resolve link failure for ip6t_NETMAP"
Packit 313676
  - libxt_osf: fix missing --ttl and --log in save output
Packit 313676
  - libxt_osf: fix bad location for location in --genre
Packit 313676
  - libip6t_SNPT: add manpage
Packit 313676
  - libip6t_DNPT: add manpage
Packit 313676
  - utils: updates .gitignore to include nfbpf_compile
Packit 313676
  - extensions: libxt_bpf: clarify --bytecode argument
Packit 313676
  - libxtables: fix parsing of dotted network mask format
Packit 313676
  - build: bump version to 1.4.19
Packit 313676
  - libxt_conntrack: fix state match alias state parsing
Packit 313676
  - extensions: add libxt_bpf extension
Packit 313676
  - utils: nfbpf_compile
Packit 313676
  - doc: mention SNAT in INPUT chain since kernel 2.6.36
Packit 313676
- fixed changelog date weekdays where needed
Packit 313676
Packit 313676
* Mon Mar  4 2013 Thomas Woerner <twoerner@redhat.com> 1.4.18-1
Packit 313676
- new version 1.4.18 
Packit 313676
  - lots of documentation changes
Packit 313676
  - Introduce match/target aliases
Packit 313676
  - Add the "state" alias to the "conntrack" match
Packit 313676
  - iptables: remove unused leftover definitions
Packit 313676
  - libxtables: add xtables_rule_matches_free
Packit 313676
  - libxtables: add xtables_print_num
Packit 313676
  - extensions: libip6t_DNPT: fix wording in DNPT target
Packit 313676
  - extension: libip6t_DNAT: allow port DNAT without address
Packit 313676
  - extensions: libip6t_DNAT: set IPv6 DNAT --to-destination
Packit 313676
  - extensions: S/DNPT: add missing save function
Packit 313676
- changes of 1.4.17:
Packit 313676
  - libxt_time: add support to ignore day transition
Packit 313676
  - Convert the NAT targets to use the kernel supplied nf_nat.h header
Packit 313676
  - extensions: add IPv6 MASQUERADE extension
Packit 313676
  - extensions: add IPv6 SNAT extension
Packit 313676
  - extensions: add IPv6 DNAT target
Packit 313676
  - extensions: add IPv6 REDIRECT extension
Packit 313676
  - extensions: add IPv6 NETMAP extension
Packit 313676
  - extensions: add NPT extension
Packit 313676
  - extensions: libxt_statistic: Fix save output
Packit 313676
Packit 313676
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.16.2-7
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
Packit 313676
Packit 313676
* Wed Jan 16 2013 Ville Skyttä <ville.skytta@iki.fi> - 1.4.16.2-6
Packit 313676
- Own unowned -services libexec dirs (#894464, Michael Scherer).
Packit 313676
- Fix -services unit file permissions (#732936, Michal Schmidt).
Packit 313676
Packit 313676
* Thu Nov  8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-5
Packit 313676
- fixed path of ip6tables.init in ip6tables.service
Packit 313676
Packit 313676
* Fri Nov  2 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-4
Packit 313676
- fixed missing services for update of pre F-18 installations (rhbz#867960)
Packit 313676
  - provide and obsolete old main package in services sub package
Packit 313676
  - provide and obsolete old ipv6 sub package (pre F-17) in services sub package
Packit 313676
Packit 313676
* Sun Oct 14 2012 Dan Horák <dan[at]dany.cz> 1.4.16.2-3
Packit 313676
- fix the compat provides for all 64-bit arches
Packit 313676
Packit 313676
* Fri Oct 12 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-2
Packit 313676
- new sub package services providing the systemd services (RHBZ#862922)
Packit 313676
- new sub package utils: provides nfnl_osf and the pf.os database
Packit 313676
- using %%{_libexecdir}/iptables as script path for the original init scripts
Packit 313676
- added service iptables save funcitonality using the new way provided by 
Packit 313676
  initscripts 9.37.1 (RHBZ#748134)
Packit 313676
- added virtual provide for libxtables.so.7
Packit 313676
Packit 313676
* Mon Oct  8 2012 Thomas Woerner <twoerner@redhat.com> 1.4.16.2-1
Packit 313676
- new version 1.4.16.2
Packit 313676
  - build: support for automake-1.12
Packit 313676
  - build: separate AC variable replacements from xtables.h
Packit 313676
  - build: have `make clean` remove dep files too
Packit 313676
  - doc: grammatical updates to libxt_SET
Packit 313676
  - doc: clean up interpunction in state list for xt_conntrack
Packit 313676
  - doc: deduplicate extension descriptions into a new manpage
Packit 313676
  - doc: trim "state" manpage and reference conntrack instead
Packit 313676
  - doc: have NOTRACK manpage point to CT instead
Packit 313676
  - doc: mention iptables-apply in the SEE ALSO sections
Packit 313676
  - extensions: libxt_addrtype: fix type in help message
Packit 313676
  - include: add missing linux/netfilter_ipv4/ip_queue.h
Packit 313676
  - iptables: fix wrong error messages
Packit 313676
  - iptables: support for match aliases
Packit 313676
  - iptables: support for target aliases
Packit 313676
  - iptables-restore: warn about -t in rule lines
Packit 313676
  - ip[6]tables-restore: cleanup to reduce one level of indentation
Packit 313676
  - libip6t_frag: match any frag id by default
Packit 313676
  - libxtables: consolidate preference logic
Packit 313676
  - libxt_devgroup: consolidate devgroup specification parsing
Packit 313676
  - libxt_devgroup: guard against negative numbers
Packit 313676
  - libxt_LED: guard against negative numbers
Packit 313676
  - libxt_NOTRACK: replace as an alias to CT --notrack
Packit 313676
  - libxt_state: replace as an alias to xt_conntrack
Packit 313676
  - libxt_tcp: print space before, not after "flags:"
Packit 313676
  - libxt_u32: do bounds checking for @'s operands
Packit 313676
  - libxt_*limit: avoid division by zero
Packit 313676
  - Merge branch 'master' of git://git.inai.de/iptables
Packit 313676
  - Merge remote-tracking branch 'nf/stable'
Packit 313676
  - New set match revision with --return-nomatch flag support
Packit 313676
- dropped fixrestore patch, upstream
Packit 313676
Packit 313676
* Wed Aug  1 2012 Thomas Woerner <twoerner@redhat.com> 1.4.15-1
Packit 313676
- new version 1.4.15
Packit 313676
  - extensions: add HMARK target
Packit 313676
  - iptables-restore: fix parameter parsing (shows up with gcc-4.7)
Packit 313676
  - iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)
Packit 313676
  - libxtables: add xtables_ip[6]mask_to_cidr
Packit 313676
  - libxt_devgroup: add man page snippet
Packit 313676
  - libxt_hashlimit: add support for byte-based operation
Packit 313676
  - libxt_recent: add --mask netmask
Packit 313676
  - libxt_recent: remove unused variable
Packit 313676
  - libxt_HMARK: correct a number of errors introduced by Pablo's rework
Packit 313676
  - libxt_HMARK: fix ct case example
Packit 313676
  - libxt_HMARK: fix output of iptables -L
Packit 313676
  - Revert "iptables-restore: move code to add_param_to_argv, cleanup (fix gcc-4.7)"
Packit 313676
Packit 313676
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-3
Packit 313676
- added fixrestore patch submitted to upstream by fryasu (nfbz#774) 
Packit 313676
  (RHBZ#825796)
Packit 313676
Packit 313676
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-2
Packit 313676
- disabled libipq, removed upstream, not provided by kernel anymore
Packit 313676
Packit 313676
* Wed Jul 18 2012 Thomas Woerner <twoerner@redhat.com> 1.4.14-1
Packit 313676
- new version 1.4.14
Packit 313676
  - extensions: add IPv6 capable ECN match extension
Packit 313676
  - extensions: add nfacct match
Packit 313676
  - extensions: add rpfilter module
Packit 313676
  - extensions: libxt_rateest: output all options in save hook
Packit 313676
  - iptables: missing free() in function cache_add_entry()
Packit 313676
  - iptables: missing free() in function delete_entry()
Packit 313676
  - libiptc: fix retry path in TC_INIT
Packit 313676
  - libiptc: Returns the position the entry was inserted
Packit 313676
  - libipt_ULOG: fix --ulog-cprange
Packit 313676
  - libxt_CT: add --timeout option
Packit 313676
  - ip(6)tables-restore: make sure argv is NULL terminated
Packit 313676
  - Revert "libiptc: Returns the position the entry was inserted"
Packit 313676
  - src: mark newly opened fds as FD_CLOEXEC (close on exec)
Packit 313676
  - tests: add rateest match rules
Packit 313676
- dropped patch5 (cloexec), merged upstream
Packit 313676
Packit 313676
* Mon Apr 23 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-5
Packit 313676
- reenable iptables default services
Packit 313676
Packit 313676
* Wed Feb 29 2012 Harald Hoyer <harald@redhat.com> 1.4.12.2-4
Packit 313676
- install everything in /usr
Packit 313676
  https://fedoraproject.org/wiki/Features/UsrMove
Packit 313676
Packit 313676
* Thu Feb 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-3
Packit 313676
- fixed auto enable check for Fedora > 16 and added rhel > 6 check
Packit 313676
Packit 313676
* Wed Feb 15 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-2
Packit 313676
- disabled autostart and auto enable for iptables.service and ip6tables.service
Packit 313676
  for Fedora > 16
Packit 313676
Packit 313676
* Mon Jan 16 2012 Thomas Woerner <twoerner@redhat.com> 1.4.12.2-1
Packit 313676
- new version 1.4.12.2 with new pkgconfig/libip4tc.pc and pkgconfig/libip6tc.pc
Packit 313676
  - build: make check stage not fail when building statically
Packit 313676
  - build: restore build order of modules
Packit 313676
  - build: scan for unreferenced symbols
Packit 313676
  - build: sort file list before build
Packit 313676
  - doc: clarification on the meaning of -p 0
Packit 313676
  - doc: document iptables-restore's -T option
Packit 313676
  - doc: fix undesired newline in ip6tables-restore(8)
Packit 313676
  - ip6tables-restore: implement missing -T option
Packit 313676
  - iptables: move kernel version find routing into libxtables
Packit 313676
  - libiptc: provide separate pkgconfig files
Packit 313676
  - libipt_SAME: set PROTO_RANDOM on all ranges
Packit 313676
  - libxtables: Fix file descriptor leak in xtables_lmap_init on error
Packit 313676
  - libxt_connbytes: fix handling of --connbytes FROM
Packit 313676
  - libxt_CONNSECMARK: fix spacing in output
Packit 313676
  - libxt_conntrack: improve error message on parsing violation
Packit 313676
  - libxt_NFQUEUE: fix --queue-bypass ipt-save output
Packit 313676
  - libxt_RATEEST: link with -lm
Packit 313676
  - libxt_statistic: link with -lm
Packit 313676
  - Merge branch 'stable'
Packit 313676
  - Merge branch 'stable' of git://dev.medozas.de/iptables
Packit 313676
  - nfnl_osf: add missing libnfnetlink_CFLAGS to compile process
Packit 313676
  - xtoptions: fill in fallback value for nvals
Packit 313676
  - xtoptions: simplify xtables_parse_interface
Packit 313676
Packit 313676
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.12.1-2
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
Packit 313676
Packit 313676
* Mon Dec 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12.1-1
Packit 313676
- new version 1.4.12.1 with new pkgconfig/libipq.pc
Packit 313676
  - build: abort autogen on subcommand failure
Packit 313676
  - build: strengthen check for overlong lladdr components
Packit 313676
  - build: workaround broken linux-headers on RHEL-5
Packit 313676
  - doc: clarify libxt_connlimit defaults
Packit 313676
  - doc: fix typo in libxt_TRACE
Packit 313676
  - extensions: use multi-target registration
Packit 313676
  - libip6t_dst: restore setting IP6T_OPTS_LEN flag
Packit 313676
  - libip6t_frag: restore inversion support
Packit 313676
  - libip6t_hbh: restore setting IP6T_OPTS_LEN flag
Packit 313676
  - libipq: add pkgconfig file
Packit 313676
  - libipt_ttl: document that negation is available
Packit 313676
  - libxt_conntrack: fix --ctproto 0 output
Packit 313676
  - libxt_conntrack: remove one misleading comment
Packit 313676
  - libxt_dccp: fix deprecated intrapositional ordering of !
Packit 313676
  - libxt_dccp: fix random output of ! on --dccp-option
Packit 313676
  - libxt_dccp: provide man pages options in short help too
Packit 313676
  - libxt_dccp: restore missing XTOPT_INVERT tags for options
Packit 313676
  - libxt_dccp: spell out option name on save
Packit 313676
  - libxt_dscp: restore inversion support
Packit 313676
  - libxt_hashlimit: default htable-expire must be in milliseconds
Packit 313676
  - libxt_hashlimit: observe new default gc-expire time when saving
Packit 313676
  - libxt_hashlimit: remove inversion from hashlimit rev 0
Packit 313676
  - libxt_owner: restore inversion support
Packit 313676
  - libxt_physdev: restore inversion support
Packit 313676
  - libxt_policy: remove superfluous inversion
Packit 313676
  - libxt_set: put differing variable names in directly
Packit 313676
  - libxt_set: update man page about kernel support on the feature
Packit 313676
  - libxt_string: define _GNU_SOURCE for strnlen
Packit 313676
  - libxt_string: escape the escaping char too
Packit 313676
  - libxt_string: fix space around arguments
Packit 313676
  - libxt_string: replace hex codes by char equivalents
Packit 313676
  - libxt_string: simplify hex output routine
Packit 313676
  - libxt_tcp: always print the mask parts
Packit 313676
  - libxt_TCPMSS: restore build with IPv6-less libcs
Packit 313676
  - libxt_TOS: update linux kernel version list for backported fix
Packit 313676
  - libxt_u32: fix missing allowance for inversion
Packit 313676
  - src: remove unused IPTABLES_MULTI define
Packit 313676
  - tests: add negation tests for libxt_statistic
Packit 313676
  - xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT
Packit 313676
- removed include/linux/types.h before build to be able to compile
Packit 313676
Packit 313676
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-2
Packit 313676
- dropped temporary provide again
Packit 313676
Packit 313676
* Tue Jul 26 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1.1
Packit 313676
- added temporary provides for libxtables.so.6 to be able to rebuild iproute,
Packit 313676
  which is part of the standard build environment
Packit 313676
Packit 313676
* Mon Jul 25 2011 Thomas Woerner <twoerner@redhat.com> 1.4.12-1
Packit 313676
- new version 1.4.12 with support of all new features of kernel 3.0
Packit 313676
  - build: attempt to fix building under Linux 2.4
Packit 313676
  - build: bump soversion for recent data structure change
Packit 313676
  - build: install modules in arch-dependent location
Packit 313676
  - doc: fix group range in libxt_NFLOG's man
Packit 313676
  - doc: fix version string in ip6tables.8
Packit 313676
  - doc: include matches/targets in manpage again
Packit 313676
  - doc: mention multiple verbosity flags
Packit 313676
  - doc: the -m option cannot be inverted
Packit 313676
  - extensions: support for per-extension instance global variable space
Packit 313676
  - iptables-apply: select default rule file depending on call name
Packit 313676
  - iptables: consolidate target/match init call
Packit 313676
  - iptables: Coverity: DEADCODE
Packit 313676
  - iptables: Coverity: NEGATIVE_RETURNS
Packit 313676
  - iptables: Coverity: RESOURCE_LEAK
Packit 313676
  - iptables: Coverity: REVERSE_INULL
Packit 313676
  - iptables: Coverity: VARARGS
Packit 313676
  - iptables: restore negation for -f
Packit 313676
  - libip6t_HL: fix option names from ttl -> hl
Packit 313676
  - libipt_LOG: fix ignoring all but last flags
Packit 313676
  - libxtables: ignore whitespace in the multiaddress argument parser
Packit 313676
  - libxtables: properly reject empty hostnames
Packit 313676
  - libxtables: set clone's initial data to NULL
Packit 313676
  - libxt_conntrack: move more data into the xt_option_entry
Packit 313676
  - libxt_conntrack: restore network-byte order for v1,v2
Packit 313676
  - libxt_hashlimit: use a more obvious expiry value by default
Packit 313676
  - libxt_rateest: abolish global variables
Packit 313676
  - libxt_RATEEST: abolish global variables
Packit 313676
  - libxt_RATEEST: fix userspacesize field
Packit 313676
  - libxt_RATEEST: use guided option parser
Packit 313676
  - libxt_state: fix regression about inversion of main option
Packit 313676
  - option: remove last traces of intrapositional negation
Packit 313676
- complete changelog:
Packit 313676
  http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.12.txt
Packit 313676
Packit 313676
* Thu Jul 21 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-4
Packit 313676
- merged ipv6 sub package into main package
Packit 313676
- renamed init scripts to /usr/libexec/ip*tables.init
Packit 313676
Packit 313676
* Fri Jul 15 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-3
Packit 313676
- added support for native systemd file (rhbz#694738)
Packit 313676
  - new iptables.service file
Packit 313676
  - additional requires
Packit 313676
  - moved sysv init scripts to /usr/libexec
Packit 313676
  - added new post, preun and postun scripts and triggers
Packit 313676
Packit 313676
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-2
Packit 313676
- dropped temporary provide again
Packit 313676
- enabled smp build
Packit 313676
Packit 313676
* Tue Jul 12 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1.1
Packit 313676
-  added temporary provides for libxtables.so.5 to be able to rebuild iproute,
Packit 313676
   which is part of the standard build environment
Packit 313676
Packit 313676
* Mon Jul 11 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11.1-1
Packit 313676
- new version 1.4.11.1, bug and doc fix release for 1.4.11
Packit 313676
Packit 313676
* Tue Jun  7 2011 Thomas Woerner <twoerner@redhat.com> 1.4.11-1
Packit 313676
- new version 1.4.11 with all new features of 2.6.37-39 (not usable)
Packit 313676
  - lots of changes and bugfixes for base and extensions
Packit 313676
  - complete changelog:
Packit 313676
    http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.11.txt
Packit 313676
Packit 313676
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.10-2
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
Packit 313676
Packit 313676
* Mon Jan 10 2011 Thomas Woerner <twoerner@redhat.com> 1.4.10-1
Packit 313676
- new version 1.4.10 with all new features of 2.6.36
Packit 313676
  - all: consistent syntax use in struct option
Packit 313676
  - build: fix static linking
Packit 313676
  - doc: let man(1) autoalign the text in xt_cpu
Packit 313676
  - doc: remove extra empty line from xt_cpu
Packit 313676
  - doc: minimal spelling updates to xt_cpu
Packit 313676
  - doc: consistent use of markup
Packit 313676
  - extensions: libxt_quota: don't ignore the quota value on deletion
Packit 313676
  - extensions: REDIRECT: add random help
Packit 313676
  - extensions: add xt_cpu match
Packit 313676
  - extensions: add idletimer xt target extension
Packit 313676
  - extensions: libxt_IDLETIMER: use xtables_param_act when checking options
Packit 313676
  - extensions: libxt_CHECKSUM extension
Packit 313676
  - extensions: libipt_LOG/libip6t_LOG: support macdecode option
Packit 313676
  - extensions: fix compilation of the new CHECKSUM target
Packit 313676
  - extensions: libxt_ipvs: user-space lib for netfilter matcher xt_ipvs
Packit 313676
  - iptables-xml: resolve compiler warnings
Packit 313676
  - iptables: limit chain name length to be consistent with targets
Packit 313676
  - libiptc: add Libs.private to pkgconfig files
Packit 313676
  - libiptc: build with -Wl,--no-as-needed
Packit 313676
  - xtables: remove unnecessary cast
Packit 313676
- dropped xt_CHECKSUM, added upstream
Packit 313676
Packit 313676
* Tue Oct 12 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-2
Packit 313676
- added xt_CHECKSUM patch from Michael S. Tsirkin (rhbz#612587)
Packit 313676
Packit 313676
* Wed Aug  4 2010 Thomas Woerner <twoerner@redhat.com> 1.4.9-1
Packit 313676
- new version 1.4.9 with all new features of 2.6.35
Packit 313676
  - doc: xt_hashlimit: fix a typo
Packit 313676
  - doc: xt_LED: nroff formatting requirements
Packit 313676
  - doc: xt_string: correct copy-and-pasting in manpage
Packit 313676
  - extensions: add the LED target
Packit 313676
  - extensions: libxt_quota.c: Support option negation
Packit 313676
  - extensions: libxt_rateest: fix bps options for iptables-save
Packit 313676
  - extensions: libxt_rateest: fix typo in the man page
Packit 313676
  - extensions: REDIRECT: add random help
Packit 313676
  - includes: sync header files from Linux 2.6.35-rc1
Packit 313676
  - libxt_conntrack: do print netmask
Packit 313676
  - libxt_hashlimit: always print burst value
Packit 313676
  - libxt_set: new revision added
Packit 313676
  - utils: add missing include flags to Makefile
Packit 313676
  - xtables: another try at chain name length checking
Packit 313676
  - xtables: remove xtables_set_revision function
Packit 313676
  - xt_quota: also document negation
Packit 313676
  - xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
Packit 313676
  - xt_sctp: support FORWARD_TSN chunk type
Packit 313676
Packit 313676
* Fri Jul  2 2010 Thomas Woerner <twoerner@redhat.com> 1.4.8-1
Packit 313676
- new version 1.4.8 all new features of 2.6.34 (rhbz#)
Packit 313676
  - extensions: REDIRECT: fix --to-ports parser
Packit 313676
  - iptables: add noreturn attribute to exit_tryhelp()
Packit 313676
  - extensions: MASQUERADE: fix --to-ports parser
Packit 313676
  - libxt_comment: avoid use of IPv4-specific examples
Packit 313676
  - libxt_CT: add a manpage
Packit 313676
  - iptables: correctly check for too-long chain/target/match names
Packit 313676
  - doc: libxt_MARK: no longer restricted to mangle table
Packit 313676
  - doc: remove claim that TCPMSS is limited to mangle
Packit 313676
  - libxt_recent: add a missing space in output
Packit 313676
  - doc: add manpage for libxt_osf
Packit 313676
  - libxt_osf: import nfnl_osf program
Packit 313676
  - extensions: add support for xt_TEE
Packit 313676
  - CT: fix --ctevents parsing
Packit 313676
  - extensions: add CT extension
Packit 313676
  - libxt_CT: print conntrack zone in ->print/->save
Packit 313676
  - xtables: fix compilation when debugging is enabled
Packit 313676
  - libxt_conntrack: document --ctstate UNTRACKED
Packit 313676
  - iprange: fix xt_iprange v0 parsing
Packit 313676
Packit 313676
* Wed Mar 24 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-2
Packit 313676
- added default values for IPTABLES_STATUS_VERBOSE and
Packit 313676
  IPTABLES_STATUS_LINENUMBERS in init script
Packit 313676
- added missing lsb keywords Required-Start and Required-Stop to init script
Packit 313676
Packit 313676
* Fri Mar  5 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-1
Packit 313676
- new version 1.4.7 with support for all new features of 2.6.33 (rhbz#570767)
Packit 313676
  - libip4tc: Add static qualifier to dump_entry()
Packit 313676
  - libipq: build as shared library
Packit 313676
  - recent: reorder cases in code (cosmetic cleanup)
Packit 313676
  - several man page and documentation fixes
Packit 313676
  - policy: fix error message showing wrong option
Packit 313676
  - includes: header updates
Packit 313676
  - Lift restrictions on interface names
Packit 313676
- fixed license and moved iptables-xml into base package according to review
Packit 313676
Packit 313676
* Wed Jan 27 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-2
Packit 313676
- moved libip*tc and libxtables libs to /lib[64], added symlinks for .so libs
Packit 313676
  to /usr/lib[64] for compatibility (rhbz#558796)
Packit 313676
Packit 313676
* Wed Jan 13 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-1
Packit 313676
- new version 1.4.6 with support for all new features of 2.6.32
Packit 313676
  - several man page fixes
Packit 313676
  - Support for nommu arches
Packit 313676
  - realm: remove static initializations
Packit 313676
  - libiptc: remove unused functions
Packit 313676
  - libiptc: avoid strict-aliasing warnings
Packit 313676
  - iprange: do accept non-ranges for xt_iprange v1
Packit 313676
  - iprange: warn on reverse range
Packit 313676
  - iprange: roll address parsing into a loop
Packit 313676
  - iprange: do accept non-ranges for xt_iprange v1 (log)
Packit 313676
  - iprange: warn on reverse range (log)
Packit 313676
  - libiptc: fix wrong maptype of base chain counters on restore
Packit 313676
  - iptables: fix undersized deletion mask creation
Packit 313676
  - style: reduce indent in xtables_check_inverse
Packit 313676
  - libxtables: hand argv to xtables_check_inverse
Packit 313676
  - iptables/extensions: make bundled options work again
Packit 313676
  - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
Packit 313676
  - iptables: take masks into consideration for replace command
Packit 313676
  - doc: explain experienced --hitcount limit
Packit 313676
  - doc: name resolution clarification
Packit 313676
  - iptables: expose option to zero packet/byte counters for a specific rule
Packit 313676
  - build: restore --disable-ipv6 functionality on system w/o v6 headers
Packit 313676
  - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark
Packit 313676
  - DNAT: fix incorrect check during parsing
Packit 313676
  - extensions: add osf extension
Packit 313676
  - conntrack: fix --expires parsing
Packit 313676
Packit 313676
* Thu Dec 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-2
Packit 313676
- dropped nf_ext_init remains from cloexec patch
Packit 313676
Packit 313676
* Thu Sep 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-1
Packit 313676
- new version 1.4.5 with support for all new features of 2.6.31
Packit 313676
  - libxt_NFQUEUE: add new v1 version with queue-balance option
Packit 313676
  - xt_conntrack: revision 2 for enlarged state_mask member
Packit 313676
  - libxt_helper: fix invalid passed option to check_inverse
Packit 313676
  - libiptc: split v4 and v6
Packit 313676
  - extensions: collapse registration structures
Packit 313676
  - iptables: allow for parse-less extensions
Packit 313676
  - iptables: allow for help-less extensions
Packit 313676
  - extensions: remove empty help and parse functions
Packit 313676
  - xtables: add multi-registration functions
Packit 313676
  - extensions: collapse data variables to use multi-reg calls
Packit 313676
  - xtables: warn of missing version identifier in extensions
Packit 313676
  - multi binary: allow subcommand via argv[1]
Packit 313676
  - iptables: accept multiple IP address specifications for -s, -d
Packit 313676
  - several build fixes
Packit 313676
  - several man page fixes
Packit 313676
- fixed two leaked file descriptors on sockets (rhbz#521397)
Packit 313676
Packit 313676
* Mon Aug 24 2009 Thomas Woerner <twoerner@redhat.com> 1.4.4-1
Packit 313676
- new version 1.4.4 with support for all new features of 2.6.30
Packit 313676
  - several man page fixes
Packit 313676
  - iptables: replace open-coded sizeof by ARRAY_SIZE
Packit 313676
  - libip6t_policy: remove redundant functions
Packit 313676
  - policy: use direct xt_policy_info instead of ipt/ip6t
Packit 313676
  - policy: merge ipv6 and ipv4 variant
Packit 313676
  - extensions: add `cluster' match support
Packit 313676
  - extensions: add const qualifiers in print/save functions
Packit 313676
  - extensions: use NFPROTO_UNSPEC for .family field
Packit 313676
  - extensions: remove redundant casts
Packit 313676
  - iptables: close open file descriptors
Packit 313676
  - fix segfault if incorrect protocol name is used
Packit 313676
  - replace open-coded sizeof by ARRAY_SIZE
Packit 313676
  - do not include v4-only modules in ip6tables manpage
Packit 313676
  - use direct xt_policy_info instead of ipt/ip6t
Packit 313676
  - xtables: fix segfault if incorrect protocol name is used
Packit 313676
  - libxt_connlimit: initialize v6_mask
Packit 313676
  - SNAT/DNAT: add support for persistent multi-range NAT mappings
Packit 313676
Packit 313676
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3.2-2
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Packit 313676
Packit 313676
* Wed Apr 15 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.2-1
Packit 313676
- new version 1.4.3.2
Packit 313676
- also install iptables/internal.h, needed for iptables.h and ip6tables.h
Packit 313676
Packit 313676
* Mon Mar 30 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.1-1
Packit 313676
- new version 1.4.3.1
Packit 313676
  - libiptc is now shared
Packit 313676
  - supports all new features of the 2.6.29 kernel
Packit 313676
- dropped typo_latter patch
Packit 313676
Packit 313676
* Thu Mar  5 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-3
Packit 313676
- still more review fixes (rhbz#225906)
Packit 313676
  - consistent macro usage
Packit 313676
  - use sed instead of perl for rpath removal
Packit 313676
  - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
Packit 313676
Packit 313676
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
Packit 313676
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Packit 313676
Packit 313676
* Fri Feb 20 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-1
Packit 313676
- new version 1.4.2
Packit 313676
- removed TOS value mask patch (upstream)
Packit 313676
- more review fixes (rhbz#225906)
Packit 313676
- install all header files (rhbz#462207)
Packit 313676
- dropped nf_ext_init (rhbz#472548)
Packit 313676
Packit 313676
* Tue Jul 22 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-2
Packit 313676
- fixed TOS value mask problem (rhbz#456244) (upstream patch)
Packit 313676
- two more cloexec fixes
Packit 313676
Packit 313676
* Tue Jul  1 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-1
Packit 313676
- upstream bug fix release 1.4.1.1
Packit 313676
- dropped extra patch for 1.4.1 - not needed anymore
Packit 313676
Packit 313676
* Tue Jun 10 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1-1
Packit 313676
- new version 1.4.1 with new build environment
Packit 313676
- additional ipv6 network mask patch from Jan Engelhardt
Packit 313676
- spec file cleanup
Packit 313676
- removed old patches
Packit 313676
Packit 313676
* Fri Jun  6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
Packit 313676
- use normal kernel headers, not linux/compiler.h
Packit 313676
- change BuildRequires: kernel-devel to kernel-headers
Packit 313676
- We need to do this to be able to build for both sparcv9 and sparc64 
Packit 313676
  (there is no kernel-devel.sparcv9)
Packit 313676
Packit 313676
* Thu Mar 20 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-4
Packit 313676
- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
Packit 313676
Packit 313676
* Mon Mar  3 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-3
Packit 313676
- use the kernel headers from the build tree for iptables for now to be able to 
Packit 313676
  compile this package, but this makes the package more kernel dependant
Packit 313676
- use s6_addr32 instead of in6_u.u6_addr32
Packit 313676
Packit 313676
* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
Packit 313676
- Autorebuild for GCC 4.3
Packit 313676
Packit 313676
* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-1
Packit 313676
- new version 1.4.0
Packit 313676
- fixed condrestart (rhbz#428148)
Packit 313676
- report the module in rmmod_r if there is an error
Packit 313676
- use nf_ext_init instead of my_init for extension constructors
Packit 313676
Packit 313676
* Mon Nov  5 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-6
Packit 313676
- fixed leaked file descriptor before fork/exec (rhbz#312191)
Packit 313676
- blacklisting is not working, use "install X /bin/(true|false)" test instead
Packit 313676
- return private exit code 150 for disabled ipv6 support
Packit 313676
- use script name for output messages
Packit 313676
Packit 313676
* Tue Oct 16 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-5
Packit 313676
- fixed error code for stopping a already stopped firewall (rhbz#321751)
Packit 313676
- moved blacklist test into start
Packit 313676
Packit 313676
* Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
Packit 313676
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
Packit 313676
- use simpler fix for (rhbz#295611)
Packit 313676
  Thanks to Linus Torvalds for the patch.
Packit 313676
Packit 313676
* Mon Sep 24 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4
Packit 313676
- fixed IPv6 reject type (rhbz#295181)
Packit 313676
- fixed init script: start, stop and status
Packit 313676
- support netfilter compiled into kernel in init script (rhbz#295611)
Packit 313676
- dropped inversion for limit modules from man pages (rhbz#220780)
Packit 313676
- fixed typo in ip6tables man page (rhbz#236185)
Packit 313676
Packit 313676
* Wed Sep 19 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-3
Packit 313676
- do not depend on local_fs in lsb header - this delayes start after network
Packit 313676
- fixed exit code for initscript usage
Packit 313676
Packit 313676
* Mon Sep 17 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2.1
Packit 313676
- do not use lock file for condrestart test
Packit 313676
Packit 313676
* Thu Aug 23 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2
Packit 313676
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
Packit 313676
- provide iptc interface again, but unsupported (rhbz#216733)
Packit 313676
- compile all extension, which are supported by the kernel-headers package
Packit 313676
- review fixes (rhbz#225906)
Packit 313676
Packit 313676
* Tue Jul 31 2007 Thomas Woerner <twoerner@redhat.com>
Packit 313676
- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888)
Packit 313676
Packit 313676
* Fri Jul 13 2007 Steve Conklin <sconklin@redhat.com> - 1.3.8-1
Packit 313676
- New version 1.3.8
Packit 313676
Packit 313676
* Mon Apr 23 2007 Jeremy Katz <katzj@redhat.com> - 1.3.7-2
Packit 313676
- fix error when ipv6 support isn't loaded in the kernel (#236888)
Packit 313676
Packit 313676
* Wed Jan 10 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1.1
Packit 313676
- fixed installation of secmark modules
Packit 313676
Packit 313676
* Tue Jan  9 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1
Packit 313676
- new verison 1.3.7
Packit 313676
- iptc is not a public interface and therefore not installed anymore
Packit 313676
- dropped upstream secmark patch
Packit 313676
Packit 313676
* Tue Sep 19 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-2
Packit 313676
- added secmark iptables patches (#201573)
Packit 313676
Packit 313676
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2.1
Packit 313676
- rebuild
Packit 313676
Packit 313676
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2
Packit 313676
- bump again for double-long bug on ppc(64)
Packit 313676
Packit 313676
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.1
Packit 313676
- rebuilt for new gcc4.1 snapshot and glibc changes
Packit 313676
Packit 313676
* Thu Feb  2 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-1
Packit 313676
- new version 1.3.5
Packit 313676
- fixed init script to set policy for raw tables, too (#179094)
Packit 313676
Packit 313676
* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 1.3.4-3
Packit 313676
- added important iptables header files to devel package
Packit 313676
Packit 313676
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
Packit 313676
- rebuilt
Packit 313676
Packit 313676
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-2
Packit 313676
- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and 
Packit 313676
  replace "_init" with "__attribute((constructor)) my_init"
Packit 313676
Packit 313676
* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1.1
Packit 313676
- rebuild due to unresolved symbols in shared libraries
Packit 313676
Packit 313676
* Fri Nov 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1
Packit 313676
- new version 1.3.4
Packit 313676
- dropped free_opts patch (upstream fixed)
Packit 313676
- made libipq PIC (#158623)
Packit 313676
- additional configuration options for iptables startup script (#172929)
Packit 313676
  Thanks to Jan Gruenwald for the patch
Packit 313676
- spec file cleanup (dropped linux_header define and usage)
Packit 313676
Packit 313676
* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.2-1
Packit 313676
- new version 1.3.2 with additional patch for the misplaced free_opts call
Packit 313676
  from Marcus Sundberg
Packit 313676
Packit 313676
* Wed May 11 2005 Thomas Woerner <twoerner@redhat.com> 1.3.1-1
Packit 313676
- new version 1.3.1
Packit 313676
Packit 313676
* Fri Mar 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-2
Packit 313676
- Remove unnecessary explicit kernel dep (#146142)
Packit 313676
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
Packit 313676
  for the patch
Packit 313676
- Adapted iptables-config to reference to modprobe.conf (#150143)
Packit 313676
- Remove misleading message (#140154): Thanks to Ulrich Drepper
Packit 313676
  for the patch
Packit 313676
Packit 313676
* Mon Feb 21 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-1
Packit 313676
- new version 1.3.0
Packit 313676
Packit 313676
* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
Packit 313676
- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
Packit 313676
Packit 313676
* Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
Packit 313676
- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
Packit 313676
- modified config file to match this change and un-commented variables with
Packit 313676
  default values
Packit 313676
Packit 313676
* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3
Packit 313676
- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
Packit 313676
  for the patch
Packit 313676
Packit 313676
* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
Packit 313676
- fixed free bug in iptables (#128322)
Packit 313676
Packit 313676
* Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
Packit 313676
- new version 1.2.11
Packit 313676
Packit 313676
* Thu Jun 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
Packit 313676
- new version 1.2.10
Packit 313676
Packit 313676
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
Packit 313676
- rebuilt
Packit 313676
Packit 313676
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
Packit 313676
- rebuilt
Packit 313676
Packit 313676
* Thu Feb 26 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-2.3
Packit 313676
- fixed iptables-restore -c fault if there are no counters (#116421)
Packit 313676
Packit 313676
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
Packit 313676
- rebuilt
Packit 313676
Packit 313676
* Sun Jan  25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
Packit 313676
- Close File descriptors to prevent SELinux error message
Packit 313676
Packit 313676
* Wed Jan  7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
Packit 313676
- rebuild
Packit 313676
Packit 313676
* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
Packit 313676
- vew version 1.2.9
Packit 313676
- new config options in ipXtables-config:
Packit 313676
  IPTABLES_MODULES_UNLOAD
Packit 313676
- more documentation in ipXtables-config
Packit 313676
- fix for netlink security issue in libipq (devel package)
Packit 313676
- print fix for libipt_icmp (#109546)
Packit 313676
Packit 313676
* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
Packit 313676
- marked all messages in iptables init script for translation (#107462)
Packit 313676
- enabled devel package (#105884, #106101)
Packit 313676
- bumped build for fedora for libipt_recent.so (#106002)
Packit 313676
Packit 313676
* Tue Sep 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-12.1
Packit 313676
- fixed lost udp port range in ip6tables-save (#104484)
Packit 313676
- fixed non numeric multiport port output in ipXtables-savs
Packit 313676
Packit 313676
* Mon Sep 22 2003 Florian La Roche <Florian.LaRoche@redhat.de> 1.2.8-11
Packit 313676
- do not link against -lnsl
Packit 313676
Packit 313676
* Wed Sep 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-10
Packit 313676
- made variables in rmmod_r local
Packit 313676
Packit 313676
* Tue Jul 22 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-9
Packit 313676
- fixed permission for init script
Packit 313676
Packit 313676
* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-8
Packit 313676
- fixed save when iptables file is missing and iptables-config permissions
Packit 313676
Packit 313676
* Tue Jul  8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
Packit 313676
- fixes for ip6tables: module unloading, setting policy only for existing 
Packit 313676
  tables
Packit 313676
Packit 313676
* Thu Jul  3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
Packit 313676
- IPTABLES_SAVE_COUNTER defaults to no, now
Packit 313676
- install config file in /etc/sysconfig
Packit 313676
- exchange unload of ip_tables and ip_conntrack
Packit 313676
- fixed start function
Packit 313676
Packit 313676
* Wed Jul  2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
Packit 313676
- new config option IPTABLES_SAVE_ON_RESTART
Packit 313676
- init script: new status, save and restart
Packit 313676
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
Packit 313676
Packit 313676
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
Packit 313676
- new config option IPTABLES_STATUS_NUMERIC
Packit 313676
- cleared IPTABLES_MODULES in iptables-config
Packit 313676
Packit 313676
* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
Packit 313676
- new init scripts
Packit 313676
Packit 313676
* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
Packit 313676
- remove check for very old kernel versions in init scripts
Packit 313676
- sync up both init scripts and remove some further ugly things
Packit 313676
- add some docu into rpm
Packit 313676
Packit 313676
* Thu Jun 26  2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
Packit 313676
- rebuild
Packit 313676
Packit 313676
* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
Packit 313676
- update to 1.2.8
Packit 313676
Packit 313676
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
Packit 313676
- rebuilt
Packit 313676
Packit 313676
* Mon Jan 13 2003 Bill Nottingham <notting@redhat.com> 1.2.7a-1
Packit 313676
- update to 1.2.7a
Packit 313676
- add a plethora of bugfixes courtesy Michael Schwendt <mschewndt@yahoo.com>
Packit 313676
Packit 313676
* Fri Dec 13 2002 Elliot Lee <sopwith@redhat.com> 1.2.6a-3
Packit 313676
- Fix multilib
Packit 313676
Packit 313676
* Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de>
Packit 313676
- fixed iptables and ip6tables initscript output, based on #70511
Packit 313676
- check return status of all iptables calls, not just the last one
Packit 313676
  in a 'for' loop.
Packit 313676
Packit 313676
* Mon Jul 29 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.6a-1
Packit 313676
- 1.2.6a (bugfix release, #69747)
Packit 313676
Packit 313676
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
Packit 313676
- automated rebuild
Packit 313676
Packit 313676
* Thu May 23 2002 Tim Powers <timp@redhat.com>
Packit 313676
- automated rebuild
Packit 313676
Packit 313676
* Mon Mar  4 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-3
Packit 313676
- Add some fixes from CVS, fixing bug #60465
Packit 313676
Packit 313676
* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-2
Packit 313676
- Merge ip6tables improvements from Ian Prowell <iprowell@prowell.org>
Packit 313676
  #59402
Packit 313676
- Update URL (#59354)
Packit 313676
- Use /sbin/chkconfig rather than chkconfig in %%postun script
Packit 313676
Packit 313676
* Fri Jan 11 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-1
Packit 313676
- 1.2.5
Packit 313676
Packit 313676
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
Packit 313676
- automated rebuild
Packit 313676
Packit 313676
* Mon Nov  5 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-2
Packit 313676
- Fix %%preun script
Packit 313676
Packit 313676
* Tue Oct 30 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-1
Packit 313676
- Update to 1.2.4 (various fixes, including security fixes; among others:
Packit 313676
  #42990, #50500, #53325, #54280)
Packit 313676
- Fix init script (#31133)
Packit 313676
Packit 313676
* Mon Sep  3 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.3-1
Packit 313676
- 1.2.3 (5 security fixes, some other fixes)
Packit 313676
- Fix updating (#53032)
Packit 313676
Packit 313676
* Mon Aug 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-4
Packit 313676
- Fix #50990
Packit 313676
- Add some fixes from current CVS; should fix #52620
Packit 313676
Packit 313676
* Mon Jul 16 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-3
Packit 313676
- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
Packit 313676
  issues
Packit 313676
Packit 313676
* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-2
Packit 313676
- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt
Packit 313676
  <mschwendt@yahoo.com>
Packit 313676
Packit 313676
* Tue May  8 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-1
Packit 313676
- 1.2.2
Packit 313676
Packit 313676
* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- 1.2.1a, fixes #28412, #31136, #31460, #31133
Packit 313676
Packit 313676
* Thu Mar  1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- Yet another initscript fix (#30173)
Packit 313676
- Fix the fixes; they fixed some issues but broke more important
Packit 313676
  stuff :/ (#30176)
Packit 313676
Packit 313676
* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- Fix up initscript (#27962)
Packit 313676
- Add fixes from CVS to iptables-{restore,save}, fixing #28412
Packit 313676
Packit 313676
* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
Packit 313676
- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
Packit 313676
Packit 313676
* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
Packit 313676
- fix bugzilla #25986 (initscript not marked as config file)
Packit 313676
- fix bugzilla #25962 (iptables-restore)
Packit 313676
- mv chkconfig --del from postun to preun
Packit 313676
Packit 313676
* Thu Feb  1 2001 Trond Eivind Glomsrød <teg@redhat.com>
Packit 313676
- Fix check for ipchains
Packit 313676
Packit 313676
* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- Some fixes to init scripts
Packit 313676
Packit 313676
* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- Add some fixes from CVS, fixes among other things Bug #24732
Packit 313676
Packit 313676
* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- Add missing man pages, fix up init script (Bug #17676)
Packit 313676
Packit 313676
* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
Packit 313676
- add init script
Packit 313676
Packit 313676
* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- 1.2
Packit 313676
- fix up ipv6 split
Packit 313676
- add init script
Packit 313676
- Move the plugins from /usr/lib/iptables to /lib/iptables.
Packit 313676
  This needs to work before /usr is mounted...
Packit 313676
- Use -O1 on alpha (compiler bug)
Packit 313676
Packit 313676
* Sat Jan  6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- 1.1.2
Packit 313676
- Add IPv6 support (in separate package)
Packit 313676
Packit 313676
* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
Packit 313676
- build everywhere
Packit 313676
Packit 313676
* Tue Jul 25 2000 Bernhard Rosenkraenzer <bero@redhat.com>
Packit 313676
- 1.1.1
Packit 313676
Packit 313676
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
Packit 313676
- automatic rebuild
Packit 313676
Packit 313676
* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
Packit 313676
- move iptables to /sbin.
Packit 313676
- excludearch alpha for now, not building there because of compiler bug(?)
Packit 313676
Packit 313676
* Fri Jun  9 2000 Bill Nottingham <notting@redhat.com>
Packit 313676
- don't obsolete ipchains either
Packit 313676
- update to 1.1.0
Packit 313676
Packit 313676
* Sun Jun  4 2000 Bill Nottingham <notting@redhat.com>
Packit 313676
- remove explicit kernel requirement
Packit 313676
Packit 313676
* Tue May  2 2000 Bernhard Rosenkränzer <bero@redhat.com>
Packit 313676
- initial package