Author: renodr
Date: Sun Jan 24 19:04:27 2021
New Revision: 24135
Log:
Update to iptables-1.8.7
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/packages.ent
trunk/BOOK/postlfs/security/iptables.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Sat Jan 23 20:24:53 2021 (r24134)
+++ trunk/BOOK/general.ent Sun Jan 24 19:04:27 2021 (r24135)
@@ -1,12 +1,12 @@
<!-- $LastChangedBy$ $Date$ -->
-<!ENTITY day "23"> <!-- Always 2 digits -->
+<!ENTITY day "24"> <!-- Always 2 digits -->
<!ENTITY month "01"> <!-- Always 2 digits -->
<!ENTITY year "2021">
<!ENTITY copyrightdate "2001-&year;">
<!ENTITY copyholder "The BLFS Development Team">
<!ENTITY version "&year;-&month;-&day;">
-<!ENTITY releasedate "January 23rd, &year;">
+<!ENTITY releasedate "January 24th, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!-- x.y|development -->
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Sat Jan 23 20:24:53
2021 (r24134)
+++ trunk/BOOK/introduction/welcome/changelog.xml Sun Jan 24 19:04:27
2021 (r24135)
@@ -42,6 +42,16 @@
</listitem>
-->
<listitem>
+ <para>January 24th, 2021</para>
+ <itemizedlist>
+ <listitem>
+ <para>[renodr] - Update to iptables-1.8.7. Fixes
+ <ulink url="&blfs-ticket-root;14523">#14523</ulink>.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>January 23rd, 2021</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/packages.ent
==============================================================================
--- trunk/BOOK/packages.ent Sat Jan 23 20:24:53 2021 (r24134)
+++ trunk/BOOK/packages.ent Sun Jan 24 19:04:27 2021 (r24135)
@@ -15,7 +15,7 @@
<!ENTITY gnutls-version "3.7.0">
<!ENTITY gpgme-version "1.15.1">
<!ENTITY haveged-version "1.9.14">
-<!ENTITY iptables-version "1.8.6">
+<!ENTITY iptables-version "1.8.7">
<!ENTITY libcap-version "2.46">
<!ENTITY liboauth-version "1.0.3">
<!ENTITY linux-pam-version "1.5.1">
Modified: trunk/BOOK/postlfs/security/iptables.xml
==============================================================================
--- trunk/BOOK/postlfs/security/iptables.xml Sat Jan 23 20:24:53 2021
(r24134)
+++ trunk/BOOK/postlfs/security/iptables.xml Sun Jan 24 19:04:27 2021
(r24135)
@@ -6,10 +6,10 @@
<!ENTITY iptables-download-http
"http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2";>
<!ENTITY iptables-download-ftp
"ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2";>
- <!ENTITY iptables-md5sum "bc0f0adccc93c09dc5b7507ccba93148">
- <!ENTITY iptables-size "700 KB">
- <!ENTITY iptables-buildsize "17 MB">
- <!ENTITY iptables-time "0.2 SBU">
+ <!ENTITY iptables-md5sum "602ba7e937c72fbb7b1c2b71c3b0004b">
+ <!ENTITY iptables-size "704 KB">
+ <!ENTITY iptables-buildsize "22 MB">
+ <!ENTITY iptables-time "0.1 SBU">
]>
<sect1 id="iptables" xreflabel="iptables-&iptables-version;">
@@ -31,7 +31,7 @@
<para>
<application>iptables</application> is a userspace command line program
- used to configure Linux 2.4 and later kernel packet filtering ruleset.
+ used to configure the Linux 2.4 and later kernel packet filtering
ruleset.
</para>
&lfs10_checked;
@@ -77,10 +77,10 @@
<!-- <xref linkend="nftables"/>, -->
<xref linkend="libpcap"/> (required for nfsypproxy support),
<ulink url="https://github.com/tadamdam/bpf-utils";>bpf-utils</ulink>
- (required for Berkely Packet Filter support),
+ (required for Berkeley Packet Filter support),
<ulink
url="https://netfilter.org/projects/libnfnetlink/";>libnfnetlink</ulink>
(required for connlabel support),
- <ulink
url="https://netfilter.org/projects/libnetfilter_conntrack/";>libnetfilter_conntrack"</ulink>
+ <ulink
url="https://netfilter.org/projects/libnetfilter_conntrack/";>libnetfilter_conntrack</ulink>
(required for connlabel support), and
<ulink url="https://netfilter.org/projects/nftables/";>nftables</ulink>
</para>
@@ -183,7 +183,7 @@
<para>
<parameter>--disable-nftables</parameter>: This switch disables building
- nftables compat. <!--Omit this switch if you have installed
+ nftables compatibility. <!--Omit this switch if you have installed
<xref linkend="nftables"/>.-->
</para>
@@ -194,8 +194,8 @@
</para>
<para>
- <parameter>--with-xtlibdir=/lib/xtables</parameter>: Ensure all
- <application>iptables</application> modules are installed in the
+ <parameter>--with-xtlibdir=/lib/xtables</parameter>: This switch ensures
that
+ all <application>iptables</application> modules are installed in the
<filename class="directory">/lib/xtables</filename> directory.
</para>
@@ -206,7 +206,8 @@
<para>
<command>ln -sfv ../../sbin/xtables-legacy-multi
/usr/bin/iptables-xml</command>:
- Ensure the symbolic link for <command>iptables-xml</command> is relative.
+ This command ensures that the symbolic link for the
+ <command>iptables-xml</command> command is relative.
</para>
</sect2>
@@ -240,7 +241,7 @@
<para>
A Personal Firewall is designed to let you access all the
- services offered on the Internet, but keep your box secure and
+ services offered on the Internet while keeping your computer secure and
your data private.
</para>
@@ -249,7 +250,7 @@
recommendation from the <ulink
url="http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html";>
Linux 2.4 Packet Filtering HOWTO</ulink>. It is still applicable
- to the Linux 3.x kernels.
+ to the Linux 5.x kernels.
</para>
<screen role="root" revision="sysv"><?dbfo
keep-together="auto"?><userinput>cat > /etc/rc.d/rc.iptables << "EOF"
@@ -321,7 +322,7 @@
# (e.g. port mode ftp)
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-# Log everything else. What's Windows' latest exploitable vulnerability?
+# Log everything else.
iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
# End $rc_base/rc.iptables</literal>
@@ -399,7 +400,7 @@
# (e.g. port mode ftp)
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-# Log everything else. What's Windows' latest exploitable vulnerability?
+# Log everything else.
iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
# End /etc/systemd/scripts/iptables</literal>
@@ -433,12 +434,12 @@
<title>Masquerading Router</title>
<para>
- A network Firewall has two interfaces, one connected to an
+ A Network Firewall has two interfaces, one connected to an
intranet, in this example <emphasis role="strong">LAN1</emphasis>,
and one connected to the Internet, here <emphasis
role="strong">WAN1</emphasis>. To provide the maximum security
for the firewall itself, make sure that there are no unnecessary
- servers running on it such as <application>X11</application> et al.
+ servers running on it such as <application>X11</application>.
As a general principle, the firewall itself should not access
any untrusted service (think of a remote server giving answers that
makes a daemon on your system crash, or even worse, that implements
@@ -755,7 +756,7 @@
</listitem>
<listitem>
- <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptable example
number 4">
+ <para id='fw-BB-4-ipt' xreflabel="BusyBox with iptables example
number 4">
If you are frequently accessing FTP servers or enjoy chatting, you
might notice delays because some implementations of these daemons
query an identd daemon on your system to obtain usernames. Although
@@ -873,14 +874,34 @@
<seglistitem>
<seg>
- ip6tables, ip6tables-restore, ip6tables-save, iptables,
iptables-restore,
- iptables-save, iptables-xml, nfsynproxy (optional) and xtables-multi
+ ip6tables,
+ ip6tables-apply,
+ ip6tables-legacy,
+ ip6tables-legacy-restore,
+ ip6tables-legacy-save,
+ ip6tables-restore,
+ ip6tables-save,
+ iptables,
+ iptables-apply,
+ iptables-legacy,
+ iptables-legacy-restore,
+ iptables-legacy-apply,
+ iptables-restore,
+ iptables-save,
+ iptables-xml,
+ nfsynproxy (optional),
+ and xtables-multi
</seg>
<seg>
- libip4tc.so, libip6tc.so, libipq.so, libiptc.so, and libxtables.so
+ libip4tc.so,
+ libip6tc.so,
+ libipq.so,
+ libiptc.so,
+ and libxtables.so
</seg>
<seg>
- /lib/xtables and /usr/include/libiptc
+ /lib/xtables and
+ /usr/include/libiptc
</seg>
</seglistitem>
</segmentedlist>
@@ -902,6 +923,54 @@
</indexterm>
</listitem>
</varlistentry>
+
+ <varlistentry id="iptables-apply">
+ <term><command>iptables-apply</command></term>
+ <listitem>
+ <para>
+ is a safer way to update iptables remotely.
+ </para>
+ <indexterm zone="iptables iptables-apply">
+ <primary sortas="b-iptables-apply">iptables-apply</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="iptables-legacy">
+ <term><command>iptables-legacy</command></term>
+ <listitem>
+ <para>
+ is used to interact with iptables using the legacy command set.
+ </para>
+ <indexterm zone="iptables iptables-legacy">
+ <primary sortas="b-iptables-legacy">iptables-legacy</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="iptables-legacy-restore">
+ <term><command>iptables-legacy-restore</command></term>
+ <listitem>
+ <para>
+ is used to restore a set of legacy iptables rules.
+ </para>
+ <indexterm zone="iptables iptables-legacy-restore">
+ <primary
sortas="b-iptables-legacy-restore">iptables-legacy-restore</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="iptables-legacy-save">
+ <term><command>iptables-legacy-save</command></term>
+ <listitem>
+ <para>
+ is used to save a set of legacy iptables rules.
+ </para>
+ <indexterm zone="iptables iptables-legacy-save">
+ <primary
sortas="b-iptables-legacy-save">iptables-legacy-save</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
<varlistentry id="iptables-restore">
<term><command>iptables-restore</command></term>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
