|
http://danieldegraaf.afraid.org/info/iptables/history Netfilter/iptables feature history 2.6.21 * a0ca215a730b2c4d5024143e64b0d80d50858667 - add MH (mobility header) match for IPv6 * SNAT --random - optionally randomizes source ports to avoid prediction attacks - breaks some NAT traversal algorithms, including that of Skype * xt_TCPMSS - move from ipt_TCPMSS to add IPv6 support 2.6.20 * nf_nat - IPv4 NAT and IPv6 conntrack * remove physdev-out for non-bridged packets - part of the feature removal schedule * xt_NFLOG - add a clean way to use nfnetlink_log rather than needing wierd hacks with LOG and ULOG * xt_hashlimit - move from ipt_hashlimit for IPv6 support 2.6.19 * remove matchsize argument - breaks pom. The removed field has been verified by checking the .matchsize field in struct xt_match since 2.6.17 * remove userinfo argument - breaks pom. The removed field was not used * xt_DSCP (and xt_dscp) - add IPv6 support * xt_quota - new packet counter match for bandwidth quotas 2.6.18 * xt_statistic - replaces the nth and random matches in POM, adding more precision to random and IPv6 support 2.6.17 * xt_multiport - unify IPv4/IPv6 multiport match * xt_esp - unify IPv4/IPv6 esp match * xt_{match,target} - add a const struct xt_match* or const struct xt_target* to the match, checkentry, and target functions - breaks pom * Add .matchsize field to struct xt_match - breaks pom 2.6.16 * x_tables - unify several IPv4 and IPv6 matches, change module names from ipt_* to xt_*. Full list: CLASSIFY CONNMARK MARK NFQUEUE NOTRACK comment connbytes connmark conntrack dccp length limit mac mark physdev pkttype realm sctp state string tcpmss tcpudp * Add protoff argument to match and target functions, breaks pom 2.6.15 * nf_conntrack - IPv6 conntrack 2.6.14 * --goto (instead of --jump) for targets * ipt_string - string matching * delete pid/sid/cmd parts of the owner match - they were always broken in SMP, and were in the way of other functionality * ipt_connbytes - connection byte counter match * ipt_dccp - dccp header match * nfnetlink - netlink subsystem for libnfnetlink which allows userspace control of netfilter internals * Home Daniel De Graaf My website, which I've developed in XHTML and CSS * Links Links of programs/websites I visit these websites once in a while, so I decided to put them all on a page so I could find them easily. It's not updated that often. * Linux Linux develoment The programs or patches I have made that relate to linux * Networking o iptables Firewalling for Linux All firewalls for linux are based on iptables. Instead of using a frontend, I have example scripts and some useful programs to work with them. o IPv6 Next-generation internet protocol IPv6, is an improved version of IPv4 with far more address space * About Me About Me I'm a junior at Iowa State university. I'm interested in mathematics, physics, computer networking and security. * Email Me Contact Me Email, Instant Message, Skype, file upload form... |
