Hi! The netfilter coreteam proudly presents:
iptables version 1.2.10
1.2.10 is (like most other 1.2.x releases) a maintainance release,
containing lots of bugfixes that have accumulated over time.
The ChangeLog is attached to this mail.
Version 1.2.10 can be obtained from:
http://www.netfilter.org/files/iptables-1.2.10.tar.bz2
ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.10.tar.bz2
Please note that since iptables-1.2.7, patch-o-matic is no longer part of
iptables, but distributed as a seperate package. You can obtain the
latest release and daily CVS snapshots from:
ftp://ftp.netfilter.org/pub/patch-o-matic/
Please also note: Since Kernel 2.6.x is out, we now use
patch-o-matic-ng for both 2.4.x and 2.6.x. Distributed as seperate
package:
ftp://ftp.netfilter.org/pub/patch-o-matic-ng
More information can be found at the netfilter/iptables project homepage,
available at:
http://www.netfilter.org/
http://www.iptables.org/
Happy firewalling,
--
- Harald Welte <[EMAIL PROTECTED]> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
iptables v1.2.10 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18
Bugs Fixed from 1.2.9:
- physdev match: fix new structure layout for kernel > 2.6.0-test8
[ Bart De Schuymer ]
- Better 64bit / 32bit split architecture detection
- IPv6 LOG target: Fix compiler warnings on 64bit
- LOG target: Fix compiler warnings on 64bit
- IPv6 MARK target: Use full 64bit mark on 64bit archs
- MARK target: Use full 64bit mark on 64bit archs
- SAME target: Fix 64bit/32bit splitarch problems
- ULOG target: Fix 64bit/32bit splitarch problems
- conntrack match: Fix 64bit/32bit splitarch problem
- IPv6 limit match: Fix 64bit/32bit splitarch problem
- limit match: Fix 64bit/32bit splitarch problem
- IPv6 mark match: Use full 64bit mark on 64bit archs
- mark match: Use full 64bit mark on 64bit archs
- owner match: Fix compiler warnings on 64bit
[ Martin Jofsefsson ]
- connbytes match: Fix signedness / unsigned issue
[ Martin Josefsson ]
- connlimit match: Fix '/0' netmask
[ David Ahern ]
- ipv6 owner match: fix possibly not zero terminated string
- helper match: fix possibly not zero terminated string
- recent match: fix possibly not zero terminated string
[ Karsten Desler ]
- ICMP match: fix '--icmp-type any' case
[ Harald Welte ]
- CONNMARK target: major update (add mark/mask matching)
[ Henrik Nordstrom ]
- DSCP target: Fix cosmetic help message problem
[ Maciej Soltysiak ]
- string match: Fix iptables-save/restore for ascii strings with spaces
[ Michael Rash ]
- ip(6)tables-restore: Make sure matches are used in the same order
[ Martin Josefsson ]
- ip(6)tables-restore: Fix '--verbose' option
- ip(6)tables-restore: Add '--test' option
- ip(6)tables-restore: Complain about missing 'COMMIT'
[ Martin Josefsson ]
- ip(6)tables-restore: Allow embedding of quote character in quoted strings
[ Michael Rash ]
- libipq: Protect against spoofed queue messages (check if sender is kernel)
[ Harald Welte ]
Changes from 1.2.9:
- time match: add 'datestart' and 'datestop' parameters
[ Fabrice Marie ]
- modular manpage build, depending on actually compiled-in features
[ Henrik Nordstrom ]
- additional documentation in manpage snippets formerly missing
[ Harald Welte ]
- support new CLUSTERIP Target
[ Harald Welte ]
- support new account match
[ Piotr Gasid'o ]
- support new connrate match
[ Nuuti Kotivuori ]
- support new dstlimit match
[ Harald Welte ]
- support new 'set' match / 'SET' target
[ Jozsef Kadlecsik ]
- osf match: add support for netlink reporting
[ Evgeniy Polyakov ]
- new SCTP protocol match
[ Kiran Kumar ]
Please note: Since version 1.2.7a, patch-o-matic is now no longer part of
iptables but rather distributed as a seperate package
(ftp://ftp.netfilter.org/pub/patch-o-matic/)
Please also note: Since Kernel 2.6.x is out, we now use patch-o-matic-ng, distributed
as seperate package:
(ftp://ftp.netfilter.org/pub/patch-o-matic-ng)
signature.asc
Description: Digital signature
