Hi! The netfilter coreteam proudly presents:
iptables version 1.3.0rc1
1.3.0rc1 is the first release candidate of the iptables-1.3.x branch,
featuring a libiptc rewrite for major performance improvements at rule
loading time.
Apart from that, a surprisingly big number of small bug fixes have
accumulated since the 1.2.11 release in June 2004.
We ask users to test iptables-1.3.0rc1 and report any issues via
https://bugzilla.netfilter.org/.
The final 1.3.0 release is expected to be released within the next week.
The ChangeLog is attached to this mail.
Version 1.3.0rc1 can be obtained from:
http://www.netfilter.org/files/iptables-1.3.0rc1.tar.bz2
ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.0rc1.tar.bz2
Please also note: Since Kernel 2.6.x is out, we now use
patch-o-matic-ng for both 2.4.x and 2.6.x. patch-o-matic-ng is
Distributed as seperate package:
ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/
More information can be found at the netfilter/iptables project homepage,
available at:
http://www.netfilter.org/
http://www.iptables.org/
Happy firewalling,
--
- Harald Welte <[EMAIL PROTECTED]> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
iptables v1.3.0 Changelog (preleminiary as of 1.3.0rc1)
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18
Bugs fixed from 1.2.11:
- Fix compilation on systems where /bin/sh != bash
[ Jozsef Kadlecsik ]
- Fix setting lib_dir in ip*tables-{save,restore}
[ Martin Josefsson ]
- Fix module-autoloading in certain cases
[ Harald Welte ]
- libipt_TTL: limit range of valid TTL to 0-255
[ Maciej Soltysiak ]
- libip6t_HL: limit range of valid HL to 0-255
[ Maciej Soltysiak ]
- libip{6}t_limit: Fix half-working limit invert check
[ Phil Oester ]
- libipt_connbytes: Update to use the IP_CONNTRACK_ACCT counters
[ Harald Welte ]
- libipt_conntrack: Fix typo
[ Phil Oester ]
- libipt_dstlimit: Fix half-working invert check
[ Phil Oester ]
- libipt_helper: Prevent user from using --helper multiple times
[ Nicolas Bouliane ]
- libipt_iprange: Print error message if --dst-range used twice
[ Nicolas Bouliane ]
- libipt_nth: Fix help message syntax
[ Harald Welte ]
- libipt_psd: Fix option parsing
[ Pablo Neira ]
- libipt_random: Fix help message syntax
[ Harald Welte ]
- libipt_realm: Fix inversion of options
[ Simon Lodal ]
- libipt_time: Fix C++ style delayed variable definition
[ Olivier Clerget ]
- libipt_time: Print message about time match not adhering daylight saving
[ Phil Oester ]
- libipt_tos: Print Error message if --tos is specified twice
[ Nicolas Bouliane ]
- libipt_ttl: Cleanup ttl option parsing
[ Phil Oester ]
- libipt_u32: Fix option parsing
[ Piotr Gasid'o ]
Changes from 1.2.11:
- libiptc: complete rewrite for performance reasons
[ Harald Welte, Martin Josefsson ]
- introduce "DO_MULTI=1" mode to build a muilti-call binary
[ Bastiaan Bakker ]
- code cleanup, use C99 initializers
[ Harald Welte, Pablo Neira ]
- Extension revision number support (if kernel supports the getsockopts).
[ Rusty Russell ]
- Don't need ipt_entry_target()/ip6t_entry_target().
[ Rusty Russell ]
- Don't re-initialize libiptc/libip6t unless modprobe attempt succeeds.
[ Rusty Russell ]
- Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables
[ Rusty Russell ]
- Add manpage section about 'raw' table
[ Harald Welte ]
- libip{6}t_ROUTE: add ROUTE --tee mode
[ Patrick Schaaf ]
- libip{6}t_multiport: Print Error message when `!' is used
[ Patrick McHardy, Phil Oester ]
- New libip6t_physdev Match
[ Bart De Schuymer ]
- libipt_CLUSTERIP: Fix compiler warning about const
[ Harald Welte ]
- libipt_DNAT: Print Error message if `:' is used for port range
- libipt_SNAT: Print Error message if `:' is used for port range
[ Phil Oester ]
- libipt_LOG: Add --log-uid option
[ John Lange ]
- libipt_MARK: add bitwise operators
[ Henrik Nordstrom, Rusty Russell ]
- libipt_SET: Update to ipset2
[ Jozsef Kadlecsik ]
- libipt_account: Update to 0.1.16
[ Piotr Gasid'o ]
- New libipt_comment Match
[ Brad Fisher ]
- New libipt_hashlimit Match, supersedes dstlimit
[ Harald Welte ]
- libipt_ttl: Use string_to_number()
[ Rusty Russell ]
Please note: Since version 1.2.7a, patch-o-matic is now no longer part of
iptables but rather distributed as a seperate package
(ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot)
signature.asc
Description: Digital signature
