Hi!

The netfilter coreteam proudly presents:

        iptables version 1.3.0

The final 1.3.0 version contains some minor bugfixes and is otherwise
identical to the 1.3.0rc1 release candidate.

1.3.x is a major update to 1.2.11.  Apart from fixing numerous bugs (see
changelog), it contains the much-hyped libiptc rewrite.

The ChangeLog is attached to this mail.

Version 1.3.0 can be obtained from:

        http://www.netfilter.org/files/iptables-1.3.0.tar.bz2
        ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.0.tar.bz2

Please also note: Since Kernel 2.6.x is out, we now use
patch-o-matic-ng for both 2.4.x and 2.6.x. patch-o-matic-ng is
Distributed as seperate package: 
        ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/
        
More information can be found at the netfilter/iptables project homepage,
available at:

        http://www.netfilter.org/
        http://www.iptables.org/

Happy firewalling,

-- 
- Harald Welte <[EMAIL PROTECTED]>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
iptables v1.3.0 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18

Bugs fixed from 1.3.0rc1:

- Fix realm match save/restore issue
        [ Harald Welte ]

- Fix hashlimit rule deletion from userspace
        [ Samuel Jean ]

- Fix hashlimit parameter handling / iptables-save
        [ Nikolai Malykh ]

- Fix multiport inversion
        [ Phil Oester ]

Bugs fixed from 1.2.11:

- Fix compilation on systems where /bin/sh != bash
        [ Jozsef Kadlecsik ]

- Fix setting lib_dir in ip*tables-{save,restore}
        [ Martin Josefsson ]

- Fix module-autoloading in certain cases
        [ Harald Welte ]

- libipt_TTL: limit range of valid TTL to 0-255
        [ Maciej Soltysiak ]

- libip6t_HL: limit range of valid HL to 0-255
        [ Maciej Soltysiak ]

- libip{6}t_limit: Fix half-working limit invert check 
        [ Phil Oester ]

- libipt_connbytes: Update to use the IP_CONNTRACK_ACCT counters
        [ Harald Welte ]

- libipt_conntrack: Fix typo
        [ Phil Oester ]

- libipt_dstlimit: Fix half-working invert check 
        [ Phil Oester ]

- libipt_helper: Prevent user from using --helper multiple times
        [ Nicolas Bouliane ]

- libipt_iprange: Print error message if --dst-range used twice
        [ Nicolas Bouliane ]

- libipt_nth: Fix help message syntax
        [ Harald Welte ]

- libipt_psd: Fix option parsing
        [ Pablo Neira ]

- libipt_random: Fix help message syntax
        [ Harald Welte ]

- libipt_realm: Fix inversion of options
        [ Simon Lodal ]

- libipt_time: Fix C++ style delayed variable definition
        [ Olivier Clerget ]

- libipt_time: Print message about time match not adhering daylight saving
        [ Phil Oester ]

- libipt_tos: Print Error message if --tos is specified twice
        [ Nicolas Bouliane ]

- libipt_ttl: Cleanup ttl option parsing
        [ Phil Oester ]

- libipt_u32: Fix option parsing
        [ Piotr Gasid'o ]


Changes from 1.2.11:

- libiptc: complete rewrite for performance reasons
        [ Harald Welte, Martin Josefsson ]

- introduce "DO_MULTI=1" mode to build a muilti-call binary
        [ Bastiaan Bakker ]

- code cleanup, use C99 initializers
        [ Harald Welte, Pablo Neira ]

- Extension revision number support (if kernel supports the getsockopts).
        [ Rusty Russell ]

- Don't need ipt_entry_target()/ip6t_entry_target().
        [ Rusty Russell ]

- Don't re-initialize libiptc/libip6t unless modprobe attempt succeeds.
        [ Rusty Russell ]

- Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables
        [ Rusty Russell ]

- Add manpage section about 'raw' table
        [ Harald Welte ]


- libip{6}t_ROUTE: add ROUTE --tee mode
        [ Patrick Schaaf ]

- libip{6}t_multiport: Print Error message when `!' is used
        [ Patrick McHardy, Phil Oester ]

- New libip6t_physdev Match
        [ Bart De Schuymer ]

- libipt_CLUSTERIP: Fix compiler warning about const
        [ Harald Welte ]

- libipt_DNAT: Print Error message if `:' is used for port range
- libipt_SNAT: Print Error message if `:' is used for port range
        [ Phil Oester ]

- libipt_LOG: Add --log-uid option
        [ John Lange ]

- libipt_MARK: add bitwise operators
        [ Henrik Nordstrom, Rusty Russell ]

- libipt_SET: Update to ipset2
        [ Jozsef Kadlecsik ]

- libipt_account: Update to 0.1.16
        [ Piotr Gasid'o ]

- New libipt_comment Match
        [ Brad Fisher ]

- New libipt_hashlimit Match, supersedes dstlimit
        [ Harald Welte ]

- libipt_ttl: Use string_to_number()
        [ Rusty Russell ]


Please note: Since version 1.2.7a, patch-o-matic is now no longer part of
iptables but rather distributed as a seperate package
(ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot)

Attachment: signature.asc
Description: Digital signature

Reply via email to