Hi! The netfilter coreteam proudly presents:
iptables version 1.2.6
Changes include a couple of minor bugfixes to the iptables command line
utility, as well as some major updates/fixes to ip6tables. A summary
ChangeLog is attached to this message.
We want give more users an up-to-date version of the various new features
present in the "patch-o-matic" subsystem. patch-o-matic was split up in
several repositories, to help users distinguish between compatible and
incompatible sets of patches.
http://www.netfilter.org/files/iptables-1.2.6.tar.bz2
http://netfilter.samba.org/files/iptables-1.2.6.tar.bz2
ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.6.tar.bz2
More information can be found at the netfilter/iptables project homepage,
available at:
http://www.netfilter.org/
http://www.iptables.org/
Happy firewalling,
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
iptables v1.2.6 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18
Bugs Fixed from 1.2.5:
- Fix iptables segfault problem when using `!' without argument
[ Dionis Papavramidis, Harald Welte ]
- Fix PSD match for psd-delay-threshold > 100
[ Steven Coenen, Dennis Koslowski ]
- ip6tables alignment fixes
[ Andreas Herrmann ]
- patch-o-matic:
- Fix NAT-related bug in TCP window tracking code
[ Jozsef Kadlecsik ]
- Fix support for DNAT of locally-originated connections (NAT in
LOCAL_OUT)
[ Henrik Nordstrom, Harald Welte ]
- Fix string match (is now SMP safe)
[ Gianni Tedesco ]
- Fix TFTP conntrack/nat helper (now also catches first packet)
[ Magnus Boden ]
Changes from 1.2.5:
- Added global PREFIX makefile variable for all paths
[ Harald Welte ]
- If compiled without any COPT_FLAGS, debugging is disabled. To enable
debugging, use -DIPTC_DEBUG
[ Harald Welte ]
- New ip6tables-restore and ip6tables-save manpage
[ Andras Kis-Szabo ]
- Sync ip6tables-restore and ip6tables-save with iptables-restore
[ Andras Kis-Szabo ]
- Sync ip6tables with iptables
[ Andras Kis-Szabo ]
- mangle table attaches now to all five netfilter hooks
[ Brad Chapman, Harald Welte ]
- iptables and ip6tables manpage updates
[ Herve Eychenne ]
- patch-o-matic program now supports removal of already-applied patches
[ Bob Hockney ]
- patch-o-matic program now supports patches to the userspace extensions
[ Fabrice Marie ]
- patch-o-matic:
- Extend recent match to support multiple recent lists
[ Stephen Frost ]
- New GRE and PPTP connection tracking and NAT helper
[ Harald Welte ]
- New CONNMARK target for marking all packets within one connection
[ Henrik Nordstrom ]
- New conntrack match, enables matching on more conntrack informatin
than state
[ Marc Boucher ]
- New DSCP match and target (DSCP header field obsoletes TOS)
[ Harald Welte ]
- New owner match extension: Match on process name
[ Marc Boucher ]
- Add support for bitwise AND / OR manipulation on nfmark
[ Fabrice Marie ]
- New experimental patch for disabling TCP connection tracking pickup
[ Harald Welte ]
- Add support for SACK in all NAT helpers
[ Harald Welte ]
- Make eggdrop botnet connection tracking support work with eggdrop
v1.6.x
[ Magnus Sandin ]
- Add support to REJECT for sending icmp-unreachable messages
from a fake source address
[ Fabrice Marie ]
- Add support for ntalk2 to talk NAT helper
[ Jozsef Kadlecsik ]
- Big update to newnat patch
[ Jozsef Kadlecsik, Paul P Komkoff ]
msg00263/pgp00000.pgp
Description: PGP signature
