Hi! The netfilter coreteam proudly presents:
iptables version 1.2.6a
Unfortunately iptables 1.2.6, released three days ago, contained two unfixed
bugs due to a missing CVS commit. Sorry for this inconvenience, we will
include a one-week freeze before every future iptables release to prevent
this from happening again.
The two bugs fixed from 1.2.6 are:
1) if you use the patch-o-matic/base/conntrack.patch, libipt_conntrack.c does
not compile due to a typo.
2) if you use the patch-o-matic/submitted/ip_conntrack_protocol_unregister
patch, ip_conntrack_standalone.c does not compile.
Version 1.2.6a fixes both of bugs, it can be obtained from:
http://www.netfilter.org/files/iptables-1.2.6a.tar.bz2
http://netfilter.samba.org/files/iptables-1.2.6a.tar.bz2
ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.6a.tar.bz2
More information can be found at the netfilter/iptables project homepage,
available at:
http://www.netfilter.org/
http://www.iptables.org/
Happy firewalling,
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
iptables v1.2.6 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18
Bugs Fixed from 1.2.5:
- Fix iptables segfault problem when using `!' without argument
[ Dionis Papavramidis, Harald Welte ]
- Fix PSD match for psd-delay-threshold > 100
[ Steven Coenen, Dennis Koslowski ]
- ip6tables alignment fixes
[ Andreas Herrmann ]
- patch-o-matic:
- Fix NAT-related bug in TCP window tracking code
[ Jozsef Kadlecsik ]
- Fix support for DNAT of locally-originated connections (NAT in
LOCAL_OUT)
[ Henrik Nordstrom, Harald Welte ]
- Fix string match (is now SMP safe)
[ Gianni Tedesco ]
- Fix TFTP conntrack/nat helper (now also catches first packet)
[ Magnus Boden ]
Changes from 1.2.5:
- Added global PREFIX makefile variable for all paths
[ Harald Welte ]
- If compiled without any COPT_FLAGS, debugging is disabled. To enable
debugging, use -DIPTC_DEBUG
[ Harald Welte ]
- New ip6tables-restore and ip6tables-save manpage
[ Andras Kis-Szabo ]
- Sync ip6tables-restore and ip6tables-save with iptables-restore
[ Andras Kis-Szabo ]
- Sync ip6tables with iptables
[ Andras Kis-Szabo ]
- mangle table attaches now to all five netfilter hooks
[ Brad Chapman, Harald Welte ]
- iptables and ip6tables manpage updates
[ Herve Eychenne ]
- patch-o-matic program now supports removal of already-applied patches
[ Bob Hockney ]
- patch-o-matic program now supports patches to the userspace extensions
[ Fabrice Marie ]
- patch-o-matic:
- Extend recent match to support multiple recent lists
[ Stephen Frost ]
- New GRE and PPTP connection tracking and NAT helper
[ Harald Welte ]
- New CONNMARK target for marking all packets within one connection
[ Henrik Nordstrom ]
- New conntrack match, enables matching on more conntrack informatin
than state
[ Marc Boucher ]
- New DSCP match and target (DSCP header field obsoletes TOS)
[ Harald Welte ]
- New owner match extension: Match on process name
[ Marc Boucher ]
- Add support for bitwise AND / OR manipulation on nfmark
[ Fabrice Marie ]
- New experimental patch for disabling TCP connection tracking pickup
[ Harald Welte ]
- Add support for SACK in all NAT helpers
[ Harald Welte ]
- Make eggdrop botnet connection tracking support work with eggdrop
v1.6.x
[ Magnus Sandin ]
- Add support to REJECT for sending icmp-unreachable messages
from a fake source address
[ Fabrice Marie ]
- Add support for ntalk2 to talk NAT helper
[ Jozsef Kadlecsik ]
- Big update to newnat patch
[ Jozsef Kadlecsik, Paul P Komkoff ]
msg00300/pgp00000.pgp
Description: PGP signature
