[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Release of iptables-1.2.10

From:  Netfilter Core Team <coreteam@netfilter.org>
To:  Netfilter Announcement List <netfilter-announce@lists.netfilter.org>, Netfilter Mailinglist <netfilter@lists.netfilter.org>, Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject:  [ANNOUNCE] Release of iptables-1.2.10
Date:  Wed, 16 Jun 2004 21:38:19 +0200
Cc:  lwn@lwn.net

Hi!

The netfilter coreteam proudly presents:

	iptables version 1.2.10

1.2.10 is (like most other 1.2.x releases) a maintainance release,
containing lots of bugfixes that have accumulated over time.

The ChangeLog is attached to this mail.

Version 1.2.10 can be obtained from:

	http://www.netfilter.org/files/iptables-1.2.10.tar.bz2
	ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.10.tar.bz2

Please note that since iptables-1.2.7, patch-o-matic is no longer part of
iptables, but distributed as a seperate package.  You can obtain the
latest release and daily CVS snapshots from:

	ftp://ftp.netfilter.org/pub/patch-o-matic/

Please also note: Since Kernel 2.6.x is out, we now use
patch-o-matic-ng for both 2.4.x and 2.6.x. Distributed as seperate
package: 
	ftp://ftp.netfilter.org/pub/patch-o-matic-ng
	
More information can be found at the netfilter/iptables project homepage,
available at:

	http://www.netfilter.org/
	http://www.iptables.org/

Happy firewalling,

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

iptables v1.2.10 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18

Bugs Fixed from 1.2.9:

- physdev match: fix new structure layout for kernel > 2.6.0-test8
	[ Bart De Schuymer ]

- Better 64bit / 32bit split architecture detection
- IPv6 LOG target: Fix compiler warnings on 64bit
- LOG target: Fix compiler warnings on 64bit
- IPv6 MARK target: Use full 64bit mark on 64bit archs
- MARK target: Use full 64bit mark on 64bit archs
- SAME target: Fix 64bit/32bit splitarch problems
- ULOG target: Fix 64bit/32bit splitarch problems
- conntrack match: Fix 64bit/32bit splitarch problem
- IPv6 limit match: Fix 64bit/32bit splitarch problem
- limit match: Fix 64bit/32bit splitarch problem
- IPv6 mark match: Use full 64bit mark on 64bit archs
- mark match: Use full 64bit mark on 64bit archs
- owner match: Fix compiler warnings on 64bit
	[ Martin Jofsefsson ]

- connbytes match: Fix signedness / unsigned issue
	[ Martin Josefsson ]

- connlimit match: Fix '/0' netmask
	[ David Ahern ]

- ipv6 owner match: fix possibly not zero terminated string
- helper match: fix possibly not zero terminated string
- recent match: fix possibly not zero terminated string
	[ Karsten Desler ]

- ICMP match: fix '--icmp-type any' case
	[ Harald Welte ]

- CONNMARK target: major update (add mark/mask matching)
	[ Henrik Nordstrom ]

- DSCP target: Fix cosmetic help message problem 
	[ Maciej Soltysiak ]

- string match: Fix iptables-save/restore for ascii strings with spaces
	[ Michael Rash ]

- ip(6)tables-restore: Make sure matches are used in the same order
	[ Martin Josefsson ]

- ip(6)tables-restore: Fix '--verbose' option
- ip(6)tables-restore: Add '--test' option
- ip(6)tables-restore: Complain about missing 'COMMIT'
	[ Martin Josefsson ]

- ip(6)tables-restore: Allow embedding of quote character in quoted strings
	[ Michael Rash ]
	
- libipq: Protect against spoofed queue messages (check if sender is kernel)
	[ Harald Welte ]


Changes from 1.2.9:

- time match: add 'datestart' and 'datestop' parameters
	[ Fabrice Marie ]

- modular manpage build, depending on actually compiled-in features
	[ Henrik Nordstrom ]

- additional documentation in manpage snippets formerly missing
	[ Harald Welte ]

- support new CLUSTERIP Target
	[ Harald Welte ]

- support new account match
	[ Piotr Gasid'o ]

- support new connrate match
	[ Nuuti Kotivuori ]

- support new dstlimit match
	[ Harald Welte ]

- support new 'set' match / 'SET' target
	[ Jozsef Kadlecsik ]

- osf match: add support for netlink reporting
	[ Evgeniy Polyakov ]

- new SCTP protocol match
	[ Kiran Kumar ]


Please note: Since version 1.2.7a, patch-o-matic is now no longer part of
iptables but rather distributed as a seperate package
(ftp://ftp.netfilter.org/pub/patch-o-matic/)

Please also note: Since Kernel 2.6.x is out, we now use patch-o-matic-ng, distributed as seperate package:
(ftp://ftp.netfilter.org/pub/patch-o-matic-ng)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds