Phil Sutter
6eebdb8221
iptables-1.8.10-5.el9
...
* Wed Aug 14 2024 Phil Sutter <psutter@redhat.com> [1.8.10-5.el9]
- xtables-monitor: Ignore ebtables policy rules unless tracing (Phil Sutter) [RHEL-47264]
- xtables-monitor: Fix for ebtables rule events (Phil Sutter) [RHEL-47264]
- tests: shell: New xtables-monitor test (Phil Sutter) [RHEL-47264]
- xtables-monitor: Support arptables chain events (Phil Sutter) [RHEL-47264]
- xtables-monitor: Align builtin chain and table output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Flush stdout after all lines of output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Proper re-init for rule's family (Phil Sutter) [RHEL-47264]
- nft: Fix for zeroing existent builtin chains (Phil Sutter) [RHEL-49497]
- nft: cache: Annotate faked base chains as such (Phil Sutter) [RHEL-49497]
- nft: Fix for zeroing non-existent builtin chains (Phil Sutter) [RHEL-49497]
Resolves: RHEL-47264, RHEL-49497
2024-08-14 16:11:43 +02:00
Phil Sutter
c4bd1fda82
iptables-1.8.10-4.el9
...
* Wed Jul 03 2024 Phil Sutter <psutter@redhat.com> [1.8.10-4.el9]
- spec: Simplify legacy package integration (Phil Sutter) [RHEL-5797]
Resolves: RHEL-5797
2024-07-03 15:18:39 +02:00
Phil Sutter
e74594c069
iptables-1.8.10-3.el9
...
* Wed Jun 12 2024 Phil Sutter <psutter@redhat.com> [1.8.10-3.el9]
- extensions: libxt_sctp: Add an extra assert() (Phil Sutter) [RHEL-40928]
- spec: Add symlinks for merged extension DSOs (Phil Sutter) [RHEL-32463]
- nft: Fix for broken recover_rule_compat() (Phil Sutter) [RHEL-26619]
- spec: Ship ebtables-translate and man page (Phil Sutter) [RHEL-32922]
Resolves: RHEL-26619, RHEL-32463, RHEL-32922, RHEL-40928
2024-06-12 22:52:05 +02:00
Phil Sutter
18727bce9f
iptables-1.8.10-2.el9
...
* Tue Nov 07 2023 Phil Sutter <psutter@redhat.com> [1.8.10-2.el9]
- ebtables: Fix corner-case noflush restore bug (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147
2023-11-07 22:46:55 +00:00
Phil Sutter
e68693c04a
tests: TRACE-target-of-iptables-can-t-work-in: Allow rmmod to fail
...
Modules are loaded with older kernels only, ignore if rmmod fails.
2023-10-27 20:34:56 +00:00
Phil Sutter
33ffe56c42
tests: iptables-nft does not lock in user space anymore
...
Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless
for old versions of RHEL/Fedora/CentOS.
Related: RHEL-14147
2023-10-27 20:10:19 +00:00
Phil Sutter
66c02f9077
tests: iptables-save-cuts-space-before-j: Fix for CentOS
...
Newer CentOS behave just like newer RHEL.
Related: RHEL-14147
2023-10-27 20:10:16 +00:00
Phil Sutter
26c9e1e407
tests: With iptables-nft, TRACE works differently
...
This is 'meta nftrace' internally, therefore have to use
'xtables-monitor --trace' command to fetch the traces (which also look a
bit differently).
Related: RHEL-14147
2023-10-27 20:10:13 +00:00
Phil Sutter
d977b706cf
tests: Drop checks for iptables RPM
...
On one hand, the check will fail as the RPM is called 'iptables-nft'. On
the other, if the RPM is missing the commands will fail as well so this
check happens implicitly anyway.
Related: RHEL-14147
2023-10-27 18:59:35 +00:00
Phil Sutter
0d517b6b1f
tests: Disable backport-iptables-add-libxt-cgroup-frontend test
...
It is disabled in RHTS as well. The main issue is that starting with
RHEL9, libcgroup-tools is no longer available. The test had to be
migrated to cgroups v2 in order to pass.
Related: RHEL-14147
2023-10-27 18:59:35 +00:00
Phil Sutter
4274fcf999
iptables-1.8.10-1.el9
...
* Fri Oct 27 2023 Phil Sutter <psutter@redhat.com> [1.8.10-1.el9]
- spec: Support for _excludedocs macro in alternatives installation (Phil Sutter) [RHEL-5810]
- Rebase onto version 1.8.10 (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147, RHEL-5810
2023-10-27 18:59:35 +00:00
Phil Sutter
979b61fb74
iptables-1.8.8-6.el9
...
- Add expected testsuite result
Related: rhbz#2136584
2022-12-16 21:34:22 +01:00
Phil Sutter
de14b081d8
iptables-1.8.8-5.el9
...
- nft: un-break among match with concatenation
- nft: fix ebtables among match when mac+ip addresses are used
Resolves: rhbz#2136584
2022-12-06 17:38:06 +01:00
Phil Sutter
3c61c034bd
iptables-1.8.8-4.el9
...
- libxtables: Fix unsupported extension warning corner case
Resolves: rhbz#2103988
2022-07-05 15:49:16 +02:00
Phil Sutter
7d8e51ef99
iptables-1.8.8-3.el9
...
- arptables: Support -x/--exact flag
Related: rhbz#2084543
2022-06-08 18:35:59 +02:00
Phil Sutter
73cb621bac
iptables-1.8.8-2.el9
...
- tests: shell: Check overhead in iptables-save and -restore
Related: rhbz#2065330
2022-06-02 14:49:22 +02:00
Phil Sutter
08d57e3b00
iptables-1.8.8-1.el9
...
- new version
Resolves: rhbz#2084543
2022-05-13 17:53:42 +02:00
Phil Sutter
21c02e6c1a
iptables-1.8.7-30.el9
...
- Use proto_to_name() from xshared in more places
Resolves: rhbz#2065330
2022-03-18 14:47:28 +01:00
Phil Sutter
a556128cb3
iptables-1.8.7-29.el9
...
- libxtables: Boost rule target checks by announcing chain names
- libxtables: Implement notargets hash table
- nft: Reject standard targets as chain names when restoring
- xshared: Merge and share parse_chain()
- xshared: Prefer xtables_chain_protos lookup over getprotoent
- nft: Speed up immediate parsing
- nft: Simplify immediate parsing
Resolves: rhbz#2065330
2022-03-18 11:37:11 +01:00
Phil Sutter
63c9e2ff10
iptables-1.8.7-28.el9
...
- extensions: SECMARK: Use a better context in test case
Related: rhbz#2047558
2022-02-16 12:44:11 +01:00
Phil Sutter
55e20eb624
iptables-1.8.7-27.el9
...
- extensions: SECMARK: Implement revision 1
Resolves: rhbz#2047558
2022-01-28 23:26:47 +01:00
Phil Sutter
17f0287b89
iptables-1.8.7-26.el9
...
- tests/shell: Assert non-verbose mode is silent
- nft: Fix for non-verbose check command
Resolves: rhbz#1989466
2021-10-11 17:31:01 +02:00
Phil Sutter
0c31aae58c
iptables-1.8.7-25.el9
...
- ebtables: Dump atomic waste
- doc: ebtables-nft.8: Adjust for missing atomic-options
- nft: Use xtables_malloc() in mnl_err_list_node_add()
Resolves: rhbz#1995473, rhbz#2011406
2021-10-06 17:06:16 +02:00
Phil Sutter
87d774601e
iptables-1.8.7-24.el9
...
- Add missing readlink required for iptables-nft(post)
Resolves: rhbz#2009742
2021-10-01 15:53:29 +02:00
Mohan Boddu
43aebb774a
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
...
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 20:59:20 +00:00
Phil Sutter
4816cd15af
iptables-1.8.7-22.el9
...
- nft-services must not depend on specific arch's build
Related: rhbz#1986982
2021-08-05 15:57:36 +02:00
Phil Sutter
38177fbc58
iptables-1.8.7-21.el9
...
- Build services sub-packages as noarch
Resolves: rhbz#1986982
2021-08-05 15:27:44 +02:00
Phil Sutter
5141adf17e
iptables-1.8.7-20.el9
...
- Make nft-services obsolete nft-compat to fix upgrade path
Related: rhbz#1951074
2021-07-30 16:05:58 +02:00
Phil Sutter
85c22b3c9c
iptables-1.8.7-19.el9
...
- Build iptables-services on C9S only
- Use systemd_ordering in nft-services, too
- Drop compat package, nft-services serves well for that purpose
- Make legacy unconditionally provide iptables, it's not built on RHEL
Resolves: rhbz#1951074
2021-07-29 18:14:24 +02:00
Phil Sutter
b67311577f
iptables-1.8.7-18.el9
...
- Make iptables-nft-services require iptables-services to avoid confusion
- Add deprecation notice to iptables-extensions man page as well
Resolves: rhbz#1985422, rhbz#1951074
2021-07-28 17:33:46 +02:00
Phil Sutter
41665c6c90
iptables-1.8.7-17.el9
...
- Provide a compat package to fix upgrade path from RHEL8
Resolves: rhbz#1951074
2021-07-12 13:08:50 +02:00
Phil Sutter
1dd5f70a68
iptables-1.8.7-16.el9
...
- Review systemd unit file
Resolves: rhbz#1977212
2021-07-05 14:15:52 +02:00
Phil Sutter
d5f1528238
iptables-1.8.7-15.el9
...
- doc: Improve deprecation notices a bit
- nft: cache: Sort chains on demand only
- nft: Increase BATCH_PAGE_SIZE to support huge rulesets
Related: rhbz#1945151
Resolves: rhbz#1978362
2021-07-02 18:26:15 +02:00
Štěpán Němec
629e39ce05
gating.yaml: don't gate on osci.brew-build.tier0.functional
...
It's currently just noise that we have to waive manually: the tests
(inherited from Fedora) are out of date, unmaintained and duplicate
other (internal RHEL) tests.
Longer-term solution yet to be worked out.
2021-06-28 09:39:00 +02:00
Phil Sutter
44ad65d496
iptables-1.8.7-14.el9
...
- doc: Add deprecation notices to all relevant man pages
Resolves: rhbz#1945151
2021-06-25 11:12:09 +02:00
Phil Sutter
d65c79ab67
iptables-1.8.7-13.el9
...
- extensions: sctp: Fix nftables translation
- nft: Fix bitwise expression avoidance detection
- iptables-nft: fix -Z option
- Do not build legacy sub-packages on RHEL
Resolves: rhbz#1927721
2021-06-16 15:16:36 +02:00
Phil Sutter
0f36a69aec
tests: Fix bridge-utils replacement
...
Typo in 'ip link add', 'type' argument was missing. Also update
'Requires:' line in Makefile.
Related: RHBZ#1954581
2021-06-16 11:35:10 +02:00
Phil Sutter
099ca6a1b5
tests: Drop dependency on non-existing bridge-utils
...
Replace the calls by equivalent ones to 'ip'.
Related: RHBZ#1954581
2021-06-14 13:42:25 +02:00
Phil Sutter
18fd73d348
iptables-1.8.7-12.el9
...
- arptables-nft-helper: Remove bashisms
- ebtables-helper: Drop unused variable, add a missing quote
- extensions: libxt_string: Avoid buffer size warning for strncpy()
- libxtables: Introduce xtables_strdup() and use it everywhere
- extensions: libebt_ip6: Use xtables_ip6parse_any()
- iptables-apply: Drop unused variable
- nft: Avoid buffer size warnings copying iface names
- nft: Avoid memleak in error path of nft_cmd_new()
- libxtables: Fix memleak in xtopt_parse_hostmask()
- extensions: libebt_ip6: Drop unused variables
- libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
Resolves: RHBZ#1938745
2021-06-10 18:38:53 +02:00
Štěpán Němec
c842cc8e23
Enable RHEL 9 gating (equivalent to RHEL 8)
2021-06-10 10:33:19 +02:00
Phil Sutter
4a68e9f94a
iptables-1.8.7-11.el9
...
- Fix License name in spec file
- Eliminate inet_aton() and inet_ntoa()
- nft-arp: Make use of ipv4_addr_to_string()
- Make legacy sub-packages obsolete older non-legacy ones
- Fix dates in changelog
- iptables.init: Fix functionality for iptables-nft
- iptables.init: Ignore sysctl files not suffixed '.conf'
- iptables.init: Drop unused NEW_MODUTILS check
- iptables.init: Drop some trailing whitespace
Resolves: RHBZ#1954581, RHBZ#1958262
2021-05-12 12:13:44 +02:00
Phil Sutter
b6b32fa391
iptables-1.8.7-10
...
- Add provides to iptables-nft-services
Related: RHBZ#1951074
2021-04-23 17:09:48 +02:00
Phil Sutter
5d9bdbf66a
iptables-1.8.7-9
...
- Add nft-services subpackage
Resolves: RHBZ#1951074
2021-04-21 18:30:44 +02:00
Phil Sutter
3c640d04d2
iptables-1.8.7-8
...
- Drop hacks to maintain upgrade path
Related: RHBZ#1927721
2021-04-19 15:33:15 +02:00
Mohan Boddu
724cb78453
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
...
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 00:36:59 +00:00
Robert Scheck
6e213cbdf7
iptables-1.8.7-6
...
This patch combines changes from f34 since iptables-1.8.7-3:
- Spec file cleanup
- Restore alternatives configuration after upgrade
- Fix license location
- Fix upgrade path with package rename
- Add missing dependencies to iptables-nft package
- Drop bootstrap code again
- Drop workarounds for F24 and lower
- Fix iptables-utils summary
- Ship iptables-apply with iptables-utils
- Reduce files sections by use of globbing
- Ship common man pages with iptables-libs
- Ship *-translate man pages with iptables-nft
- Move legacy iptables binaries, libraries and headers into sub-packages
- Introduce compat sub-package to help with above transitions
- Drop libipulog header from devel package, this belongs to libnetfilter_log
- Do not ship internal headers in devel package
Resolves: RHBZ#1927721
2021-04-15 16:56:49 +02:00
DistroBaker
b95090f5f5
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/iptables.git#648ffbc31613acd9f9015892c0820df9be00cb89
2021-01-28 14:21:56 +00:00
DistroBaker
78e6451c8f
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/iptables.git#1c2b75e472ee9d0aa4807a450d61f4bec138b664
2021-01-16 21:59:11 +00:00
DistroBaker
376a021a21
Merged update from upstream sources
...
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.
Source: https://src.fedoraproject.org/rpms/iptables.git#706150b129c945e887c203d96492d03046199bd2
2020-11-22 17:23:18 +00:00
Troy Dawson
701b94829c
RHEL 9.0.0 Alpha bootstrap
...
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/iptables#4ef8aaebbe6d2223197a3ce86a056949368aca86
2020-11-18 09:49:59 -08:00