Commit Graph

238 Commits

Author SHA1 Message Date
Thomas Woerner
c5f8c6ac2d - moved libip*tc and libxtables libs to /lib[64], added symlinks for .so
libs to /usr/lib[64] for compatibility (rhbz#558796)
2010-01-27 15:03:10 +00:00
Thomas Woerner
1053d485c1 - new version 1.4.6 with support for all new features of 2.6.32
- several man page fixes
- Support for nommu arches
- realm: remove static initializations
- libiptc: remove unused functions
- libiptc: avoid strict-aliasing warnings
- iprange: do accept non-ranges for xt_iprange v1
- iprange: warn on reverse range
- iprange: roll address parsing into a loop
- iprange: do accept non-ranges for xt_iprange v1 (log)
- iprange: warn on reverse range (log)
- libiptc: fix wrong maptype of base chain counters on restore
- iptables: fix undersized deletion mask creation
- style: reduce indent in xtables_check_inverse
- libxtables: hand argv to xtables_check_inverse
- iptables/extensions: make bundled options work again
- CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
- iptables: take masks into consideration for replace command
- doc: explain experienced --hitcount limit
- doc: name resolution clarification
- iptables: expose option to zero packet/byte counters for a specific rule
- build: restore --disable-ipv6 functionality on system w/o v6 headers
- MARK: print mark rules with mask 0xffffffff as --set-mark instead of
    --set-xmark
- DNAT: fix incorrect check during parsing
- extensions: add osf extension
- conntrack: fix --expires parsing
- dropped nf_ext_init remains from cloexec patch
2010-01-13 15:34:55 +00:00
Bill Nottingham
d718a940ab Fix typo that causes a failure to update the common directory. (releng
#2781)
2009-11-25 23:40:40 +00:00
Thomas Woerner
5b3956eb49 - new version 1.4.5 with support for all new features of 2.6.31
- libxt_NFQUEUE: add new v1 version with queue-balance option
- xt_conntrack: revision 2 for enlarged state_mask member
- libxt_helper: fix invalid passed option to check_inverse
- libiptc: split v4 and v6
- extensions: collapse registration structures
- iptables: allow for parse-less extensions
- iptables: allow for help-less extensions
- extensions: remove empty help and parse functions
- xtables: add multi-registration functions
- extensions: collapse data variables to use multi-reg calls
- xtables: warn of missing version identifier in extensions
- multi binary: allow subcommand via argv[1]
- iptables: accept multiple IP address specifications for -s, -d
- several build fixes
- several man page fixes
- fixed two leaked file descriptors on sockets (rhbz#521397)
2009-09-17 09:13:09 +00:00
Thomas Woerner
1014ae94df - new version 1.4.4 with support for all new features of 2.6.30
- several man page fixes
- iptables: replace open-coded sizeof by ARRAY_SIZE
- libip6t_policy: remove redundant functions
- policy: use direct xt_policy_info instead of ipt/ip6t
- policy: merge ipv6 and ipv4 variant
- extensions: add `cluster' match support
- extensions: add const qualifiers in print/save functions
- extensions: use NFPROTO_UNSPEC for .family field
- extensions: remove redundant casts
- iptables: close open file descriptors
- fix segfault if incorrect protocol name is used
- replace open-coded sizeof by ARRAY_SIZE
- do not include v4-only modules in ip6tables manpage
- use direct xt_policy_info instead of ipt/ip6t
- xtables: fix segfault if incorrect protocol name is used
- libxt_connlimit: initialize v6_mask
- SNAT/DNAT: add support for persistent multi-range NAT mappings
2009-08-25 13:45:19 +00:00
Jesse Keating
aef453d8f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 03:32:34 +00:00
Thomas Woerner
c31ad1566a - new version 1.4.3.2
- also install iptables/internal.h, needed for iptables.h and ip6tables.h
2009-04-15 12:29:01 +00:00
Thomas Woerner
9a94261e69 forgot to add patch 2009-03-30 12:59:19 +00:00
Thomas Woerner
a05f4f7574 - new version 1.4.3.1
- libiptc is now shared
- supports all new features of the 2.6.29 kernel
- dropped typo_latter patch
2009-03-30 12:53:21 +00:00
Thomas Woerner
50c011a4ab - still more review fixes (rhbz#225906)
- consistent macro usage
- use sed instead of perl for rpath removal
- use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for
    libiptc*)
2009-03-05 14:06:37 +00:00
Jesse Keating
986f923585 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 07:47:47 +00:00
Thomas Woerner
169383f4c9 - new version 1.4.2
- removed TOS value mask patch (upstream)
- more review fixes (rhbz#225906)
- install all header files (rhbz#462207)
- dropped nf_ext_init (rhbz#472548)
2009-02-20 13:44:58 +00:00
Thomas Woerner
53e82be23a - fixed TOS value mask problem (rhbz#456244) (upstream patch)
- two more cloexec fixes
2008-07-22 15:37:03 +00:00
Thomas Woerner
a3f9c4c7d9 - upstream bug fix release 1.4.1.1
- dropped extra patch for 1.4.1 - not needed anymore
2008-07-01 09:57:56 +00:00
Thomas Woerner
47932511b3 - new version 1.4.1 with new build environment
- additional ipv6 network mask patch from Jan Engelhardt
- spec file cleanup
- removed old patches
2008-06-10 13:08:35 +00:00
Tom Callaway
1a6c05b472 use normal kernel headers, not linux/compiler.h 2008-06-06 18:59:22 +00:00
Thomas Woerner
175162e6e7 - use O_CLOEXEC for all opened files in all applications (rhbz#438189) 2008-03-20 15:09:55 +00:00
Thomas Woerner
c5dfcf315c - removed // from _kernel because of /usr/lib/rpm/debugedit problem 2008-03-03 14:53:35 +00:00
Thomas Woerner
5d264de02c - use s6_addr32 instead of in6_u.u6_addr32 2008-03-03 13:47:25 +00:00
Thomas Woerner
b6002fe4b0 - force usage of kernel-devel in build environment instead of uname
detected kernel
2008-03-03 11:07:40 +00:00
Thomas Woerner
0d85675fe7 - dropped uname 2008-03-03 10:20:41 +00:00
Thomas Woerner
c06d2805b1 - also require kernel-devel 2008-03-03 10:19:26 +00:00
Thomas Woerner
d8ccf9fe1d - make it fully kernel dependant - linux/conpiler.h is still missing 2008-03-03 09:42:41 +00:00
Thomas Woerner
2d8b12dfae - use the kernel headers from the build tree for iptables for now to be
able to compile this package, but this makes the package more kernel
    dependant
2008-03-03 09:35:13 +00:00
Jesse Keating
b6ec3795a0 - Autorebuild for GCC 4.3 2008-02-20 05:58:52 +00:00
Thomas Woerner
0de8b7db13 - use nf_ext_init instead of my_init for extension constructors
- use kernel-headers package for KBUILD_OUTPUT
2008-02-11 15:16:43 +00:00
Thomas Woerner
bfc8fd6a19 - new version 1.4.0
- fixed condrestart (rhbz#428148)
- report the module in rmmod_r if there is an error
2008-02-11 13:56:53 +00:00
Thomas Woerner
6a95dca65a - fixed leaked file descriptor before fork/exec (rhbz#312191)
- blacklisting is not working, use "install X /bin/(true|false)" test
    instead
- return private exit code 150 for disabled ipv6 support
- use script name for output messages
2007-11-05 16:41:26 +00:00
Thomas Woerner
22d082249b - fixed error code for stopping a already stopped firewall (rhbz#321751)
- moved blacklist test into start
2007-10-16 15:30:01 +00:00
Bill Nottingham
26dd871d90 makefile update to properly grab makefile.common 2007-10-15 18:53:19 +00:00
Thomas Woerner
7617f871a1 - new release 4.1 2007-09-26 16:00:58 +00:00
Thomas Woerner
0396e7e145 - do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
- use simpler fix for (rhbz#295611) Thanks to Linus Torvalds for the patch.
2007-09-26 15:59:58 +00:00
Thomas Woerner
b467a216c0 - fixed IPv6 reject type (rhbz#295181)
- fixed init script: start, stop and status
- support netfilter compiled into kernel in init script (rhbz#295611)
- dropped inversion for limit modules from man pages (rhbz#220780)
- fixed typo in ip6tables man page (rhbz#236185)
2007-09-24 16:03:24 +00:00
Thomas Woerner
324c1a2ec7 - do not depend on local_fs in lsb header - this delayes start after
network
- fixed exit code for initscript usage
2007-09-19 16:30:16 +00:00
Thomas Woerner
996472d917 - do not use lock file for condrestart test 2007-09-17 15:46:05 +00:00
Thomas Woerner
498412ec5f [tw]
- do not use smp flags
2007-08-23 15:33:24 +00:00
Thomas Woerner
d7580e1c28 [tw] added patches 2007-08-23 14:55:32 +00:00
Thomas Woerner
32bdef74b2 [tw]
- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
- provide iptc interface again, but unsupported (rhbz#216733)
- compile all extension, which are supported by the kernel-headers package
- review fixes (rhbz#225906)
2007-08-23 14:54:50 +00:00
Steve Conklin
7b2367e316 Rebase to upstream release 1.3.8 2007-07-16 22:03:39 +00:00
Jeremy Katz
d784db838b - fix error when ipv6 support isn't loaded in the kernel (#236888) 2007-04-23 18:58:32 +00:00
Thomas Woerner
a7c4eb9f8d [tw]
- new release 1.1
2007-01-10 11:30:29 +00:00
Thomas Woerner
c19057201b [tw]
- fixed installation of secmark modules
2007-01-10 11:29:49 +00:00
Thomas Woerner
40a64baf6b [tw]
- new verison 1.3.7
- iptc is not a public interface and therefore not installed anymore
- dropped upstream secmark patch
2007-01-09 18:46:18 +00:00
Thomas Woerner
bcc3dc0c5a [tw]
- added secmark iptables patches (#201573)
2006-09-19 15:36:43 +00:00
Jesse Keating
9d71c81438 bumped for rebuild 2006-07-12 06:25:39 +00:00
Jesse Keating
d01da4bd19 bump for bug in double-long on ppc(64) 2006-02-11 03:37:55 +00:00
Jesse Keating
af4036e5e9 bump for new gcc/glibc 2006-02-07 12:17:14 +00:00
Thomas Woerner
bc7eeb0697 [tw]
- new version 1.3.5
- fixed init script to set policy for raw tables, too (#179094)
2006-02-02 13:24:00 +00:00
Thomas Woerner
5034db8c80 [tw] - added important iptables header files to devel package 2006-01-24 14:18:57 +00:00
Jesse Keating
3878a45f2b gcc update bump 2005-12-09 22:41:00 +00:00