rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
58 Commits 8 Branches 53 Tags 1.1 MiB
43ce2831cb
Commit Graph

58 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Murphy Zhou
43ce2831cb iptables: c9s: adding tmt gating plans 
For FuSa: https://issues.redhat.com/browse/VROOM-23635

Signed-off-by: Murphy Zhou <xzhou@redhat.com>
 2024-12-12 09:31:42 +08:00
Phil Sutter
cd46da9928 iptables-1.8.10-8.el9 
* Thu Dec 05 2024 Phil Sutter <psutter@redhat.com> [1.8.10-8.el9]
- Revert "xshared: Print protocol numbers if --numeric was given" (Phil Sutter) [RHEL-70173]
Resolves: RHEL-70173
 2024-12-05 18:03:18 +01:00
Phil Sutter
5371b0d64d iptables-1.8.10-7.el9 
* Wed Nov 27 2024 Phil Sutter <psutter@redhat.com> [1.8.10-7.el9]
- Bump release for side-tag (Phil Sutter) [RHEL-69283 RHEL-69284]
Resolves: RHEL-69283, RHEL-69284
 2024-11-27 15:14:18 +01:00
Phil Sutter
a5012940ba iptables-1.8.10-6.el9 
* Wed Nov 27 2024 Phil Sutter <psutter@redhat.com> [1.8.10-6.el9]
- Bump release for RHEL-9.5.z (Phil Sutter) [RHEL-69283 RHEL-69284]
Resolves: RHEL-69283, RHEL-69284
 2024-11-27 14:44:59 +01:00
Phil Sutter
6eebdb8221 iptables-1.8.10-5.el9 
* Wed Aug 14 2024 Phil Sutter <psutter@redhat.com> [1.8.10-5.el9]
- xtables-monitor: Ignore ebtables policy rules unless tracing (Phil Sutter) [RHEL-47264]
- xtables-monitor: Fix for ebtables rule events (Phil Sutter) [RHEL-47264]
- tests: shell: New xtables-monitor test (Phil Sutter) [RHEL-47264]
- xtables-monitor: Support arptables chain events (Phil Sutter) [RHEL-47264]
- xtables-monitor: Align builtin chain and table output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Flush stdout after all lines of output (Phil Sutter) [RHEL-47264]
- xtables-monitor: Proper re-init for rule's family (Phil Sutter) [RHEL-47264]
- nft: Fix for zeroing existent builtin chains (Phil Sutter) [RHEL-49497]
- nft: cache: Annotate faked base chains as such (Phil Sutter) [RHEL-49497]
- nft: Fix for zeroing non-existent builtin chains (Phil Sutter) [RHEL-49497]
Resolves: RHEL-47264, RHEL-49497
 2024-08-14 16:11:43 +02:00
Phil Sutter
c4bd1fda82 iptables-1.8.10-4.el9 
* Wed Jul 03 2024 Phil Sutter <psutter@redhat.com> [1.8.10-4.el9]
- spec: Simplify legacy package integration (Phil Sutter) [RHEL-5797]
Resolves: RHEL-5797
 2024-07-03 15:18:39 +02:00
Phil Sutter
e74594c069 iptables-1.8.10-3.el9 
* Wed Jun 12 2024 Phil Sutter <psutter@redhat.com> [1.8.10-3.el9]
- extensions: libxt_sctp: Add an extra assert() (Phil Sutter) [RHEL-40928]
- spec: Add symlinks for merged extension DSOs (Phil Sutter) [RHEL-32463]
- nft: Fix for broken recover_rule_compat() (Phil Sutter) [RHEL-26619]
- spec: Ship ebtables-translate and man page (Phil Sutter) [RHEL-32922]
Resolves: RHEL-26619, RHEL-32463, RHEL-32922, RHEL-40928
 2024-06-12 22:52:05 +02:00
Phil Sutter
18727bce9f iptables-1.8.10-2.el9 
* Tue Nov 07 2023 Phil Sutter <psutter@redhat.com> [1.8.10-2.el9]
- ebtables: Fix corner-case noflush restore bug (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147
 2023-11-07 22:46:55 +00:00
Phil Sutter
e68693c04a tests: TRACE-target-of-iptables-can-t-work-in: Allow rmmod to fail 
Modules are loaded with older kernels only, ignore if rmmod fails.
 2023-10-27 20:34:56 +00:00
Phil Sutter
33ffe56c42 tests: iptables-nft does not lock in user space anymore 
Effectively disable xtables-tools-locking-vulnerable-to-local-DoS unless
for old versions of RHEL/Fedora/CentOS.

Related: RHEL-14147
 2023-10-27 20:10:19 +00:00
Phil Sutter
66c02f9077 tests: iptables-save-cuts-space-before-j: Fix for CentOS 
Newer CentOS behave just like newer RHEL.

Related: RHEL-14147
 2023-10-27 20:10:16 +00:00
Phil Sutter
26c9e1e407 tests: With iptables-nft, TRACE works differently 
This is 'meta nftrace' internally, therefore have to use
'xtables-monitor --trace' command to fetch the traces (which also look a
bit differently).

Related: RHEL-14147
 2023-10-27 20:10:13 +00:00
Phil Sutter
d977b706cf tests: Drop checks for iptables RPM 
On one hand, the check will fail as the RPM is called 'iptables-nft'. On
the other, if the RPM is missing the commands will fail as well so this
check happens implicitly anyway.

Related: RHEL-14147
 2023-10-27 18:59:35 +00:00
Phil Sutter
0d517b6b1f tests: Disable backport-iptables-add-libxt-cgroup-frontend test 
It is disabled in RHTS as well. The main issue is that starting with
RHEL9, libcgroup-tools is no longer available. The test had to be
migrated to cgroups v2 in order to pass.

Related: RHEL-14147
 2023-10-27 18:59:35 +00:00
Phil Sutter
4274fcf999 iptables-1.8.10-1.el9 
* Fri Oct 27 2023 Phil Sutter <psutter@redhat.com> [1.8.10-1.el9]
- spec: Support for _excludedocs macro in alternatives installation (Phil Sutter) [RHEL-5810]
- Rebase onto version 1.8.10 (Phil Sutter) [RHEL-14147]
Resolves: RHEL-14147, RHEL-5810
 2023-10-27 18:59:35 +00:00
Phil Sutter
979b61fb74 iptables-1.8.8-6.el9 
- Add expected testsuite result

Related: rhbz#2136584
 2022-12-16 21:34:22 +01:00
Phil Sutter
de14b081d8 iptables-1.8.8-5.el9 
- nft: un-break among match with concatenation
- nft: fix ebtables among match when mac+ip addresses are used

Resolves: rhbz#2136584
 2022-12-06 17:38:06 +01:00
Phil Sutter
3c61c034bd iptables-1.8.8-4.el9 
- libxtables: Fix unsupported extension warning corner case

Resolves: rhbz#2103988
 2022-07-05 15:49:16 +02:00
Phil Sutter
7d8e51ef99 iptables-1.8.8-3.el9 
- arptables: Support -x/--exact flag

Related: rhbz#2084543
 2022-06-08 18:35:59 +02:00
Phil Sutter
73cb621bac iptables-1.8.8-2.el9 
- tests: shell: Check overhead in iptables-save and -restore

Related: rhbz#2065330
 2022-06-02 14:49:22 +02:00
Phil Sutter
08d57e3b00 iptables-1.8.8-1.el9 
- new version

Resolves: rhbz#2084543
 2022-05-13 17:53:42 +02:00
Phil Sutter
21c02e6c1a iptables-1.8.7-30.el9 
- Use proto_to_name() from xshared in more places

Resolves: rhbz#2065330
 2022-03-18 14:47:28 +01:00
Phil Sutter
a556128cb3 iptables-1.8.7-29.el9 
- libxtables: Boost rule target checks by announcing chain names
- libxtables: Implement notargets hash table
- nft: Reject standard targets as chain names when restoring
- xshared: Merge and share parse_chain()
- xshared: Prefer xtables_chain_protos lookup over getprotoent
- nft: Speed up immediate parsing
- nft: Simplify immediate parsing

Resolves: rhbz#2065330
 2022-03-18 11:37:11 +01:00
Phil Sutter
63c9e2ff10 iptables-1.8.7-28.el9 
- extensions: SECMARK: Use a better context in test case

Related: rhbz#2047558
 2022-02-16 12:44:11 +01:00
Phil Sutter
55e20eb624 iptables-1.8.7-27.el9 
- extensions: SECMARK: Implement revision 1

Resolves: rhbz#2047558
 2022-01-28 23:26:47 +01:00
Phil Sutter
17f0287b89 iptables-1.8.7-26.el9 
- tests/shell: Assert non-verbose mode is silent
- nft: Fix for non-verbose check command

Resolves: rhbz#1989466
 2021-10-11 17:31:01 +02:00
Phil Sutter
0c31aae58c iptables-1.8.7-25.el9 
- ebtables: Dump atomic waste
- doc: ebtables-nft.8: Adjust for missing atomic-options
- nft: Use xtables_malloc() in mnl_err_list_node_add()

Resolves: rhbz#1995473, rhbz#2011406
 2021-10-06 17:06:16 +02:00
Phil Sutter
87d774601e iptables-1.8.7-24.el9 
- Add missing readlink required for iptables-nft(post)

Resolves: rhbz#2009742
 2021-10-01 15:53:29 +02:00
Mohan Boddu
43aebb774a Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 20:59:20 +00:00
Phil Sutter
4816cd15af iptables-1.8.7-22.el9 
- nft-services must not depend on specific arch's build

Related: rhbz#1986982
 2021-08-05 15:57:36 +02:00
Phil Sutter
38177fbc58 iptables-1.8.7-21.el9 
- Build services sub-packages as noarch

Resolves: rhbz#1986982
 2021-08-05 15:27:44 +02:00
Phil Sutter
5141adf17e iptables-1.8.7-20.el9 
- Make nft-services obsolete nft-compat to fix upgrade path

Related: rhbz#1951074
 2021-07-30 16:05:58 +02:00
Phil Sutter
85c22b3c9c iptables-1.8.7-19.el9 
- Build iptables-services on C9S only
- Use systemd_ordering in nft-services, too
- Drop compat package, nft-services serves well for that purpose
- Make legacy unconditionally provide iptables, it's not built on RHEL

Resolves: rhbz#1951074
 2021-07-29 18:14:24 +02:00
Phil Sutter
b67311577f iptables-1.8.7-18.el9 
- Make iptables-nft-services require iptables-services to avoid confusion
- Add deprecation notice to iptables-extensions man page as well

Resolves: rhbz#1985422, rhbz#1951074
 2021-07-28 17:33:46 +02:00
Phil Sutter
41665c6c90 iptables-1.8.7-17.el9 
- Provide a compat package to fix upgrade path from RHEL8

Resolves: rhbz#1951074
 2021-07-12 13:08:50 +02:00
Phil Sutter
1dd5f70a68 iptables-1.8.7-16.el9 
- Review systemd unit file

Resolves: rhbz#1977212
 2021-07-05 14:15:52 +02:00
Phil Sutter
d5f1528238 iptables-1.8.7-15.el9 
- doc: Improve deprecation notices a bit
- nft: cache: Sort chains on demand only
- nft: Increase BATCH_PAGE_SIZE to support huge rulesets

Related: rhbz#1945151
Resolves: rhbz#1978362
 2021-07-02 18:26:15 +02:00
Štěpán Němec
629e39ce05 gating.yaml: don't gate on osci.brew-build.tier0.functional 
It's currently just noise that we have to waive manually: the tests
(inherited from Fedora) are out of date, unmaintained and duplicate
other (internal RHEL) tests.

Longer-term solution yet to be worked out.
 2021-06-28 09:39:00 +02:00
Phil Sutter
44ad65d496 iptables-1.8.7-14.el9 
- doc: Add deprecation notices to all relevant man pages

Resolves: rhbz#1945151
 2021-06-25 11:12:09 +02:00
Phil Sutter
d65c79ab67 iptables-1.8.7-13.el9 
- extensions: sctp: Fix nftables translation
- nft: Fix bitwise expression avoidance detection
- iptables-nft: fix -Z option
- Do not build legacy sub-packages on RHEL

Resolves: rhbz#1927721
 2021-06-16 15:16:36 +02:00
Phil Sutter
0f36a69aec tests: Fix bridge-utils replacement 
Typo in 'ip link add', 'type' argument was missing. Also update
'Requires:' line in Makefile.

Related: RHBZ#1954581
 2021-06-16 11:35:10 +02:00
Phil Sutter
099ca6a1b5 tests: Drop dependency on non-existing bridge-utils 
Replace the calls by equivalent ones to 'ip'.

Related: RHBZ#1954581
 2021-06-14 13:42:25 +02:00
Phil Sutter
18fd73d348 iptables-1.8.7-12.el9 
- arptables-nft-helper: Remove bashisms
- ebtables-helper: Drop unused variable, add a missing quote
- extensions: libxt_string: Avoid buffer size warning for strncpy()
- libxtables: Introduce xtables_strdup() and use it everywhere
- extensions: libebt_ip6: Use xtables_ip6parse_any()
- iptables-apply: Drop unused variable
- nft: Avoid buffer size warnings copying iface names
- nft: Avoid memleak in error path of nft_cmd_new()
- libxtables: Fix memleak in xtopt_parse_hostmask()
- extensions: libebt_ip6: Drop unused variables
- libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()

Resolves: RHBZ#1938745
 2021-06-10 18:38:53 +02:00
Štěpán Němec
c842cc8e23 Enable RHEL 9 gating (equivalent to RHEL 8) 2021-06-10 10:33:19 +02:00
Phil Sutter
4a68e9f94a iptables-1.8.7-11.el9 
- Fix License name in spec file
- Eliminate inet_aton() and inet_ntoa()
- nft-arp: Make use of ipv4_addr_to_string()
- Make legacy sub-packages obsolete older non-legacy ones
- Fix dates in changelog
- iptables.init: Fix functionality for iptables-nft
- iptables.init: Ignore sysctl files not suffixed '.conf'
- iptables.init: Drop unused NEW_MODUTILS check
- iptables.init: Drop some trailing whitespace

Resolves: RHBZ#1954581, RHBZ#1958262
 2021-05-12 12:13:44 +02:00
Phil Sutter
b6b32fa391 iptables-1.8.7-10 
- Add provides to iptables-nft-services

Related: RHBZ#1951074
 2021-04-23 17:09:48 +02:00
Phil Sutter
5d9bdbf66a iptables-1.8.7-9 
- Add nft-services subpackage

Resolves: RHBZ#1951074
 2021-04-21 18:30:44 +02:00
Phil Sutter
3c640d04d2 iptables-1.8.7-8 
- Drop hacks to maintain upgrade path

Related: RHBZ#1927721
 2021-04-19 15:33:15 +02:00
Mohan Boddu
724cb78453 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-04-16 00:36:59 +00:00
Robert Scheck
6e213cbdf7 iptables-1.8.7-6 
This patch combines changes from f34 since iptables-1.8.7-3:

- Spec file cleanup
- Restore alternatives configuration after upgrade
- Fix license location
- Fix upgrade path with package rename
- Add missing dependencies to iptables-nft package
- Drop bootstrap code again
- Drop workarounds for F24 and lower
- Fix iptables-utils summary
- Ship iptables-apply with iptables-utils
- Reduce files sections by use of globbing
- Ship common man pages with iptables-libs
- Ship *-translate man pages with iptables-nft
- Move legacy iptables binaries, libraries and headers into sub-packages
- Introduce compat sub-package to help with above transitions
- Drop libipulog header from devel package, this belongs to libnetfilter_log
- Do not ship internal headers in devel package

Resolves: RHBZ#1927721
 2021-04-15 16:56:49 +02:00