- Build iptables-services on C9S only
- Use systemd_ordering in nft-services, too
- Drop compat package, nft-services serves well for that purpose
- Make legacy unconditionally provide iptables, it's not built on RHEL
Resolves: rhbz#1951074
- Make iptables-nft-services require iptables-services to avoid confusion
- Add deprecation notice to iptables-extensions man page as well
Resolves: rhbz#1985422, rhbz#1951074
- doc: Improve deprecation notices a bit
- nft: cache: Sort chains on demand only
- nft: Increase BATCH_PAGE_SIZE to support huge rulesets
Related: rhbz#1945151
Resolves: rhbz#1978362
It's currently just noise that we have to waive manually: the tests
(inherited from Fedora) are out of date, unmaintained and duplicate
other (internal RHEL) tests.
Longer-term solution yet to be worked out.
- Fix License name in spec file
- Eliminate inet_aton() and inet_ntoa()
- nft-arp: Make use of ipv4_addr_to_string()
- Make legacy sub-packages obsolete older non-legacy ones
- Fix dates in changelog
- iptables.init: Fix functionality for iptables-nft
- iptables.init: Ignore sysctl files not suffixed '.conf'
- iptables.init: Drop unused NEW_MODUTILS check
- iptables.init: Drop some trailing whitespace
Resolves: RHBZ#1954581, RHBZ#1958262
This patch combines changes from f34 since iptables-1.8.7-3:
- Spec file cleanup
- Restore alternatives configuration after upgrade
- Fix license location
- Fix upgrade path with package rename
- Add missing dependencies to iptables-nft package
- Drop bootstrap code again
- Drop workarounds for F24 and lower
- Fix iptables-utils summary
- Ship iptables-apply with iptables-utils
- Reduce files sections by use of globbing
- Ship common man pages with iptables-libs
- Ship *-translate man pages with iptables-nft
- Move legacy iptables binaries, libraries and headers into sub-packages
- Introduce compat sub-package to help with above transitions
- Drop libipulog header from devel package, this belongs to libnetfilter_log
- Do not ship internal headers in devel package
Resolves: RHBZ#1927721
