* Thu Mar 01 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-2
- Kill module unloading support
- Support /etc/sysctl.d
- Don't restart services after package update
- Add support for --wait options to restore commands
There's no point in restarting iptables/ip6tables services if
iptables-services package is updated. On the other hand, doing so
potentially breaks VMs in OpenStack since they drop temporary rules.
Upstream changelog:
http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
- Using scripts form RHEL-7 (RHBZ#1240366)
- New compat sub package for nftables compatibility
- Install iptables-apply (RHBZ#912047)
- Fixed module uninstall (RHBZ#1324101)
- Incorporated changes by Petr Pisar
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
- new version 1.4.21
- doc: clarify DEBUG usage macro
- iptables: use autoconf to process .in man pages
- extensions: libipt_ULOG: man page should mention NFLOG as replacement
- extensions: libxt_connlabel: use libnetfilter_conntrack
- Introduce a new revision for the set match with the counters support
- libxt_CT: Add the "NOTRACK" alias
- libip6t_mh: Correct command to list named mh types in manpage
- extensions: libxt_DNAT, libxt_REDIRECT, libxt_NETMAP, libxt_SNAT, libxt_MASQUERADE, libxt_LOG: rename IPv4 manpage and tell about IPv6 support
- extensions: libxt_LED: fix parsing of delay
- ip{6}tables-restore: fix breakage due to new locking approach
- libxt_recent: restore minimum value for --seconds
- iptables-xml: fix parameter parsing (similar to 2165f38)
- extensions: add copyright statements
- xtables: improve get_modprobe handling
- ip[6]tables: Add locking to prevent concurrent instances
- iptables: Fix connlabel.conf install location
- ip6tables: don't print out /128
- libip6t_LOG: target output is different to libipt_LOG
- build: additional include path required after UAPI changes
- iptables: iptables-xml: Fix various parsing bugs
- libxt_recent: restore reap functionality to recent module
- build: fail in configure on missing dependency with --enable-bpf-compiler
- extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter
- extensions: libxt_set, libxt_SET: check the set family too
- ip6tables: Use consistent exit code for EAGAIN
- iptables: libxt_hashlimit.man: correct address
- iptables: libxt_conntrack.man extraneous commas
- iptables: libip(6)t_REJECT.man default icmp types
- iptables: iptables-xm1.1 correct man section
- iptables: libxt_recent.{c,man} dead URL
- iptables: libxt_string.man add examples
- extensions: libxt_LOG: use generic syslog reference in manpage
- iptables: extensions/GNUMakefile.in use CPPFLAGS
- iptables: correctly reference generated file
- ip[6]tables: fix incorrect alignment in commands_v_options
- build: add software version to manpage first line at configure stage
- extensions: libxt_cluster: add note on arptables-jf
- utils: nfsynproxy: fix error while compiling the BPF filter
- extensions: add SYNPROXY extension
- utils: add nfsynproxy tool
- iptables: state match incompatibilty across versions
- libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks
- iptables: improve chain name validation
- iptables: spurious error in load_extension
- xtables: trivial spelling fix
- libxt_NFQUEUE: fix bypass option documentation
- extensions: add connlabel match
- extensions: add connlabel match
- ip[6]tables: show --protocol instead of --proto in usage
- libxt_recent: Fix missing space in manpage for --mask option
- extensions: libxt_multiport: Update manpage to list valid protocols
- utils: nfnl_osf: use the right nfnetlink lib
- libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency
- Revert "build: resolve link failure for ip6t_NETMAP"
- libxt_osf: fix missing --ttl and --log in save output
- libxt_osf: fix bad location for location in --genre
- libip6t_SNPT: add manpage
- libip6t_DNPT: add manpage
- utils: updates .gitignore to include nfbpf_compile
- extensions: libxt_bpf: clarify --bytecode argument
- libxtables: fix parsing of dotted network mask format
- build: bump version to 1.4.19
- libxt_conntrack: fix state match alias state parsing
- extensions: add libxt_bpf extension
- utils: nfbpf_compile
- doc: mention SNAT in INPUT chain since kernel 2.6.36
- fixed changelog date weekdays where needed