Commit Graph

233 Commits

Author SHA1 Message Date
Phil Sutter
ad1732dc5d iptables-1.8.7-6
- Restore alternatives configuration after upgrade
- Fix license location
2021-03-23 21:17:05 +01:00
Phil Sutter
3fe153906e iptables-1.8.7-5
- Fix upgrade path with package rename
- Add missing dependencies to iptables-nft package
2021-03-23 12:34:21 +01:00
Phil Sutter
f04bde23a0 iptables-1.8.7-4
- Drop bootstrap code again
- Drop workarounds for F24 and lower
- Fix iptables-utils summary
- Ship iptables-apply with iptables-utils
- Reduce files sections by use of globbing
- Ship common man pages with iptables-libs
- Ship *-translate man pages with iptables-nft
- Move legacy iptables binaries, libraries and headers into sub-packages
- Introduce compat sub-package to help with above transitions
- Drop libipulog header from devel package, this belongs to libnetfilter_log
- Do not ship internal headers in devel package
2021-02-17 02:45:05 +01:00
Robert Scheck
cf6ddaf253 Spec file cleanup 2021-02-01 16:45:08 +00:00
Phil Sutter
bc305c871c Disable failing test in role standard-test-beakerlib as well
Missed this one in previous commit.
2021-02-01 17:38:05 +01:00
Phil Sutter
648ffbc316 ebtables: Exit gracefully on invalid table names 2021-01-28 14:44:50 +01:00
Phil Sutter
0075af4c46 tests: Disable invalid test
Since Fedora moved to cgroupsv2, this test does not apply anymore.
2021-01-27 19:07:49 +01:00
Fedora Release Engineering
4ee1618a2f - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 14:28:12 +00:00
Kevin Fenzi
1c2b75e472 Update to 1.8.7. Fixes rhbz#1916948 2021-01-16 13:35:56 -08:00
Tom Stellard
ab5d74c2b9 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2020-12-19 00:54:33 +00:00
Tom Stellard
706150b129 Use make macros
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-11-19 17:34:02 +01:00
Phil Sutter
4ef8aaebbe iptables-1.8.6-4
- ebtables: Fix for broken chain renaming
2020-11-17 14:27:08 +01:00
Phil Sutter
d2237b3900 iptables-1.8.6-3
- Drop obsolete StandardOutput setting from unit file
- Remove StandardError setting from unit file, its value is default
2020-11-16 13:57:14 +01:00
Florian Weimer
e922d284f8 Remove build dependency on autogen 2020-11-05 11:55:03 +01:00
Kevin Fenzi
730c58d404 Update to 1.8.6. Fixes bug #1893453 2020-10-31 16:49:52 -07:00
Phil Sutter
fb677ca83c iptables-1.8.5-3
- nft: cache: Check consistency with NFT_CL_FAKE, too
- nft: Fix command name in ip6tables error message
2020-08-25 18:01:24 +02:00
Fedora Release Engineering
34ff3b278c - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 01:56:02 +00:00
Phil Sutter
bf5df54de6 iptables-1.8.5-1
- Rebase onto upstream version 1.8.5 plus two late fixes
- Drop explicit iptables-apply installation, upstream fixed that
- Ship ip6tables-apply along with iptables package
2020-06-23 15:37:36 +02:00
Phil Sutter
66ed4161fe iptables-1.8.4-7
- Move nft-specific extensions into iptables-nft package
- Move remaining extensions into iptables-libs package
- Make iptables-nft depend on iptables-libs instead of iptables
- Add upstream-suggested fixes
2020-02-12 22:07:38 +01:00
Fedora Release Engineering
cebf536dea - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 05:36:32 +00:00
Phil Sutter
c92b9d3896 iptables-1.8.4-5
- Raise Alternatives priority of nft variants to match legacy ones
- Add Provides lines to allow for iptables-nft as full legacy alternative
2020-01-16 12:40:33 +01:00
Phil Sutter
cdcc1ab620 iptables-1.8.4-4
- Drop leftover include in arptables-nft-helper
2019-12-19 12:02:45 +01:00
Phil Sutter
1eb645da34 iptables-1.8.4-3
- Remove dependencies on initscripts package
2019-12-13 14:52:22 +01:00
Phil Sutter
195c6f7051 iptables-1.8.4-2
- iptables-services requires /etc/init.d/functions
2019-12-10 22:29:00 +01:00
Phil Sutter
0681cd9708 iptables-1.8.4-1
- New upstream version 1.8.4
2019-12-04 16:47:33 +01:00
Fedora Release Engineering
b7623c906b - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 09:40:19 +00:00
Björn Esser
44fab225f9
Fix for differing so-versions 2019-06-25 20:13:19 +02:00
Björn Esser
d77ee4b99d
iptables-1.8.3-4
- Disable bootstrapping
2019-06-25 19:45:54 +02:00
Phil Sutter
084f96bd42 Update sources file 2019-06-25 17:07:54 +02:00
Phil Sutter
972fb0a368 iptables-1.8.3-3
- Change URL to point at iptables project, not netfilter overview page
- Reuse URL value in tarball source
- Reduce globbing of library file names to expose future SONAME changes
- Add bootstrapping for libip*tc SONAME bump
2019-06-25 16:41:46 +02:00
Phil Sutter
28d2f32245 iptables-1.8.3-2
- Install new man page for nfbpf_compile utility
- Move nfnl_osf man page to utils subpackage
2019-06-25 12:16:40 +02:00
Phil Sutter
5b754cea1a iptables-1.8.3-1
- New upstream version 1.8.3
2019-06-25 12:00:33 +02:00
Phil Sutter
5350adb4e2 Update sources and .gitignore 2019-04-24 19:11:56 +02:00
Phil Sutter
51c612a0d8 iptables-1.8.2-1
- New upstream version 1.8.2
- Integrate ebtables and arptables save/restore scripts with alternatives
- Add nft-specific ebtables and arptables man pages
- Move /etc/sysconfig/ip*tables-config files into services sub-package
2019-04-24 19:06:34 +02:00
Fedora Release Engineering
ce8383a58d - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 03:30:33 +00:00
Bogdan Dobrelya
abf89772b1 Optimize systemd dependency for containers
According to https://fedoraproject.org/wiki/Packaging:Scriptlets:
If a package is suitable for installation without systemd (in a
container image, for example) and does not require any of the
systemd mechanisms such as tmpfiles.d, then the systemd_ordering macro
MAY be used instead of the systemd_requires macro.

That is exactly the case we want to address for container images
when installing packages in it.

Resolves: rhbz#1668678
Related-Bug: #1804822
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2019-01-23 11:31:38 +01:00
Peter Robinson
3ee5faca7e drop groups 2018-10-14 18:42:59 +01:00
Fedora Release Engineering
fc1d0e4b43 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 05:48:59 +00:00
Phil Sutter
a52c75665f iptables-1.8.0-2
- Fix calling ebtables-nft and arptables-nft via their new names.
2018-07-10 18:48:49 +02:00
Phil Sutter
dc75e7cdb9 Update sources for new version 2018-07-10 16:37:45 +02:00
Phil Sutter
86e31320cc iptables-1.8.0-1
- New upstream version 1.8.0.
- Replace ldconfig calls with newly introduced macros.
- Rename compat subpackage to iptables-nft to clarify its purpose.
- Make use of Alternatives system.
2018-07-10 15:23:40 +02:00
Phil Sutter
5910b701c2 iptables-1.6.2-3
* Fri May 04 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-3
- Fix License: tag in spec-file
- Fix separation into compat subpackage
2018-05-04 16:53:35 +02:00
Phil Sutter
1d5c584741 Fix separation into compat subpackage
Install translate symlinks with compat package, not the main one since
they link to xtables-compat-multi.
2018-05-04 16:48:13 +02:00
Phil Sutter
0d01e8b0ab Fix License: tag in spec-file 2018-05-04 16:10:07 +02:00
Phil Sutter
dbcad37b42 iptables-1.6.2-2
* Thu Mar 01 2018 Phil Sutter <psutter@redhat.com> - 1.6.2-2
- Kill module unloading support
- Support /etc/sysctl.d
- Don't restart services after package update
- Add support for --wait options to restore commands
2018-03-01 16:33:16 +01:00
Phil Sutter
6714065736 Add support for --wait options to restore commands
Without this, either one of iptables and ip6tables services is likely to
fail at system startup because the other one is holding the xtables
lock.
2018-02-28 08:51:23 +01:00
Phil Sutter
82de804ec0 Don't restart services after package update
There's no point in restarting iptables/ip6tables services if
iptables-services package is updated. On the other hand, doing so
potentially breaks VMs in OpenStack since they drop temporary rules.
2018-02-28 08:39:09 +01:00
Phil Sutter
85aff8c513 Support /etc/sysctl.d
When searching for sysctl settings to reapply at start/restart, search
in all files in /etc/sysctl.d/ instead of just in /etc/sysctl.conf.
2018-02-28 08:34:22 +01:00
Phil Sutter
948527f3fe Kill module unloading support
The whole concept is unfixably broken:

Some kernel modules are used by both IPv4 and IPv6 netfilter and the
algorithm has no way to identify this situation. Therefore if iptables
and ip6tables services are restarted in parallel, one's module unloading
tends to stomp onto the other's attempt at loading rules.

Another problem is with OVS: iptables service unloading conntrack
modules breaks a running OVS instance.
2018-02-28 08:18:43 +01:00
Michael Cronenworth
7ad3a27f69 Update to 1.6.2 2018-02-21 16:55:57 -06:00