- all: consistent syntax use in struct option
- build: fix static linking
- doc: let man(1) autoalign the text in xt_cpu
- doc: remove extra empty line from xt_cpu
- doc: minimal spelling updates to xt_cpu
- doc: consistent use of markup
- extensions: libxt_quota: don't ignore the quota value on deletion
- extensions: REDIRECT: add random help
- extensions: add xt_cpu match
- extensions: add idletimer xt target extension
- extensions: libxt_IDLETIMER: use xtables_param_act when checking options
- extensions: libxt_CHECKSUM extension
- extensions: libipt_LOG/libip6t_LOG: support macdecode option
- extensions: fix compilation of the new CHECKSUM target
- extensions: libxt_ipvs: user-space lib for netfilter matcher xt_ipvs
- iptables-xml: resolve compiler warnings
- iptables: limit chain name length to be consistent with targets
- libiptc: add Libs.private to pkgconfig files
- libiptc: build with -Wl,--no-as-needed
- xtables: remove unnecessary cast
- dropped xt_CHECKSUM, added upstream
- doc: xt_hashlimit: fix a typo
- doc: xt_LED: nroff formatting requirements
- doc: xt_string: correct copy-and-pasting in manpage
- extensions: add the LED target
- extensions: libxt_quota.c: Support option negation
- extensions: libxt_rateest: fix bps options for iptables-save
- extensions: libxt_rateest: fix typo in the man page
- extensions: REDIRECT: add random help
- includes: sync header files from Linux 2.6.35-rc1
- libxt_conntrack: do print netmask
- libxt_hashlimit: always print burst value
- libxt_set: new revision added
- utils: add missing include flags to Makefile
- xtables: another try at chain name length checking
- xtables: remove xtables_set_revision function
- xt_quota: also document negation
- xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension
- xt_sctp: support FORWARD_TSN chunk type
(rhbz#570767)
- libip4tc: Add static qualifier to dump_entry()
- libipq: build as shared library
- recent: reorder cases in code (cosmetic cleanup)
- several man page and documentation fixes
- policy: fix error message showing wrong option
- includes: header updates
- Lift restrictions on interface names
- fixed licensea and moved iptables-xml into base package according to
review
- several man page fixes
- Support for nommu arches
- realm: remove static initializations
- libiptc: remove unused functions
- libiptc: avoid strict-aliasing warnings
- iprange: do accept non-ranges for xt_iprange v1
- iprange: warn on reverse range
- iprange: roll address parsing into a loop
- iprange: do accept non-ranges for xt_iprange v1 (log)
- iprange: warn on reverse range (log)
- libiptc: fix wrong maptype of base chain counters on restore
- iptables: fix undersized deletion mask creation
- style: reduce indent in xtables_check_inverse
- libxtables: hand argv to xtables_check_inverse
- iptables/extensions: make bundled options work again
- CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
- iptables: take masks into consideration for replace command
- doc: explain experienced --hitcount limit
- doc: name resolution clarification
- iptables: expose option to zero packet/byte counters for a specific rule
- build: restore --disable-ipv6 functionality on system w/o v6 headers
- MARK: print mark rules with mask 0xffffffff as --set-mark instead of
--set-xmark
- DNAT: fix incorrect check during parsing
- extensions: add osf extension
- conntrack: fix --expires parsing
- dropped nf_ext_init remains from cloexec patch
- libxt_NFQUEUE: add new v1 version with queue-balance option
- xt_conntrack: revision 2 for enlarged state_mask member
- libxt_helper: fix invalid passed option to check_inverse
- libiptc: split v4 and v6
- extensions: collapse registration structures
- iptables: allow for parse-less extensions
- iptables: allow for help-less extensions
- extensions: remove empty help and parse functions
- xtables: add multi-registration functions
- extensions: collapse data variables to use multi-reg calls
- xtables: warn of missing version identifier in extensions
- multi binary: allow subcommand via argv[1]
- iptables: accept multiple IP address specifications for -s, -d
- several build fixes
- several man page fixes
- fixed two leaked file descriptors on sockets (rhbz#521397)
- several man page fixes
- iptables: replace open-coded sizeof by ARRAY_SIZE
- libip6t_policy: remove redundant functions
- policy: use direct xt_policy_info instead of ipt/ip6t
- policy: merge ipv6 and ipv4 variant
- extensions: add `cluster' match support
- extensions: add const qualifiers in print/save functions
- extensions: use NFPROTO_UNSPEC for .family field
- extensions: remove redundant casts
- iptables: close open file descriptors
- fix segfault if incorrect protocol name is used
- replace open-coded sizeof by ARRAY_SIZE
- do not include v4-only modules in ip6tables manpage
- use direct xt_policy_info instead of ipt/ip6t
- xtables: fix segfault if incorrect protocol name is used
- libxt_connlimit: initialize v6_mask
- SNAT/DNAT: add support for persistent multi-range NAT mappings
- blacklisting is not working, use "install X /bin/(true|false)" test
instead
- return private exit code 150 for disabled ipv6 support
- use script name for output messages
- fixed init script: start, stop and status
- support netfilter compiled into kernel in init script (rhbz#295611)
- dropped inversion for limit modules from man pages (rhbz#220780)
- fixed typo in ip6tables man page (rhbz#236185)
