rpms/iptables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
267 Commits 8 Branches 52 Tags 2 MiB
f329d9f254
Commit Graph

8 Commits

Author SHA1 Message Date
Phil Sutter
6714065736 Add support for --wait options to restore commands 
Without this, either one of iptables and ip6tables services is likely to
fail at system startup because the other one is holding the xtables
lock.
 2018-02-28 08:51:23 +01:00
Phil Sutter
948527f3fe Kill module unloading support 
The whole concept is unfixably broken:

Some kernel modules are used by both IPv4 and IPv6 netfilter and the
algorithm has no way to identify this situation. Therefore if iptables
and ip6tables services are restarted in parallel, one's module unloading
tends to stomp onto the other's attempt at loading rules.

Another problem is with OVS: iptables service unloading conntrack
modules breaks a running OVS instance.
 2018-02-28 08:18:43 +01:00
Thomas Woerner
6791134663 - New upstream version 1.6.0 with nft-compat support and lots of fixes (RHBZ#1292990) 
Upstream changelog:
  http://netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
- New libs sub package containing libxtables and unstable libip*tc libraries (RHBZ#1323161)
- Using scripts form RHEL-7 (RHBZ#1240366)
- New compat sub package for nftables compatibility
- Install iptables-apply (RHBZ#912047)
- Fixed module uninstall (RHBZ#1324101)
- Incorporated changes by Petr Pisar
- Enabled bpf compiler (RHBZ#1170227) Thanks to Yanko Kaneti for the patch
 2016-04-13 19:00:02 +02:00
Thomas Woerner
adba868b0a [tw] 
- dropped new status patch
- integration directly in the config file and init script
 2005-11-18 12:34:33 +00:00
Thomas Woerner
62b5948287 [tw] 
- Remove unnecessary explicit kernel dep (#146142)
- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb for the
    patch
- Adapted iptables-config to reference to modprobe.conf (#150143)
- Remove misleading message (#140154): Thanks to Ulrich Drepper for the
    patch
 2005-03-18 16:40:36 +00:00
Thomas Woerner
17fd75cb18 [tw] 
- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
- modified config file to match this change and un-commented variables with
    default values
 2004-09-17 10:41:31 +00:00
cvsdist
314b6dc7e4 auto-import changelog data from iptables-1.2.9-1.0.src.rpm 
Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.0
- vew version 1.2.9
- new config options in ipXtables-config: IPTABLES_MODULES_UNLOAD
- more documentation in ipXtables-config
- fix for netlink security issue in libipq (devel package)
- print fix for libipt_icmp (#109546)
 2004-09-09 06:25:10 +00:00
cvsdist
31d8898f82 auto-import changelog data from iptables-1.2.8-7.90.1.src.rpm 
Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7.90.1
- fixed save when iptables file is missing and iptables-config permissions
Tue Jul 08 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
- fixes for ip6tables: module unloading, setting policy only for existing
    tables
Thu Jul 03 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
- IPTABLES_SAVE_COUNTER defaults to no, now
- install config file in /etc/sysconfig
- exchange unload of ip_tables and ip_conntrack
- fixed start function
Wed Jul 02 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
- new config option IPTABLES_SAVE_ON_RESTART
- init script: new status, save and restart
- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
- new config option IPTABLES_STATUS_NUMERIC
- cleared IPTABLES_MODULES in iptables-config
Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
- new init scripts
Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- remove check for very old kernel versions in init scripts
- sync up both init scripts and remove some further ugly things
- add some docu into rpm
Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
- rebuild
Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
- update to 1.2.8
 2004-09-09 06:22:13 +00:00