-#
-# $Id: iproute.spec 7668 2008-01-08 11:49:43Z thierry $
-#
-%define url $URL: svn+ssh://thierry@svn.planet-lab.org/svn/iproute2/trunk/iproute.spec $
-
%define name iptables
-%define version 1.4.1.1
+%define version 1.4.12
+%define subversion .1
%define taglevel 0
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+%define actual_name %{name}-%{version}%{subversion}
Vendor: PlanetLab
Packager: PlanetLab Central <support@planet-lab.org>
Distribution: PlanetLab %{plrelease}
-URL: %(echo %{url} | cut -d ' ' -f 2)
-
-%define build_devel 1
-%define linux_header 0
+URL: %{SCMURL}
-Summary: Tools for managing Linux kernel packet filtering capabilities.
+Summary: Tools for managing Linux kernel packet filtering capabilities
Name: %{name}
Version: %{version}
Release: %{release}
-Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
-%define SOURCE1 iptables.init
-%define SOURCE2 iptables-config
-%define SOURCE3 planetlab-config
-Group: System Environment/Base
-#URL: http://www.netfilter.org/
-BuildRoot: %{_tmppath}/%{name}-buildroot
-License: GPL
-BuildPrereq: /usr/bin/perl
-Requires: kernel >= 2.4.20
-Requires(post,postun): chkconfig
-Prefix: %{_prefix}
-BuildRequires: kernel-devel
-
-%package ipv6
-Summary: IPv6 support for iptables.
+Source: http://www.netfilter.org/projects/iptables/files/%{actual_name}.tar.bz2
+Source1: iptables.init
+Source2: iptables-config
+Source3: planetlab-config
+Patch1: copy-xid.patch
Group: System Environment/Base
-Requires: %{name} = %{version}
-
-%if %{build_devel}
-%package devel
-Summary: Development package for iptables.
-Group: System Environment/Base
-Requires: %{name} = %{version}
-%endif
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+License: GPLv2
+BuildRequires: libselinux-devel
+BuildRequires: kernel-headers
+Conflicts: kernel < 2.4.20
+Requires(post): chkconfig
+Requires(post): initscripts
+Requires(preun): chkconfig
%description
The iptables utility controls the network packet filtering code in the
Linux kernel. If you need to set up firewalls and/or IP masquerading,
you should install this package.
+%package ipv6
+Summary: IPv6 support for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+Requires(post): chkconfig
+Requires(preun): chkconfig
+
%description ipv6
The iptables package contains IPv6 (the next version of the IP
protocol) support for iptables. Iptables controls the Linux kernel
Install iptables-ipv6 if you need to set up firewalling for your
network and you are using ipv6.
-%if %{build_devel}
+%package devel
+Summary: Development package for iptables
+Group: System Environment/Base
+Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
+
%description devel
-The iptables utility controls the network packet filtering code in the
-Linux kernel. If you need to set up firewalls and/or IP masquerading,
-you should install this package.
-%endif
+iptables development headers and libraries.
+
+The iptc interface is upstream marked as not public. The interface is not
+stable and may change with every new version. It is therefore unsupported.
%prep
+%setup -q -n %{actual_name}
+%patch1 -p1
+
+%build
+CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
+./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_lib} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+
+# do not use rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+make
+
+%install
rm -rf %{buildroot}
-%setup -q
+make install DESTDIR=%{buildroot}
+# remove la file(s)
+rm -f %{buildroot}/%{_lib}/*.la
-# Put it to a reasonable place
-find . -type f -exec perl -pi -e "s,/usr,%{prefix},g" {} \;
+# install ip*tables.h header files
+install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/
+install -d -m 755 %{buildroot}%{_includedir}/iptables
+install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/
-%build
-TOPDIR=`pwd`
-OPT="$RPM_OPT_FLAGS -I$TOPDIR/include"
-
-%define KERNEL %(rpm -q --qf '%%{VERSION}-%%{RELEASE}-%%{ARCH}\\n' kernel-devel | tail -n 1 )
-count=$(rpm -q kernel-devel| wc -l)
-if [ $count -gt 1 ] ; then
- echo "WARNING: choosing kernel-devel-%{KERNEL}"
- echo " but there are other kernel-devel packages installed: $(rpm -q kernel-devel)"
-fi
-
-%define KERNEL_DIR "/usr/src/kernels/%{KERNEL}"
+# install ipulog header file
+install -d -m 755 %{buildroot}%{_includedir}/libipulog/
+install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/
-./configure
-make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib}
-make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib} iptables-save iptables-restore
-make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib} ip6tables-save ip6tables-restore
+# create symlinks for devel so libs
+install -d -m 755 %{buildroot}%{_libdir}
+for i in %{buildroot}/%{_lib}/*.so; do
+ ln -s ../../%{_lib}/${i##*/} %{buildroot}%{_libdir}/${i##*/}
+done
-%install
-make install DESTDIR=%{buildroot} KERNEL_DIR=%{KERNEL_DIR} BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir}
-cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin
-cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8
-mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables
+# move pkgconfig to %{_libdir}
+mv %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/
+
+# install init scripts and configuration files
+install -d -m 755 %{buildroot}/etc/rc.d/init.d
+install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
-install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables
-mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
-install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config
-install -c -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/iptables
+install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
+install -d -m 755 %{buildroot}/etc/sysconfig
+install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
+install -c -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
-install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config
+install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config
%clean
-rm -rf $RPM_BUILD_ROOT
+rm -rf %{buildroot}
%post
+/sbin/ldconfig
/sbin/chkconfig --add iptables
-if [ "$PL_BOOTCD" != "1" ] ; then
- /sbin/service iptables restart
-fi
+DEFAULT_IFACE=$(ip route show default | awk '/default/ {print $5}')
+sed -i -e "s;__eth;$DEFAULT_IFACE;g" /etc/sysconfig/iptables
+[ "$PL_BOOTCD" = "1" ] || service iptables restart
+
+%postun -p /sbin/ldconfig
%preun
if [ "$1" = 0 ]; then
- /sbin/chkconfig --del iptables
+ /sbin/chkconfig --del iptables
fi
%post ipv6
/sbin/chkconfig --add ip6tables
-if [ "$PL_BOOTCD" != "1" ] ; then
- /sbin/service ip6tables restart
-fi
%preun ipv6
if [ "$1" = 0 ]; then
- /sbin/chkconfig --del ip6tables
+ /sbin/chkconfig --del ip6tables
fi
%files
-%defattr(-,root,root,0755)
+%defattr(-,root,root)
%doc COPYING INSTALL INCOMPATIBILITIES
-%config %attr(0755,root,root) /etc/rc.d/init.d/iptables
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
-%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables
+%attr(0755,root,root) /etc/rc.d/init.d/iptables
+%config %attr(0600,root,root) /etc/sysconfig/iptables-config
+%config %attr(0600,root,root) /etc/sysconfig/iptables
/sbin/iptables*
+/bin/iptables-xml
%{_mandir}/man8/iptables*
-%dir /%{_lib}/iptables
-/%{_lib}/iptables/libipt*
-/sbin/ipset*
-%{_mandir}/man8/ipset*
-%dir /%{_lib}/ipset
-/%{_lib}/ipset/libipset*
+%dir /%{_lib}/xtables
+/%{_lib}/xtables/libipt*
+/%{_lib}/xtables/libxt*
+/%{_lib}/libip*tc.so.*
+/%{_lib}/libipq.so.*
+/%{_lib}/libxtables.so.*
%files ipv6
-%defattr(-,root,root,0755)
-%config %attr(0755,root,root) /etc/rc.d/init.d/ip6tables
+%defattr(-,root,root)
+%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
/sbin/ip6tables*
%{_mandir}/man8/ip6tables*
-/%{_lib}/iptables/libip6t*
+/%{_lib}/xtables/libip6t*
-%if %{build_devel}
%files devel
-%defattr(-,root,root,0755)
-%{_includedir}/libipq.h
-%{_libdir}/libipq.a
-#%{_libdir}/libiptc.a
+%defattr(-,root,root)
+%dir %{_includedir}/iptables
+%{_includedir}/iptables/*.h
+%{_includedir}/*.h
+%dir %{_includedir}/libiptc
+%{_includedir}/libiptc/*.h
+%dir %{_includedir}/libipulog
+%{_includedir}/libipulog/*.h
%{_mandir}/man3/*
-%endif
+/%{_lib}/libip*tc.so
+/%{_lib}/libipq.so
+/%{_lib}/libxtables.so
+%{_libdir}/libip*tc.so
+%{_libdir}/libipq.so
+%{_libdir}/libxtables.so
+%{_libdir}/pkgconfig/libiptc.pc
+%{_libdir}/pkgconfig/xtables.pc
%changelog
-* Sun Feb 22 2009 Sapan Bhatia <sapanb@cs.princeton.edu>
-- Checking in initial version of iptables 1.4.1.1
+* Tue Aug 09 2011 Sapan Bhatia <sapanb@cs.princeton.edu> - iptables-1.4.10-5
+- Adding a recently abused (=received experimental traffic from planetlab) node to a global iptables blacklist. I will be
+- implementing this mechanism more formally
+- using
+- iptables in the coming days. Unfortunately, because of the complexity of the recipient network we are unable to
+- determine a comprehensive set of the slices responsible in this case, so I am adding this temporary hack for now.
+
+* Thu Mar 24 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-4
+- Don't start iptables service on build time
+
+* Wed Feb 23 2011 S.Çağlar Onur <caglar@verivue.com> - iptables-1.4.10-3
+- Remove ugly hack for config files
+
+* Thu Jan 27 2011 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.10-2
+- Fix the patch
+
+* Wed Jan 26 2011 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.10-1
+- Fix incorrect sha1sum
+
+* Sun Jan 23 2011 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - iptables-1.4.9-1
+- add requires initscripts in deps
+
+* Wed May 12 2010 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.7-5
+- Restart iptables service after package upgrades
+
+* Mon May 10 2010 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.7-4
+- Restore iIPTABLES_MODULES list
+
+* Mon May 03 2010 S.Çağlar Onur <caglar@cs.princeton.edu> - iptables-1.4.7-3
+- drop backward compatibility with older iptables versions as new kernels only support v2
+- remove unused modules from iptables-config file
+
+* Wed Apr 14 2010 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - iptables-1.4.7-2
+- fixed specfile for duplicate URL
+
+* Wed Mar 24 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-2
+- added default values for IPTABLES_STATUS_VERBOSE and
+ IPTABLES_STATUS_LINENUMBERS in init script
+- added missing lsb keywords Required-Start and Required-Stop to init script
+
+* Fri Mar 5 2010 Thomas Woerner <twoerner@redhat.com> 1.4.7-1
+- new version 1.4.7 with support for all new features of 2.6.33 (rhbz#570767)
+ - libip4tc: Add static qualifier to dump_entry()
+ - libipq: build as shared library
+ - recent: reorder cases in code (cosmetic cleanup)
+ - several man page and documentation fixes
+ - policy: fix error message showing wrong option
+ - includes: header updates
+ - Lift restrictions on interface names
+- fixed license and moved iptables-xml into base package according to review
+
+* Wed Jan 27 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-2
+- moved libip*tc and libxtables libs to /lib[64], added symlinks for .so libs
+ to /usr/lib[64] for compatibility (rhbz#558796)
+
+* Wed Jan 13 2010 Thomas Woerner <twoerner@redhat.com> 1.4.6-1
+- new version 1.4.6 with support for all new features of 2.6.32
+ - several man page fixes
+ - Support for nommu arches
+ - realm: remove static initializations
+ - libiptc: remove unused functions
+ - libiptc: avoid strict-aliasing warnings
+ - iprange: do accept non-ranges for xt_iprange v1
+ - iprange: warn on reverse range
+ - iprange: roll address parsing into a loop
+ - iprange: do accept non-ranges for xt_iprange v1 (log)
+ - iprange: warn on reverse range (log)
+ - libiptc: fix wrong maptype of base chain counters on restore
+ - iptables: fix undersized deletion mask creation
+ - style: reduce indent in xtables_check_inverse
+ - libxtables: hand argv to xtables_check_inverse
+ - iptables/extensions: make bundled options work again
+ - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset
+ - iptables: take masks into consideration for replace command
+ - doc: explain experienced --hitcount limit
+ - doc: name resolution clarification
+ - iptables: expose option to zero packet/byte counters for a specific rule
+ - build: restore --disable-ipv6 functionality on system w/o v6 headers
+ - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark
+ - DNAT: fix incorrect check during parsing
+ - extensions: add osf extension
+ - conntrack: fix --expires parsing
+
+* Thu Dec 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-2
+- dropped nf_ext_init remains from cloexec patch
+
+* Thu Sep 17 2009 Thomas Woerner <twoerner@redhat.com> 1.4.5-1
+- new version 1.4.5 with support for all new features of 2.6.31
+ - libxt_NFQUEUE: add new v1 version with queue-balance option
+ - xt_conntrack: revision 2 for enlarged state_mask member
+ - libxt_helper: fix invalid passed option to check_inverse
+ - libiptc: split v4 and v6
+ - extensions: collapse registration structures
+ - iptables: allow for parse-less extensions
+ - iptables: allow for help-less extensions
+ - extensions: remove empty help and parse functions
+ - xtables: add multi-registration functions
+ - extensions: collapse data variables to use multi-reg calls
+ - xtables: warn of missing version identifier in extensions
+ - multi binary: allow subcommand via argv[1]
+ - iptables: accept multiple IP address specifications for -s, -d
+ - several build fixes
+ - several man page fixes
+- fixed two leaked file descriptors on sockets (rhbz#521397)
+
+* Mon Aug 24 2009 Thomas Woerner <twoerner@redhat.com> 1.4.4-1
+- new version 1.4.4 with support for all new features of 2.6.30
+ - several man page fixes
+ - iptables: replace open-coded sizeof by ARRAY_SIZE
+ - libip6t_policy: remove redundant functions
+ - policy: use direct xt_policy_info instead of ipt/ip6t
+ - policy: merge ipv6 and ipv4 variant
+ - extensions: add `cluster' match support
+ - extensions: add const qualifiers in print/save functions
+ - extensions: use NFPROTO_UNSPEC for .family field
+ - extensions: remove redundant casts
+ - iptables: close open file descriptors
+ - fix segfault if incorrect protocol name is used
+ - replace open-coded sizeof by ARRAY_SIZE
+ - do not include v4-only modules in ip6tables manpage
+ - use direct xt_policy_info instead of ipt/ip6t
+ - xtables: fix segfault if incorrect protocol name is used
+ - libxt_connlimit: initialize v6_mask
+ - SNAT/DNAT: add support for persistent multi-range NAT mappings
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Apr 15 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.2-1
+- new version 1.4.3.2
+- also install iptables/internal.h, needed for iptables.h and ip6tables.h
+
+* Mon Mar 30 2009 Thomas Woerner <twoerner@redhat.com> 1.4.3.1-1
+- new version 1.4.3.1
+ - libiptc is now shared
+ - supports all new features of the 2.6.29 kernel
+- dropped typo_latter patch
+
+* Thu Mar 5 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-3
+- still more review fixes (rhbz#225906)
+ - consistent macro usage
+ - use sed instead of perl for rpath removal
+ - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 20 2009 Thomas Woerner <twoerner@redhat.com> 1.4.2-1
+- new version 1.4.2
+- removed TOS value mask patch (upstream)
+- more review fixes (rhbz#225906)
+- install all header files (rhbz#462207)
+- dropped nf_ext_init (rhbz#472548)
+
+* Tue Jul 22 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-2
+- fixed TOS value mask problem (rhbz#456244) (upstream patch)
+- two more cloexec fixes
+
+* Tue Jul 1 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1.1-1
+- upstream bug fix release 1.4.1.1
+- dropped extra patch for 1.4.1 - not needed anymore
+
+* Tue Jun 10 2008 Thomas Woerner <twoerner@redhat.com> 1.4.1-1
+- new version 1.4.1 with new build environment
+- additional ipv6 network mask patch from Jan Engelhardt
+- spec file cleanup
+- removed old patches
+
+* Fri Jun 6 2008 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-5
+- use normal kernel headers, not linux/compiler.h
+- change BuildRequires: kernel-devel to kernel-headers
+- We need to do this to be able to build for both sparcv9 and sparc64
+ (there is no kernel-devel.sparcv9)
+
+* Thu Mar 20 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-4
+- use O_CLOEXEC for all opened files in all applications (rhbz#438189)
+
+* Mon Mar 3 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-3
+- use the kernel headers from the build tree for iptables for now to be able to
+ compile this package, but this makes the package more kernel dependant
+- use s6_addr32 instead of in6_u.u6_addr32
+
+* Wed Feb 20 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.4.0-2
+- Autorebuild for GCC 4.3
+
+* Mon Feb 11 2008 Thomas Woerner <twoerner@redhat.com> 1.4.0-1
+- new version 1.4.0
+- fixed condrestart (rhbz#428148)
+- report the module in rmmod_r if there is an error
+- use nf_ext_init instead of my_init for extension constructors
+
+* Mon Nov 5 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-6
+- fixed leaked file descriptor before fork/exec (rhbz#312191)
+- blacklisting is not working, use "install X /bin/(true|false)" test instead
+- return private exit code 150 for disabled ipv6 support
+- use script name for output messages
+
+* Tue Oct 16 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-5
+- fixed error code for stopping a already stopped firewall (rhbz#321751)
+- moved blacklist test into start
+
+* Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
+- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
+- use simpler fix for (rhbz#295611)
+ Thanks to Linus Torvalds for the patch.
+
+* Mon Sep 24 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4
+- fixed IPv6 reject type (rhbz#295181)
+- fixed init script: start, stop and status
+- support netfilter compiled into kernel in init script (rhbz#295611)
+- dropped inversion for limit modules from man pages (rhbz#220780)
+- fixed typo in ip6tables man page (rhbz#236185)
+
+* Wed Sep 19 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-3
+- do not depend on local_fs in lsb header - this delayes start after network
+- fixed exit code for initscript usage
+
+* Mon Sep 17 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2.1
+- do not use lock file for condrestart test
+
+* Thu Aug 23 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-2
+- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459)
+- provide iptc interface again, but unsupported (rhbz#216733)
+- compile all extension, which are supported by the kernel-headers package
+- review fixes (rhbz#225906)
+
+* Tue Jul 31 2007 Thomas Woerner <twoerner@redhat.com>
+- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888)
+
+* Fri Jul 13 2007 Steve Conklin <sconklin@redhat.com> - 1.3.8-1
+- New version 1.3.8
+
+* Mon Apr 23 2007 Jeremy Katz <katzj@redhat.com> - 1.3.7-2
+- fix error when ipv6 support isn't loaded in the kernel (#236888)
+
+* Wed Jan 10 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1.1
+- fixed installation of secmark modules
+
+* Tue Jan 9 2007 Thomas Woerner <twoerner@redhat.com> 1.3.7-1
+- new verison 1.3.7
+- iptc is not a public interface and therefore not installed anymore
+- dropped upstream secmark patch
+
+* Thu Sep 19 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-2
+- added secmark iptables patches (#201573)
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2.1
+- rebuild
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.3.5-1.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Thu Feb 2 2006 Thomas Woerner <twoerner@redhat.com> 1.3.5-1
+- new version 1.3.5
+- fixed init script to set policy for raw tables, too (#179094)
+
+* Tue Jan 24 2006 Thomas Woerner <twoerner@redhat.com> 1.3.4-3
+- added important iptables header files to devel package
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-2
+- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and
+ replace "_init" with "__attribute((constructor)) my_init"
+
+* Fri Nov 25 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1.1
+- rebuild due to unresolved symbols in shared libraries
+
+* Fri Nov 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.4-1
+- new version 1.3.4
+- dropped free_opts patch (upstream fixed)
+- made libipq PIC (#158623)
+- additional configuration options for iptables startup script (#172929)
+ Thanks to Jan Gruenwald for the patch
+- spec file cleanup (dropped linux_header define and usage)
+
+* Mon Jul 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.2-1
+- new version 1.3.2 with additional patch for the misplaced free_opts call
+ from Marcus Sundberg
+
+* Wed May 11 2005 Thomas Woerner <twoerner@redhat.com> 1.3.1-1
+- new version 1.3.1
+
+* Fri Mar 18 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-2
+- Remove unnecessary explicit kernel dep (#146142)
+- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb
+ for the patch
+- Adapted iptables-config to reference to modprobe.conf (#150143)
+- Remove misleading message (#140154): Thanks to Ulrich Drepper
+ for the patch
+
+* Mon Feb 21 2005 Thomas Woerner <twoerner@redhat.com> 1.3.0-1
+- new version 1.3.0
+
+* Thu Nov 11 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.2
+- fixed autoload problem in iptables and ip6tables (CAN-2004-0986)
+
+* Fri Sep 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3.1
+- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731)
+- modified config file to match this change and un-commented variables with
+ default values
+
+* Thu Sep 16 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-3
+- applied second part of cleanup patch from (#131848): thanks to Steve Grubb
+ for the patch
+
+* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
+- fixed free bug in iptables (#128322)
+
+* Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
+- new version 1.2.11
+
+* Thu Jun 17 2004 Thomas Woerner <twoerner@redhat.com> 1.2.10-1
+- new version 1.2.10
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Thu Feb 26 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-2.3
+- fixed iptables-restore -c fault if there are no counters (#116421)
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sun Jan 25 2004 Dan Walsh <dwalsh@redhat.com> 1.2.9-1.2
+- Close File descriptors to prevent SELinux error message
+
+* Wed Jan 7 2004 Thomas Woerner <twoerner@redhat.com> 1.2.9-1.1
+- rebuild
+
+* Wed Dec 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.9-1
+- vew version 1.2.9
+- new config options in ipXtables-config:
+ IPTABLES_MODULES_UNLOAD
+- more documentation in ipXtables-config
+- fix for netlink security issue in libipq (devel package)
+- print fix for libipt_icmp (#109546)
+
+* Thu Oct 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-13
+- marked all messages in iptables init script for translation (#107462)
+- enabled devel package (#105884, #106101)
+- bumped build for fedora for libipt_recent.so (#106002)
+
+* Tue Sep 23 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-12.1
+- fixed lost udp port range in ip6tables-save (#104484)
+- fixed non numeric multiport port output in ipXtables-savs
+
+* Mon Sep 22 2003 Florian La Roche <Florian.LaRoche@redhat.de> 1.2.8-11
+- do not link against -lnsl
+
+* Wed Sep 17 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-10
+- made variables in rmmod_r local
+
+* Tue Jul 22 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-9
+- fixed permission for init script
+
+* Sat Jul 19 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-8
+- fixed save when iptables file is missing and iptables-config permissions
+
+* Tue Jul 8 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-7
+- fixes for ip6tables: module unloading, setting policy only for existing
+ tables
+
+* Thu Jul 3 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-6
+- IPTABLES_SAVE_COUNTER defaults to no, now
+- install config file in /etc/sysconfig
+- exchange unload of ip_tables and ip_conntrack
+- fixed start function
+
+* Wed Jul 2 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-5
+- new config option IPTABLES_SAVE_ON_RESTART
+- init script: new status, save and restart
+- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374
+
+* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-4
+- new config option IPTABLES_STATUS_NUMERIC
+- cleared IPTABLES_MODULES in iptables-config
+
+* Mon Jun 30 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-3
+- new init scripts
+
+* Sat Jun 28 2003 Florian La Roche <Florian.LaRoche@redhat.de>
+- remove check for very old kernel versions in init scripts
+- sync up both init scripts and remove some further ugly things
+- add some docu into rpm
+
+* Thu Jun 26 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-2
+- rebuild
+
+* Mon Jun 16 2003 Thomas Woerner <twoerner@redhat.com> 1.2.8-1
+- update to 1.2.8
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Mon Jan 13 2003 Bill Nottingham <notting@redhat.com> 1.2.7a-1
+- update to 1.2.7a
+- add a plethora of bugfixes courtesy Michael Schwendt <mschewndt@yahoo.com>
+
+* Fri Dec 13 2002 Elliot Lee <sopwith@redhat.com> 1.2.6a-3
+- Fix multilib
+
+* Wed Aug 07 2002 Karsten Hopp <karsten@redhat.de>
+- fixed iptables and ip6tables initscript output, based on #70511
+- check return status of all iptables calls, not just the last one
+ in a 'for' loop.
+
+* Mon Jul 29 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.6a-1
+- 1.2.6a (bugfix release, #69747)
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Mon Mar 4 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-3
+- Add some fixes from CVS, fixing bug #60465
+
+* Tue Feb 12 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-2
+- Merge ip6tables improvements from Ian Prowell <iprowell@prowell.org>
+ #59402
+- Update URL (#59354)
+- Use /sbin/chkconfig rather than chkconfig in %%postun script
+
+* Fri Jan 11 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.5-1
+- 1.2.5
+
+* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Mon Nov 5 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-2
+- Fix %%preun script
+
+* Tue Oct 30 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.4-1
+- Update to 1.2.4 (various fixes, including security fixes; among others:
+ #42990, #50500, #53325, #54280)
+- Fix init script (#31133)
+
+* Mon Sep 3 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.3-1
+- 1.2.3 (5 security fixes, some other fixes)
+- Fix updating (#53032)
+
+* Mon Aug 27 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-4
+- Fix #50990
+- Add some fixes from current CVS; should fix #52620
+
+* Mon Jul 16 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-3
+- Add some fixes from the current CVS tree; fixes #49154 and some IPv6
+ issues
+
+* Tue Jun 26 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-2
+- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt
+ <mschwendt@yahoo.com>
+
+* Tue May 8 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.2.2-1
+- 1.2.2
+
+* Wed Mar 21 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.2.1a, fixes #28412, #31136, #31460, #31133
+
+* Thu Mar 1 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Yet another initscript fix (#30173)
+- Fix the fixes; they fixed some issues but broke more important
+ stuff :/ (#30176)
+
+* Tue Feb 27 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Fix up initscript (#27962)
+- Add fixes from CVS to iptables-{restore,save}, fixing #28412
+
+* Fri Feb 09 2001 Karsten Hopp <karsten@redhat.de>
+- create /etc/sysconfig/iptables mode 600 (same problem as #24245)
+
+* Mon Feb 05 2001 Karsten Hopp <karsten@redhat.de>
+- fix bugzilla #25986 (initscript not marked as config file)
+- fix bugzilla #25962 (iptables-restore)
+- mv chkconfig --del from postun to preun
+
+* Thu Feb 1 2001 Trond Eivind Glomsrød <teg@redhat.com>
+- Fix check for ipchains
+
+* Mon Jan 29 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Some fixes to init scripts
+
+* Wed Jan 24 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Add some fixes from CVS, fixes among other things Bug #24732
+
+* Wed Jan 17 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- Add missing man pages, fix up init script (Bug #17676)
+
+* Mon Jan 15 2001 Bill Nottingham <notting@redhat.com>
+- add init script
+
+* Mon Jan 15 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.2
+- fix up ipv6 split
+- add init script
+- Move the plugins from /usr/lib/iptables to /lib/iptables.
+ This needs to work before /usr is mounted...
+- Use -O1 on alpha (compiler bug)
+
+* Sat Jan 6 2001 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.1.2
+- Add IPv6 support (in separate package)
+
+* Thu Aug 17 2000 Bill Nottingham <notting@redhat.com>
+- build everywhere
+
+* Tue Jul 25 2000 Bernhard Rosenkraenzer <bero@redhat.com>
+- 1.1.1
+
+* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Tue Jun 27 2000 Preston Brown <pbrown@redhat.com>
+- move iptables to /sbin.
+- excludearch alpha for now, not building there because of compiler bug(?)
+
+* Fri Jun 9 2000 Bill Nottingham <notting@redhat.com>
+- don't obsolete ipchains either
+- update to 1.1.0
+
+* Mon Jun 4 2000 Bill Nottingham <notting@redhat.com>
+- remove explicit kernel requirement
+
+* Tue May 2 2000 Bernhard Rosenkränzer <bero@redhat.com>
+- initial package
git://git.onelab.eu / iptables.git / blobdiff