X-Git-Url: http://git.onelab.eu/?p=iptables.git;a=blobdiff_plain;f=iptables.spec;h=9ca19a0f31004ef9b989d0a42d4c69d4dd0e7dbd;hp=4fa7523b612924dc64cb65eacffe3cf257f2f348;hb=HEAD;hpb=571f7383310803399cc2d293a8219e6f664e88d0 diff --git a/iptables.spec b/iptables.spec index 4fa7523..9ca19a0 100644 --- a/iptables.spec +++ b/iptables.spec @@ -1,57 +1,47 @@ -# -# $Id: iproute.spec 7668 2008-01-08 11:49:43Z thierry $ -# -%define url $URL: svn+ssh://thierry@svn.planet-lab.org/svn/iproute2/trunk/iproute.spec $ - %define name iptables -%define version 1.4.1.1 +%define version 1.4.12 +%define subversion .1 %define taglevel 0 %define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}} +%define actual_name %{name}-%{version}%{subversion} Vendor: PlanetLab Packager: PlanetLab Central Distribution: PlanetLab %{plrelease} -URL: %(echo %{url} | cut -d ' ' -f 2) - -%define build_devel 1 -%define linux_header 0 +URL: %{SCMURL} -Summary: Tools for managing Linux kernel packet filtering capabilities. +Summary: Tools for managing Linux kernel packet filtering capabilities Name: %{name} Version: %{version} Release: %{release} -Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2 -%define SOURCE1 iptables.init -%define SOURCE2 iptables-config -%define SOURCE3 planetlab-config -Group: System Environment/Base -#URL: http://www.netfilter.org/ -BuildRoot: %{_tmppath}/%{name}-buildroot -License: GPL -BuildPrereq: /usr/bin/perl -Requires: kernel >= 2.4.20 -Requires(post,postun): chkconfig -Prefix: %{_prefix} -BuildRequires: kernel-devel - -%package ipv6 -Summary: IPv6 support for iptables. +Source: http://www.netfilter.org/projects/iptables/files/%{actual_name}.tar.bz2 +Source1: iptables.init +Source2: iptables-config +Source3: planetlab-config +Patch1: copy-xid.patch Group: System Environment/Base -Requires: %{name} = %{version} - -%if %{build_devel} -%package devel -Summary: Development package for iptables. -Group: System Environment/Base -Requires: %{name} = %{version} -%endif +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root +License: GPLv2 +BuildRequires: libselinux-devel +BuildRequires: kernel-headers +Conflicts: kernel < 2.4.20 +Requires(post): chkconfig +Requires(post): initscripts +Requires(preun): chkconfig %description The iptables utility controls the network packet filtering code in the Linux kernel. If you need to set up firewalls and/or IP masquerading, you should install this package. +%package ipv6 +Summary: IPv6 support for iptables +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} +Requires(post): chkconfig +Requires(preun): chkconfig + %description ipv6 The iptables package contains IPv6 (the next version of the IP protocol) support for iptables. Iptables controls the Linux kernel @@ -61,111 +51,668 @@ masquerading. Install iptables-ipv6 if you need to set up firewalling for your network and you are using ipv6. -%if %{build_devel} +%package devel +Summary: Development package for iptables +Group: System Environment/Base +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + %description devel -The iptables utility controls the network packet filtering code in the -Linux kernel. If you need to set up firewalls and/or IP masquerading, -you should install this package. -%endif +iptables development headers and libraries. + +The iptc interface is upstream marked as not public. The interface is not +stable and may change with every new version. It is therefore unsupported. %prep +%setup -q -n %{actual_name} +%patch1 -p1 + +%build +CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ +./configure --enable-devel --enable-libipq --bindir=/bin --sbindir=/sbin --sysconfdir=/etc --libdir=/%{_lib} --libexecdir=/%{_lib} --mandir=%{_mandir} --includedir=%{_includedir} --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr + +# do not use rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make + +%install rm -rf %{buildroot} -%setup -q +make install DESTDIR=%{buildroot} +# remove la file(s) +rm -f %{buildroot}/%{_lib}/*.la -# Put it to a reasonable place -find . -type f -exec perl -pi -e "s,/usr,%{prefix},g" {} \; +# install ip*tables.h header files +install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/ +install -d -m 755 %{buildroot}%{_includedir}/iptables +install -m 644 include/iptables/internal.h %{buildroot}%{_includedir}/iptables/ -%build -TOPDIR=`pwd` -OPT="$RPM_OPT_FLAGS -I$TOPDIR/include" - -%define KERNEL %(rpm -q --qf '%%{VERSION}-%%{RELEASE}-%%{ARCH}\\n' kernel-devel | tail -n 1 ) -count=$(rpm -q kernel-devel| wc -l) -if [ $count -gt 1 ] ; then - echo "WARNING: choosing kernel-devel-%{KERNEL}" - echo " but there are other kernel-devel packages installed: $(rpm -q kernel-devel)" -fi - -%define KERNEL_DIR "/usr/src/kernels/%{KERNEL}" +# install ipulog header file +install -d -m 755 %{buildroot}%{_includedir}/libipulog/ +install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/ -./configure -make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib} -make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib} iptables-save iptables-restore -make COPT_FLAGS="$OPT" KERNEL_DIR=%{KERNEL_DIR} LIBDIR=/%{_lib} ip6tables-save ip6tables-restore +# create symlinks for devel so libs +install -d -m 755 %{buildroot}%{_libdir} +for i in %{buildroot}/%{_lib}/*.so; do + ln -s ../../%{_lib}/${i##*/} %{buildroot}%{_libdir}/${i##*/} +done -%install -mkdir -p %{buildroot}/sbin -make install DESTDIR=%{buildroot} KERNEL_DIR=%{KERNEL_DIR} BINDIR=/sbin LIBDIR=/%{_lib} MANDIR=%{_mandir} -cp ip{6,}tables-{save,restore} $RPM_BUILD_ROOT/sbin -cp iptables-*.8 $RPM_BUILD_ROOT%{_mandir}/man8 -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d -install -c -m755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/iptables +# move pkgconfig to %{_libdir} +mv %{buildroot}/%{_lib}/pkgconfig %{buildroot}/%{_libdir}/ + +# install init scripts and configuration files +install -d -m 755 %{buildroot}/etc/rc.d/init.d +install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init -install -c -m755 ip6tables.init $RPM_BUILD_ROOT/etc/rc.d/init.d/ip6tables -mkdir -p $RPM_BUILD_ROOT/etc/sysconfig -install -c -m755 %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/iptables-config -install -c -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/iptables +install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables +install -d -m 755 %{buildroot}/etc/sysconfig +install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config +install -c -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/iptables sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config -install -c -m755 ip6tables-config $RPM_BUILD_ROOT/etc/sysconfig/ip6tables-config +install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config %clean -rm -rf $RPM_BUILD_ROOT +rm -rf %{buildroot} %post +/sbin/ldconfig /sbin/chkconfig --add iptables -if [ "$PL_BOOTCD" != "1" ] ; then - /sbin/service iptables restart -fi +DEFAULT_IFACE=$(ip route show default | awk '/default/ {print $5}') +sed -i -e "s;__eth;$DEFAULT_IFACE;g" /etc/sysconfig/iptables +[ "$PL_BOOTCD" = "1" ] || service iptables restart + +%postun -p /sbin/ldconfig %preun if [ "$1" = 0 ]; then - /sbin/chkconfig --del iptables + /sbin/chkconfig --del iptables fi %post ipv6 /sbin/chkconfig --add ip6tables -if [ "$PL_BOOTCD" != "1" ] ; then - /sbin/service ip6tables restart -fi %preun ipv6 if [ "$1" = 0 ]; then - /sbin/chkconfig --del ip6tables + /sbin/chkconfig --del ip6tables fi %files -%defattr(-,root,root,0755) +%defattr(-,root,root) %doc COPYING INSTALL INCOMPATIBILITIES -%config %attr(0755,root,root) /etc/rc.d/init.d/iptables -%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config -%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables +%attr(0755,root,root) /etc/rc.d/init.d/iptables +%config %attr(0600,root,root) /etc/sysconfig/iptables-config +%config %attr(0600,root,root) /etc/sysconfig/iptables /sbin/iptables* +/bin/iptables-xml %{_mandir}/man8/iptables* -%dir /%{_lib}/iptables -/%{_lib}/iptables/libipt* -/sbin/ipset* -%{_mandir}/man8/ipset* -%dir /%{_lib}/ipset -/%{_lib}/ipset/libipset* +%dir /%{_lib}/xtables +/%{_lib}/xtables/libipt* +/%{_lib}/xtables/libxt* +/%{_lib}/libip*tc.so.* +/%{_lib}/libipq.so.* +/%{_lib}/libxtables.so.* %files ipv6 -%defattr(-,root,root,0755) -%config %attr(0755,root,root) /etc/rc.d/init.d/ip6tables +%defattr(-,root,root) +%attr(0755,root,root) /etc/rc.d/init.d/ip6tables %config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config /sbin/ip6tables* %{_mandir}/man8/ip6tables* -/%{_lib}/iptables/libip6t* +/%{_lib}/xtables/libip6t* -%if %{build_devel} %files devel -%defattr(-,root,root,0755) -%{_includedir}/libipq.h -%{_libdir}/libipq.a -#%{_libdir}/libiptc.a +%defattr(-,root,root) +%dir %{_includedir}/iptables +%{_includedir}/iptables/*.h +%{_includedir}/*.h +%dir %{_includedir}/libiptc +%{_includedir}/libiptc/*.h +%dir %{_includedir}/libipulog +%{_includedir}/libipulog/*.h %{_mandir}/man3/* -%endif +/%{_lib}/libip*tc.so +/%{_lib}/libipq.so +/%{_lib}/libxtables.so +%{_libdir}/libip*tc.so +%{_libdir}/libipq.so +%{_libdir}/libxtables.so +%{_libdir}/pkgconfig/libiptc.pc +%{_libdir}/pkgconfig/xtables.pc %changelog -* Sun Feb 22 2009 Sapan Bhatia -- Checking in initial version of iptables 1.4.1.1 +* Tue Aug 09 2011 Sapan Bhatia - iptables-1.4.10-5 +- Adding a recently abused (=received experimental traffic from planetlab) node to a global iptables blacklist. I will be +- implementing this mechanism more formally +- using +- iptables in the coming days. Unfortunately, because of the complexity of the recipient network we are unable to +- determine a comprehensive set of the slices responsible in this case, so I am adding this temporary hack for now. + +* Thu Mar 24 2011 S.Çağlar Onur - iptables-1.4.10-4 +- Don't start iptables service on build time + +* Wed Feb 23 2011 S.Çağlar Onur - iptables-1.4.10-3 +- Remove ugly hack for config files + +* Thu Jan 27 2011 S.Çağlar Onur - iptables-1.4.10-2 +- Fix the patch + +* Wed Jan 26 2011 S.Çağlar Onur - iptables-1.4.10-1 +- Fix incorrect sha1sum + +* Sun Jan 23 2011 Thierry Parmentelat - iptables-1.4.9-1 +- add requires initscripts in deps + +* Wed May 12 2010 S.Çağlar Onur - iptables-1.4.7-5 +- Restart iptables service after package upgrades + +* Mon May 10 2010 S.Çağlar Onur - iptables-1.4.7-4 +- Restore iIPTABLES_MODULES list + +* Mon May 03 2010 S.Çağlar Onur - iptables-1.4.7-3 +- drop backward compatibility with older iptables versions as new kernels only support v2 +- remove unused modules from iptables-config file + +* Wed Apr 14 2010 Thierry Parmentelat - iptables-1.4.7-2 +- fixed specfile for duplicate URL + +* Wed Mar 24 2010 Thomas Woerner 1.4.7-2 +- added default values for IPTABLES_STATUS_VERBOSE and + IPTABLES_STATUS_LINENUMBERS in init script +- added missing lsb keywords Required-Start and Required-Stop to init script + +* Fri Mar 5 2010 Thomas Woerner 1.4.7-1 +- new version 1.4.7 with support for all new features of 2.6.33 (rhbz#570767) + - libip4tc: Add static qualifier to dump_entry() + - libipq: build as shared library + - recent: reorder cases in code (cosmetic cleanup) + - several man page and documentation fixes + - policy: fix error message showing wrong option + - includes: header updates + - Lift restrictions on interface names +- fixed license and moved iptables-xml into base package according to review + +* Wed Jan 27 2010 Thomas Woerner 1.4.6-2 +- moved libip*tc and libxtables libs to /lib[64], added symlinks for .so libs + to /usr/lib[64] for compatibility (rhbz#558796) + +* Wed Jan 13 2010 Thomas Woerner 1.4.6-1 +- new version 1.4.6 with support for all new features of 2.6.32 + - several man page fixes + - Support for nommu arches + - realm: remove static initializations + - libiptc: remove unused functions + - libiptc: avoid strict-aliasing warnings + - iprange: do accept non-ranges for xt_iprange v1 + - iprange: warn on reverse range + - iprange: roll address parsing into a loop + - iprange: do accept non-ranges for xt_iprange v1 (log) + - iprange: warn on reverse range (log) + - libiptc: fix wrong maptype of base chain counters on restore + - iptables: fix undersized deletion mask creation + - style: reduce indent in xtables_check_inverse + - libxtables: hand argv to xtables_check_inverse + - iptables/extensions: make bundled options work again + - CONNMARK: print mark rules with mask 0xffffffff as set instead of xset + - iptables: take masks into consideration for replace command + - doc: explain experienced --hitcount limit + - doc: name resolution clarification + - iptables: expose option to zero packet/byte counters for a specific rule + - build: restore --disable-ipv6 functionality on system w/o v6 headers + - MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark + - DNAT: fix incorrect check during parsing + - extensions: add osf extension + - conntrack: fix --expires parsing + +* Thu Dec 17 2009 Thomas Woerner 1.4.5-2 +- dropped nf_ext_init remains from cloexec patch + +* Thu Sep 17 2009 Thomas Woerner 1.4.5-1 +- new version 1.4.5 with support for all new features of 2.6.31 + - libxt_NFQUEUE: add new v1 version with queue-balance option + - xt_conntrack: revision 2 for enlarged state_mask member + - libxt_helper: fix invalid passed option to check_inverse + - libiptc: split v4 and v6 + - extensions: collapse registration structures + - iptables: allow for parse-less extensions + - iptables: allow for help-less extensions + - extensions: remove empty help and parse functions + - xtables: add multi-registration functions + - extensions: collapse data variables to use multi-reg calls + - xtables: warn of missing version identifier in extensions + - multi binary: allow subcommand via argv[1] + - iptables: accept multiple IP address specifications for -s, -d + - several build fixes + - several man page fixes +- fixed two leaked file descriptors on sockets (rhbz#521397) + +* Mon Aug 24 2009 Thomas Woerner 1.4.4-1 +- new version 1.4.4 with support for all new features of 2.6.30 + - several man page fixes + - iptables: replace open-coded sizeof by ARRAY_SIZE + - libip6t_policy: remove redundant functions + - policy: use direct xt_policy_info instead of ipt/ip6t + - policy: merge ipv6 and ipv4 variant + - extensions: add `cluster' match support + - extensions: add const qualifiers in print/save functions + - extensions: use NFPROTO_UNSPEC for .family field + - extensions: remove redundant casts + - iptables: close open file descriptors + - fix segfault if incorrect protocol name is used + - replace open-coded sizeof by ARRAY_SIZE + - do not include v4-only modules in ip6tables manpage + - use direct xt_policy_info instead of ipt/ip6t + - xtables: fix segfault if incorrect protocol name is used + - libxt_connlimit: initialize v6_mask + - SNAT/DNAT: add support for persistent multi-range NAT mappings + +* Fri Jul 24 2009 Fedora Release Engineering - 1.4.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Apr 15 2009 Thomas Woerner 1.4.3.2-1 +- new version 1.4.3.2 +- also install iptables/internal.h, needed for iptables.h and ip6tables.h + +* Mon Mar 30 2009 Thomas Woerner 1.4.3.1-1 +- new version 1.4.3.1 + - libiptc is now shared + - supports all new features of the 2.6.29 kernel +- dropped typo_latter patch + +* Thu Mar 5 2009 Thomas Woerner 1.4.2-3 +- still more review fixes (rhbz#225906) + - consistent macro usage + - use sed instead of perl for rpath removal + - use standard RPM CFLAGS, but also -fno-strict-aliasing (needed for libiptc*) + +* Wed Feb 25 2009 Fedora Release Engineering - 1.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Feb 20 2009 Thomas Woerner 1.4.2-1 +- new version 1.4.2 +- removed TOS value mask patch (upstream) +- more review fixes (rhbz#225906) +- install all header files (rhbz#462207) +- dropped nf_ext_init (rhbz#472548) + +* Tue Jul 22 2008 Thomas Woerner 1.4.1.1-2 +- fixed TOS value mask problem (rhbz#456244) (upstream patch) +- two more cloexec fixes + +* Tue Jul 1 2008 Thomas Woerner 1.4.1.1-1 +- upstream bug fix release 1.4.1.1 +- dropped extra patch for 1.4.1 - not needed anymore + +* Tue Jun 10 2008 Thomas Woerner 1.4.1-1 +- new version 1.4.1 with new build environment +- additional ipv6 network mask patch from Jan Engelhardt +- spec file cleanup +- removed old patches + +* Fri Jun 6 2008 Tom "spot" Callaway 1.4.0-5 +- use normal kernel headers, not linux/compiler.h +- change BuildRequires: kernel-devel to kernel-headers +- We need to do this to be able to build for both sparcv9 and sparc64 + (there is no kernel-devel.sparcv9) + +* Thu Mar 20 2008 Thomas Woerner 1.4.0-4 +- use O_CLOEXEC for all opened files in all applications (rhbz#438189) + +* Mon Mar 3 2008 Thomas Woerner 1.4.0-3 +- use the kernel headers from the build tree for iptables for now to be able to + compile this package, but this makes the package more kernel dependant +- use s6_addr32 instead of in6_u.u6_addr32 + +* Wed Feb 20 2008 Fedora Release Engineering - 1.4.0-2 +- Autorebuild for GCC 4.3 + +* Mon Feb 11 2008 Thomas Woerner 1.4.0-1 +- new version 1.4.0 +- fixed condrestart (rhbz#428148) +- report the module in rmmod_r if there is an error +- use nf_ext_init instead of my_init for extension constructors + +* Mon Nov 5 2007 Thomas Woerner 1.3.8-6 +- fixed leaked file descriptor before fork/exec (rhbz#312191) +- blacklisting is not working, use "install X /bin/(true|false)" test instead +- return private exit code 150 for disabled ipv6 support +- use script name for output messages + +* Tue Oct 16 2007 Thomas Woerner 1.3.8-5 +- fixed error code for stopping a already stopped firewall (rhbz#321751) +- moved blacklist test into start + +* Wed Sep 26 2007 Thomas Woerner 1.3.8-4.1 +- do not start ip6tables if ipv6 is blacklisted (rhbz#236888) +- use simpler fix for (rhbz#295611) + Thanks to Linus Torvalds for the patch. + +* Mon Sep 24 2007 Thomas Woerner 1.3.8-4 +- fixed IPv6 reject type (rhbz#295181) +- fixed init script: start, stop and status +- support netfilter compiled into kernel in init script (rhbz#295611) +- dropped inversion for limit modules from man pages (rhbz#220780) +- fixed typo in ip6tables man page (rhbz#236185) + +* Wed Sep 19 2007 Thomas Woerner 1.3.8-3 +- do not depend on local_fs in lsb header - this delayes start after network +- fixed exit code for initscript usage + +* Mon Sep 17 2007 Thomas Woerner 1.3.8-2.1 +- do not use lock file for condrestart test + +* Thu Aug 23 2007 Thomas Woerner 1.3.8-2 +- fixed initscript for LSB conformance (rhbz#246953, rhbz#242459) +- provide iptc interface again, but unsupported (rhbz#216733) +- compile all extension, which are supported by the kernel-headers package +- review fixes (rhbz#225906) + +* Tue Jul 31 2007 Thomas Woerner +- reverted ipv6 fix, because it disables the ipv6 at all (rhbz#236888) + +* Fri Jul 13 2007 Steve Conklin - 1.3.8-1 +- New version 1.3.8 + +* Mon Apr 23 2007 Jeremy Katz - 1.3.7-2 +- fix error when ipv6 support isn't loaded in the kernel (#236888) + +* Wed Jan 10 2007 Thomas Woerner 1.3.7-1.1 +- fixed installation of secmark modules + +* Tue Jan 9 2007 Thomas Woerner 1.3.7-1 +- new verison 1.3.7 +- iptc is not a public interface and therefore not installed anymore +- dropped upstream secmark patch + +* Thu Sep 19 2006 Thomas Woerner 1.3.5-2 +- added secmark iptables patches (#201573) + +* Wed Jul 12 2006 Jesse Keating - 1.3.5-1.2.1 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 1.3.5-1.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.3.5-1.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Thu Feb 2 2006 Thomas Woerner 1.3.5-1 +- new version 1.3.5 +- fixed init script to set policy for raw tables, too (#179094) + +* Tue Jan 24 2006 Thomas Woerner 1.3.4-3 +- added important iptables header files to devel package + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Fri Nov 25 2005 Thomas Woerner 1.3.4-2 +- fix for plugin problem: link with "gcc -shared" instead of "ld -shared" and + replace "_init" with "__attribute((constructor)) my_init" + +* Fri Nov 25 2005 Thomas Woerner 1.3.4-1.1 +- rebuild due to unresolved symbols in shared libraries + +* Fri Nov 18 2005 Thomas Woerner 1.3.4-1 +- new version 1.3.4 +- dropped free_opts patch (upstream fixed) +- made libipq PIC (#158623) +- additional configuration options for iptables startup script (#172929) + Thanks to Jan Gruenwald for the patch +- spec file cleanup (dropped linux_header define and usage) + +* Mon Jul 18 2005 Thomas Woerner 1.3.2-1 +- new version 1.3.2 with additional patch for the misplaced free_opts call + from Marcus Sundberg + +* Wed May 11 2005 Thomas Woerner 1.3.1-1 +- new version 1.3.1 + +* Fri Mar 18 2005 Thomas Woerner 1.3.0-2 +- Remove unnecessary explicit kernel dep (#146142) +- Fixed out of bounds accesses (#131848): Thanks to Steve Grubb + for the patch +- Adapted iptables-config to reference to modprobe.conf (#150143) +- Remove misleading message (#140154): Thanks to Ulrich Drepper + for the patch + +* Mon Feb 21 2005 Thomas Woerner 1.3.0-1 +- new version 1.3.0 + +* Thu Nov 11 2004 Thomas Woerner 1.2.11-3.2 +- fixed autoload problem in iptables and ip6tables (CAN-2004-0986) + +* Fri Sep 17 2004 Thomas Woerner 1.2.11-3.1 +- changed default behaviour for IPTABLES_STATUS_NUMERIC to "yes" (#129731) +- modified config file to match this change and un-commented variables with + default values + +* Thu Sep 16 2004 Thomas Woerner 1.2.11-3 +- applied second part of cleanup patch from (#131848): thanks to Steve Grubb + for the patch + +* Wed Aug 25 2004 Thomas Woerner 1.2.11-2 +- fixed free bug in iptables (#128322) + +* Tue Jun 22 2004 Thomas Woerner 1.2.11-1 +- new version 1.2.11 + +* Thu Jun 17 2004 Thomas Woerner 1.2.10-1 +- new version 1.2.10 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Thu Feb 26 2004 Thomas Woerner 1.2.9-2.3 +- fixed iptables-restore -c fault if there are no counters (#116421) + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Sun Jan 25 2004 Dan Walsh 1.2.9-1.2 +- Close File descriptors to prevent SELinux error message + +* Wed Jan 7 2004 Thomas Woerner 1.2.9-1.1 +- rebuild + +* Wed Dec 17 2003 Thomas Woerner 1.2.9-1 +- vew version 1.2.9 +- new config options in ipXtables-config: + IPTABLES_MODULES_UNLOAD +- more documentation in ipXtables-config +- fix for netlink security issue in libipq (devel package) +- print fix for libipt_icmp (#109546) + +* Thu Oct 23 2003 Thomas Woerner 1.2.8-13 +- marked all messages in iptables init script for translation (#107462) +- enabled devel package (#105884, #106101) +- bumped build for fedora for libipt_recent.so (#106002) + +* Tue Sep 23 2003 Thomas Woerner 1.2.8-12.1 +- fixed lost udp port range in ip6tables-save (#104484) +- fixed non numeric multiport port output in ipXtables-savs + +* Mon Sep 22 2003 Florian La Roche 1.2.8-11 +- do not link against -lnsl + +* Wed Sep 17 2003 Thomas Woerner 1.2.8-10 +- made variables in rmmod_r local + +* Tue Jul 22 2003 Thomas Woerner 1.2.8-9 +- fixed permission for init script + +* Sat Jul 19 2003 Thomas Woerner 1.2.8-8 +- fixed save when iptables file is missing and iptables-config permissions + +* Tue Jul 8 2003 Thomas Woerner 1.2.8-7 +- fixes for ip6tables: module unloading, setting policy only for existing + tables + +* Thu Jul 3 2003 Thomas Woerner 1.2.8-6 +- IPTABLES_SAVE_COUNTER defaults to no, now +- install config file in /etc/sysconfig +- exchange unload of ip_tables and ip_conntrack +- fixed start function + +* Wed Jul 2 2003 Thomas Woerner 1.2.8-5 +- new config option IPTABLES_SAVE_ON_RESTART +- init script: new status, save and restart +- fixes #44905, #65389, #80785, #82860, #91040, #91560 and #91374 + +* Mon Jun 30 2003 Thomas Woerner 1.2.8-4 +- new config option IPTABLES_STATUS_NUMERIC +- cleared IPTABLES_MODULES in iptables-config + +* Mon Jun 30 2003 Thomas Woerner 1.2.8-3 +- new init scripts + +* Sat Jun 28 2003 Florian La Roche +- remove check for very old kernel versions in init scripts +- sync up both init scripts and remove some further ugly things +- add some docu into rpm + +* Thu Jun 26 2003 Thomas Woerner 1.2.8-2 +- rebuild + +* Mon Jun 16 2003 Thomas Woerner 1.2.8-1 +- update to 1.2.8 + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Mon Jan 13 2003 Bill Nottingham 1.2.7a-1 +- update to 1.2.7a +- add a plethora of bugfixes courtesy Michael Schwendt + +* Fri Dec 13 2002 Elliot Lee 1.2.6a-3 +- Fix multilib + +* Wed Aug 07 2002 Karsten Hopp +- fixed iptables and ip6tables initscript output, based on #70511 +- check return status of all iptables calls, not just the last one + in a 'for' loop. + +* Mon Jul 29 2002 Bernhard Rosenkraenzer 1.2.6a-1 +- 1.2.6a (bugfix release, #69747) + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Mon Mar 4 2002 Bernhard Rosenkraenzer 1.2.5-3 +- Add some fixes from CVS, fixing bug #60465 + +* Tue Feb 12 2002 Bernhard Rosenkraenzer 1.2.5-2 +- Merge ip6tables improvements from Ian Prowell + #59402 +- Update URL (#59354) +- Use /sbin/chkconfig rather than chkconfig in %%postun script + +* Fri Jan 11 2002 Bernhard Rosenkraenzer 1.2.5-1 +- 1.2.5 + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Mon Nov 5 2001 Bernhard Rosenkraenzer 1.2.4-2 +- Fix %%preun script + +* Tue Oct 30 2001 Bernhard Rosenkraenzer 1.2.4-1 +- Update to 1.2.4 (various fixes, including security fixes; among others: + #42990, #50500, #53325, #54280) +- Fix init script (#31133) + +* Mon Sep 3 2001 Bernhard Rosenkraenzer 1.2.3-1 +- 1.2.3 (5 security fixes, some other fixes) +- Fix updating (#53032) + +* Mon Aug 27 2001 Bernhard Rosenkraenzer 1.2.2-4 +- Fix #50990 +- Add some fixes from current CVS; should fix #52620 + +* Mon Jul 16 2001 Bernhard Rosenkraenzer 1.2.2-3 +- Add some fixes from the current CVS tree; fixes #49154 and some IPv6 + issues + +* Tue Jun 26 2001 Bernhard Rosenkraenzer 1.2.2-2 +- Fix iptables-save reject-with (#45632), Patch from Michael Schwendt + + +* Tue May 8 2001 Bernhard Rosenkraenzer 1.2.2-1 +- 1.2.2 + +* Wed Mar 21 2001 Bernhard Rosenkraenzer +- 1.2.1a, fixes #28412, #31136, #31460, #31133 + +* Thu Mar 1 2001 Bernhard Rosenkraenzer +- Yet another initscript fix (#30173) +- Fix the fixes; they fixed some issues but broke more important + stuff :/ (#30176) + +* Tue Feb 27 2001 Bernhard Rosenkraenzer +- Fix up initscript (#27962) +- Add fixes from CVS to iptables-{restore,save}, fixing #28412 + +* Fri Feb 09 2001 Karsten Hopp +- create /etc/sysconfig/iptables mode 600 (same problem as #24245) + +* Mon Feb 05 2001 Karsten Hopp +- fix bugzilla #25986 (initscript not marked as config file) +- fix bugzilla #25962 (iptables-restore) +- mv chkconfig --del from postun to preun + +* Thu Feb 1 2001 Trond Eivind Glomsrød +- Fix check for ipchains + +* Mon Jan 29 2001 Bernhard Rosenkraenzer +- Some fixes to init scripts + +* Wed Jan 24 2001 Bernhard Rosenkraenzer +- Add some fixes from CVS, fixes among other things Bug #24732 + +* Wed Jan 17 2001 Bernhard Rosenkraenzer +- Add missing man pages, fix up init script (Bug #17676) + +* Mon Jan 15 2001 Bill Nottingham +- add init script + +* Mon Jan 15 2001 Bernhard Rosenkraenzer +- 1.2 +- fix up ipv6 split +- add init script +- Move the plugins from /usr/lib/iptables to /lib/iptables. + This needs to work before /usr is mounted... +- Use -O1 on alpha (compiler bug) + +* Sat Jan 6 2001 Bernhard Rosenkraenzer +- 1.1.2 +- Add IPv6 support (in separate package) + +* Thu Aug 17 2000 Bill Nottingham +- build everywhere + +* Tue Jul 25 2000 Bernhard Rosenkraenzer +- 1.1.1 + +* Thu Jul 13 2000 Prospector +- automatic rebuild + +* Tue Jun 27 2000 Preston Brown +- move iptables to /sbin. +- excludearch alpha for now, not building there because of compiler bug(?) + +* Fri Jun 9 2000 Bill Nottingham +- don't obsolete ipchains either +- update to 1.1.0 + +* Mon Jun 4 2000 Bill Nottingham +- remove explicit kernel requirement + +* Tue May 2 2000 Bernhard Rosenkränzer +- initial package