Hi!
The Netfilter project proudly presents:
iptables 1.6.0
This release includes accumulated fixes and enhancements for the
following matches:
* ah
* connlabel
* cgroup
* devgroup
* dst
* icmp6
* ipcomp
* ipv6header
* quota
* set
* socket
* string
and targets:
* CT
* REJECT
* SET
* SNAT
* SNPT,DNPT
* SYNPROXY
* TEE
We also got rid of the very very old MIRROR and SAME targets and the
unclean match, that were removed from the kernel tree long time ago.
We also got patches to update different aspects of our manpages.
Moreover, this release includes the first official release of the
iptables over nftables infrastructure, which includes the following
utilities:
* iptables-compat
* iptables-compat-save
* iptables-compat-restore
* ip6tables-compat
* ip6tables-compat-save
* ip6tables-compat-restore
* ebtables-compat
* arptables-compat
that have the same getopt-based parser as the native tool, so the
syntax remains the same, eg.
# iptables-compat -P INPUT DROP
# iptables-compat -A INPUT -m state --state ESTABLISHED,RELATED
# iptables-compat -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
# iptables-compat -A INPUT -m state --state INVALID -j LOG --log-prefix "INVALID: "
This infrastructure will allow us to provide an easy path for users to
translate their iptables rulesets to the new nft syntax. Note that
this translation infrastructure and the compat glue code in the nft
userspace tool is still under development, so that is not included in
this release.
The development of ebtables-compat and arptables-compat utilities were
started by Giuseppe Longo, and followed up later on by Arturo Borrero.
This effort was partially covered by the Google Summer of Code
program.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/conntrack-tools/downloads.html
ftp://ftp.netfilter.org/pub/conntrack-tools/
Help us testing and report bugs, thanks!
The Netfilter project proudly presents:
iptables 1.6.0
This release includes accumulated fixes and enhancements for the
following matches:
* ah
* connlabel
* cgroup
* devgroup
* dst
* icmp6
* ipcomp
* ipv6header
* quota
* set
* socket
* string
and targets:
* CT
* REJECT
* SET
* SNAT
* SNPT,DNPT
* SYNPROXY
* TEE
We also got rid of the very very old MIRROR and SAME targets and the
unclean match, that were removed from the kernel tree long time ago.
We also got patches to update different aspects of our manpages.
Moreover, this release includes the first official release of the
iptables over nftables infrastructure, which includes the following
utilities:
* iptables-compat
* iptables-compat-save
* iptables-compat-restore
* ip6tables-compat
* ip6tables-compat-save
* ip6tables-compat-restore
* ebtables-compat
* arptables-compat
that have the same getopt-based parser as the native tool, so the
syntax remains the same, eg.
# iptables-compat -P INPUT DROP
# iptables-compat -A INPUT -m state --state ESTABLISHED,RELATED
# iptables-compat -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
# iptables-compat -A INPUT -m state --state INVALID -j LOG --log-prefix "INVALID: "
This infrastructure will allow us to provide an easy path for users to
translate their iptables rulesets to the new nft syntax. Note that
this translation infrastructure and the compat glue code in the nft
userspace tool is still under development, so that is not included in
this release.
The development of ebtables-compat and arptables-compat utilities were
started by Giuseppe Longo, and followed up later on by Arturo Borrero.
This effort was partially covered by the Google Summer of Code
program.
See ChangeLog that comes attached to this email for more details.
You can download it from:
http://www.netfilter.org/projects/conntrack-tools/downloads.html
ftp://ftp.netfilter.org/pub/conntrack-tools/
Help us testing and report bugs, thanks!
Attached Files:
-
changes-iptables-1.6.0.txt (19.5 KB)