Hi!
The Netfilter project proudly presents:
iptables 1.8.10
This release contains new features:
- xtables-translate: Support rule insert with index
- Broute table support in ebtables-nft
- nft-variants' debug output (pass multiple '-v' flags) now contains
sets if present
- Add mld-listener type names to icmp6 match
- Correctly parse meta mark statements in rules even though iptables-nft
does not emit those
... and fixes:
- Compiler warnings with -Werror=format-security
- Needless install of unsupported xtables.conf file
- Wrong "unknown argument" error message in some corner cases
- ebtables-nft allowed implicitly calling targets by one of their
options, require '-j <target>' first for consistency with legacy
- Various bugs in ebtables-translate
- Corner-case bug in iptables-nft-restore when deleting a rule inside
the batch file
- Sloppy rule check command in ip6tables-legacy, producing
false-positives
- Arptables-nft omitted some inverted options when listing rules
- Parser would not accept long-options with appended argument
(in form '--opt=arg')
- Ip6tables-nft ignored counter argument ('-c')
- Wrong error message when listing a non-existent chain with
iptables-nft
- Pointless creation of unused anonymous sets when deleting an
ebtables-nft rule containing an among match
- Ineffective among match comparison causing ebtables-nft to potentially
delete the wrong rule
- Sloppy iptables-restore parser accepting junk where chain counters are
expected
- Missing target name validation in chain rename command
- Icmp match confused type 255 and code 255 with special type "any"
- NDEBUG compiler flag breaks iptables-nft
- Non-functional chain policy counters with iptables-nft
- Zeroing a rule's counters would zero chain policy counters with legacy
iptables
- Reject '-m conntrack --ctproto 0', it will never match
- Stale meta expression when stripping a match on interface "+" (i.e.,
any interface name)
- Harmless compiler warning with recent Linux headers
... and documentation updates:
- Add missing chunk types to SCTP match help text (use 'iptables -p sctp
--help' to see them)
- Document possible false negatives when using 'string' match's BM
algorithm
- Missing return codes 3 and 4 descriptions in iptables man page
- Misc minor fixes in man pages
You can download the new release from:
https://netfilter.org/projects/iptables/downloads.html#iptables-1.8.10
To build the code, libnftnl 1.2.6 is required:
* http://netfilter.org/projects/libnftnl/downloads.html#libnftnl-1.2.6
In case of bugs, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
The Netfilter project proudly presents:
iptables 1.8.10
This release contains new features:
- xtables-translate: Support rule insert with index
- Broute table support in ebtables-nft
- nft-variants' debug output (pass multiple '-v' flags) now contains
sets if present
- Add mld-listener type names to icmp6 match
- Correctly parse meta mark statements in rules even though iptables-nft
does not emit those
... and fixes:
- Compiler warnings with -Werror=format-security
- Needless install of unsupported xtables.conf file
- Wrong "unknown argument" error message in some corner cases
- ebtables-nft allowed implicitly calling targets by one of their
options, require '-j <target>' first for consistency with legacy
- Various bugs in ebtables-translate
- Corner-case bug in iptables-nft-restore when deleting a rule inside
the batch file
- Sloppy rule check command in ip6tables-legacy, producing
false-positives
- Arptables-nft omitted some inverted options when listing rules
- Parser would not accept long-options with appended argument
(in form '--opt=arg')
- Ip6tables-nft ignored counter argument ('-c')
- Wrong error message when listing a non-existent chain with
iptables-nft
- Pointless creation of unused anonymous sets when deleting an
ebtables-nft rule containing an among match
- Ineffective among match comparison causing ebtables-nft to potentially
delete the wrong rule
- Sloppy iptables-restore parser accepting junk where chain counters are
expected
- Missing target name validation in chain rename command
- Icmp match confused type 255 and code 255 with special type "any"
- NDEBUG compiler flag breaks iptables-nft
- Non-functional chain policy counters with iptables-nft
- Zeroing a rule's counters would zero chain policy counters with legacy
iptables
- Reject '-m conntrack --ctproto 0', it will never match
- Stale meta expression when stripping a match on interface "+" (i.e.,
any interface name)
- Harmless compiler warning with recent Linux headers
... and documentation updates:
- Add missing chunk types to SCTP match help text (use 'iptables -p sctp
--help' to see them)
- Document possible false negatives when using 'string' match's BM
algorithm
- Missing return codes 3 and 4 descriptions in iptables man page
- Misc minor fixes in man pages
You can download the new release from:
https://netfilter.org/projects/iptables/downloads.html#iptables-1.8.10
To build the code, libnftnl 1.2.6 is required:
* http://netfilter.org/projects/libnftnl/downloads.html#libnftnl-1.2.6
In case of bugs, file them via:
* https://bugzilla.netfilter.org
Happy firewalling!
Attached Files:
-
changes-iptables-1.8.10.txt (4.95 KB)