Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

iptables-backend-nft-1.8.7-1.1 RPM for s390x

From OpenSuSE Leap 15.3 for s390x

Name: iptables-backend-nft Distribution: SUSE Linux Enterprise 15
Version: 1.8.7 Vendor: SUSE LLC <https://www.suse.com/>
Release: 1.1 Build date: Fri Apr 9 10:36:41 2021
Group: Productivity/Networking/Security Build host: s390zp3a
Size: 0 Source RPM: iptables-1.8.7-1.1.src.rpm
Packager: https://www.suse.com/
Url: https://netfilter.org/projects/iptables/
Summary: Metapackage to make nft the default backend for iptables/arptables/ebtables
Installation of this package adds higher priority alternatives (cf.
update-alternatives) that makes the iptables, ip6tables, arptables
and ebtables commands point to a program variant that uses the
nftables kernel interface.

Provides

Requires

License

GPL-2.0-only AND Artistic-2.0

Changelog

* Fri Jan 15 2021 jengelh@inai.de
  - Update to release 1.8.7
    * iptables-nft:
    * Improved performance when matching on IP/MAC address prefixes
      if the prefix is byte-aligned. In ideal cases, this doubles
      packet processing performance.
    * Dump user-defined chains in lexical order. This way ruleset
      dumps become stable and easily comparable.
    * Avoid pointless table/chain creation. For instance,
      `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 jengelh@inai.de
  - Update to release 1.8.6
    * iptables-nft had pointlessly added "bitwise" expressions to
      each IP address match, needlessly slowing down run-time
      performance (by 50% in worst cases).
    * iptables-nft-restore: Support basechain policy value of "-"
      (indicating to not change the chain's policy).
    * nft-translte: Fix translation of ICMP type "any" match.
* Wed Jun 03 2020 jengelh@inai.de
  - Update to release 1.8.5
    * IDLETIMER: Add alarm timer option
    * nft: CT: add translation for NOTRACK
  - Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 jengelh@inai.de
  - Update to release 1.8.4
    * Fix for wrong counter format in `ebtables-nft-save -c` output.
    * Print typical iptables-save comments in arptables- and
      ebtables-save, too.
    * xt_owner: add --suppl-groups option
    * Remove support for /etc/xtables.conf
    * Restore support for "-4" and "-6" options in rule lines.
* Mon Sep 30 2019 kstreitova@suse.com
  - Add Conflicts with iptables-nft = 1.6.2 as during the update to
    iptables 1.8 ip6tables-restore-translate, ip6tables-translate,
    iptables-restore-translate and iptables-translate were moved from
    iptables-nft subpackage (now iptables-backend-nft) to the main
    package. So we need to add a conflict here otherwise we hit file
    conflicts error during the update.
* Fri Sep 06 2019 kstreitova@suse.com
  - add missing Provides/Obsoletes for the renamed package
    iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 jengelh@inai.de
  - Update to new upstream release 1.8.3
    * ebtables: Fix rule listing with counters
    * ebtables-nft: Support user-defined chain policies
  - Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch
    0001-include-fix-build-with-kernel-headers-before-4.2.patch
    (upstreamed)
* Wed May 22 2019 jengelh@inai.de
  - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch,
    0001-include-extend-the-headers-conflict-workaround-to-in.patch
    to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 kstreitova@suse.com
  - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
    where 'iptables -L' reads garbage from the struct as the kernel
    never filled it in the bugged case. This can lead to issues like
    mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 jengelh@inai.de
  - Update to new upstream release 1.8.2
    * Fix incorrect handling of various targets and options in
      iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 jengelh@inai.de
  - Update to new upstream release 1.8.1
    * New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astieger@suse.com
  - note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 mchandras@suse.de
  - Add missing update-alternatives dependency to Requires(post)
    section. If this is missing the package fails to install properly
    when it is used as build dependency.
* Mon Jul 09 2018 jengelh@inai.de
  - Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
    * The ipv6 "srh" match can now match previous/next/last sid
    * CONNMARK target now supports bit-shifting for restore,set
      and save-mark.
    * DNAT now supports shifted portmap ranges.
    * iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstner@suse.com
  - Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstner@suse.com
  - Resolve conflict with ebtables and obtain ethertypes from new netcfg minor
    version. FATE#320520
* Sat Feb 03 2018 jengelh@inai.de
  - Update to new upstream release 1.6.2
    * add support for the "srh" match
    * add randomize-full for the "MASQUERADE" target
    * add rate match mode to the "hashlimit" match
* Thu Jun 22 2017 matthias.gerstner@suse.com
  - Add iptables-batch-lock.patch: Fix a locking issue of
    iptables-batch which can cause it to spuriously fail when other
    programs modify the iptables rules in parallel (bnc#1045130).
    This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017 jengelh@inai.de
  - Update to new upstream release 1.6.1
    * add support for hashlimit rev 2 for higher pps rates
    * add support for cgroup2 path matching
    * translation program for nft
* Fri Dec 18 2015 jengelh@inai.de
  - Update to final release 1.6.0
    * Only a build fix, no new significant changes.
* Mon Nov 23 2015 jengelh@inai.de
  - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
    * -m ah/esp/rt: restore matching "any SPI id" by default
    (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
    * -m cgroup: new module
    * -m dst: make ! --dst-len work
    * -m ipcomp: new module
    * -m socket: add --restore-skmark option
    * -j CT: add support for new zone options
    * -j REJECT: add missing ICMPv6 codes
    * -j TEE: make it possible to delete rules with -D ... -j
    * -j SNAT/DNAT: add randomize-full support

Files

/etc/alternatives/arptables
/etc/alternatives/arptables-restore
/etc/alternatives/arptables-save
/etc/alternatives/ebtables
/etc/alternatives/ebtables-restore
/etc/alternatives/ebtables-save
/etc/alternatives/ip6tables
/etc/alternatives/ip6tables-restore
/etc/alternatives/ip6tables-save
/etc/alternatives/iptables
/etc/alternatives/iptables-restore
/etc/alternatives/iptables-save
/usr/sbin/arptables
/usr/sbin/arptables-restore
/usr/sbin/arptables-save
/usr/sbin/ebtables
/usr/sbin/ebtables-restore
/usr/sbin/ebtables-save
/usr/sbin/ip6tables
/usr/sbin/ip6tables-restore
/usr/sbin/ip6tables-save
/usr/sbin/iptables
/usr/sbin/iptables-restore
/usr/sbin/iptables-save


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 15:01:09 2024