[ANNOUNCE] Release of iptables-1.2.6a

Harald Welte coreteam@netfilter.org
Sun, 17 Mar 2002 15:10:00 +0100 

--8w3uRX/HFJGApMzv
Content-Type: multipart/mixed; boundary="ctP54qlpMx3WjD+/"
Content-Disposition: inline


--ctP54qlpMx3WjD+/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi!

The netfilter coreteam proudly presents:

	iptables version 1.2.6a

Unfortunately iptables 1.2.6, released three days ago, contained two unfixed
bugs due to a missing CVS commit.  Sorry for this inconvenience, we will=20
include a one-week freeze before every future iptables release to prevent
this from happening again.

The two bugs fixed from 1.2.6 are:

1) if you use the patch-o-matic/base/conntrack.patch, libipt_conntrack.c do=
es
   not compile due to a typo.
2) if you use the patch-o-matic/submitted/ip_conntrack_protocol_unregister
   patch, ip_conntrack_standalone.c does not compile.

Version 1.2.6a fixes both of bugs, it can be obtained from:

	http://www.netfilter.org/files/iptables-1.2.6a.tar.bz2
	http://netfilter.samba.org/files/iptables-1.2.6a.tar.bz2
	ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.6a.tar.bz2
=09
More information can be found at the netfilter/iptables project homepage,
available at:

	http://www.netfilter.org/
	http://www.iptables.org/

Happy firewalling,

--=20
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-=
=20
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)

--ctP54qlpMx3WjD+/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="changes-iptables-1.2.6.txt"
Content-Transfer-Encoding: quoted-printable

iptables v1.2.6 Changelog
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This version requires kernel >=3D 2.4.4
This version recommends kernel >=3D 2.4.18

Bugs Fixed from 1.2.5:

- Fix iptables segfault problem when using `!' without argument
	[ Dionis Papavramidis, Harald Welte ]
- Fix PSD match for psd-delay-threshold > 100
	[ Steven Coenen, Dennis Koslowski ]
- ip6tables alignment fixes=20
	[ Andreas Herrmann ]
- patch-o-matic:
	- Fix NAT-related bug in TCP window tracking code
		[ Jozsef Kadlecsik ]
	- Fix support for DNAT of locally-originated connections (NAT in
	  LOCAL_OUT)=20
	  	[ Henrik Nordstrom, Harald Welte ]
	- Fix string match (is now SMP safe)
		[ Gianni Tedesco ]
	- Fix TFTP conntrack/nat helper (now also catches first packet)
		[ Magnus Boden ]

Changes from 1.2.5:

- Added global PREFIX makefile variable for all paths
	[ Harald Welte ]
- If compiled without any COPT_FLAGS, debugging is disabled.  To enable
  debugging, use -DIPTC_DEBUG
  	[ Harald Welte ]
- New ip6tables-restore and ip6tables-save manpage
	[ Andras Kis-Szabo ]=20
- Sync ip6tables-restore and ip6tables-save with iptables-restore
	[ Andras Kis-Szabo ]
- Sync ip6tables with iptables
	[ Andras Kis-Szabo ]
- mangle table attaches now to all five netfilter hooks
	[ Brad Chapman, Harald Welte ]
- iptables and ip6tables manpage updates
	[ Herve Eychenne ]
- patch-o-matic program now supports removal of already-applied patches
	[ Bob Hockney ]
- patch-o-matic program now supports patches to the userspace extensions
	[ Fabrice Marie ]
- patch-o-matic:
	- Extend recent match to support multiple recent lists
		[ Stephen Frost ]
	- New GRE and PPTP connection tracking and NAT helper
		[ Harald Welte ]
	- New CONNMARK target for marking all packets within one connection
		[ Henrik Nordstrom ]
	- New conntrack match, enables matching on more conntrack informatin
	  than state
	  	[ Marc Boucher ]
	- New DSCP match and target (DSCP header field obsoletes TOS)
		[ Harald Welte ]
	- New owner match extension: Match on process name
		[ Marc Boucher ]
	- Add support for bitwise AND / OR manipulation on nfmark
		[ Fabrice Marie ]
	- New experimental patch for disabling TCP connection tracking pickup
		[ Harald Welte ]
	- Add support for SACK in all NAT helpers
		[ Harald Welte ]
	- Make eggdrop botnet connection tracking support work with eggdrop
	  v1.6.x=20
	  	[ Magnus Sandin ]
	- Add support to REJECT for sending icmp-unreachable messages
	  from a fake source address
  		[ Fabrice Marie ]
	- Add support for ntalk2 to talk NAT helper
		[ Jozsef Kadlecsik ]
	- Big update to newnat patch
		[ Jozsef Kadlecsik, Paul P Komkoff ]


--ctP54qlpMx3WjD+/--

--8w3uRX/HFJGApMzv
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8lKO3NfqJzMqajVsRAmVmAKCb7/lQiyWeBt3deSakABJP7nT5SACfRq9p
n1sPgGki7EzPaBJ3KD/luY4=
=Bz4L
-----END PGP SIGNATURE-----

--8w3uRX/HFJGApMzv--