[ANNOUNCE] iptables 1.6.2 release

Pablo Neira Ayuso pablo at netfilter.org
Fri Feb 2 16:55:19 CET 2018


The Netfilter project proudly presents:

	iptables 1.6.2

iptables is the userspace command line program used to configure the
Linux 2.4.x and later packet filtering ruleset. It is targeted towards
system administrators.

This update contains accumulated bugfixes, a few new extensions and
lots of translations via iptables-translate to ease migration to

See ChangeLog that comes attached to this email for more details.

You can download it from:


Have fun!
-------------- next part --------------
Aastha Gupta (2):
      iptables-translate: add test file for TCPMSS extension
      iptables: iptables-compat translation for TCPMSS

Ahmed Abdelsalam (1):
      extensions: add support for 'srh' match

Arushi Singhal (1):
      iptables: extensions: Remove typedef in struct.

Baruch Siach (1):
      utils: nfsynproxy: fix build with musl libc

Dan Williams (3):
      libiptc: don't set_changed() when checking rules with module jumps
      iptables-restore/ip6tables-restore: add --version/-V argument
      iptables-restore.8: document -w/-W options

Elise Lennion (1):
      extensions: libxt_hashlimit: Add translation to nft

Florian Westphal (2):
      tests: xlate-test: no need to require superuser privileges
      policy: add nft translation for simple policy none/strict use case

Gargi Sharma (2):
      iptables: Constify option struct
      extensions: libxt_TOS: Add translation to nft

Harsha Sharma (6):
      iptables: Constify option struct
      Update .gitignore
      libxt_TOS: add tests for translation infrastructure
      tests: xlate: print output in same way as nft-test.py
      extensions: add tests for ipcomp protocol
      extensions: libxt_hashlimit: Do not print default timeout and burst

James Cowgill (1):
      extensions: libxt_hashlimit: fix 64-bit printf formats

Jan Engelhardt (2):
      libxtables: remove unnecessary nesting from host_to_ip(6)addr
      libxtables: abolish AI_CANONNAME

Juergen Borleis (1):
      iptables: change large file support handling

Liping Zhang (2):
      xshared: do not lock again and again if "-w" option is not specified
      xshared: using the blocking file lock request when we wait indefinitely

Lorenzo Colitti (5):
      iptables: set the path of the lock file via a configure option.
      iptables: move XT_LOCK_NAME from CFLAGS to config.h.
      iptables: remove duplicated argument parsing code
      iptables-restore: support acquiring the lock.
      iptables: insist that the lock is held.

Louis Sautier (1):
      xtables-compat-restore: fix translation of mangle's OUTPUT

Mart Frauenlob (1):
      iptables: extensions: Fix MARK target help

Max Laverse (1):
      iptables: masquerade: add randomize-full support

Oliver Ford (4):
      libxtables: Display weird character warning for wildcards
      iptables: Fix crash on malformed iptables-restore
      iptables: Add file output option to iptables-save
      iptables-xml: Fix segfault on jump without a target

Pablo M. Bermudo Garay (8):
      tests: add regression tests for xtables-translate
      tests: xlate: remove python 3.5 dependency
      tests: xlate: check if it is being run as root
      tests: xlate: generalize owner
      libip6t_icmp6: xlate: remove leftover space
      xtables-translate: fix double space before comment
      xtables-compat-restore: fix several memory leaks
      xtables-compat: fix memory leak when listing

Pablo Neira Ayuso (7):
      libxt_hashlimit: add new unit test to catch kernel bug
      iptables-translate: print nft command for each expand rules via dns names
      iptables-translate: print nft iff there are more expanded rules to print
      iptables-compat: do not allow to delete populated user define chains
      extensions: hashlimit: fix incorrect burst in translations
      extensions: hashlimit: remove space before burst in translation to nft
      iptables 1.6.2 release

Phil Sutter (8):
      extensions: libxt_addrtype: Add translation to nft
      xtables-translate: Avoid querying the kernel
      utils: nfnl_osf: Fix synopsis in help text
      utils: Add a man page for nfnl_osf
      ip{,6}tables-restore: Don't ignore missing wait-interval value
      ip{,6}tables-restore: Don't accept wait-interval without wait
      extensions: libxt_tcpmss: Detect invalid ranges
      libxt_recent: Remove ineffective checks for info->name

Rafael Buchbinder (1):
      extensions: libxt_bpf: fix missing __NR_bpf declaration

Shyam Saini (2):
      extensions: libxt_cluster: Add translation to nft
      extensions: Add test for cluster nft translation

Thierry Du Tre (2):
      extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
      extensions: ip6t_{S,D}NAT: add more tests

Varsha Rao (6):
      iptables: Remove explicit static variables initalization.
      iptables: Remove unnecessary braces.
      iptables: xtables-eb: Remove const qualifier from struct option
      extensions: libxt_tcpmss: Add test case for invalid ranges.
      iptables: Remove const qualifier from struct option.
      extensions: Add macro _DEFAULT_SOURCE.

Vincent Bernat (1):
      iptables-restore/save: exit when given an unknown option

Vishwanath Pai (1):
      netfilter: xt_hashlimit: add rate match mode

Xose Vazquez Perez (1):
      iptables: update pf.os

Yogesh Prasad (1):
      iptables: patch to correct linker flag sequence

huaibin Wang (1):
      libxt_sctp: fix array out of range in print_chunk

shyam saini (1):
      extensions: hashlimit: Rename 'flow table' keyword to meter

More information about the netfilter-announce mailing list