[ANNOUNCE] iptables 1.8.3 release

Pablo Neira Ayuso pablo at netfilter.org
Mon May 27 17:27:45 CEST 2019


Hi!

The Netfilter project proudly presents:

        iptables 1.8.3

iptables is the userspace command line program used to configure the
Linux 2.4.x and later packet filtering ruleset. It is targeted towards
system administrators.

See ChangeLog that comes attached to this email for more details.

You can download it from:

http://www.netfilter.org/projects/iptables/downloads.html
ftp://ftp.netfilter.org/pub/iptables/

Happy firewalling.
-------------- next part --------------
Adam Gołębiowski (1):
      extensions: format-security fixes in libip[6]t_icmp

Baruch Siach (5):
      ebtables: vlan: fix userspace/kernel headers collision
      xtables-monitor: fix build with older glibc
      include: fix build with kernel headers before 4.2
      xtables-monitor: fix build with musl libc
      include: extend the headers conflict workaround to in6.h

Florian Westphal (12):
      arptables-nft: use generic expression parsing function
      xtables: rename opcodes to arp_opcodes
      xtables: make all nft_parse_ helpers static
      arptables-nft: fix decoding of hlen on bigendian platforms
      tests: return-codes script is bash specific
      xtables: unify user chain add/flush for restore case
      xtables: add skip flag to objects
      xtables: add and use nft_build_cache
      xtables: add and set "implict" flag on transaction objects
      xtables: handle concurrent ruleset modifications
      tests: add test script for race-free restore
      extensions: SYNPROXY: should not be needed anymore on current kernels

Lucas Stach (1):
      xtables-legacy: add missing config.h include

Pablo Neira Ayuso (19):
      nft: add type field to builtin_table
      nft: move chain_cache back to struct nft_handle
      nft: move initialize to struct nft_handle
      xtables: constify struct builtin_table and struct builtin_chain
      extensions: libip6t_mh: fix bogus translation error
      xshared: check for maximum buffer length in add_param_to_argv()
      man: refer to iptables-translate and ip6tables
      nft: add struct nft_cache
      nft: statify nft_rebuild_cache()
      nft: add __nft_table_builtin_find()
      nft: add flush_cache()
      nft: cache table list
      nft: ensure cache consistency
      nft: keep original cache in case of ERESTART
      nft: don't skip table addition from ERESTART
      nft: don't care about previous state in ERESTART
      nft: do not retry on EINTR
      nft: reset netlink sender buffer size of socket restart
      configure: bump versions for 1.8.3 release

Phil Sutter (84):
      libiptc: Extend struct xtc_ops
      ip6tables-restore: Merge into iptables-restore.c
      ip6tables-save: Merge into iptables-save.c
      xtables: Introduce per table chain caches
      arptables: Support --set-counters option
      ebtables: Use xtables_exit_err()
      xtables: Don't use native nftables comments
      extensions: libipt_realm: Document allowed realm values
      extensions: TRACE: Point at xtables-monitor in documentation
      nft: Simplify nftnl_rule_list_chain_save()
      nft: Review unclear return points
      xtables-restore: Review chain handling
      nft: Review is_*_compatible() routines
      nft: Reduce __nft_rule_del() signature
      nft: Reduce indenting level in flush_chain_cache()
      nft: Simplify per table chain cache update
      nft: Simplify nft_rule_insert() a bit
      nft: Introduce fetch_chain_cache()
      nft: Move nft_rule_list_get() above nft_chain_list_get()
      xtables: Implement per chain rule cache
      nft: Drop nft_chain_list_find()
      xtables: Optimize flushing a specific chain
      xtables: Optimize nft_chain_zero_counters()
      tests: Extend verbose output and return code tests
      xtables: Optimize user-defined chain deletion
      xtables: Optimize list command with given chain
      xtables: Optimize list rules command with given chain
      nft: Make use of nftnl_rule_lookup_byindex()
      nft: Simplify nft_is_chain_compatible()
      nft: Simplify flush_chain_cache()
      xtables: Set errno in nft_rule_check() if chain not found
      nft: Add new builtin chains to cache immediately
      xtables: Fix position of replaced rules in cache
      utils: Add a manpage for nfbpf_compile
      xtables: Fix for inserting rule at wrong position
      xtables: Speed up chain deletion in large rulesets
      arptables-nft: Fix listing rules without target
      arptables-nft: Fix MARK target parsing and printing
      arptables-nft: Fix CLASSIFY target printing
      arptables-nft: Remove space between *cnt= and value
      arptables-nft-save: Fix position of -j option
      arptables-nft: Don't print default h-len/h-type values
      tests: shell: Add arptables-nft verbose output test
      xtables: Catch errors when zeroing rule rounters
      ebtables: Fix rule listing with counters
      nft: Fix potential memleaks in nft_*_rule_find()
      arptables-nft: Set h-type/h-length masks by default, too
      extensions: Fix arptables extension tests
      xtables: Fix for crash when comparing rules with standard target
      xtables: Fix for false-positive rule matching
      Revert "ebtables: use extrapositioned negation consistently"
      xshared: Explicitly pass target to command_jump()
      xtables-save: Fix table not found error message
      nft: Don't assume NFTNL_RULE_USERDATA holds a comment
      nft: Introduce UDATA_TYPE_EBTABLES_POLICY
      ebtables-nft: Support user-defined chain policies
      nft: Eliminate dead code in __nft_rule_list
      xtables: Fix error message when zeroing a non-existent chain
      xtables: Move new chain check to where it belongs
      xtables: Fix error messages in commands with rule number
      xtables: Fix error message for chain renaming
      tests: Extend return codes check by error messages
      arptables: Print space before comma and counters
      xlate-test: Support testing host binaries
      tests/shell: Support testing host binaries
      doc: Install ip{6,}tables-translate.8 manpages
      extensions: AUDIT: Document ineffective --type option
      extensions: Fix ipvs vproto parsing
      extensions: Fix ipvs vproto option printing
      extensions: Add testcase for libxt_ipvs
      extensions: connlabel: Fallback on missing connlabel.conf
      doc: Add arptables-nft man pages
      doc: Adjust arptables man pages
      doc: Add ebtables man page
      doc: Adjust ebtables man page
      xtables-legacy.8: Remove stray colon
      xtables-save: Point at existing man page in help text
      extensions: Install symlinks as such
      man: iptables-save: Add note about module autoloading
      xtables: Don't leak iter in error path of __nft_chain_zero_counters()
      tests: Fix ipt-restore/0004-restore-race_0 testcase
      xtables: Fix for explicit rule flushes
      Drop release.sh
      Revert "build: don't include tests in released tarball"

Sam Banks (1):
      extensions: libxt_osf.: Typo in manpage



More information about the netfilter-announce mailing list