iptables v1.2.8 Changelog ====================================================================== This version requires kernel >= 2.4.4 This version recommends kernel >= 2.4.18 Bugs Fixed from 1.2.7a: - fix ip6tables-save function of 'length' match [ Gerry Skerbitz ] - fix ip6tables-save function of 'mac' match [ Kristian Gronfeldt Sorensen ] - fix iptables-save function of 'ULOG' target [ Jimmy Hedman ] - fix iptables-save function of 'conntrack' match [ Lutz Pressler ] - fix iptables-save function of 'length' match [ Gerry Skerbitz ] - fix iptables-save function of 'mac' match [ Kristian Gronfeldt Sorense ] - fix iptables-save function of 'mark' match [ Harald Welte ] - fix iptables-save function of 'owner' match [ Costa Tsaousis ] - fix iptables-save function of 'pool' match [ Oskar Berggren ] - fix iptables-save function of 'tcpmss' match [ Michael Schwendt ] - fix iptables-save function of 'tos' match [ Harald Welte ] - fix save/print function of 'connmark' match [ Harald Welte ] - fix error message when invalid TCP flag is specified with 'tcp' match [ Aaron Sethman ] Changes from 1.2.7a: - updated version of the ROUTE target [ Cedric de Launois ] - updated version of the 'recent' match [ Stephen Frost ] - update the RPC conntrack match, extend it to support filtering on procedures [ Ian (Larry) Latter ] - add support for hexstrings to the 'string' match [ Michael Rash ] - have iptables-restore print the line number in case of an error [ Illes Marci ] - big iptables.8 manpage update [ Herve Eychenne ] - print loglevel human-readable in ip6tables 'LOG' target [ Michael Schwendt ] - print loglevel human-readable in 'LOG' target [ Michael Schwendt ] - remove bogus code from 'ecn' match [ Stephane Ouellette ] - be more specific in help message of 'helper' match [ Herve Eychenne ] - fix semantic problem that '-p icmp -m icmp' was matching icmp type 0 instead of 'any' [ Harald Welte ] - fix iptables rename-chain option [ Maciej Soltysiak ] - remove libipulog from iptables since it is distributed with ulogd [ Harald Welte ] - support new ip6tables 'HL' target [ Maciej Soltysiak ] - support new ip6tables 'condition' match [ Stephane Ouellette ] - support new ip6tables 'fuzzy' match [ Maciej Soltysiak ] - support new ip6tables 'hoplimit' match [ Maciej Soltysiak ] - support new iptables 'CLASSIFY' target [ unknown ] - support new iptables TARPIT target [ Aaron Hopkins ] - support new iptables 'condition' match [ Stephane Ouellette ] - support new iptables 'fuzzy' match [ Hime Junior ] - support new iptables 'physdev' match (for 2.5.x bridging) [ Bart de Schumyer ] - support new iptables 'u32' match (based on u32 tc filter) [ Don Cohen ] Please note: As of version 1.2.7a, patch-o-matic is now no longer part of iptables but rather distributed as a seperate package (ftp://ftp.netfilter.org/pub/patch-o-matic/)