From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] iptables: update to 1.6.0
Date: Sat, 24 Sep 2016 12:44:23 +0100
Message-ID: <1474717463.2757.289.camel@ipfire.org>
In-Reply-To: <20160902084845.11874-1-marcel.lorenz@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5961738092627850574=="
List-Id: <development.lists.ipfire.org>

--===============5961738092627850574==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

could somebody please build this and give it a good test?

I would especially be interested if the layer 7 extensions (i.e. QoS) are
working fine and matching is still okay.

This is a huge change and I do not feel confident enough yet to merge this in=
to
next.

Best,
-Michael

On Fri, 2016-09-02 at 10:48 +0200, Marcel Lorenz wrote:
> Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
> ---
> =C2=A0config/rootfiles/common/iptables | 14 +++++++++-----
> =C2=A0lfs/iptables=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 18 +++=
+++++++--------
> =C2=A02 files changed, 19 insertions(+), 13 deletions(-)
>=20
> diff --git a/config/rootfiles/common/iptables
> b/config/rootfiles/common/iptables
> index 09e827c..17d0c9c 100644
> --- a/config/rootfiles/common/iptables
> +++ b/config/rootfiles/common/iptables
> @@ -16,9 +16,13 @@ lib/libiptc.so.0
> =C2=A0lib/libiptc.so.0.0.0
> =C2=A0#lib/libxtables.la
> =C2=A0lib/libxtables.so
> -lib/libxtables.so.10
> -lib/libxtables.so.10.0.0
> +lib/libxtables.so.11
> +lib/libxtables.so.11.0.0
> =C2=A0lib/xtables
> +#lib/xtables/libebt_802_3.so
> +#lib/xtables/libebt_ip.so
> +#lib/xtables/libebt_log.so
> +#lib/xtables/libebt_mark_m.so
> =C2=A0#lib/xtables/libip6t_DNAT.so
> =C2=A0#lib/xtables/libip6t_DNPT.so
> =C2=A0#lib/xtables/libip6t_HL.so
> @@ -44,11 +48,9 @@ lib/xtables
> =C2=A0#lib/xtables/libipt_ECN.so
> =C2=A0#lib/xtables/libipt_LOG.so
> =C2=A0#lib/xtables/libipt_MASQUERADE.so
> -#lib/xtables/libipt_MIRROR.so
> =C2=A0#lib/xtables/libipt_NETMAP.so
> =C2=A0#lib/xtables/libipt_REDIRECT.so
> =C2=A0#lib/xtables/libipt_REJECT.so
> -#lib/xtables/libipt_SAME.so
> =C2=A0#lib/xtables/libipt_SNAT.so
> =C2=A0#lib/xtables/libipt_TTL.so
> =C2=A0#lib/xtables/libipt_ULOG.so
> @@ -56,7 +58,6 @@ lib/xtables
> =C2=A0#lib/xtables/libipt_icmp.so
> =C2=A0#lib/xtables/libipt_realm.so
> =C2=A0#lib/xtables/libipt_ttl.so
> -#lib/xtables/libipt_unclean.so
> =C2=A0#lib/xtables/libxt_AUDIT.so
> =C2=A0#lib/xtables/libxt_CHECKSUM.so
> =C2=A0#lib/xtables/libxt_CLASSIFY.so
> @@ -84,6 +85,7 @@ lib/xtables
> =C2=A0#lib/xtables/libxt_TRACE.so
> =C2=A0#lib/xtables/libxt_addrtype.so
> =C2=A0#lib/xtables/libxt_bpf.so
> +#lib/xtables/libxt_cgroup.so
> =C2=A0#lib/xtables/libxt_cluster.so
> =C2=A0#lib/xtables/libxt_comment.so
> =C2=A0#lib/xtables/libxt_connbytes.so
> @@ -99,12 +101,14 @@ lib/xtables
> =C2=A0#lib/xtables/libxt_esp.so
> =C2=A0#lib/xtables/libxt_hashlimit.so
> =C2=A0#lib/xtables/libxt_helper.so
> +#lib/xtables/libxt_ipcomp.so
> =C2=A0#lib/xtables/libxt_iprange.so
> =C2=A0#lib/xtables/libxt_ipvs.so
> =C2=A0#lib/xtables/libxt_layer7.so
> =C2=A0#lib/xtables/libxt_length.so
> =C2=A0#lib/xtables/libxt_limit.so
> =C2=A0#lib/xtables/libxt_mac.so
> +#lib/xtables/libxt_mangle.so
> =C2=A0#lib/xtables/libxt_mark.so
> =C2=A0#lib/xtables/libxt_multiport.so
> =C2=A0#lib/xtables/libxt_nfacct.so
> diff --git a/lfs/iptables b/lfs/iptables
> index b7ce928..5ac7b9c 100644
> --- a/lfs/iptables
> +++ b/lfs/iptables
> @@ -1,7 +1,7 @@
> =C2=A0#####################################################################=
########
> ##
> =C2=A0#=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0
> =C2=A0#
> =C2=A0# IPFire.org - A linux based
> firewall=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
> -# Copyright (C) 2007-2013=C2=A0=C2=A0IPFire Team=C2=A0=C2=A0<info(a)ipfire=
.org>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> =C2=A0#
> +# Copyright (C) 2007-2016=C2=A0=C2=A0IPFire Team=C2=A0=C2=A0<info(a)ipfire=
.org>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> =C2=A0#
> =C2=A0#=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0
> =C2=A0#
> =C2=A0# This program is free software: you can redistribute it and/or
> modify=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
> =C2=A0# it under the terms of the GNU General Public License as published
> by=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0#
> @@ -24,7 +24,7 @@
> =C2=A0
> =C2=A0include Config
> =C2=A0
> -VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D 1.4.21
> +VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D 1.6.0
> =C2=A0
> =C2=A0THISAPP=C2=A0=C2=A0=C2=A0=C2=A0=3D iptables-$(VER)
> =C2=A0DL_FILE=C2=A0=C2=A0=C2=A0=C2=A0=3D $(THISAPP).tar.bz2
> @@ -36,13 +36,13 @@ TARGET=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D $(DIR_INFO)/$(T=
HISAPP)
> =C2=A0# Top-level Rules
> =C2=A0#####################################################################=
########
> ##
> =C2=A0objects =3D $(DL_FILE) \
> -	netfilter-layer7-v2.22.tar.gz
> +	netfilter-layer7-v2.23.tar.gz
> =C2=A0
> =C2=A0$(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
> -netfilter-layer7-v2.22.tar.gz =3D $(URL_IPFIRE)/netfilter-layer7-v2.22.tar=
.gz
> +netfilter-layer7-v2.23.tar.gz =3D $(URL_IPFIRE)/netfilter-layer7-v2.23.tar=
.gz
> =C2=A0
> -$(DL_FILE)_MD5 =3D 536d048c8e8eeebcd9757d0863ebb0c0
> -netfilter-layer7-v2.22.tar.gz_MD5 =3D 98dff8a3d5a31885b73341633f69501f
> +$(DL_FILE)_MD5 =3D 27ba3451cb622467fc9267a176f19a31
> +netfilter-layer7-v2.23.tar.gz_MD5 =3D 10910b6173d18e426cb56ae7e1300eeb
> =C2=A0
> =C2=A0install : $(TARGET)
> =C2=A0
> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> =C2=A0	@cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
> =C2=A0
> =C2=A0	# Layer7
> -	cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
> -	cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-
> 1.4.3forward-for-kernel-2.6.20forward/* \
> +	cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
> +	cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-
> 1.4.3forward-for-kernel-2.6.20forward/* \
> =C2=A0	=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0./extensions/
> =C2=A0
> =C2=A0	# imq
> @@ -88,6 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> =C2=A0		--libdir=3D/lib \
> =C2=A0		--includedir=3D/usr/include \
> =C2=A0		--enable-libipq \
> +		--disable-nftables \
> +		--with-xtlibdir=3D/lib/xtables \
> =C2=A0		--libexecdir=3D/lib \
> =C2=A0		--bindir=3D/sbin \
> =C2=A0		--sbindir=3D/sbin \

--===============5961738092627850574==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC
Q2dBR0JRSlg1bWNYQUFvSkVJQjU4UDl2a0FrSDhiZ1AvMEx6YmhxM2ZROWxJQUtwTHlkTEF5VDMK
VnN1V2p6a3R5U21jdk03QS90WUJQTWJRc0UwQTQrZnRXb0k1MVY0c0tHOUlrRGpqZVBIcmlHamhn
VjFVcHBtMAovUWoydWNuTlhTVFBhbGhBQmtZTU95c2dveFZFTTZLUmZoRXd5a3lYd1l0enZoZHMw
MHNkSnZEZHpqMzlTYW85Cm5EcDQ1aXlrY1BEZm1WY1UvbFlEZmZEOGdmZlZXdmI0VjNyUjhvdmlz
bDg5bHZoVlAzVWRsZlJ3VGpFY1BHbXUKTzk0T3V3Y0hYcjd3cWI5R1VYNk5FblQ0SENqc3VCNUVG
UCt4UVY5eFl1MjVyNHV4QVRCWldLK1E2c1gvMnNIQQphdHdFWkVqL0V4bE1waFRXbUE0RlNxc1g3
cjhFSEdBWU5CbjR3ZVlSeEMzbCtYTkdwSW5jK2ZRTEtNMTBIVFhUCmljTnVyT2pIT0xUYWNRQVhi
UzZhTmdlYzBDaGZzajF5RkQyYTZhQ0ZUbWRDYnhpYWZEY3hXVDBlNDBlUUk1cGUKOXRHWWVpVmZV
aTRHcm02OEVWOFFnWjlQZmUvVlJwQklPRnBMQ3FKeG50dzNaZHpOQ2IvN0hWSVN4V2hVOTZMVApY
VVdkMVIzVnFMRHN2MjViTndqQ0w4L05kT084N2ZvTGl2YWdYb2gxa2NwRU93Wll4YkFDWjRxdzVI
TS83QUVoCjZJd1E5LzdFSjc5TG1jdXFKTXIxaEJhRHNsNVExTUd4SFNldFQydTlDM0FtZVRscGlC
aVhLSHVsS0EreEdpdTEKWlZqMStkZGdURGRwbHNqZnFTRzNHS3pBWjJNa3djd1dRcU1iN05mTVVX
enBqclhubWVmN2FpdlJraVBKMUNVaAo5WlA1VjZXTldoV3E2VFZmaHppUAo9K3VQQQotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============5961738092627850574==--