* [PATCH] iptables: Update to 1.8.2
@ 2019-03-03 8:09 Erik Kapfer
2019-03-03 16:04 ` Michael Tremer
2019-03-08 4:51 ` [PATCH] iptables: Commented legacy ip(6)tables entries from ROOTFILE Erik Kapfer
0 siblings, 2 replies; 7+ messages in thread
From: Erik Kapfer @ 2019-03-03 8:09 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4500 bytes --]
netfilter-layer7 has also been updated to v2.23 .
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
config/rootfiles/common/iptables | 19 ++++++++++++-------
lfs/iptables | 17 +++++++++--------
2 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index d7584c0ad..9aa9e51cb 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
#lib/libxtables.la
lib/libxtables.so
lib/libxtables.so.12
-lib/libxtables.so.12.0.0
+lib/libxtables.so.12.2.0
#lib/xtables
-lib/xtables/libebt_802_3.so
-lib/xtables/libebt_ip.so
-lib/xtables/libebt_log.so
-lib/xtables/libebt_mark_m.so
lib/xtables/libip6t_DNAT.so
lib/xtables/libip6t_DNPT.so
lib/xtables/libip6t_HL.so
@@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
lib/xtables/libxt_length.so
lib/xtables/libxt_limit.so
lib/xtables/libxt_mac.so
-lib/xtables/libxt_mangle.so
lib/xtables/libxt_mark.so
lib/xtables/libxt_multiport.so
lib/xtables/libxt_nfacct.so
@@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
lib/xtables/libxt_u32.so
lib/xtables/libxt_udp.so
sbin/ip6tables
+sbin/ip6tables-legacy
+sbin/ip6tables-legacy-restore
+sbin/ip6tables-legacy-save
sbin/ip6tables-restore
sbin/ip6tables-save
sbin/iptables
+sbin/iptables-legacy
+sbin/iptables-legacy-restore
+sbin/iptables-legacy-save
sbin/iptables-restore
sbin/iptables-save
sbin/iptables-xml
#sbin/nfnl_osf
-sbin/xtables-multi
+sbin/xtables-legacy-multi
#usr/include/libipq.h
#usr/include/libiptc
#usr/include/libiptc/ipt_kernel_headers.h
@@ -178,5 +179,9 @@ sbin/xtables-multi
#usr/share/man/man8/iptables-save.8
#usr/share/man/man8/iptables.8
#usr/share/man/man8/nfnl_osf.8
+#usr/share/man/man8/xtables-legacy.8
+#usr/share/man/man8/xtables-monitor.8
+#usr/share/man/man8/xtables-nft.8
+#usr/share/man/man8/xtables-translate.8
#usr/share/xtables
usr/share/xtables/pf.os
diff --git a/lfs/iptables b/lfs/iptables
index b4a2834b8..17817a9ef 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.6.2
+VER = 1.8.2
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
# Top-level Rules
###############################################################################
objects = $(DL_FILE) \
- netfilter-layer7-v2.22.tar.gz
+ netfilter-layer7-v2.23.tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
+netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz
-$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
-netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
+$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
+netfilter-layer7-v2.23.tar.gz_MD5 = 10910b6173d18e426cb56ae7e1300eeb
install : $(TARGET)
@@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
# Layer7
- cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
- cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
+ cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
+ cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
./extensions/
# imq
@@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--libdir=/lib \
--includedir=/usr/include \
--enable-libipq \
+ --with-xtlibdir=/lib/xtables \
--libexecdir=/lib \
--bindir=/sbin \
--sbindir=/sbin \
--
2.12.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iptables: Update to 1.8.2
2019-03-03 8:09 [PATCH] iptables: Update to 1.8.2 Erik Kapfer
@ 2019-03-03 16:04 ` Michael Tremer
2019-03-04 6:54 ` ummeegge
2019-03-08 4:51 ` [PATCH] iptables: Commented legacy ip(6)tables entries from ROOTFILE Erik Kapfer
1 sibling, 1 reply; 7+ messages in thread
From: Michael Tremer @ 2019-03-03 16:04 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 4962 bytes --]
Hi,
This release of iptables has some interesting changes:
We now have multiple binaries with -legacy in name.
Did you test this? Is there anything we need to think about?
-Michael
> On 3 Mar 2019, at 08:09, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>
> netfilter-layer7 has also been updated to v2.23 .
>
> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> ---
> config/rootfiles/common/iptables | 19 ++++++++++++-------
> lfs/iptables | 17 +++++++++--------
> 2 files changed, 21 insertions(+), 15 deletions(-)
>
> diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
> index d7584c0ad..9aa9e51cb 100644
> --- a/config/rootfiles/common/iptables
> +++ b/config/rootfiles/common/iptables
> @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
> #lib/libxtables.la
> lib/libxtables.so
> lib/libxtables.so.12
> -lib/libxtables.so.12.0.0
> +lib/libxtables.so.12.2.0
> #lib/xtables
> -lib/xtables/libebt_802_3.so
> -lib/xtables/libebt_ip.so
> -lib/xtables/libebt_log.so
> -lib/xtables/libebt_mark_m.so
> lib/xtables/libip6t_DNAT.so
> lib/xtables/libip6t_DNPT.so
> lib/xtables/libip6t_HL.so
> @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
> lib/xtables/libxt_length.so
> lib/xtables/libxt_limit.so
> lib/xtables/libxt_mac.so
> -lib/xtables/libxt_mangle.so
> lib/xtables/libxt_mark.so
> lib/xtables/libxt_multiport.so
> lib/xtables/libxt_nfacct.so
> @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
> lib/xtables/libxt_u32.so
> lib/xtables/libxt_udp.so
> sbin/ip6tables
> +sbin/ip6tables-legacy
> +sbin/ip6tables-legacy-restore
> +sbin/ip6tables-legacy-save
> sbin/ip6tables-restore
> sbin/ip6tables-save
> sbin/iptables
> +sbin/iptables-legacy
> +sbin/iptables-legacy-restore
> +sbin/iptables-legacy-save
> sbin/iptables-restore
> sbin/iptables-save
> sbin/iptables-xml
> #sbin/nfnl_osf
> -sbin/xtables-multi
> +sbin/xtables-legacy-multi
> #usr/include/libipq.h
> #usr/include/libiptc
> #usr/include/libiptc/ipt_kernel_headers.h
> @@ -178,5 +179,9 @@ sbin/xtables-multi
> #usr/share/man/man8/iptables-save.8
> #usr/share/man/man8/iptables.8
> #usr/share/man/man8/nfnl_osf.8
> +#usr/share/man/man8/xtables-legacy.8
> +#usr/share/man/man8/xtables-monitor.8
> +#usr/share/man/man8/xtables-nft.8
> +#usr/share/man/man8/xtables-translate.8
> #usr/share/xtables
> usr/share/xtables/pf.os
> diff --git a/lfs/iptables b/lfs/iptables
> index b4a2834b8..17817a9ef 100644
> --- a/lfs/iptables
> +++ b/lfs/iptables
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
> +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 1.6.2
> +VER = 1.8.2
>
> THISAPP = iptables-$(VER)
> DL_FILE = $(THISAPP).tar.bz2
> @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
> # Top-level Rules
> ###############################################################################
> objects = $(DL_FILE) \
> - netfilter-layer7-v2.22.tar.gz
> + netfilter-layer7-v2.23.tar.gz
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
> +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz
>
> -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
> -netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
> +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
> +netfilter-layer7-v2.23.tar.gz_MD5 = 10910b6173d18e426cb56ae7e1300eeb
>
> install : $(TARGET)
>
> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
>
> # Layer7
> - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
> - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
> + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> ./extensions/
>
> # imq
> @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> --libdir=/lib \
> --includedir=/usr/include \
> --enable-libipq \
> + --with-xtlibdir=/lib/xtables \
> --libexecdir=/lib \
> --bindir=/sbin \
> --sbindir=/sbin \
> --
> 2.12.2
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iptables: Update to 1.8.2
2019-03-03 16:04 ` Michael Tremer
@ 2019-03-04 6:54 ` ummeegge
2019-03-05 9:47 ` Michael Tremer
0 siblings, 1 reply; 7+ messages in thread
From: ummeegge @ 2019-03-04 6:54 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6442 bytes --]
Hi Michael,
On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote:
> Hi,
>
> This release of iptables has some interesting changes:
>
> We now have multiple binaries with -legacy in name.
Yes i was also a little in wonder about that although it looked a
little like a helper tool if nftables and iptables running at the same
time. Looking at linuxfromscratch -->
http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html
if '--disable-nftables' has been set, there are no *-legacy* binaries
listed under "Installed Programs:".
There is also the xtables-legacy-multi binary and looking into the
nftables-wiki -->
https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
(please check the 'link to a summary') it appears that all setsockopt
based tools are all now considered as 'legacy'.
>
> Did you test this? Is there anything we need to think about?
Am running iptables-1.8.2 currently with a backup of my production
machine with ~ 50 rules and a vast IPset configuration (firewall.local)
and i haven´t recognized problems.
Some other tests i made:
Made also a diff between 'iptables-legacy-save' and 'iptables-save'
whereby the output seems to be pretty much the same.
Moved then also all iptables-legacy* binaries away, restarted the
machine and all seems to work as it should.
Since it is a little a sensible update, it is great to go for some more
overviews/testings/thinking_abouts.
Best,
Erik
>
> -Michael
>
> > On 3 Mar 2019, at 08:09, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
> >
> > netfilter-layer7 has also been updated to v2.23 .
> >
> > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > ---
> > config/rootfiles/common/iptables | 19 ++++++++++++-------
> > lfs/iptables | 17 +++++++++--------
> > 2 files changed, 21 insertions(+), 15 deletions(-)
> >
> > diff --git a/config/rootfiles/common/iptables
> > b/config/rootfiles/common/iptables
> > index d7584c0ad..9aa9e51cb 100644
> > --- a/config/rootfiles/common/iptables
> > +++ b/config/rootfiles/common/iptables
> > @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
> > #lib/libxtables.la
> > lib/libxtables.so
> > lib/libxtables.so.12
> > -lib/libxtables.so.12.0.0
> > +lib/libxtables.so.12.2.0
> > #lib/xtables
> > -lib/xtables/libebt_802_3.so
> > -lib/xtables/libebt_ip.so
> > -lib/xtables/libebt_log.so
> > -lib/xtables/libebt_mark_m.so
> > lib/xtables/libip6t_DNAT.so
> > lib/xtables/libip6t_DNPT.so
> > lib/xtables/libip6t_HL.so
> > @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
> > lib/xtables/libxt_length.so
> > lib/xtables/libxt_limit.so
> > lib/xtables/libxt_mac.so
> > -lib/xtables/libxt_mangle.so
> > lib/xtables/libxt_mark.so
> > lib/xtables/libxt_multiport.so
> > lib/xtables/libxt_nfacct.so
> > @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
> > lib/xtables/libxt_u32.so
> > lib/xtables/libxt_udp.so
> > sbin/ip6tables
> > +sbin/ip6tables-legacy
> > +sbin/ip6tables-legacy-restore
> > +sbin/ip6tables-legacy-save
> > sbin/ip6tables-restore
> > sbin/ip6tables-save
> > sbin/iptables
> > +sbin/iptables-legacy
> > +sbin/iptables-legacy-restore
> > +sbin/iptables-legacy-save
> > sbin/iptables-restore
> > sbin/iptables-save
> > sbin/iptables-xml
> > #sbin/nfnl_osf
> > -sbin/xtables-multi
> > +sbin/xtables-legacy-multi
> > #usr/include/libipq.h
> > #usr/include/libiptc
> > #usr/include/libiptc/ipt_kernel_headers.h
> > @@ -178,5 +179,9 @@ sbin/xtables-multi
> > #usr/share/man/man8/iptables-save.8
> > #usr/share/man/man8/iptables.8
> > #usr/share/man/man8/nfnl_osf.8
> > +#usr/share/man/man8/xtables-legacy.8
> > +#usr/share/man/man8/xtables-monitor.8
> > +#usr/share/man/man8/xtables-nft.8
> > +#usr/share/man/man8/xtables-translate.8
> > #usr/share/xtables
> > usr/share/xtables/pf.os
> > diff --git a/lfs/iptables b/lfs/iptables
> > index b4a2834b8..17817a9ef 100644
> > --- a/lfs/iptables
> > +++ b/lfs/iptables
> > @@ -1,7 +1,7 @@
> > ###################################################################
> > ############
> > #
> > #
> > # IPFire.org - A linux based
> > firewall #
> > -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org>
> > #
> > +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
> > #
> > #
> > #
> > # This program is free software: you can redistribute it and/or
> > modify #
> > # it under the terms of the GNU General Public License as published
> > by #
> > @@ -24,7 +24,7 @@
> >
> > include Config
> >
> > -VER = 1.6.2
> > +VER = 1.8.2
> >
> > THISAPP = iptables-$(VER)
> > DL_FILE = $(THISAPP).tar.bz2
> > @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
> > # Top-level Rules
> > ###################################################################
> > ############
> > objects = $(DL_FILE) \
> > - netfilter-layer7-v2.22.tar.gz
> > + netfilter-layer7-v2.23.tar.gz
> >
> > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-
> > v2.22.tar.gz
> > +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-
> > v2.23.tar.gz
> >
> > -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
> > -netfilter-layer7-v2.22.tar.gz_MD5 =
> > 98dff8a3d5a31885b73341633f69501f
> > +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
> > +netfilter-layer7-v2.23.tar.gz_MD5 =
> > 10910b6173d18e426cb56ae7e1300eeb
> >
> > install : $(TARGET)
> >
> > @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
> >
> > # Layer7
> > - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
> > v2.22.tar.gz
> > - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
> > v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> > + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
> > v2.23.tar.gz
> > + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
> > v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> > ./extensions/
> >
> > # imq
> > @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > --libdir=/lib \
> > --includedir=/usr/include \
> > --enable-libipq \
> > + --with-xtlibdir=/lib/xtables \
> > --libexecdir=/lib \
> > --bindir=/sbin \
> > --sbindir=/sbin \
> > --
> > 2.12.2
> >
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iptables: Update to 1.8.2
2019-03-04 6:54 ` ummeegge
@ 2019-03-05 9:47 ` Michael Tremer
2019-03-05 12:37 ` ummeegge
0 siblings, 1 reply; 7+ messages in thread
From: Michael Tremer @ 2019-03-05 9:47 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 6721 bytes --]
Hi,
I will just merge this and then we will see during testing of the Core Update.
What could possibly go wrong?
Best,
-Michael
> On 4 Mar 2019, at 06:54, ummeegge <ummeegge(a)ipfire.org> wrote:
>
> Hi Michael,
>
> On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote:
>> Hi,
>>
>> This release of iptables has some interesting changes:
>>
>> We now have multiple binaries with -legacy in name.
> Yes i was also a little in wonder about that although it looked a
> little like a helper tool if nftables and iptables running at the same
> time. Looking at linuxfromscratch -->
> http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html
> if '--disable-nftables' has been set, there are no *-legacy* binaries
> listed under "Installed Programs:".
> There is also the xtables-legacy-multi binary and looking into the
> nftables-wiki -->
> https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
> (please check the 'link to a summary') it appears that all setsockopt
> based tools are all now considered as 'legacy'.
>
>>
>> Did you test this? Is there anything we need to think about?
> Am running iptables-1.8.2 currently with a backup of my production
> machine with ~ 50 rules and a vast IPset configuration (firewall.local)
> and i haven´t recognized problems.
>
> Some other tests i made:
> Made also a diff between 'iptables-legacy-save' and 'iptables-save'
> whereby the output seems to be pretty much the same.
> Moved then also all iptables-legacy* binaries away, restarted the
> machine and all seems to work as it should.
>
> Since it is a little a sensible update, it is great to go for some more
> overviews/testings/thinking_abouts.
>
> Best,
>
>
> Erik
>
>>
>> -Michael
>>
>>> On 3 Mar 2019, at 08:09, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>>>
>>> netfilter-layer7 has also been updated to v2.23 .
>>>
>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>>> ---
>>> config/rootfiles/common/iptables | 19 ++++++++++++-------
>>> lfs/iptables | 17 +++++++++--------
>>> 2 files changed, 21 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/config/rootfiles/common/iptables
>>> b/config/rootfiles/common/iptables
>>> index d7584c0ad..9aa9e51cb 100644
>>> --- a/config/rootfiles/common/iptables
>>> +++ b/config/rootfiles/common/iptables
>>> @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
>>> #lib/libxtables.la
>>> lib/libxtables.so
>>> lib/libxtables.so.12
>>> -lib/libxtables.so.12.0.0
>>> +lib/libxtables.so.12.2.0
>>> #lib/xtables
>>> -lib/xtables/libebt_802_3.so
>>> -lib/xtables/libebt_ip.so
>>> -lib/xtables/libebt_log.so
>>> -lib/xtables/libebt_mark_m.so
>>> lib/xtables/libip6t_DNAT.so
>>> lib/xtables/libip6t_DNPT.so
>>> lib/xtables/libip6t_HL.so
>>> @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
>>> lib/xtables/libxt_length.so
>>> lib/xtables/libxt_limit.so
>>> lib/xtables/libxt_mac.so
>>> -lib/xtables/libxt_mangle.so
>>> lib/xtables/libxt_mark.so
>>> lib/xtables/libxt_multiport.so
>>> lib/xtables/libxt_nfacct.so
>>> @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
>>> lib/xtables/libxt_u32.so
>>> lib/xtables/libxt_udp.so
>>> sbin/ip6tables
>>> +sbin/ip6tables-legacy
>>> +sbin/ip6tables-legacy-restore
>>> +sbin/ip6tables-legacy-save
>>> sbin/ip6tables-restore
>>> sbin/ip6tables-save
>>> sbin/iptables
>>> +sbin/iptables-legacy
>>> +sbin/iptables-legacy-restore
>>> +sbin/iptables-legacy-save
>>> sbin/iptables-restore
>>> sbin/iptables-save
>>> sbin/iptables-xml
>>> #sbin/nfnl_osf
>>> -sbin/xtables-multi
>>> +sbin/xtables-legacy-multi
>>> #usr/include/libipq.h
>>> #usr/include/libiptc
>>> #usr/include/libiptc/ipt_kernel_headers.h
>>> @@ -178,5 +179,9 @@ sbin/xtables-multi
>>> #usr/share/man/man8/iptables-save.8
>>> #usr/share/man/man8/iptables.8
>>> #usr/share/man/man8/nfnl_osf.8
>>> +#usr/share/man/man8/xtables-legacy.8
>>> +#usr/share/man/man8/xtables-monitor.8
>>> +#usr/share/man/man8/xtables-nft.8
>>> +#usr/share/man/man8/xtables-translate.8
>>> #usr/share/xtables
>>> usr/share/xtables/pf.os
>>> diff --git a/lfs/iptables b/lfs/iptables
>>> index b4a2834b8..17817a9ef 100644
>>> --- a/lfs/iptables
>>> +++ b/lfs/iptables
>>> @@ -1,7 +1,7 @@
>>> ###################################################################
>>> ############
>>> #
>>> #
>>> # IPFire.org - A linux based
>>> firewall #
>>> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org>
>>> #
>>> +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
>>> #
>>> #
>>> #
>>> # This program is free software: you can redistribute it and/or
>>> modify #
>>> # it under the terms of the GNU General Public License as published
>>> by #
>>> @@ -24,7 +24,7 @@
>>>
>>> include Config
>>>
>>> -VER = 1.6.2
>>> +VER = 1.8.2
>>>
>>> THISAPP = iptables-$(VER)
>>> DL_FILE = $(THISAPP).tar.bz2
>>> @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
>>> # Top-level Rules
>>> ###################################################################
>>> ############
>>> objects = $(DL_FILE) \
>>> - netfilter-layer7-v2.22.tar.gz
>>> + netfilter-layer7-v2.23.tar.gz
>>>
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>> -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-
>>> v2.22.tar.gz
>>> +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-
>>> v2.23.tar.gz
>>>
>>> -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
>>> -netfilter-layer7-v2.22.tar.gz_MD5 =
>>> 98dff8a3d5a31885b73341633f69501f
>>> +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
>>> +netfilter-layer7-v2.23.tar.gz_MD5 =
>>> 10910b6173d18e426cb56ae7e1300eeb
>>>
>>> install : $(TARGET)
>>>
>>> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>> @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
>>>
>>> # Layer7
>>> - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
>>> v2.22.tar.gz
>>> - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
>>> v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
>>> + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
>>> v2.23.tar.gz
>>> + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
>>> v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
>>> ./extensions/
>>>
>>> # imq
>>> @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>> --libdir=/lib \
>>> --includedir=/usr/include \
>>> --enable-libipq \
>>> + --with-xtlibdir=/lib/xtables \
>>> --libexecdir=/lib \
>>> --bindir=/sbin \
>>> --sbindir=/sbin \
>>> --
>>> 2.12.2
>>>
>>
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iptables: Update to 1.8.2
2019-03-05 9:47 ` Michael Tremer
@ 2019-03-05 12:37 ` ummeegge
2019-03-05 13:50 ` Michael Tremer
0 siblings, 1 reply; 7+ messages in thread
From: ummeegge @ 2019-03-05 12:37 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 8333 bytes --]
Hi Michael,
On Di, 2019-03-05 at 09:47 +0000, Michael Tremer wrote:
> Hi,
>
> I will just merge this and then we will see during testing of the
> Core Update.
Have deleted all the *legacy* binaries and as before, no problems at
all. Should i send another patch without them ?
>
> What could possibly go wrong?
Have currently no problems in focus.
Have build also nftables (with libnftnl with an extended iptables-1.8.2
version which incl. also ebtables, arptables, the translation stuff and
a lot more) to check there for some possible usage of the *legacy*
stuff. It is currently possible to use both (iptables beneath nftables)
which offers some funky new possiblities :D but in there the same, did
NOT needed the *legacy* binaries since all known iptables binaries are
still presant but possibly i have missed/overseen something.
At least all is working.
Best,
Erik
>
> Best,
> -Michael
>
> > On 4 Mar 2019, at 06:54, ummeegge <ummeegge(a)ipfire.org> wrote:
> >
> > Hi Michael,
> >
> > On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote:
> > > Hi,
> > >
> > > This release of iptables has some interesting changes:
> > >
> > > We now have multiple binaries with -legacy in name.
> >
> > Yes i was also a little in wonder about that although it looked a
> > little like a helper tool if nftables and iptables running at the
> > same
> > time. Looking at linuxfromscratch -->
> > http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html
> > if '--disable-nftables' has been set, there are no *-legacy*
> > binaries
> > listed under "Installed Programs:".
> > There is also the xtables-legacy-multi binary and looking into the
> > nftables-wiki -->
> >
https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
> >
> > (please check the 'link to a summary') it appears that all
> > setsockopt
> > based tools are all now considered as 'legacy'.
> >
> > >
> > > Did you test this? Is there anything we need to think about?
> >
> > Am running iptables-1.8.2 currently with a backup of my production
> > machine with ~ 50 rules and a vast IPset configuration
> > (firewall.local)
> > and i haven´t recognized problems.
> >
> > Some other tests i made:
> > Made also a diff between 'iptables-legacy-save' and 'iptables-save'
> > whereby the output seems to be pretty much the same.
> > Moved then also all iptables-legacy* binaries away, restarted the
> > machine and all seems to work as it should.
> >
> > Since it is a little a sensible update, it is great to go for some
> > more
> > overviews/testings/thinking_abouts.
> >
> > Best,
> >
> >
> > Erik
> >
> > >
> > > -Michael
> > >
> > > > On 3 Mar 2019, at 08:09, Erik Kapfer <ummeegge(a)ipfire.org>
> > > > wrote:
> > > >
> > > > netfilter-layer7 has also been updated to v2.23 .
> > > >
> > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > > > ---
> > > > config/rootfiles/common/iptables | 19 ++++++++++++-------
> > > > lfs/iptables | 17 +++++++++--------
> > > > 2 files changed, 21 insertions(+), 15 deletions(-)
> > > >
> > > > diff --git a/config/rootfiles/common/iptables
> > > > b/config/rootfiles/common/iptables
> > > > index d7584c0ad..9aa9e51cb 100644
> > > > --- a/config/rootfiles/common/iptables
> > > > +++ b/config/rootfiles/common/iptables
> > > > @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
> > > > #lib/libxtables.la
> > > > lib/libxtables.so
> > > > lib/libxtables.so.12
> > > > -lib/libxtables.so.12.0.0
> > > > +lib/libxtables.so.12.2.0
> > > > #lib/xtables
> > > > -lib/xtables/libebt_802_3.so
> > > > -lib/xtables/libebt_ip.so
> > > > -lib/xtables/libebt_log.so
> > > > -lib/xtables/libebt_mark_m.so
> > > > lib/xtables/libip6t_DNAT.so
> > > > lib/xtables/libip6t_DNPT.so
> > > > lib/xtables/libip6t_HL.so
> > > > @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
> > > > lib/xtables/libxt_length.so
> > > > lib/xtables/libxt_limit.so
> > > > lib/xtables/libxt_mac.so
> > > > -lib/xtables/libxt_mangle.so
> > > > lib/xtables/libxt_mark.so
> > > > lib/xtables/libxt_multiport.so
> > > > lib/xtables/libxt_nfacct.so
> > > > @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
> > > > lib/xtables/libxt_u32.so
> > > > lib/xtables/libxt_udp.so
> > > > sbin/ip6tables
> > > > +sbin/ip6tables-legacy
> > > > +sbin/ip6tables-legacy-restore
> > > > +sbin/ip6tables-legacy-save
> > > > sbin/ip6tables-restore
> > > > sbin/ip6tables-save
> > > > sbin/iptables
> > > > +sbin/iptables-legacy
> > > > +sbin/iptables-legacy-restore
> > > > +sbin/iptables-legacy-save
> > > > sbin/iptables-restore
> > > > sbin/iptables-save
> > > > sbin/iptables-xml
> > > > #sbin/nfnl_osf
> > > > -sbin/xtables-multi
> > > > +sbin/xtables-legacy-multi
> > > > #usr/include/libipq.h
> > > > #usr/include/libiptc
> > > > #usr/include/libiptc/ipt_kernel_headers.h
> > > > @@ -178,5 +179,9 @@ sbin/xtables-multi
> > > > #usr/share/man/man8/iptables-save.8
> > > > #usr/share/man/man8/iptables.8
> > > > #usr/share/man/man8/nfnl_osf.8
> > > > +#usr/share/man/man8/xtables-legacy.8
> > > > +#usr/share/man/man8/xtables-monitor.8
> > > > +#usr/share/man/man8/xtables-nft.8
> > > > +#usr/share/man/man8/xtables-translate.8
> > > > #usr/share/xtables
> > > > usr/share/xtables/pf.os
> > > > diff --git a/lfs/iptables b/lfs/iptables
> > > > index b4a2834b8..17817a9ef 100644
> > > > --- a/lfs/iptables
> > > > +++ b/lfs/iptables
> > > > @@ -1,7 +1,7 @@
> > > > ###############################################################
> > > > ####
> > > > ############
> > > > #
> > > >
> > > > #
> > > > # IPFire.org - A linux based
> > > > firewall #
> > > > -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org>
> > > >
> > > > #
> > > > +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
> > > >
> > > > #
> > > > #
> > > >
> > > > #
> > > > # This program is free software: you can redistribute it and/or
> > > > modify #
> > > > # it under the terms of the GNU General Public License as
> > > > published
> > > > by #
> > > > @@ -24,7 +24,7 @@
> > > >
> > > > include Config
> > > >
> > > > -VER = 1.6.2
> > > > +VER = 1.8.2
> > > >
> > > > THISAPP = iptables-$(VER)
> > > > DL_FILE = $(THISAPP).tar.bz2
> > > > @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
> > > > # Top-level Rules
> > > > ###############################################################
> > > > ####
> > > > ############
> > > > objects = $(DL_FILE) \
> > > > - netfilter-layer7-v2.22.tar.gz
> > > > + netfilter-layer7-v2.23.tar.gz
> > > >
> > > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > > > -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-
> > > > layer7-
> > > > v2.22.tar.gz
> > > > +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-
> > > > layer7-
> > > > v2.23.tar.gz
> > > >
> > > > -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
> > > > -netfilter-layer7-v2.22.tar.gz_MD5 =
> > > > 98dff8a3d5a31885b73341633f69501f
> > > > +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
> > > > +netfilter-layer7-v2.23.tar.gz_MD5 =
> > > > 10910b6173d18e426cb56ae7e1300eeb
> > > >
> > > > install : $(TARGET)
> > > >
> > > > @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst
> > > > %,$(DIR_DL)/%,$(objects))
> > > > @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
> > > >
> > > > # Layer7
> > > > - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
> > > > v2.22.tar.gz
> > > > - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
> > > > v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> > > > + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
> > > > v2.23.tar.gz
> > > > + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
> > > > v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
> > > > ./extensions/
> > > >
> > > > # imq
> > > > @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst
> > > > %,$(DIR_DL)/%,$(objects))
> > > > --libdir=/lib \
> > > > --includedir=/usr/include \
> > > > --enable-libipq \
> > > > + --with-xtlibdir=/lib/xtables \
> > > > --libexecdir=/lib \
> > > > --bindir=/sbin \
> > > > --sbindir=/sbin \
> > > > --
> > > > 2.12.2
> > > >
> > >
> > >
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] iptables: Update to 1.8.2
2019-03-05 12:37 ` ummeegge
@ 2019-03-05 13:50 ` Michael Tremer
0 siblings, 0 replies; 7+ messages in thread
From: Michael Tremer @ 2019-03-05 13:50 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 8806 bytes --]
Hi,
> On 5 Mar 2019, at 12:37, ummeegge <ummeegge(a)ipfire.org> wrote:
>
> Hi Michael,
>
> On Di, 2019-03-05 at 09:47 +0000, Michael Tremer wrote:
>> Hi,
>>
>> I will just merge this and then we will see during testing of the
>> Core Update.
> Have deleted all the *legacy* binaries and as before, no problems at
> all. Should i send another patch without them ?
If those are all symlinks, I guess it makes sense to remove them, because they are more confusing than anything else.
Please submit another patch. Remember that I have already merged this one.
>
>>
>> What could possibly go wrong?
> Have currently no problems in focus.
> Have build also nftables (with libnftnl with an extended iptables-1.8.2
> version which incl. also ebtables, arptables, the translation stuff and
> a lot more) to check there for some possible usage of the *legacy*
> stuff. It is currently possible to use both (iptables beneath nftables)
> which offers some funky new possiblities :D but in there the same, did
> NOT needed the *legacy* binaries since all known iptables binaries are
> still presant but possibly i have missed/overseen something.
I do not think that there is any sense to build notables for IPFire 2. It is disabled in the kernel, we are using some extensions that only work for iptables (l7 filter, geoid, ipp2p) and therefore we can never use it.
-Michael
>
> At least all is working.
>
> Best,
>
> Erik
>
>>
>> Best,
>> -Michael
>>
>>> On 4 Mar 2019, at 06:54, ummeegge <ummeegge(a)ipfire.org> wrote:
>>>
>>> Hi Michael,
>>>
>>> On So, 2019-03-03 at 16:04 +0000, Michael Tremer wrote:
>>>> Hi,
>>>>
>>>> This release of iptables has some interesting changes:
>>>>
>>>> We now have multiple binaries with -legacy in name.
>>>
>>> Yes i was also a little in wonder about that although it looked a
>>> little like a helper tool if nftables and iptables running at the
>>> same
>>> time. Looking at linuxfromscratch -->
>>> http://www.linuxfromscratch.org/blfs/view/8.3/postlfs/iptables.html
>>> if '--disable-nftables' has been set, there are no *-legacy*
>>> binaries
>>> listed under "Installed Programs:".
>>> There is also the xtables-legacy-multi binary and looking into the
>>> nftables-wiki -->
>>>
> https://wiki.nftables.org/wiki-nftables/index.php/Legacy_xtables_tools
>>>
>>> (please check the 'link to a summary') it appears that all
>>> setsockopt
>>> based tools are all now considered as 'legacy'.
>>>
>>>>
>>>> Did you test this? Is there anything we need to think about?
>>>
>>> Am running iptables-1.8.2 currently with a backup of my production
>>> machine with ~ 50 rules and a vast IPset configuration
>>> (firewall.local)
>>> and i haven´t recognized problems.
>>>
>>> Some other tests i made:
>>> Made also a diff between 'iptables-legacy-save' and 'iptables-save'
>>> whereby the output seems to be pretty much the same.
>>> Moved then also all iptables-legacy* binaries away, restarted the
>>> machine and all seems to work as it should.
>>>
>>> Since it is a little a sensible update, it is great to go for some
>>> more
>>> overviews/testings/thinking_abouts.
>>>
>>> Best,
>>>
>>>
>>> Erik
>>>
>>>>
>>>> -Michael
>>>>
>>>>> On 3 Mar 2019, at 08:09, Erik Kapfer <ummeegge(a)ipfire.org>
>>>>> wrote:
>>>>>
>>>>> netfilter-layer7 has also been updated to v2.23 .
>>>>>
>>>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>>>>> ---
>>>>> config/rootfiles/common/iptables | 19 ++++++++++++-------
>>>>> lfs/iptables | 17 +++++++++--------
>>>>> 2 files changed, 21 insertions(+), 15 deletions(-)
>>>>>
>>>>> diff --git a/config/rootfiles/common/iptables
>>>>> b/config/rootfiles/common/iptables
>>>>> index d7584c0ad..9aa9e51cb 100644
>>>>> --- a/config/rootfiles/common/iptables
>>>>> +++ b/config/rootfiles/common/iptables
>>>>> @@ -17,12 +17,8 @@ lib/libiptc.so.0.0.0
>>>>> #lib/libxtables.la
>>>>> lib/libxtables.so
>>>>> lib/libxtables.so.12
>>>>> -lib/libxtables.so.12.0.0
>>>>> +lib/libxtables.so.12.2.0
>>>>> #lib/xtables
>>>>> -lib/xtables/libebt_802_3.so
>>>>> -lib/xtables/libebt_ip.so
>>>>> -lib/xtables/libebt_log.so
>>>>> -lib/xtables/libebt_mark_m.so
>>>>> lib/xtables/libip6t_DNAT.so
>>>>> lib/xtables/libip6t_DNPT.so
>>>>> lib/xtables/libip6t_HL.so
>>>>> @@ -109,7 +105,6 @@ lib/xtables/libxt_layer7.so
>>>>> lib/xtables/libxt_length.so
>>>>> lib/xtables/libxt_limit.so
>>>>> lib/xtables/libxt_mac.so
>>>>> -lib/xtables/libxt_mangle.so
>>>>> lib/xtables/libxt_mark.so
>>>>> lib/xtables/libxt_multiport.so
>>>>> lib/xtables/libxt_nfacct.so
>>>>> @@ -136,14 +131,20 @@ lib/xtables/libxt_tos.so
>>>>> lib/xtables/libxt_u32.so
>>>>> lib/xtables/libxt_udp.so
>>>>> sbin/ip6tables
>>>>> +sbin/ip6tables-legacy
>>>>> +sbin/ip6tables-legacy-restore
>>>>> +sbin/ip6tables-legacy-save
>>>>> sbin/ip6tables-restore
>>>>> sbin/ip6tables-save
>>>>> sbin/iptables
>>>>> +sbin/iptables-legacy
>>>>> +sbin/iptables-legacy-restore
>>>>> +sbin/iptables-legacy-save
>>>>> sbin/iptables-restore
>>>>> sbin/iptables-save
>>>>> sbin/iptables-xml
>>>>> #sbin/nfnl_osf
>>>>> -sbin/xtables-multi
>>>>> +sbin/xtables-legacy-multi
>>>>> #usr/include/libipq.h
>>>>> #usr/include/libiptc
>>>>> #usr/include/libiptc/ipt_kernel_headers.h
>>>>> @@ -178,5 +179,9 @@ sbin/xtables-multi
>>>>> #usr/share/man/man8/iptables-save.8
>>>>> #usr/share/man/man8/iptables.8
>>>>> #usr/share/man/man8/nfnl_osf.8
>>>>> +#usr/share/man/man8/xtables-legacy.8
>>>>> +#usr/share/man/man8/xtables-monitor.8
>>>>> +#usr/share/man/man8/xtables-nft.8
>>>>> +#usr/share/man/man8/xtables-translate.8
>>>>> #usr/share/xtables
>>>>> usr/share/xtables/pf.os
>>>>> diff --git a/lfs/iptables b/lfs/iptables
>>>>> index b4a2834b8..17817a9ef 100644
>>>>> --- a/lfs/iptables
>>>>> +++ b/lfs/iptables
>>>>> @@ -1,7 +1,7 @@
>>>>> ###############################################################
>>>>> ####
>>>>> ############
>>>>> #
>>>>>
>>>>> #
>>>>> # IPFire.org - A linux based
>>>>> firewall #
>>>>> -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org>
>>>>>
>>>>> #
>>>>> +# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org>
>>>>>
>>>>> #
>>>>> #
>>>>>
>>>>> #
>>>>> # This program is free software: you can redistribute it and/or
>>>>> modify #
>>>>> # it under the terms of the GNU General Public License as
>>>>> published
>>>>> by #
>>>>> @@ -24,7 +24,7 @@
>>>>>
>>>>> include Config
>>>>>
>>>>> -VER = 1.6.2
>>>>> +VER = 1.8.2
>>>>>
>>>>> THISAPP = iptables-$(VER)
>>>>> DL_FILE = $(THISAPP).tar.bz2
>>>>> @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP)
>>>>> # Top-level Rules
>>>>> ###############################################################
>>>>> ####
>>>>> ############
>>>>> objects = $(DL_FILE) \
>>>>> - netfilter-layer7-v2.22.tar.gz
>>>>> + netfilter-layer7-v2.23.tar.gz
>>>>>
>>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>> -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-
>>>>> layer7-
>>>>> v2.22.tar.gz
>>>>> +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-
>>>>> layer7-
>>>>> v2.23.tar.gz
>>>>>
>>>>> -$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
>>>>> -netfilter-layer7-v2.22.tar.gz_MD5 =
>>>>> 98dff8a3d5a31885b73341633f69501f
>>>>> +$(DL_FILE)_MD5 = 944558e88ddcc3b9b0d9550070fa3599
>>>>> +netfilter-layer7-v2.23.tar.gz_MD5 =
>>>>> 10910b6173d18e426cb56ae7e1300eeb
>>>>>
>>>>> install : $(TARGET)
>>>>>
>>>>> @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst
>>>>> %,$(DIR_DL)/%,$(objects))
>>>>> @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
>>>>>
>>>>> # Layer7
>>>>> - cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
>>>>> v2.22.tar.gz
>>>>> - cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
>>>>> v2.22/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
>>>>> + cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-
>>>>> v2.23.tar.gz
>>>>> + cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-
>>>>> v2.23/iptables-1.4.3forward-for-kernel-2.6.20forward/* \
>>>>> ./extensions/
>>>>>
>>>>> # imq
>>>>> @@ -88,6 +88,7 @@ $(TARGET) : $(patsubst
>>>>> %,$(DIR_DL)/%,$(objects))
>>>>> --libdir=/lib \
>>>>> --includedir=/usr/include \
>>>>> --enable-libipq \
>>>>> + --with-xtlibdir=/lib/xtables \
>>>>> --libexecdir=/lib \
>>>>> --bindir=/sbin \
>>>>> --sbindir=/sbin \
>>>>> --
>>>>> 2.12.2
>>>>>
>>>>
>>>>
>>
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] iptables: Commented legacy ip(6)tables entries from ROOTFILE
2019-03-03 8:09 [PATCH] iptables: Update to 1.8.2 Erik Kapfer
2019-03-03 16:04 ` Michael Tremer
@ 2019-03-08 4:51 ` Erik Kapfer
1 sibling, 0 replies; 7+ messages in thread
From: Erik Kapfer @ 2019-03-08 4:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 961 bytes --]
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
---
config/rootfiles/common/iptables | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index 9aa9e51cb..f1a6af00e 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -131,15 +131,15 @@ lib/xtables/libxt_tos.so
lib/xtables/libxt_u32.so
lib/xtables/libxt_udp.so
sbin/ip6tables
-sbin/ip6tables-legacy
-sbin/ip6tables-legacy-restore
-sbin/ip6tables-legacy-save
+#sbin/ip6tables-legacy
+#sbin/ip6tables-legacy-restore
+#sbin/ip6tables-legacy-save
sbin/ip6tables-restore
sbin/ip6tables-save
sbin/iptables
-sbin/iptables-legacy
-sbin/iptables-legacy-restore
-sbin/iptables-legacy-save
+#sbin/iptables-legacy
+#sbin/iptables-legacy-restore
+#sbin/iptables-legacy-save
sbin/iptables-restore
sbin/iptables-save
sbin/iptables-xml
--
2.12.2
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-03-08 4:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-03 8:09 [PATCH] iptables: Update to 1.8.2 Erik Kapfer
2019-03-03 16:04 ` Michael Tremer
2019-03-04 6:54 ` ummeegge
2019-03-05 9:47 ` Michael Tremer
2019-03-05 12:37 ` ummeegge
2019-03-05 13:50 ` Michael Tremer
2019-03-08 4:51 ` [PATCH] iptables: Commented legacy ip(6)tables entries from ROOTFILE Erik Kapfer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox