Hi,
could somebody please build this and give it a good test?
I would especially be interested if the layer 7 extensions (i.e. QoS) are working fine and matching is still okay.
This is a huge change and I do not feel confident enough yet to merge this into next.
Best, -Michael
On Fri, 2016-09-02 at 10:48 +0200, Marcel Lorenz wrote:
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org
config/rootfiles/common/iptables | 14 +++++++++----- lfs/iptables | 18 ++++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 09e827c..17d0c9c 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -16,9 +16,13 @@ lib/libiptc.so.0 lib/libiptc.so.0.0.0 #lib/libxtables.la lib/libxtables.so -lib/libxtables.so.10 -lib/libxtables.so.10.0.0 +lib/libxtables.so.11 +lib/libxtables.so.11.0.0 lib/xtables +#lib/xtables/libebt_802_3.so +#lib/xtables/libebt_ip.so +#lib/xtables/libebt_log.so +#lib/xtables/libebt_mark_m.so #lib/xtables/libip6t_DNAT.so #lib/xtables/libip6t_DNPT.so #lib/xtables/libip6t_HL.so @@ -44,11 +48,9 @@ lib/xtables #lib/xtables/libipt_ECN.so #lib/xtables/libipt_LOG.so #lib/xtables/libipt_MASQUERADE.so -#lib/xtables/libipt_MIRROR.so #lib/xtables/libipt_NETMAP.so #lib/xtables/libipt_REDIRECT.so #lib/xtables/libipt_REJECT.so -#lib/xtables/libipt_SAME.so #lib/xtables/libipt_SNAT.so #lib/xtables/libipt_TTL.so #lib/xtables/libipt_ULOG.so @@ -56,7 +58,6 @@ lib/xtables #lib/xtables/libipt_icmp.so #lib/xtables/libipt_realm.so #lib/xtables/libipt_ttl.so -#lib/xtables/libipt_unclean.so #lib/xtables/libxt_AUDIT.so #lib/xtables/libxt_CHECKSUM.so #lib/xtables/libxt_CLASSIFY.so @@ -84,6 +85,7 @@ lib/xtables #lib/xtables/libxt_TRACE.so #lib/xtables/libxt_addrtype.so #lib/xtables/libxt_bpf.so +#lib/xtables/libxt_cgroup.so #lib/xtables/libxt_cluster.so #lib/xtables/libxt_comment.so #lib/xtables/libxt_connbytes.so @@ -99,12 +101,14 @@ lib/xtables #lib/xtables/libxt_esp.so #lib/xtables/libxt_hashlimit.so #lib/xtables/libxt_helper.so +#lib/xtables/libxt_ipcomp.so #lib/xtables/libxt_iprange.so #lib/xtables/libxt_ipvs.so #lib/xtables/libxt_layer7.so #lib/xtables/libxt_length.so #lib/xtables/libxt_limit.so #lib/xtables/libxt_mac.so +#lib/xtables/libxt_mangle.so #lib/xtables/libxt_mark.so #lib/xtables/libxt_multiport.so #lib/xtables/libxt_nfacct.so diff --git a/lfs/iptables b/lfs/iptables index b7ce928..5ac7b9c 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -1,7 +1,7 @@ ############################################################################# ## # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2013 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.4.21 +VER = 1.6.0 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -36,13 +36,13 @@ TARGET = $(DIR_INFO)/$(THISAPP) # Top-level Rules ############################################################################# ## objects = $(DL_FILE) \
- netfilter-layer7-v2.22.tar.gz
- netfilter-layer7-v2.23.tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE) -netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz +netfilter-layer7-v2.23.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.23.tar.gz -$(DL_FILE)_MD5 = 536d048c8e8eeebcd9757d0863ebb0c0 -netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f +$(DL_FILE)_MD5 = 27ba3451cb622467fc9267a176f19a31 +netfilter-layer7-v2.23.tar.gz_MD5 = 10910b6173d18e426cb56ae7e1300eeb install : $(TARGET) @@ -75,8 +75,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) # Layer7
- cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz
- cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.22/iptables-
1.4.3forward-for-kernel-2.6.20forward/* \
- cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.23.tar.gz
- cd $(DIR_APP) && cp -vf $(DIR_SRC)/netfilter-layer7-v2.23/iptables-
1.4.3forward-for-kernel-2.6.20forward/* \ ./extensions/ # imq @@ -88,6 +88,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --libdir=/lib \ --includedir=/usr/include \ --enable-libipq \
--disable-nftables \--with-xtlibdir=/lib/xtables \--libexecdir=/lib \ --bindir=/sbin \ --sbindir=/sbin \