This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 46ad8236e7cda033d43d9132bc72881f87b09fb1 (commit) via 5d17c06060b206bb8043f355fa9f21f23995c0ef (commit) via 8c785caba7469a9db7700c7217411dada93107e0 (commit) from 2dfd22f3bf1c09ebff3044c797f9ed4f899aaeee (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 46ad8236e7cda033d43d9132bc72881f87b09fb1 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 25 11:50:27 2018 +0100
iptables: New package
This patch brings back the userspace tools for iptables
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5d17c06060b206bb8043f355fa9f21f23995c0ef Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 25 11:49:28 2018 +0100
kernel: Re-enable support for iptables
This patch re-enabled iptables for IPv6 and IPv4 and removes support for nftables.
nftables is likely to be discontinued by the kernel developers in favour of bpfilter.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8c785caba7469a9db7700c7217411dada93107e0 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jun 25 11:16:54 2018 +0100
nftables: Drop package
nftables is likely to be discontinued in favour of bpfilter
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: libnftnl/libnftnl.nm => iptables/iptables.nm | 30 ++++---- kernel/config-generic | 105 +++++++++++++-------------- kernel/kernel.nm | 2 +- nftables/nftables.nm | 51 ------------- 4 files changed, 69 insertions(+), 119 deletions(-) rename libnftnl/libnftnl.nm => iptables/iptables.nm (53%) delete mode 100644 nftables/nftables.nm
Difference in files: diff --git a/libnftnl/libnftnl.nm b/iptables/iptables.nm similarity index 53% rename from libnftnl/libnftnl.nm rename to iptables/iptables.nm index 3ad24a941..ca62d0264 100644 --- a/libnftnl/libnftnl.nm +++ b/iptables/iptables.nm @@ -3,33 +3,35 @@ # Copyright (C) - IPFire Development Team info@ipfire.org # ###############################################################################
-name = libnftnl -version = 1.0.6 +name = iptables +version = 1.6.2 release = 1 -thisapp = %{name}-%{version}
groups = Networking/Tools -url = http://netfilter.org/projects/libnftnl -license = GPLv2 -summary = Library for low-level interaction with nftables +url = http://www.netfilter.org +license = GPL+ +summary = Tools for managing Linux kernel packet filtering capabilities
description - Library for low-level interaction with nftables Netlink's API over - libmnl. + The iptables utility controls the network packet filtering code + in the Linux kernel. end
-source_dl = http://ftp.netfilter.org/pub/libnftnl/ +source_dl = http://ftp.netfilter.org/pub/iptables/ sources = %{thisapp}.tar.bz2
build requires - autoconf - autogen - automake - libmnl-devel - libtool + libnfnetlink-devel end
+ configure_options += \ + --disable-nftables + + install_cmds + # Remove absolute symlink + ln -svf ../sbin/xtables-multi %{BUILDROOT}/usr/bin/iptables-xml + end end
packages diff --git a/kernel/config-generic b/kernel/config-generic index 876ef6b07..f82742647 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -623,6 +623,7 @@ CONFIG_NF_LOG_COMMON=m CONFIG_NF_LOG_NETDEV=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y +# CONFIG_NF_CONNTRACK_ZONES is not set CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMEOUT=y @@ -658,35 +659,8 @@ CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NF_NAT_REDIRECT=m -CONFIG_NF_TABLES=m -CONFIG_NF_TABLES_INET=m -CONFIG_NF_TABLES_NETDEV=m -CONFIG_NFT_EXTHDR=m -CONFIG_NFT_META=m -CONFIG_NFT_RT=m -CONFIG_NFT_NUMGEN=m -CONFIG_NFT_CT=m -CONFIG_NFT_SET_RBTREE=m -CONFIG_NFT_SET_HASH=m -CONFIG_NFT_SET_BITMAP=m -CONFIG_NFT_COUNTER=m -CONFIG_NFT_LOG=m -CONFIG_NFT_LIMIT=m -CONFIG_NFT_MASQ=m -CONFIG_NFT_REDIR=m -CONFIG_NFT_NAT=m -CONFIG_NFT_OBJREF=m -CONFIG_NFT_QUEUE=m -CONFIG_NFT_QUOTA=m -CONFIG_NFT_REJECT=m -CONFIG_NFT_REJECT_INET=m -# CONFIG_NFT_COMPAT is not set -CONFIG_NFT_HASH=m -CONFIG_NFT_FIB=m -CONFIG_NFT_FIB_INET=m -CONFIG_NF_DUP_NETDEV=m -CONFIG_NFT_DUP_NETDEV=m -CONFIG_NFT_FWD_NETDEV=m +CONFIG_NETFILTER_SYNPROXY=m +# CONFIG_NF_TABLES is not set CONFIG_NETFILTER_XTABLES=y
# @@ -699,9 +673,13 @@ CONFIG_NETFILTER_XT_SET=m # # Xtables targets # +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m +CONFIG_NETFILTER_XT_TARGET_CT=m +CONFIG_NETFILTER_XT_TARGET_DSCP=m +CONFIG_NETFILTER_XT_TARGET_HL=m CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m @@ -711,11 +689,15 @@ CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m +CONFIG_NETFILTER_XT_TARGET_NOTRACK=m CONFIG_NETFILTER_XT_TARGET_RATEEST=m CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_TEE=m +CONFIG_NETFILTER_XT_TARGET_TPROXY=m +CONFIG_NETFILTER_XT_TARGET_TRACE=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_TARGET_TCPMSS=m +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
# # Xtables matches @@ -741,7 +723,7 @@ CONFIG_NETFILTER_XT_MATCH_HELPER=m CONFIG_NETFILTER_XT_MATCH_HL=m CONFIG_NETFILTER_XT_MATCH_IPCOMP=m CONFIG_NETFILTER_XT_MATCH_IPRANGE=m -# CONFIG_NETFILTER_XT_MATCH_IPVS is not set +CONFIG_NETFILTER_XT_MATCH_IPVS=m CONFIG_NETFILTER_XT_MATCH_L2TP=m CONFIG_NETFILTER_XT_MATCH_LENGTH=m CONFIG_NETFILTER_XT_MATCH_LIMIT=m @@ -833,26 +815,34 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=y CONFIG_NF_CONNTRACK_IPV4=y CONFIG_NF_SOCKET_IPV4=m -CONFIG_NF_TABLES_IPV4=m -CONFIG_NFT_CHAIN_ROUTE_IPV4=m -CONFIG_NFT_REJECT_IPV4=m -CONFIG_NFT_DUP_IPV4=m -CONFIG_NFT_FIB_IPV4=m -CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m -CONFIG_NFT_CHAIN_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=m -CONFIG_NFT_MASQ_IPV4=m -CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m -# CONFIG_IP_NF_IPTABLES is not set +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_MATCH_AH=m +CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m +CONFIG_IP_NF_MATCH_TTL=m +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +CONFIG_IP_NF_TARGET_SYNPROXY=m +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_TARGET_NETMAP=m +CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP_NF_TARGET_CLUSTERIP=m +CONFIG_IP_NF_TARGET_ECN=m +CONFIG_IP_NF_TARGET_TTL=m +CONFIG_IP_NF_RAW=m +CONFIG_IP_NF_SECURITY=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m @@ -863,24 +853,31 @@ CONFIG_IP_NF_ARP_MANGLE=m CONFIG_NF_DEFRAG_IPV6=y CONFIG_NF_CONNTRACK_IPV6=y CONFIG_NF_SOCKET_IPV6=m -CONFIG_NF_TABLES_IPV6=m -CONFIG_NFT_CHAIN_ROUTE_IPV6=m -CONFIG_NFT_REJECT_IPV6=m -CONFIG_NFT_DUP_IPV6=m -CONFIG_NFT_FIB_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m -CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m -CONFIG_NFT_MASQ_IPV6=m -CONFIG_NFT_REDIR_IPV6=m -# CONFIG_IP6_NF_IPTABLES is not set -CONFIG_NF_TABLES_BRIDGE=m -CONFIG_NFT_BRIDGE_META=m -CONFIG_NFT_BRIDGE_REJECT=m -CONFIG_NF_LOG_BRIDGE=m +CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_MATCH_AH=m +CONFIG_IP6_NF_MATCH_EUI64=m +CONFIG_IP6_NF_MATCH_FRAG=m +CONFIG_IP6_NF_MATCH_OPTS=m +CONFIG_IP6_NF_MATCH_HL=m +CONFIG_IP6_NF_MATCH_IPV6HEADER=m +CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m +CONFIG_IP6_NF_MATCH_RT=m +CONFIG_IP6_NF_TARGET_HL=m +CONFIG_IP6_NF_FILTER=m +CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_IP6_NF_TARGET_SYNPROXY=m +CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_RAW=m +CONFIG_IP6_NF_SECURITY=m +CONFIG_IP6_NF_NAT=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_IP6_NF_TARGET_NPT=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -1015,6 +1012,7 @@ CONFIG_NET_ACT_GACT=m CONFIG_GACT_PROB=y CONFIG_NET_ACT_MIRRED=m CONFIG_NET_ACT_SAMPLE=m +CONFIG_NET_ACT_IPT=m CONFIG_NET_ACT_NAT=m CONFIG_NET_ACT_PEDIT=m CONFIG_NET_ACT_SIMP=m @@ -1022,6 +1020,7 @@ CONFIG_NET_ACT_SKBEDIT=m CONFIG_NET_ACT_CSUM=m CONFIG_NET_ACT_VLAN=m CONFIG_NET_ACT_BPF=m +CONFIG_NET_ACT_CONNMARK=m CONFIG_NET_ACT_SKBMOD=m CONFIG_NET_ACT_IFE=m CONFIG_NET_ACT_TUNNEL_KEY=m diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 11f7fabe3..200a3f2c8 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -5,7 +5,7 @@
name = kernel version = 4.13.3 -release = 1 +release = 2 thisapp = linux-%{version}
maintainer = Arne Fitzenreiter arne.fitzenreiter@ipfire.org diff --git a/nftables/nftables.nm b/nftables/nftables.nm deleted file mode 100644 index f8a97d053..000000000 --- a/nftables/nftables.nm +++ /dev/null @@ -1,51 +0,0 @@ -############################################################################### -# IPFire.org - An Open Source Firewall Solution # -# Copyright (C) - IPFire Development Team info@ipfire.org # -############################################################################### - -name = nftables -version = 0.100 -snapshot = 20160602 -release = 1.%{snapshot} -thisapp = %{name}-%{snapshot} - -groups = Networking/Tools -url = http://netfilter.org/projects/nftables/ -license = GPLv2 -summary = Netfilter Tables userspace utillites - -description - %{summary} -end - -source_dl = http://ftp.netfilter.org/pub/nftables/snapshot/ -sources = %{thisapp}.tar.bz2 - -build - requires - autoconf - autogen - automake - bison - docbook2X - docbook-xsl - flex - gmp-devel - libtool - libmnl-devel - libnftnl-devel >= 1.0.5 - readline-devel - end - - prepare_cmds - ./autogen.sh - end -end - -packages - package %{name} - - package %{name}-debuginfo - template DEBUGINFO - end -end
hooks/post-receive -- IPFire 3.x development tree