From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 3.x development tree branch, master, updated. 46ad8236e7cda033d43d9132bc72881f87b09fb1
Date: Mon, 25 Jun 2018 11:59:15 +0100 [thread overview]
Message-ID: <20180625105916.5F7FD1081BCF@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 11170 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via 46ad8236e7cda033d43d9132bc72881f87b09fb1 (commit)
via 5d17c06060b206bb8043f355fa9f21f23995c0ef (commit)
via 8c785caba7469a9db7700c7217411dada93107e0 (commit)
from 2dfd22f3bf1c09ebff3044c797f9ed4f899aaeee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 46ad8236e7cda033d43d9132bc72881f87b09fb1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 11:50:27 2018 +0100
iptables: New package
This patch brings back the userspace tools for iptables
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5d17c06060b206bb8043f355fa9f21f23995c0ef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 11:49:28 2018 +0100
kernel: Re-enable support for iptables
This patch re-enabled iptables for IPv6 and IPv4 and removes
support for nftables.
nftables is likely to be discontinued by the kernel developers
in favour of bpfilter.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8c785caba7469a9db7700c7217411dada93107e0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 11:16:54 2018 +0100
nftables: Drop package
nftables is likely to be discontinued in favour of bpfilter
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
libnftnl/libnftnl.nm => iptables/iptables.nm | 30 ++++----
kernel/config-generic | 105 +++++++++++++--------------
kernel/kernel.nm | 2 +-
nftables/nftables.nm | 51 -------------
4 files changed, 69 insertions(+), 119 deletions(-)
rename libnftnl/libnftnl.nm => iptables/iptables.nm (53%)
delete mode 100644 nftables/nftables.nm
Difference in files:
diff --git a/libnftnl/libnftnl.nm b/iptables/iptables.nm
similarity index 53%
rename from libnftnl/libnftnl.nm
rename to iptables/iptables.nm
index 3ad24a941..ca62d0264 100644
--- a/libnftnl/libnftnl.nm
+++ b/iptables/iptables.nm
@@ -3,33 +3,35 @@
# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
###############################################################################
-name = libnftnl
-version = 1.0.6
+name = iptables
+version = 1.6.2
release = 1
-thisapp = %{name}-%{version}
groups = Networking/Tools
-url = http://netfilter.org/projects/libnftnl
-license = GPLv2
-summary = Library for low-level interaction with nftables
+url = http://www.netfilter.org
+license = GPL+
+summary = Tools for managing Linux kernel packet filtering capabilities
description
- Library for low-level interaction with nftables Netlink's API over
- libmnl.
+ The iptables utility controls the network packet filtering code
+ in the Linux kernel.
end
-source_dl = http://ftp.netfilter.org/pub/libnftnl/
+source_dl = http://ftp.netfilter.org/pub/iptables/
sources = %{thisapp}.tar.bz2
build
requires
- autoconf
- autogen
- automake
- libmnl-devel
- libtool
+ libnfnetlink-devel
end
+ configure_options += \
+ --disable-nftables
+
+ install_cmds
+ # Remove absolute symlink
+ ln -svf ../sbin/xtables-multi %{BUILDROOT}/usr/bin/iptables-xml
+ end
end
packages
diff --git a/kernel/config-generic b/kernel/config-generic
index 876ef6b07..f82742647 100644
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -623,6 +623,7 @@ CONFIG_NF_LOG_COMMON=m
CONFIG_NF_LOG_NETDEV=m
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
@@ -658,35 +659,8 @@ CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_REDIRECT=m
-CONFIG_NF_TABLES=m
-CONFIG_NF_TABLES_INET=m
-CONFIG_NF_TABLES_NETDEV=m
-CONFIG_NFT_EXTHDR=m
-CONFIG_NFT_META=m
-CONFIG_NFT_RT=m
-CONFIG_NFT_NUMGEN=m
-CONFIG_NFT_CT=m
-CONFIG_NFT_SET_RBTREE=m
-CONFIG_NFT_SET_HASH=m
-CONFIG_NFT_SET_BITMAP=m
-CONFIG_NFT_COUNTER=m
-CONFIG_NFT_LOG=m
-CONFIG_NFT_LIMIT=m
-CONFIG_NFT_MASQ=m
-CONFIG_NFT_REDIR=m
-CONFIG_NFT_NAT=m
-CONFIG_NFT_OBJREF=m
-CONFIG_NFT_QUEUE=m
-CONFIG_NFT_QUOTA=m
-CONFIG_NFT_REJECT=m
-CONFIG_NFT_REJECT_INET=m
-# CONFIG_NFT_COMPAT is not set
-CONFIG_NFT_HASH=m
-CONFIG_NFT_FIB=m
-CONFIG_NFT_FIB_INET=m
-CONFIG_NF_DUP_NETDEV=m
-CONFIG_NFT_DUP_NETDEV=m
-CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NETFILTER_SYNPROXY=m
+# CONFIG_NF_TABLES is not set
CONFIG_NETFILTER_XTABLES=y
#
@@ -699,9 +673,13 @@ CONFIG_NETFILTER_XT_SET=m
#
# Xtables targets
#
+CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
+CONFIG_NETFILTER_XT_TARGET_CT=m
+CONFIG_NETFILTER_XT_TARGET_DSCP=m
+CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LED=m
@@ -711,11 +689,15 @@ CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
+CONFIG_NETFILTER_XT_TARGET_TPROXY=m
+CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
+CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
#
# Xtables matches
@@ -741,7 +723,7 @@ CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
-# CONFIG_NETFILTER_XT_MATCH_IPVS is not set
+CONFIG_NETFILTER_XT_MATCH_IPVS=m
CONFIG_NETFILTER_XT_MATCH_L2TP=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
@@ -833,26 +815,34 @@ CONFIG_IP_VS_PE_SIP=m
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_SOCKET_IPV4=m
-CONFIG_NF_TABLES_IPV4=m
-CONFIG_NFT_CHAIN_ROUTE_IPV4=m
-CONFIG_NFT_REJECT_IPV4=m
-CONFIG_NFT_DUP_IPV4=m
-CONFIG_NFT_FIB_IPV4=m
-CONFIG_NF_TABLES_ARP=m
CONFIG_NF_DUP_IPV4=m
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_REJECT_IPV4=m
CONFIG_NF_NAT_IPV4=m
-CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
-CONFIG_NFT_MASQ_IPV4=m
-CONFIG_NFT_REDIR_IPV4=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
-# CONFIG_IP_NF_IPTABLES is not set
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_MATCH_AH=m
+CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_RPFILTER=m
+CONFIG_IP_NF_MATCH_TTL=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
+CONFIG_IP_NF_TARGET_SYNPROXY=m
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_CLUSTERIP=m
+CONFIG_IP_NF_TARGET_ECN=m
+CONFIG_IP_NF_TARGET_TTL=m
+CONFIG_IP_NF_RAW=m
+CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
@@ -863,24 +853,31 @@ CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
CONFIG_NF_SOCKET_IPV6=m
-CONFIG_NF_TABLES_IPV6=m
-CONFIG_NFT_CHAIN_ROUTE_IPV6=m
-CONFIG_NFT_REJECT_IPV6=m
-CONFIG_NFT_DUP_IPV6=m
-CONFIG_NFT_FIB_IPV6=m
CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_NF_NAT_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
CONFIG_NF_NAT_MASQUERADE_IPV6=m
-CONFIG_NFT_MASQ_IPV6=m
-CONFIG_NFT_REDIR_IPV6=m
-# CONFIG_IP6_NF_IPTABLES is not set
-CONFIG_NF_TABLES_BRIDGE=m
-CONFIG_NFT_BRIDGE_META=m
-CONFIG_NFT_BRIDGE_REJECT=m
-CONFIG_NF_LOG_BRIDGE=m
+CONFIG_IP6_NF_IPTABLES=m
+CONFIG_IP6_NF_MATCH_AH=m
+CONFIG_IP6_NF_MATCH_EUI64=m
+CONFIG_IP6_NF_MATCH_FRAG=m
+CONFIG_IP6_NF_MATCH_OPTS=m
+CONFIG_IP6_NF_MATCH_HL=m
+CONFIG_IP6_NF_MATCH_IPV6HEADER=m
+CONFIG_IP6_NF_MATCH_MH=m
+CONFIG_IP6_NF_MATCH_RPFILTER=m
+CONFIG_IP6_NF_MATCH_RT=m
+CONFIG_IP6_NF_TARGET_HL=m
+CONFIG_IP6_NF_FILTER=m
+CONFIG_IP6_NF_TARGET_REJECT=m
+CONFIG_IP6_NF_TARGET_SYNPROXY=m
+CONFIG_IP6_NF_MANGLE=m
+CONFIG_IP6_NF_RAW=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_IP6_NF_NAT=m
+CONFIG_IP6_NF_TARGET_MASQUERADE=m
+CONFIG_IP6_NF_TARGET_NPT=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_BROUTE=m
CONFIG_BRIDGE_EBT_T_FILTER=m
@@ -1015,6 +1012,7 @@ CONFIG_NET_ACT_GACT=m
CONFIG_GACT_PROB=y
CONFIG_NET_ACT_MIRRED=m
CONFIG_NET_ACT_SAMPLE=m
+CONFIG_NET_ACT_IPT=m
CONFIG_NET_ACT_NAT=m
CONFIG_NET_ACT_PEDIT=m
CONFIG_NET_ACT_SIMP=m
@@ -1022,6 +1020,7 @@ CONFIG_NET_ACT_SKBEDIT=m
CONFIG_NET_ACT_CSUM=m
CONFIG_NET_ACT_VLAN=m
CONFIG_NET_ACT_BPF=m
+CONFIG_NET_ACT_CONNMARK=m
CONFIG_NET_ACT_SKBMOD=m
CONFIG_NET_ACT_IFE=m
CONFIG_NET_ACT_TUNNEL_KEY=m
diff --git a/kernel/kernel.nm b/kernel/kernel.nm
index 11f7fabe3..200a3f2c8 100644
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -5,7 +5,7 @@
name = kernel
version = 4.13.3
-release = 1
+release = 2
thisapp = linux-%{version}
maintainer = Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
diff --git a/nftables/nftables.nm b/nftables/nftables.nm
deleted file mode 100644
index f8a97d053..000000000
--- a/nftables/nftables.nm
+++ /dev/null
@@ -1,51 +0,0 @@
-###############################################################################
-# IPFire.org - An Open Source Firewall Solution #
-# Copyright (C) - IPFire Development Team <info(a)ipfire.org> #
-###############################################################################
-
-name = nftables
-version = 0.100
-snapshot = 20160602
-release = 1.%{snapshot}
-thisapp = %{name}-%{snapshot}
-
-groups = Networking/Tools
-url = http://netfilter.org/projects/nftables/
-license = GPLv2
-summary = Netfilter Tables userspace utillites
-
-description
- %{summary}
-end
-
-source_dl = http://ftp.netfilter.org/pub/nftables/snapshot/
-sources = %{thisapp}.tar.bz2
-
-build
- requires
- autoconf
- autogen
- automake
- bison
- docbook2X
- docbook-xsl
- flex
- gmp-devel
- libtool
- libmnl-devel
- libnftnl-devel >= 1.0.5
- readline-devel
- end
-
- prepare_cmds
- ./autogen.sh
- end
-end
-
-packages
- package %{name}
-
- package %{name}-debuginfo
- template DEBUGINFO
- end
-end
hooks/post-receive
--
IPFire 3.x development tree
reply other threads:[~2018-06-25 10:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180625105916.5F7FD1081BCF@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox