| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: iptables | Distribution: SUSE Linux 16 | 
| Version: 1.8.11 | Vendor: SUSE LLC <https://www.suse.com/> | 
| Release: 160000.2.2 | Build date: Mon Apr 28 21:46:06 2025 | 
| Group: Productivity/Networking/Security | Build host: reproducible | 
| Size: 434835 | Source RPM: iptables-1.8.11-160000.2.2.src.rpm | 
| Packager: https://www.suse.com/ | |
| Url: https://netfilter.org/projects/iptables/ | |
| Summary: IP packet filter administration utilities | |
iptables is used to set up, maintain, and inspect the rule tables of the various Netfilter packet filter engines inside the Linux kernel.
Artistic-2.0 AND GPL-2.0-only
* Mon Apr 28 2025 antonio.teixeira@suse.com
  - Provide ebtables for SLES16
* Thu Apr 17 2025 antonio.teixeira@suse.com
  - Remove legacy backend from SLES16
* Mon Dec 02 2024 antonio.teixeira@suse.com
  - Add iptables-nft-fix-interface-comparisons.patch
    * fix '-C' commands for nft backend (bsc#1233690)
* Fri Nov 08 2024 jengelh@inai.de
  - Update to release 1.8.11
    * New arptables-translate tool
    * ebtables-nft: support --replace and --list-rules commands
    * iptables-translate: support socket match and TPROXY target
* Fri May 24 2024 jengelh@inai.de
  - Edit iptables-batch-lock.patch, cure use of implicit function,
    fix it to make gcc14 happy.
* Sat Oct 21 2023 jengelh@inai.de
  - The presence of nftables does not mandate that iptables use
    backend-nft [bsc#1206383].
* Tue Oct 10 2023 jengelh@inai.de
  - Update to release 1.8.10
    * xtables-translate: support rule insert with index
    * broute table support in ebtables-nft
    * nft-variants' debug output (pass multiple ``-v`` flags) now
      contains sets if present
    * Add mld-listener type names to icmp6 match
* Mon Feb 13 2023 danilo.spinella@suse.com
  - Use nftables backend by default when nftables is installed, bsc#1206383
* Thu Jan 12 2023 jengelh@inai.de
  - Update to release 1.8.9
    * arptables-nft: Support --exact flag
    * Support more chunk types in the "sctp" extension
    * Print `--` in ip6tables' "opt" column for consistency with
      iptables
    * More verbose error messages if iptables-nft-restore fails
    * Support `-p Length` with ebtables-nft,
      needed for 802_3 extension.
* Thu Jul 21 2022 lnussel@suse.com
  - add baselibs.conf for libip4tc2, will be needed by
    libsystemd-shared-251.so
* Fri May 13 2022 jengelh@inai.de
  - Update to release 1.8.8
    * Add iptables-translate support for: sctp match's
    - -chunk-types option, connlimit match, multiport match's
    - -ports option, and the tcpmss match.
    * Reject setuid executables in libxtables for safety reasons
    * Extended arptables-nft with -C, -I, -R, -S cmomands and the
      "-c N,M" counter syntax.
    * Debug output in iptables-restore (all variants), iptables-nft
      and ebtables-nft when specifying -v multiple times
    * Improved performance of iptables-save and -restore
* Thu Dec 30 2021 danilo.spinella@suse.com
  - Only use nftables backend when iptables-backend-nft is installed
    when using libalternatives
* Fri Nov 19 2021 danilo.spinella@suse.com
  - Fix libalternatives configuration for ebtables and arptables
    by keeping argv0, fixes bsc#1192799.
* Wed Oct 20 2021 schubi@suse.de
  - Added alts requirements for iptables-backend-nft package.
* Thu Sep 16 2021 schubi@suse.com
  - Removed update-alternatives dependency in libalternatives mode.
* Tue Aug 03 2021 schubi@suse.com
  - Use libalternatives instead of update-alternatives.
* Fri Jan 15 2021 jengelh@inai.de
  - Update to release 1.8.7
    * iptables-nft:
    * Improved performance when matching on IP/MAC address prefixes
      if the prefix is byte-aligned. In ideal cases, this doubles
      packet processing performance.
    * Dump user-defined chains in lexical order. This way ruleset
      dumps become stable and easily comparable.
    * Avoid pointless table/chain creation. For instance,
      `iptables-nft -L` no longer creates missing base-chains.
* Sun Nov 01 2020 jengelh@inai.de
  - Update to release 1.8.6
    * iptables-nft had pointlessly added "bitwise" expressions to
      each IP address match, needlessly slowing down run-time
      performance (by 50% in worst cases).
    * iptables-nft-restore: Support basechain policy value of "-"
      (indicating to not change the chain's policy).
    * nft-translte: Fix translation of ICMP type "any" match.
* Wed Jun 03 2020 jengelh@inai.de
  - Update to release 1.8.5
    * IDLETIMER: Add alarm timer option
    * nft: CT: add translation for NOTRACK
  - Drop iptables-apply-mktemp-fix.patch (seemingly applied)
* Mon Dec 02 2019 jengelh@inai.de
  - Update to release 1.8.4
    * Fix for wrong counter format in `ebtables-nft-save -c` output.
    * Print typical iptables-save comments in arptables- and
      ebtables-save, too.
    * xt_owner: add --suppl-groups option
    * Remove support for /etc/xtables.conf
    * Restore support for "-4" and "-6" options in rule lines.
* Mon Sep 30 2019 kstreitova@suse.com
  - Add Conflicts with iptables-nft = 1.6.2 as during the update to
    iptables 1.8 ip6tables-restore-translate, ip6tables-translate,
    iptables-restore-translate and iptables-translate were moved from
    iptables-nft subpackage (now iptables-backend-nft) to the main
    package. So we need to add a conflict here otherwise we hit file
    conflicts error during the update.
* Fri Sep 06 2019 kstreitova@suse.com
  - add missing Provides/Obsoletes for the renamed package
    iptables-backend-nft (was iptables-nft)
* Tue May 28 2019 jengelh@inai.de
  - Update to new upstream release 1.8.3
    * ebtables: Fix rule listing with counters
    * ebtables-nft: Support user-defined chain policies
  - Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch
    0001-include-fix-build-with-kernel-headers-before-4.2.patch
    (upstreamed)
* Wed May 22 2019 jengelh@inai.de
  - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch,
    0001-include-extend-the-headers-conflict-workaround-to-in.patch
    to fix build with older linux-glibc-devel. [boo#1132821]
* Thu Apr 04 2019 kstreitova@suse.com
  - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation
    where 'iptables -L' reads garbage from the struct as the kernel
    never filled it in the bugged case. This can lead to issues like
    mapping a few TiB of memory [bsc#1106751].
* Tue Nov 13 2018 jengelh@inai.de
  - Update to new upstream release 1.8.2
    * Fix incorrect handling of various targets and options in
      iptables-nft,ebtables-nft,arptables-nft.
* Tue Oct 23 2018 jengelh@inai.de
  - Update to new upstream release 1.8.1
    * New cgroup match revision with reduced memory footprint
* Mon Sep 24 2018 astieger@suse.com
  - note build-time dependency on libnftnl >= 1.1.1
* Tue Sep 04 2018 mchandras@suse.de
  - Add missing update-alternatives dependency to Requires(post)
    section. If this is missing the package fails to install properly
    when it is used as build dependency.
* Mon Jul 09 2018 jengelh@inai.de
  - Update to new upstream release 1.8.0 and snapshot 1.8.0.g75
    * The ipv6 "srh" match can now match previous/next/last sid
    * CONNMARK target now supports bit-shifting for restore,set
      and save-mark.
    * DNAT now supports shifted portmap ranges.
    * iptables now comes in two backends: legacy and nft.
* Thu May 24 2018 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Mon Mar 12 2018 matthias.gerstner@suse.com
  - Fix ethertypes ownership, should be %exclude, not %ghost.
* Thu Feb 22 2018 matthias.gerstner@suse.com
  - Resolve conflict with ebtables and obtain ethertypes from new netcfg minor
    version. FATE#320520
* Sat Feb 03 2018 jengelh@inai.de
  - Update to new upstream release 1.6.2
    * add support for the "srh" match
    * add randomize-full for the "MASQUERADE" target
    * add rate match mode to the "hashlimit" match
* Thu Jun 22 2017 matthias.gerstner@suse.com
  - Add iptables-batch-lock.patch: Fix a locking issue of
    iptables-batch which can cause it to spuriously fail when other
    programs modify the iptables rules in parallel (bnc#1045130).
    This can especially affect SuSEfirewall2 during startup.
* Fri Jan 27 2017 jengelh@inai.de
  - Update to new upstream release 1.6.1
    * add support for hashlimit rev 2 for higher pps rates
    * add support for cgroup2 path matching
    * translation program for nft
* Fri Dec 18 2015 jengelh@inai.de
  - Update to final release 1.6.0
    * Only a build fix, no new significant changes.
* Mon Nov 23 2015 jengelh@inai.de
  - Update to new snapshot v1.4.21-367-g9763347 [1.6.0~]
    * -m ah/esp/rt: restore matching "any SPI id" by default
    (they unexpectedly defaulted to --spi 0 rather than --spi ALL)
    * -m cgroup: new module
    * -m dst: make ! --dst-len work
    * -m ipcomp: new module
    * -m socket: add --restore-skmark option
    * -j CT: add support for new zone options
    * -j REJECT: add missing ICMPv6 codes
    * -j TEE: make it possible to delete rules with -D ... -j
    * -j SNAT/DNAT: add randomize-full support
* Thu Apr 24 2014 dmueller@suse.com
  - remove dependency on gpg-offline (blocks rebuilds and
    tarball integrity is checked by source-validator anyway)
* Wed Apr 23 2014 dmueller@suse.com
  - remove dependency on sgmltool: doesn't seem to be used
    and reduces rebuild time on aarch64 by 8 hours
* Sat Nov 23 2013 jengelh@inai.de
  - Update to new upstream release 1.4.21
    * --nowildcard option for xt_socket, available since Linux kernel 3.11
    * SYNPROXY support, available since Linux kernel 3.12
* Wed Aug 07 2013 jengelh@inai.de
  - Update to new upstream release 1.4.20
    * Introduce a new revision for the set match with the counters support
    * Add locking to prevent concurrent instances
* Fri May 31 2013 jengelh@inai.de
  - Update to new upstream release 1.4.19.1
    * New connlabel and bpf matches
  - Remove 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch,
    0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch
    (are upstream)
* Mon Apr 15 2013 jengelh@inai.de
  - libxt_state.so symlink was not installed (bnc#815182); fix by
    removing 0001-build-also-use-libtool-for-install-stage.patch,
    removing 0001-build-do-not-dereference-symlinks-on-installation.patch,
    adding 0001-libip6t_NETMAP-Use-xtables_ip6mask_to_cidr-and-get-r.patch,
    adding 0001-Revert-build-resolve-link-failure-for-ip6t_NETMAP.patch
* Wed Mar 20 2013 cfarrell@suse.com
  - license update: GPL-2.0 and Artistic-2.0
    GPL version does not have ^or later^ due to inclusion of numerous GPL 2
    ^only^ files. Also, aggregation of Artistic-2.0 content
* Mon Mar 04 2013 jengelh@inai.de
  - Update to new upstream release 1.4.18
    * documentation updates
  - Create subpackage xtables-plugins, to aid packaging of xtadm
  - Add 0001-build-do-not-dereference-symlinks-on-installation.patch
    as a prerequisite for:
  - Add 0001-build-also-use-libtool-for-install-stage.patch
    to kill of undesired DT_RPATH entries
* Tue Dec 25 2012 jengelh@inai.de
  - Update to new upstream release 1.4.17
    * libxt_time: add support to ignore day transition
    * libxt_statistic: fix save output
* Wed Nov 28 2012 sbrabec@suse.cz
  - Verify GPG signature
* Thu Nov 15 2012 lnussel@suse.de
  - list all required binaries explicitly to make sure all of them are actually
    compiled
* Thu Nov 15 2012 jengelh@inai.de
  - Always regenerate files due to SUSE's iptables-batch patch
* Mon Oct 08 2012 jengelh@inai.de
  - Update to new upstream release 1.4.16.3
    * This release includes aliasing support which translates command
    lines using obsolete extensions into new ones. The option parser
    now flags illegal negative numbers in some more extensions.
    A division by zero was resolved in libxt_limit as well.
* Tue Jul 31 2012 jengelh@inai.de
  - Update to new upstream release 1.4.15
    * libxt_recent: add --mask netmask
    * libxt_hashlimit: add support for byte-based operation
* Sat May 26 2012 jengelh@inai.de
  - Update to new upstream release 1.4.14
    * Support for the new cttimeout infrastructure. This allows you to
    attach specific timeout policies to flow via iptables CT target.
* Tue Mar 27 2012 jengelh@medozas.de
  - Update to new upstream release 1.4.13
    * Add the rpfilter, nfacct and IPv6 ECN extensions
* Mon Jan 02 2012 jengelh@medozas.de
  - Update to newer git snapshot (v1.4.12.2-28-g2117f2b,
    but master branch), tag locally as 1.4.12.90.
    * ships missing pkgconfig files, compile fix for libnfnetlink
    * libxt_NFQUEUE: fix --queue-bypass ipt-save output
    * libxt_connbytes: fix handling of --connbytes FROM
    * libxt_recent: Add support for --reap option
  - split iptables-devel into libiptc-devel and libxtables-devel
* Wed Dec 28 2011 puzel@suse.com
  - iptables-apply-mktemp-fix.patch (bnc#730161)
* Wed Nov 30 2011 coolo@suse.com
  - add automake as buildrequire to avoid implicit dependency
* Tue Oct 04 2011 jengelh@medozas.de
  - Update to a newer git snapshot of the stable branch
    (to v1.4.12.1-16-gd2b0eaa)
    * resolve failure to load extensions that depend on libm.so
  - rediff of iptables-batch due to fuzz
  - relax runtime requires
* Thu Sep 01 2011 jengelh@medozas.de
  - Update to new upstream release 1.4.12.1
    * regression fixes for the new (stricter) command-line parser
  - restore --includedir= in spec file
  - Put libxtables into its own subpackage so that one does not need
    a lockstep update of iproute2 on a new iptables package
  - Remove redundant fields (Autoreqprov defaults to on, License is
    inherited from main package)
* Fri Aug 12 2011 draht@suse.de
  - include path is /usr/include
* Mon Aug 08 2011 jengelh@medozas.de
  - Put include files into a separate directory to flag up missing
    CFLAGS. libipq.pc will now be provided.
  - Enable build of nfnl_osf, a tool to upload OS fingerprints to
    the kernel for use with xt_osf.
* Fri Jul 22 2011 jengelh@medozas.de
  - Update to new upstream release 1.4.12
    * Include lost match/target descriptions in manpage again
    * libxt_LOG: fix ignorance of all but the last flag
    * libxt_HL: restore hl-* option names
    * libxt_hashlimit: use a more obvious expiry value by default
    * libxt_RATEEST: fix find-and-delete of rules with -j RATEEST
    * ipv4: restore negation for the -f option
    * Reject empty host specifications (e.g. -s "")
    * libxt_conntrack: restore network byteordering for ABI v1 & v2
    * Documentation updates
* Wed Jun 08 2011 jengelh@medozas.de
  - Update to snapshot 1.4.11+git16
    * libxt_owner: restore inversion support
    * option: fix ignored negation before implicit extension loading
    * build: fix installation of symlinks
    * build: fix absence of xml translator in IPv6-only builds
  - Drop merged patches
* Sun May 29 2011 jengelh@medozas.de
  - Update to new upstream release 1.4.11
    * stricter option parsing
    * support for the current xt_SET target as contained in 2.6.39
    * support for the new xt_devgroup match
    * support for the new xt_AUDIT target
    * support for a new NFQUEUE bypass option, allowing to bypass the
    queue if no userspace listener is present
    * a new iptables option "-C" to check for existence of a rules
  - Fixes on top
    * allow negation of --uid-owner/--gid-owner again
    * fix installation of symlinks
  - Run spec-beautifier
* Fri Oct 29 2010 jengelh@medozas.de
  - Update to new upstream release 1.4.10
    * this is the release for the Linux 2.6.36 kernel
    * support for the cpu match, which can be used to improve cache
    locality when running multiple server instances
    * support for the IDLETIMER target, which can be used to notify
    userspace of interfaces being idle
    * support for the CHECKSUM target
    * support for the ipvs match
    * a fix for deletion of rules using the quota match
* Mon Aug 09 2010 puzel@novell.com
  - update to new upstream release 1.4.9.1
    * fixes a compilation problem with static linking in the 1.4.9
      release
* Wed Aug 04 2010 puzel@novell.com
  - update to new upstream release 1.4.9
    * this is the release for the Linux 2.6.35 kernel
    * support for the LED target
    * a new version of the set extension for the upcoming release
      supporting IPv6
    * negation support for the quota match
    * support for the SACK-IMMEDIATELY SCTP extension and
      FORWARD_TSN chunk type in the sctp match
    * documentation updates and various smaller bugfixes
* Wed May 26 2010 jengelh@medozas.de
  - update to new upstream release 1.4.8
    * this is the release for the Linux 2.6.34 kernel
    * add support for the new xt_CT extension
    * import the nfnl_osf program required for proper operation
      of the xt_osf extension
* Sat Apr 24 2010 coolo@novell.com
  - buildrequire pkg-config to fix provides
* Mon Mar 01 2010 jengelh@medozas.de
  - update to new upstream release 1.4.7
    * libipq is built as a shared library
    * removal of some restrictions on interface names
    * documentation updates
  - rebase and fix linking of iptables-batch
  - fix libdir->libexecdir
* Mon Feb 22 2010 jengelh@medozas.de
  - only run configure when needed
  - use %_smp_mflags
  - use newer git snapshot to fix compile error due to missing
    ipt_DSCP.h in newer linux-glibc-devel (>= 2.6.32)
* Wed Dec 30 2009 puzel@novell.com
  - fix bnc#561793 - do not include unclean module documentation
    in iptables manpage
* Tue Dec 22 2009 jengelh@medozas.de
  - update specfile descriptions (bnc#553801)
  - update to iptables 1.4.6:
    * combine iptables subprograms into a new multi-purpose binary
    * support for new implementations: NFQUEUE v1, conntrack v2
    * helper: fix invalid passed option to check_inverse
    * iprange accepts single host specifications again
    * iprange: do accept non-ranges for xt_iprange v1
    * iprange: warn on reverse range
    * libiptc: fix wrong maptype of base chain counters on restore
    * iptables: fix undersized deletion mask creation
    * iptables/extensions: make bundled options work again
    * iptables: take masks into consideration for replace command
    * xtables: warn of missing version identifier in extensions
    * documentation updates
  - refresh iptables-batch
* Thu Nov 12 2009 puzel@novell.com
  - remove outdated howtos (bnc#551748)
* Wed Jul 15 2009 kay.sievers@novell.com
  - fix libdir/libexecdir on 64bit installation
* Wed Jun 17 2009 puzel@novell.com
  - install iptables-apply
* Wed Jun 17 2009 puzel@suse.cz
  - update to iptables-1.4.4
    * support for the new features in the 2.6.30 kernel, namely the
      cluster match and persistent multi-range NAT mappings
    * support for the ipset set match and target
    * various minor fixes and cleanups
    * documentation updates
* Mon May 11 2009 puzel@suse.cz
  - make explicit 'commit' in iptables-batch do nothing (bnc#500990)
* Tue Apr 21 2009 puzel@suse.cz
  - update to 1.4.3.2
    - numerous documentation updates and bugfixes
    - set of changes to move some of the iptables functionality to a shared
    library for tc and m_ipt
    - make libiptc available as shared library (closes bnc#487629)
    - IPv6 support for the recent match
    - TPROXY support
    - SCTP/DCCP NAT support
  - INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
    filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
    cause an error instead of a warning from now on.
  - rework iptables-batch.patch (libiptc interface has changed)
  - update howtos
* Fri Jan 16 2009 prusnak@suse.cz
  - updated to 1.4.2
    * remove dependency on libiptc headers
    * fix segmentation fault with -tanything
    * warn about use of DROP in nat table
    * do allow --rttl for --update
    * run ldconfig on `make install`
    * fix invalid iptables-save output
    * fix hashlimit output
* Wed Sep 10 2008 prusnak@suse.cz
  - updated to 1.4.2-rc1
    * libxt_TOS: make sure --set-tos value/mask is recognized
    * libiptc: fix scalability performance issue during initial ruleset parsing
    * xt_string: string extension case insensitive matching
    * ip6tables: add --goto support
* Wed Sep 10 2008 prusnak@suse.cz
  - updated to 1.4.1.1
    * iptables: fix printing of line numbers with --line-numbers arg
    * ip6tables: fix printing of ipv6 network masks
    * build: fix `make install` when --disable-shared is used
    * iprange: kernel flags were not set
* Wed Sep 10 2008 prusnak@suse.cz
  - updated to 1.4.1
    * iptables: use C99 lists for struct options
    * Make iptables-restore usable over a pipe
    * Add support for --set-counters to iptables -P
    * iptables --list-rules command
    * iptables --list chain rulenum
    * Make --set-counters (-c) accept comma separated counters
    * libxt_iprange: Fix IP validation logic
    * fix ip6tables dest address printing
    * Converts the iptables build infrastructure to autotools.
    * Introduce strtonum(), which works like string_to_number(), but passes
    * print warning when dlopen fails
    * libxt_owner: UID/GID range support
    * Fix compilation of iptables-static build
    * xtables.h: move non-exported parts to internal.h
    * Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
    * manpages: fix broken markup (missing close tags)
    * manpages: update to reflect fine-grained control
    * configure: split --enable-libipq from --enable-devel
    * Add all necessary header files - compilation fix for various cases
    * Install libiptc header files because xtables.h depends on it
    * Implement AF_UNSPEC as a wildcard for extensions
    * Combine ipt and ip6t manpages
    * Resolve warnings on 64-bit compile
    * Wrap dlopen code into NO_SHARED_LIBS
    * Remove support for compilation of conditional extensions
    * Resolve libipt_set warnings
    * Update documentation about building the package
    * configure.ac: AC_SUBST must be separate
    * Dynamically create xtables.h.in with version
    * configure.ac: remove already-defined variables
    * Remove old functions, constants
    * Makefile.am: use PACKAGE_TARNAME
    * iptables out-of-tree build directory
    * Introduce a counter for number of user defined chains.
    * Solving scalability issue: for chain list "name" searching.
    * REDIRECT: Allow symbolic port in REDIRECT --to-port
    * Fix iptables-save output of libxt_owner match
    * allow empty strings in argument parser
    * Fix define value of SCTP chunk type.
    * cleanup several code wraparounds
    * Add RATEEST target extension
    * Add rateest match extension
    * Properly initialize revision for ip6tables targets
    * Resync header files with kernel
    * libiptc: move variable definitions to head of function
    * Fix CONNMARK mask initialisation
    * iptables-save:remove unnecessary code.
    * Don't assume /bin/sh is bash
    * Add xtables version defines.
    * Use s6_addr32 to access bits in int6_addr instead of incompatible name
* Tue Jan 08 2008 prusnak@suse.cz
  - updated to 1.4.0:
    * Add support for generic xtables infrastructure (improved IPv6 support!)
    * Deletes empty ->final_check() functions
    * Fix sparse warnings: non-C99 array declaration, incorrect function prototypes
    * Remove last vestiges of NFC
    * Make @msg argument a const char *, just like printf
    * Makes it possible to omit extra_opts of matches/targets if unnecessary
    * Fix "iptables getsockopt failed strangely" when querying revisions
      for non-existant matches and targets
    * Introduces DEST_IPT_LIBDIR in Makefile
    * Change default KERNEL_DIR location and add KBUILD_OUTPUT
    * Removes obsolete KERNEL_64_USERSPACE_32 definitions
    * Fix unused function warning
    * Don't use dlfcn.h if NO_SHARED_LIBS is defined
    * Fix showing help text for matches/targets with revision as user
    * Print warnings to stderr
    * Fix sscanf type errors
    * Always print mask in iptables-save
    * Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names
    * Adds --table to iptables-restore
    * Make DO_MULTI=1 work for ip6tables* binaries
    * Add ip6tables-{save,restore} to non-experimental target,
      fix strict aliasing warnings
    * Introducing libxt_*.man files. Sorted matches and modules
    * Install ip6tables-{save,restore} manpages
    * Performance optimization in sorting chain during pull-out
    * Fix sockfd use accounting for kernels without autoloading
    * use <linux/types.h>
    * Fix make/compile error for iptables-1.4.0rc1
    * Fix for --random option in DNAT and REDIRECT
    * Document xt_statistic
    * sctp: fix - mistake to pass a pointer where array is required
    * Fix connlimit output for inverted --connlimit-above:
      ! > is <=, not <
    * Add NFLOG manpage
    * Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
    * Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
    * Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
    * fix check_inverse() call
  - removed obsolete patch:
    * strict-aliasing-fix.diff (included in update)
* Tue Jul 31 2007 prusnak@suse.cz
  - removed sed scripts in %prep section from last update
    * not needed anymore
* Thu Jul 26 2007 prusnak@suse.cz
  - updated to 1.3.8
    * Fix build error of conntrack match
    * Remove whitespace in ip6tables.c
    * `-p all' and `-p 0' should be allowed in ip6tables
    * hashlimit doc update
    * add --random option to DNAT and REDIRECT
    * Makefile uses POSIX conform directory check
    * Fix missing newlines in iptables-save/restore output
    * Update quota manpage for SMP
    * Output for unspecified proto is `all' instead of `0'
    * Fix iptables-save with --random option
    * Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs
    * Remove libnsl from LDLIBS
    * Fix problem with iptables-restore and quotes
    * Remove unnecessary includes
    * Fix --modprobe parameter
    * ip6tables-restore should output error of modprobe after failed to load
    * Add random option to SNAT
    * Fix missing space in error message
    * Fixes for manpages of tcp, udp, and icmp{,6}
    * Add ip6tables mh extension
    * Fix tcpmss manpage
    * Add ip6tables TCPMSS extension
    * Add UDPLITE multiport support
    * Fix missing space in ruleset listing
    * Remove extensions for unmaintained/obsolete patchlets
    * Fix greedy debug grep
    * Fix type in manpage
    * Fix compile/install error for iptables-xml with DO_MULTI=1
  - dropped obsolete patches:
    * newlines.diff (included in update)
    * shlibs.diff (done by sed in %prep section)
    * extensions.diff
* Wed May 09 2007 prusnak@suse.cz
  - added newlines to error messages (newlines.diff) [#271847]
* Tue Mar 13 2007 prusnak@suse.cz
  - added initial setting of KERNEL_DIR variable in %install section of spec file
* Tue Jan 09 2007 prusnak@suse.cz
  - added experimental tools and extensions (removed by last update)
* Wed Jan 03 2007 prusnak@suse.cz
  - updated to 1.3.7
    * Add revision support for ip6tables
    * Add port range support for ip6tables multiport match
    * Add sctp match extension for ip6tables
    * Add iptables-xml tool
    * Add hashlimit support for ip6tables (needs kernel > 2.6.19)
    * Add NFLOG target extension for iptables/ip6tables (needs kernel > 2.6.19)
    * Bugfixes
  - updated debian-docs and moved into tar.bz2
* Thu Nov 16 2006 mjancar@suse.cz
  - allow setting KERNEL_DIR on commandline for build (#220851)
* Tue Oct 17 2006 anosek@suse.cz
  - updated to version 1.3.6
    * Support multiple matches of the same type within a single rule
    * DCCP/SCTP support for multiport match (needs kernel >= 2.6.18)
    * SELinux SECMARK target (needs kernel >= 2.6.18)
    * SELinux CONNSECMARK target (needs kernel >= 2.6.18)
    * Add support for statistic match (needs kernel >= 2.6.18)
    * Optionally read realm values from /etc/iproute2/rt_realms
    * Bugfixes
* Wed Feb 01 2006 lnussel@suse.de
  - updated to version 1.3.5
    * supports ip6tables state and conntrack \o/ (#145758)
* Fri Jan 27 2006 mls@suse.de
  - converted neededforbuild to BuildRequires
* Tue Jan 24 2006 schwab@suse.de
  - Fix building of shared libraries.
* Tue Jan 17 2006 postadal@suse.cz
  - updated policy extension from upstream (policy-1.3.4.patch)
    * ported for changes in kernel
* Tue Nov 15 2005 postadal@suse.cz
  - updated to version 1.3.4
  - added RPM_OPT_FLAGS to CFLAGS
  - fixed strict aliasing (strict-aliasing-fix.patch)
* Mon Aug 01 2005 lnussel@suse.de
  - add iptables-batch and ip6tables-batch
* Mon Aug 01 2005 postadal@suse.cz
  - updated to version 1.3.3
* Wed Jul 27 2005 postadal@suse.cz
  - updated to version 1.3.2
* Wed Mar 09 2005 postadal@suse.cz
  - updated to version 1.3.1 (bug fixes)
* Thu Feb 17 2005 postadal@suse.cz
  - updated to version 1.3.0
  - removed obsoleted patch modules-secfix
* Tue Nov 02 2004 postadal@suse.cz
  - fixed uninitialised variable [#47850] - CAN-2004-0986
* Tue Aug 17 2004 mludvig@suse.cz
  - Fixed mode for extensions/.policy-test6
* Thu Aug 05 2004 mludvig@suse.cz
  - Added IPv6 support to the 'policy' match.
* Wed Aug 04 2004 postadal@suse.cz
  - updated to version 1.2.11
  - removed obsoleted patch clusterip
* Sat Apr 24 2004 lmb@suse.de
  - Add support for Cluster IP functionality.
* Wed Apr 21 2004 mludvig@suse.cz
  - Added module for IPv6 conntrack from USAGI.
* Wed Mar 24 2004 mludvig@suse.cz
  - Added policy module from patch-o-matic
* Fri Feb 06 2004 postadal@suse.cz
  - updated to version 1.2.9.
* Sat Jan 10 2004 adrian@suse.de
  - add %defattr
* Wed Jul 23 2003 postadal@suse.cz
  - updated to 1.2.8
* Tue Apr 08 2003 schwab@suse.de
  - Prefer sanitized kernel headers.
* Thu Sep 05 2002 postadal@suse.cz
  - updated to bugfixed 1.2.7a version
* Wed Aug 28 2002 postadal@suse.cz
  - added Requires %{name} = %{version} to devel package
* Thu Aug 08 2002 nadvornik@suse.cz
  - updated to 1.2.7
* Wed Mar 27 2002 postadal@suse.cz
  - revert to compile it with kernel headers (#15448)
* Fri Feb 01 2002 nadvornik@suse.cz
  - compiled with kernel headers from glibc
* Tue Jan 15 2002 nadvornik@suse.cz
  - update to 1.2.5
* Wed Nov 14 2001 nadvornik@suse.cz
  - updated to 1.2.4 [bug #12104]
    - fixed problems with iptables-save/restore
  - iptables-1.2.4.debian.diff.bz2 contains documentation only,
    Makefile changes moved to separate patch
* Sat Sep 22 2001 garloff@suse.de
  - Fix ipt_string support (compile fix).
* Tue Jul 17 2001 garloff@suse.de
  - Update to iptables-1.2.2
  - Appply debian patch: mostly docu stuff
  - Added COMPILE_EXPERIMENTAL flag to Makefile and pass it from RPM
    .spec file to compile and install ip(6)tables-save/restore apps.
* Fri Apr 06 2001 kukuk@suse.de
  - changed neededforbuild from lx_suse to kernel-source
* Tue Mar 27 2001 lmuelle@suse.de
  - update to 1.2.1a
  - add devel package with libipq stuff
  - minor spec file cleanup
* Sun Jan 28 2001 olh@suse.de
  - update to 1.2, needed for ppc and sparc
* Tue Dec 19 2000 nadvornik@suse.cz
  - compiled with lx_suse
* Tue Oct 17 2000 nadvornik@suse.cz
  - update to 1.1.2
* Fri Sep 22 2000 ro@suse.de
  - up to 1.1.1
* Fri Jun 09 2000 ro@suse.de
  - fixed neededforbuild
* Wed Jun 07 2000 nadvornik@suse.cz
  - new package 1.1.0
/usr/bin/iptables-xml /usr/sbin/arptables /usr/sbin/arptables-nft /usr/sbin/arptables-nft-restore /usr/sbin/arptables-nft-save /usr/sbin/arptables-restore /usr/sbin/arptables-save /usr/sbin/arptables-translate /usr/sbin/ebtables /usr/sbin/ebtables-nft /usr/sbin/ebtables-nft-restore /usr/sbin/ebtables-nft-save /usr/sbin/ebtables-restore /usr/sbin/ebtables-save /usr/sbin/ebtables-translate /usr/sbin/ip6tables /usr/sbin/ip6tables-apply /usr/sbin/ip6tables-nft /usr/sbin/ip6tables-nft-restore /usr/sbin/ip6tables-nft-save /usr/sbin/ip6tables-restore /usr/sbin/ip6tables-restore-translate /usr/sbin/ip6tables-save /usr/sbin/ip6tables-translate /usr/sbin/iptables /usr/sbin/iptables-apply /usr/sbin/iptables-nft /usr/sbin/iptables-nft-restore /usr/sbin/iptables-nft-save /usr/sbin/iptables-restore /usr/sbin/iptables-restore-translate /usr/sbin/iptables-save /usr/sbin/iptables-translate /usr/sbin/xtables-monitor /usr/sbin/xtables-nft-multi /usr/share/licenses/iptables /usr/share/licenses/iptables/COPYING /usr/share/man/man1/iptables-xml.1.gz /usr/share/man/man8/arptables-nft-restore.8.gz /usr/share/man/man8/arptables-nft-save.8.gz /usr/share/man/man8/arptables-nft.8.gz /usr/share/man/man8/arptables-translate.8.gz /usr/share/man/man8/ebtables-nft.8.gz /usr/share/man/man8/ebtables-translate.8.gz /usr/share/man/man8/ip6tables-apply.8.gz /usr/share/man/man8/ip6tables-restore-translate.8.gz /usr/share/man/man8/ip6tables-restore.8.gz /usr/share/man/man8/ip6tables-save.8.gz /usr/share/man/man8/ip6tables-translate.8.gz /usr/share/man/man8/ip6tables.8.gz /usr/share/man/man8/iptables-apply.8.gz /usr/share/man/man8/iptables-extensions.8.gz /usr/share/man/man8/iptables-restore-translate.8.gz /usr/share/man/man8/iptables-restore.8.gz /usr/share/man/man8/iptables-save.8.gz /usr/share/man/man8/iptables-translate.8.gz /usr/share/man/man8/iptables.8.gz /usr/share/man/man8/xtables-legacy.8.gz /usr/share/man/man8/xtables-monitor.8.gz /usr/share/man/man8/xtables-nft.8.gz /usr/share/man/man8/xtables-translate.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Sep 30 22:29:13 2025