Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libnftables1-1.0.8-slfo.1.1.27 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: libnftables1 Distribution: SUSE Linux Framework One
Version: 1.0.8 Vendor: SUSE LLC <https://www.suse.com/>
Release: slfo.1.1.27 Build date: Fri Jul 14 13:56:43 2023
Group: System/Libraries Build host: reproducible
Size: 959556 Source RPM: nftables-1.0.8-slfo.1.1.27.src.rpm
Packager: https://www.suse.com/
Url: https://netfilter.org/projects/nftables/
Summary: nftables firewalling command interface
libnftables is the nftables command line interface placed into a
library.

Provides

Requires

License

GPL-2.0-only

Changelog

* Fri Jul 14 2023 jengelh@inai.de
  - Update to release 1.0.8
    * Support for setting meta and ct mark from other fields in
      rules, e.g. set meta mark to ip dscp header field.
    * Enhacements for -o/--optimize to deal with NAT statements, to
      compact masquerade statements.
    * Support for stateful statements in anonymous maps, such as
      counters.
    * Support for resetting stateful expressions in sets, maps and
      elements, e.g. counters.
    * broute support to short-circuit bridge logic from the bridge
      prerouting hook and pass up packets to the local IP stack.
    * JSON support for table and chain comments.
  - Added 0001-Revert-py-replace-distutils-with-setuptools.patch
* Mon Mar 13 2023 jengelh@inai.de
  - Update to release 1.0.7
    * Support for vxlan/geneve/gre/gretap matching
    * auto-merge support for partial set element deletion
    * Allow for NAT mapping with concatenation and ranges
    * Support for quota in sets
* Wed Dec 21 2022 jengelh@inai.de
  - Update to release 1.0.6
    * Fix bytecode generation for concatenation of intervals where
      selectors use different byteorder datatypes, e.g. IPv4
      (network byte order).
    * Fix match of uncommon protocol matches with raw expressions
    * Unbreak insertion of rules with intervals ("sport {
      3478-3497, 16384-16387 }")
* Wed Aug 17 2022 dmueller@suse.com
  - update to 1.0.5:
    * Fixes for the -o/--optimize, run this --optimize option to automagically
      compact your ruleset using sets, maps and concatenations
    * Fix ethernet and vlan concatenations, eg. define a dynamic set which
      is populated from the packet path
    * Fix ruleset listing with interface wildcard map
    * Fix several regressions in the input lexer which broke valid rulesets.
    * Fix slowdown with large lists of singleton interval elements.
    * Fix set automerge feature for large lists of singleton interval elements.
    * Fix bogus error reporting for exact overlaps.
    * Fix segfault when adding elements to invalid set.
    * fix device parsing in netdev family in json.
* Tue Jun 07 2022 jengelh@inai.de
  - Update to release 1.0.4
    * Fixed a segfault in -o/--optimize with unsupported statements.
    * Bogus datatype mismatch error report in sets was fixed.
* Tue May 31 2022 jengelh@inai.de
  - Update to release 1.0.3
    * Support for wildcard interface name matching with sets
    * Support for runtime auto-merge of set elements.
    * Enhancements for the ruleset optimization -o/--optimize
      option which allows to coalesce several NAT rules into map.
    * Support for raw expressions in concatenations.
    * Support for integer type protocol header fields in concatenations.
    * Allow to reset TCP options (requires Linux kernel >= 5.18)
  - Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Tue Feb 22 2022 jengelh@inai.de
  - Update to release 1.0.2
    * New ruleset optimization -o/--optimize option.
    * Support for IP and TCP options and SCTP chunks in sets.
    * Support for tcp fastopen, md5sig and mptcp options.
    * MP-TCP subtype matching support.
    * JSON support for flowtables.
  - Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Thu Nov 18 2021 jengelh@inai.de
  - Update to release 1.0.1
    * Reduce memory footprint when loading large sets/maps.
    * Speed up reload of large sets/maps.
    * Speed up listing of specific tables in large ruleset, e.g.
      large ruleset with ~100k lines.
    * Speed up --terse option when listing a ruleset large sets/maps.
    * Print raw payload expression in hexadecimal, e.g.
      "@ll,0,8 & 0x80 == 0x80"
    * egress hook support (available since 5.16-rc1).
    * Allow matching and update bytes at inner header/payload
      offset (available since 5.16-rc1).
* Thu Aug 19 2021 jengelh@inai.de
  - Update to release 1.0.0
    * Catch-all set element support.
    * The command-line option --define is now recognized.
    * Stateful expressions in maps.
    * Allow combination of jhash, symhash and numgen expressions with
      the queue statement.
    * Allow combination of verdict maps with interval concatenations.
* Tue May 25 2021 jengelh@inai.de
  - Update to release 0.9.9
    * Flowtable hardware offload support
    * Support for the table owner flag.
    * 802.1ad (QinQ) support
    * cgroupsv2 support.
    * match on SCTP packet chunks (dependent on Linux 5.14)
    * Allow to use verdict in set/map typeof definitions
* Fri Jan 15 2021 jengelh@inai.de
  - Update to release 0.9.8
    * Complete support for matching ICMP header content fields.
    * Added raw tcp option match support.
    * Added ability to check for the presence of any tcp option.
    * Support for rejecting traffic from the ingress chain.
* Tue Oct 27 2020 jengelh@inai.de
  - Update to release 0.9.7
    * Support for implicit chains
    * Support for ingress inet chains
    * Support for reject from prerouting chain
    * Support for --terse option in json
    * Support for the reset command with json
* Tue Jun 16 2020 jengelh@inai.de
  - Update to release 0.9.6
    * Fix two ASAN runtime errors
* Sat Jun 06 2020 jengelh@inai.de
  - Update to release 0.9.5
    * Support for set counters.
    * Support for restoring set element counters via nft -f.
    * Counter support for flowtables.
    * typeof concatenations support for sets.
    * Support for concatenated ranges in anonymous sets.
    * Allow to reject packets with 802.1q from the bridge family.
    * Support for matching on the conntrack ID.
  - Drop anonset-crashfix.patch (upstream solved differently)
* Thu May 07 2020 jengelh@inai.de
  - Add anonset-crashfix.patch [boo#1171321]
* Wed Apr 01 2020 jengelh@inai.de
  - Update to release 0.9.4
    * Add a helper for concat expression handling.
    * Add "typeof" build/parse/print support.
* Mon Dec 09 2019 jengelh@inai.de
  - Add json, python [boo#1158723]
* Tue Dec 03 2019 jengelh@inai.de
  - Update to release 0.9.3
    * meta: Introduce new conditions "time", "day" and "hour".
    * src: add ability to set/get secmarks to/from connection.
    * flowtable: add support for named flowtable listing.
    * flowtable: add support for delete command by handle.
    * json: add support for element deletion.
    * Add `-T` as the short option for `--numeric-time`.
    * meta: add ibrpvid and ibrvproto support
* Mon Aug 19 2019 jengelh@inai.de
  - Update to new upstream release 0.9.2
    * Transport header port matching, e.g. "th dport 53"
    * Support for matching on IPv4 options
    * Support for synproxy
* Sat Jan 19 2019 stefan.bruens@rwth-aachen.de
  - Remove unused dblatex BuildRequires, only needed for the optional
    and disabled PDF generation (same contents as shipped manpage).
* Sat Jun 09 2018 jengelh@inai.de
  - Update to new upstream release 0.9.0
    * Support to check if packet matches an existing socket.
    * Support to limit number of active connections by arbitrary
      criteria, such as ip addresses, networks, conntrack zones or
      any combination thereof.
    * Added support for "audit" logging.
* Fri May 11 2018 jengelh@inai.de
  - Update to new upstream release 0.8.5
    * support to add/insert a rule at a given index position
    * meter statement now supports a configureable upper max size
    * timeouts for sets can now be specified in milliseconds
    * re-add iptables-like empty skeleton rulesets
* Wed May 02 2018 jengelh@inai.de
  - Update to new upstream release 0.8.4
    * Support to match IPv6 segment routing headers.
    * New "meta ibrname" and "meta obrname" arguments to match the
      name of the logical bridge a packet is passing through.
      These new names replace the old (misnamed) "ibriport"/"obriport".
    * `nft -a` will now show handle identifier for all objects,
      including tables and chains.
    * nft can now delete objects by their handle number.
    * Support to update maps from the ruleset (packet path).
    * the "--echo" option now prints handle id for tables and
      object too.
    * `nft -f -` will now read from standard input
    * Support for flow tables, cf. man page or
      https://lwn.net/Articles/738214/ .
* Sat Mar 03 2018 jengelh@inai.de
  - Update to new upstream release 0.8.3
    * raw payload support to match headers that do not yet have
      received a mnemonic.
* Sat Feb 03 2018 jengelh@inai.de
  - Update to new upstream release 0.8.2
    * add secpath support
* Tue Jan 16 2018 jengelh@inai.de
  - Update to new upstream release 0.8.1
    * This release deprecates the "flow table" syntax in favor
      of "meter".
* Fri Oct 13 2017 jengelh@inai.de
  - Update to new upstream release 0.8
    * This release contains new features available up to the
      (upcoming) Linux 4.14 kernel release:
    * Support for stateful objects, these objects are uniquely
      identified by a user-defined name, you can refer to them from
      rules, and there is a well established interface to operate
      with them.
    * Sort set elements when listing them, from lower to largest.
    * TCP option matching and mangling support. This includes TCP
      maximum segment size mangling.
    * Add new "-s" option for listings without stateful information.
    * Add new -c/--check option for nft, to tests if your ruleset
      loads fine, into the kernel, this is a dry run mode.
    * Connection tracking helper support.
    * Add --echo option, to print the handle that the kernel
      allocates to uniquely identify rules.
    * Conntrack zone support
    * Symmetric hash support
    * Add support to include directories from nft natives scripts,
      files are loaded in alphanumerical order.
    * Allow to check if IPv6 extension header or TCP option exists
      or is missing.
    * Extend quota support to display used bytes.
    * Add ct average matching, to match average bytes per packet a
      connection has transferred so far, to map the existing
      feature available in the iptables connbytes match.
    * Allow to flush maps and flow tables.
    * Allow to embed set definition into an existing set.
    * Conntrack event filtering support via rule.
* Tue Dec 20 2016 jengelh@inai.de
  - Update to new upstream release 0.7
    * Add new fib expression, which can be used to obtain the
      output interface from the route table based on either source
      or destination address of a packet.
    * Support hashing of any arbitrary key combination, eg.
    * Add number generation support. Useful for round-robin packet
      mark setting.
    * Add quota support, eg.
    * Introduce routing expression, for routing related data with
      support for nexthop
    * Notrack support, to explicitly skip connection tracking for
      matching packets.
    * Support to set non-byte bound packet header fields, including
      checksum adjustment.
    * Add 'create set' and 'create element' commands.
    * Allow to use variable reference for set element definitions.
    * Allow to use variable definitions from element commands.
    * Add support to flush set. You can use this new command to
      remove all existing elements in a set.
    * Inverted set lookups.
    * Honor absolute and relative paths via include file, where:
    * Support log flags, to enable logging TCP sequence and options.
    * tc classid parser support, eg.
    * Allow numeric connlabels, so if connlabel still works with
      undefined labels.
* Thu Jun 02 2016 jengelh@inai.de
  - Update to new upstream release 0.6
    * Rules may be replaced now
    * Flow table support (requires Linux >= 4.3)
    * Support for tracing
    * Ratelimiting now supports units like bytes/second.
    * Matchinv VLAN IDs, DSCP/ECN, ICMP RtAdv & RtSol
* Thu Sep 17 2015 jengelh@inai.de
  - Update to new upstream release 0.5
    * Support combinations of two or more selectors to build a tuple
    * Timeout support for sets
    * Dormant flag for tables
    * Default chain policy specifiable on creation
* Sat May 23 2015 mrueckert@suse.de
  - set the url to the project page
  - pass --disable-silent-rules to configure to allow gcc post build
    check to work
* Tue Dec 16 2014 jengelh@inai.de
  - Update to new upstream release 0.4
    * Since Linux 3.18: support for global ruleset operations
    * Since 3.17: full logging support for all the families,
    including nfnetlink_log
    * 3.16: automatic selection of the optimal set implementation
    * 3.14: reject support for ip, ip6 and inet
    * 3.18: reject support for bridge, and reject icmpx abstraction
    * 3.18: masquerade support
    * 3.19: redirect support
    * Extend meta to support pkttype, cpu and devgroup matching.
* Fri Jun 27 2014 jengelh@inai.de
  - Update to new upstream release 0.3
    * More compact syntax for the queue action
    * Match input and output bridge interface name through "meta
    ibriport" and "meta obriport"
    * netlink event monitor, to monitor ruleset events, set changes, etc.
    * New transaction infrastructure - fully atomic updates for all
    object available in the upcoming 3.16.
* Mon Jan 13 2014 jengelh@inai.de
  - Initial package for build.opensuse.org

Files

/usr/lib64/libnftables.so.1
/usr/lib64/libnftables.so.1.1.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 12 00:02:43 2024