- ip(6)tables-save/restore: fix memory leaks
- ip6tables: fix printout of odd length netmasks
- condition match: fix iptables-save
- fuzzy match: fix ip(6)tables-save
- mac match: fix ip(6)tables-save if used inverted (!)
- ip6tables udp match: check for invalid port ranges
- LOG target: fix iptables-save (save loglevel numerically)
- mport match: fix iptables-save (save numerically)
- libipq: fix ipq_id_t definition on 'real' 64bit/64bit architectures
- libip6tc: fix ipv6_prefix_length endianness bugs
- MASQUERADE target: don't accept negative port numbers
- physdev match: fix new structure layout for kernel > 2.6.0-test8
- build plugins for connlimit, iprange, realm, CLASSIFY, CONNMARK, NETMAP
- libip(6)tc: Speedup due to inceremental chain cache updates
- recent match: Update to version 0.3.1 that was submitted to the kernel
- physdev match: add --physdev-is-{in,out,bridge} option
- REJECT target: add support for ICMP administratively prohibited
- conntrack match: add suport for CONFIRMED / unconfirmed state
- ROUTE target: new option: continue traversal
- varios cosmetic cleanups
- iptables/libiptc: add support for the new 'raw' table
Allow manpages to install to custom location.
Get rid of hard-coded KERNEL_DIR from a non-existing local directory.
(This needs to be improved to use linux-kernel-headers package
if needed.)
the userland interface to netfilter.
Netfilter is the firewalling subsystem for Linux 2.4.x or above
kernels. It provides stateful packet filtering, address translation
(including dynamic masquerading and port forwarding), and packet
manipulation.
This package doesn't build as is -- see TODO.