The Netfilter HomePage: iptables 1.2.2
This version requires kernel 2.4.1 or above.
This version recommends kernel 2.4.4 or above.
Bugs Fixed from 1.2.1a:
- fixes for SAME Target
[ Martin Josefsson ]
- fixes for iplimit match in combination with iptables-save/-restore
[ Gerd Knorr ]
- fix for TCP match in combination with iptables-save/-restore
[ Ian Lynagh ]
- iptables-restore now deals correclty with spaces in --log-prefix
[ Harald Welte ]
- fix in 'isapplied' script. It used to give false negatives
[ Harald Welte ]
- fix in BALANCE target, target now uses full ip address range
[ Martin Josefsson ]
- fix for NETLINK target, was sending wrong interface name
[ Gianni Tedesco ]
- fix for collision of ftp and irc NAT helpers
[ Harald Welte ]
- ip6tables brought in sync with iptables
[ Kis-Szabo Andras ]
- Kernel bugfixes in patch-o-matic:
- Fix possible security vulnerability in ip_conntrack_ftp
[ Cristiano Lincoln Mattos, James Morris and Rusty ]
Changes from 1.2.1a:
- libiptc should now be usable from C++ applications
[ Fabrice MAURIE ]
- seqoffset-,ftp-security, ... patches are combined in 2.4.4.patch
[ Rusty Russell ]
- lots of old pre-2.4.1 patches now combined in 2.4.1.patch
[ Rusty Russel ]
- IRC conntrack + nat cleanup
[ Harald Welte ]
- string match cleanup
[ Gianni Tedesco ]
- ULOG cleanup, new version. Fixes 'unable to send nflink' bug
[ Harald Welte ]
- New patch-o-matic patches:
- New NETMAP Target for mapping whole networks 1:1 to other addresses
[ Svenning Soerensen ]
- New length Target for matching packet length
[ James Morris ]
- New ipv4options match for matching IPv4 header options
[ Fabrice MARIE ]
- New IPv6 agr match for matching IPv6 global aggregatable unicast adresses
[ Andras Kis-Szabo ]
- New pkttype match for matching link-layer multicast / broadcast packets
[ Michal Ludvig ]
- New time match for matching the packet's receive time
[ Fabrice MARIE ]
- New talk conntack + NAT helper module
[ Jozsef Kadlecsik ]