The Netfilter HomePage: iptables 1.2.4
This version requires kernel >= 2.4.4
This version recommends kernel > 2.4.9
Bugs Fixed from 1.2.3:
- make iptables-restore print error message instead of segfault when
processing broken / wrong input.
[ ]
- string_to_number fix in LOG, IPv6 LOG, TOS and FTOS target
[ ]
- fix iptables-save problems when saving MIRROR rules
[ Harald Welte ]
- fix IPv6 ICMP problems
[ ]
- fix TTL increment in TTL target
[ ]
- Kernel bugfixes in patch-o-matic:
- Fix printing of inner-packet in ICMP error messages (LOG target)
[ ]
- Decrement TTL when using MIRROR target at PRE_ROUTING
[ ]
- fix undiscovered REJECT checkentry() bug (alignment)
[ Bert Hubert ]
Changes from 1.2.3:
- New "make most-of-pom" feature for application of non-confliction
patches. This should be used instead of "make patch-o-matic" by most
users.
[ Harald Welte ]
- iptables-save and iptables-restore now included in the default install;
They are no longer experimental for quite some time.
[ Harald Welte ]
- synchronize ip6tables-save/restore with iptables-save/restore
[ Harald Welte ]
- more precise save() function for ipt_limit rates
[ ]
- new improved version of nth-match. Added support for multiple counters,
added support for matching on individual packets in the counter cycle
[ Richard Wagner ]
- added manpage for ip6tables
[ ]
- updated libipq documentation
[ ]
- added timeout to libipq recv function
[ ]
- New patch-o-matic patches:
- New random match
[ ]
- New ftp-fxp patch, imposes security risk but some people need it *sigh*
[ Magnus Sandin ]
- New H323 conntrack + nat modules
[ Jozsef Kadlecsik ]
- New version of tcp-window tracking patch, includes sysctl() changeable
timeouts
[ Jozsef Kadlecsik ]