The Netfilter HomePage: 1.2

Bugs Fixed from 1.1.2:

• Now default installs into /usr/local/sbin, not /usr/local/bin.
• Only does IPv6 compilation on libc6.
• More header fixes for weird header combos.
• ip6tables now refers to "icmpv6" protocol, not "icmp".
  [ Harald Welte ]
• IPPROTO_ESP and AH defined in iptables for primitive headers.
• iptables multiple-DNS resolve fixed
  [ Harald Welte, Rusty ]
• Kernel bugfixes in patch-o-matic:
  • IPv6 netfilter fixes
    [ Harald Welte ]
  • Masquerade with fwmark routing fix
  • Dynamic hashsize optimization (NAT) + `hashsize=' module parameter.
  • NAT overlap fix
  • PPC/Sparc mangle table fix.

• New `install-devel' target
  [ James Morris ]
• libipq now has man pages!
  [ James Morris ]
• iptables-save and iptables-restore added (with man pages!)
  [ Harald Welte ]
• iptables now inserts modules if CONFIG_KMOD or --modprobe
  [ Harald Welte, Rusty ]
• New `experimental' and `install-experimental' targets.
• `--reject-with=echo-reply' removed in anticipation of the removal of kernel support.
• ttl match enhancements (greater or less than tests)
  [ Harald Welte ]
• Reworked patch-o-matic interface, to force reading of help.
• patch-o-matic updated for new 2.4 Makefiles
  [ Daniel Stone, Harald Welte ]
• patch-o-matic now supports non-IPv4 netfilter patches
  [ Harald Welte ]
• New patch-o-matic patches:
  • eggdrop bot connection tracking
    [ Magnus Sandin ]
  • FTOS target for full ToS mangling.
    [ Matthew G. Marsh ]
  • BALANCE target for simple load-balancing.
  • iplimit match for limiting number of connections.
    [ Gerd Knorr ]
  • IPv6 MARK target
    [ Harald Welte ]
  • IPv6 mark match
    [ Harald Welte ]