HEAD ==== - compat_xtables: return bool for match_check and target_check in 2.6.23..34 - ipset: enable building of ip_set_ipport{ip,net}hash.ko - SYSRQ: resolve compile error with Linux 2.6.36 Xtables-addons 1.28 (July 24 2010) ================================== - RAWNAT: IPv6 variants erroneously rejected masks /33-/128 - new target xt_CHECKSUM - xt_length2: add support for IPv6 jumbograms - xt_geoip: fix possible out-of-bounds access - import xt_geoip database scripts Xtables-addons 1.27 (May 16 2010) ================================= - further updates for the upcoming 2.6.35 changes Xtables-addons 1.26 (April 30 2010) =================================== - compat_xtables: fix 2.6.34 compile error due to a typo Xtables-addons 1.25 (April 26 2010) =================================== - TEE: do rechecksumming in PREROUTING too - TEE: decrease TTL on cloned packet - TEE: set dont-fragment on cloned packets - TEE: free skb when route lookup failed - TEE: do not limit use to mangle table - TEE: do not retain iif and mark on cloned packet - TEE: new loop detection logic - TEE: use less expensive pskb_copy - condition: remove unnecessary RCU protection Xtables-addons 1.24 (March 17 2010) =================================== - build: fix build of userspace modules against old (pre-2.6.25) headers from linux-glibc-devel (/usr/include/linux) - ipp2p: updated bittorent command recognition - SYSRQ: let module load when crypto is unavailable - SYSRQ: allow processing of UDP-Lite Xtables-addons 1.23 (February 24 2010) ====================================== - build: support for Linux 2.6.34 - build: remove unused --with-ksource option - build: remove unneeded --with-xtables option - build: fix compilations in RAWNAT, SYSRQ and length2 when CONFIG_IPV6=n - ipset: update to 4.2 - ECHO: fix compilation w.r.t. skb_dst Xtables-addons 1.22 (January 22 2010) ===================================== - compat_xtables: support for 2.6.33 skb_iif changes - geoip: for FHS compliance use /usr/share/xt_geoip instead of /var/geoip - ipset: enable build of ip_set_setlist.ko - quota2: add the --no-change mode Xtables-addons 1.21 (December 09 2009) ====================================== - ACCOUNT: avoid collision with arp_tables setsockopt numbers - doc: fix option mismatch --gw/--gateway in libxt_TEE.man Xtables-addons 1.20 (November 19 2009) ====================================== - ipp2p: add more boundary checks - ipp2p: fix Gnutelle line ending detection - LOGMARK: remove unknown options from manpage - ACCOUNT: endianess-correctness - ipset: install manpage - ipset: fast forward to v4.1 Xtables-addons 1.19 (October 12 2009) ===================================== - build: compile fixes for 2.6.31-rt - build: support for Linux 2.6.32 - ipp2p: try to address underflows - psd: avoid potential crash when dealing with non-linear skbs - merge xt_ACCOUNT userspace utilities - added reworked xt_pknock module Changes from pknock v0.5: - pknock: "strict" and "checkip" flags were not displayed in `iptables -L` - pknock: the GC expire time's lower bound is now the default gc time (65000 msec) to avoid rendering anti-spoof protection in SPA mode useless - pknock: avoid crash on memory allocation failure and fix memleak - pknock: avoid fillup of peer table during DDoS - pknock: automatic closing of ports - pknock: make non-zero time mandatory for TCP mode - pknock: display only pknock mode and state relevant information in procfs - pknock: check interknock time only for !ST_ALLOWED peers - pknock: preserve time/autoclose values for rules added in reverse/arbitrary order - pknock: add a manpage Xtables-addons 1.18 (September 09 2009) ======================================= - build: support for Linux 2.6.31 - ipset: fast forward to v3.2 - quota2: support anonymous counters - quota2: reduce memory footprint for anonymous counters - quota2: extend locked period during cleanup (locking bugfix) - quota2: use strtoull instead of strtoul - merged xt_ACCOUNT module - merged xt_psd module Xtables-addons 1.17 (June 16 2009) ================================== - IPMARK: print missing --shift parameter - build: use readlink -f in extensions/ipset/ - build: support for Linux 2.6.30 Xtables-addons 1.16 (May 27 2009) ================================= - RAWNAT: make iptable_rawpost compile with 2.6.30-rc5 - ipset: fast forward to 3.0 Xtables-addons 1.15 (April 30 2009) =================================== - build: add kernel version check to configure - condition: compile fix for 2.6.30-rc - condition: fix intrapositional negation sign - fuzzy: fix bogus comparison logic leftover from move to new 1.4.3 API - ipp2p: fix bogus varargs call - ipp2p: fix typo in error message - added "iface" match - added rawpost table (for use with RAWNAT) - added RAWSNAT/RAWDNAT targets Xtables-addons 1.14 (March 31 2009) =================================== - fuzzy: need to account for kernel-level modified variables in .userspacesize - geoip: remove XT_ALIGN from .userspacesize when used with offsetof - SYSRQ: ignore non-UDP packets - SYSRQ: do proper L4 header access in IPv6 code (must not use tcp/udp_hdr in input path) - add "STEAL" target - dhcpmac: rename from dhcpaddr Xtables-addons 1.13 (March 23 2009) =================================== - added a reworked ipv4options match - upgrade to iptables 1.4.3 API Xtables-addons 1.12 (March 07 2009) =================================== - ipset: fix for compilation with 2.6.29-rt - ipset: fast forward to 2.5.0 - rename xt_portscan to xt_lscan ("low-level scan") because "portscan" as a word caused confusion - xt_LOGMARK: print incoming interface index - revert "TEE: do not use TOS for routing" - xt_TEE: resolve unknown symbol error with CONFIG_IPV6=n - xt_TEE: enable routing by iif, nfmark and flowlabel Xtables-addons 1.10 (February 18 2009) ====================================== - compat: compile fixes for 2.6.29 - ipset: upgrade to ipset 2.4.9 Xtables-addons 1.9 (January 30 2009) ==================================== - add the xt_length2 extension - xt_TEE: remove intrapositional '!' support - ipset: upgrade to ipset 2.4.7 Xtables-addons 1.8 (January 10 2009) ==================================== - xt_TEE: IPv6 support - xt_TEE: do not include TOS value in routing decision - xt_TEE: fix switch-case inversion for name/IP display - xt_ipp2p: update manpages and help text - xt_ipp2p: remove log flooding - xt_portscan: update manpage about --grscan option caveats Xtables-addons 1.7 (December 25 2008) ===================================== - xt_ECHO: compile fix - avoid the use of "_init" which led to compile errors on some installations - build: do not unconditionally install ipset - doc: add manpages for xt_ECHO and xt_TEE - xt_ipp2p: kazaa detection code cleanup - xt_ipp2p: fix newline inspection in kazaa detection - xt_ipp2p: ensure better array bounds checking - xt_SYSRQ: improve security by hashing password Xtables-addons 1.6 (November 18 2008) ===================================== - build: support for Linux 2.6.17 - build: compile fixes for 2.6.18 and 2.6.19 - xt_ECHO: resolve compile errors in xt_ECHO - xt_ipp2p: parenthesize unaligned-access macros Xtables-addons 1.5.7 (September 01 2008) ======================================== - API layer: fix use of uninitialized 'hotdrop' variable - API layer: move to pskb-based signatures - xt_SYSRQ: compile fixes for Linux <= 2.6.19 - ipset: adjust semaphore.h include for Linux >= 2.6.27 - build: automatically run `depmod -a` on installation - add reworked xt_fuzzy module - add DHCP address match and mangle module - xt_portscan: IPv6 support - xt_SYSRQ: add missing module aliases Xtables-addons 1.5.5 (August 03 2008) ===================================== - manpage updates for xt_CHAOS, xt_IPMARK; README updates - build: properly recognize external Kbuild/Mbuild files - build: remove dependency on CONFIG_NETWORK_SECMARK - add the xt_SYSRQ target - add the xt_quota2 extension - import ipset extension group Xtables-addons 1.5.4.1 (April 26 2008) ====================================== - build: fix compile error for 2.6.18-stable Xtables-addons 1.5.4 (April 09 2008) ==================================== - build: support building multiple files with one config option - API layer: add check for pskb relocation - doc: generate manpages - xt_ECHO: catch skb_linearize out-of-memory condition - xt_LOGMARK: add hook= and ctdir= fields in dump - xt_LOGMARK: fix comma output in ctstatus= list - xt_TEE: fix address copying bug - xt_TEE: make skb writable before attempting checksum update - add reworked xt_condition match - add reworked xt_ipp2p match - add reworked xt_IPMARK target Xtables-addons 1.5.3 (March 22 2008) ==================================== - support for Linux 2.6.18 - add xt_ECHO sample target - add reworked xt_geoip match Xtables-addons 1.5.2 (March 04 2008) ==================================== - build: support for GNU make < 3.81 which does not have $(realpath) Xtables-addons 1.5.1 (February 21 2008) ======================================= - build: allow user to select what extensions to compile and install - build: allow external proejcts to be downloaded into the tree - xt_LOGMARK: dump classify mark, ctstate and ctstatus - add xt_CHAOS, xt_DELUDE and xt_portscan from Chaostables Xtables-addons 1.5.0 (February 11 2008) ======================================= Initial release with: - extensions: xt_LOGMARK, xt_TARPIT, xt_TEE - support for Linux >= 2.6.19