Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nftables-1.0.9-3.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: nftables Distribution: openSUSE:Factory:zSystems
Version: 1.0.9 Vendor: openSUSE
Release: 3.1 Build date: Sun Jan 7 22:02:07 2024
Group: Productivity/Networking/Security Build host: s390zl25
Size: 128455 Source RPM: nftables-1.0.9-3.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://netfilter.org/projects/nftables/
Summary: Userspace utility to access the nf_tables packet filter
nf_tables is a firewalling mechanism in the Linux kernel, running
independently of and parallel to ip_tables, ip6_tables,
arp_tables and ebtables. nftables is the corresponsing userspace
frontend.

The nftables frontend features support for sets and dictionaries of arbitrary
types, meta data types, atomic incremental and full ruleset updates, and,
similar to iptables, support for different protocols, access to connection
tracking and NAT and logging.

Provides

Requires

License

GPL-2.0-only

Changelog

* Thu Jan 04 2024 Dirk Müller <dmueller@suse.com>
  - buildrequire setuptools explicitly as pip drops the dependency
* Wed Jan 03 2024 Ben Greiner <code@bnavigator.de>
  - Fix the python bindings subpackages
    * The PEP517 python build requires setuptools
    * Actually use the rpm subpackage definition
    * The version is actually python3dist(nftables) = 0.1
    * is noarch and requires libnftables1 through dlopen, tell
      rpmlint
    * remove unused shebang
* Thu Oct 19 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.9
    * Custom conntrack timeouts can use time specification with
      units other than seconds.
    * Allow combination of dnat with numgen.
    * Allow for using constants as key in dynamic sets.
    * Support for matching on the target address of a IPv6 neighbour
      solicitation/advertisement.
    * Restore bitwise operations in combination with maps, e.g. jump
      to chain depending on bitwise operation on packet mark.
    * Fix crash with log prefix longer that 127 bytes.
  - Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch
* Fri Jul 14 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.8
    * Support for setting meta and ct mark from other fields in
      rules, e.g. set meta mark to ip dscp header field.
    * Enhacements for -o/--optimize to deal with NAT statements, to
      compact masquerade statements.
    * Support for stateful statements in anonymous maps, such as
      counters.
    * Support for resetting stateful expressions in sets, maps and
      elements, e.g. counters.
    * broute support to short-circuit bridge logic from the bridge
      prerouting hook and pass up packets to the local IP stack.
    * JSON support for table and chain comments.
  - Added 0001-Revert-py-replace-distutils-with-setuptools.patch
* Mon Mar 13 2023 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.7
    * Support for vxlan/geneve/gre/gretap matching
    * auto-merge support for partial set element deletion
    * Allow for NAT mapping with concatenation and ranges
    * Support for quota in sets
* Wed Dec 21 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.6
    * Fix bytecode generation for concatenation of intervals where
      selectors use different byteorder datatypes, e.g. IPv4
      (network byte order).
    * Fix match of uncommon protocol matches with raw expressions
    * Unbreak insertion of rules with intervals ("sport {
      3478-3497, 16384-16387 }")
* Wed Aug 17 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.0.5:
    * Fixes for the -o/--optimize, run this --optimize option to automagically
      compact your ruleset using sets, maps and concatenations
    * Fix ethernet and vlan concatenations, eg. define a dynamic set which
      is populated from the packet path
    * Fix ruleset listing with interface wildcard map
    * Fix several regressions in the input lexer which broke valid rulesets.
    * Fix slowdown with large lists of singleton interval elements.
    * Fix set automerge feature for large lists of singleton interval elements.
    * Fix bogus error reporting for exact overlaps.
    * Fix segfault when adding elements to invalid set.
    * fix device parsing in netdev family in json.
* Tue Jun 07 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.4
    * Fixed a segfault in -o/--optimize with unsupported statements.
    * Bogus datatype mismatch error report in sets was fixed.
* Tue May 31 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.3
    * Support for wildcard interface name matching with sets
    * Support for runtime auto-merge of set elements.
    * Enhancements for the ruleset optimization -o/--optimize
      option which allows to coalesce several NAT rules into map.
    * Support for raw expressions in concatenations.
    * Support for integer type protocol header fields in concatenations.
    * Allow to reset TCP options (requires Linux kernel >= 5.18)
  - Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Tue Feb 22 2022 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.2
    * New ruleset optimization -o/--optimize option.
    * Support for IP and TCP options and SCTP chunks in sets.
    * Support for tcp fastopen, md5sig and mptcp options.
    * MP-TCP subtype matching support.
    * JSON support for flowtables.
  - Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Thu Nov 18 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.1
    * Reduce memory footprint when loading large sets/maps.
    * Speed up reload of large sets/maps.
    * Speed up listing of specific tables in large ruleset, e.g.
      large ruleset with ~100k lines.
    * Speed up --terse option when listing a ruleset large sets/maps.
    * Print raw payload expression in hexadecimal, e.g.
      "@ll,0,8 & 0x80 == 0x80"
    * egress hook support (available since 5.16-rc1).
    * Allow matching and update bytes at inner header/payload
      offset (available since 5.16-rc1).
* Thu Aug 19 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 1.0.0
    * Catch-all set element support.
    * The command-line option --define is now recognized.
    * Stateful expressions in maps.
    * Allow combination of jhash, symhash and numgen expressions with
      the queue statement.
    * Allow combination of verdict maps with interval concatenations.
* Tue May 25 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.9
    * Flowtable hardware offload support
    * Support for the table owner flag.
    * 802.1ad (QinQ) support
    * cgroupsv2 support.
    * match on SCTP packet chunks (dependent on Linux 5.14)
    * Allow to use verdict in set/map typeof definitions
* Fri Jan 15 2021 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.8
    * Complete support for matching ICMP header content fields.
    * Added raw tcp option match support.
    * Added ability to check for the presence of any tcp option.
    * Support for rejecting traffic from the ingress chain.
* Tue Oct 27 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.7
    * Support for implicit chains
    * Support for ingress inet chains
    * Support for reject from prerouting chain
    * Support for --terse option in json
    * Support for the reset command with json
* Tue Jun 16 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.6
    * Fix two ASAN runtime errors
* Sat Jun 06 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.5
    * Support for set counters.
    * Support for restoring set element counters via nft -f.
    * Counter support for flowtables.
    * typeof concatenations support for sets.
    * Support for concatenated ranges in anonymous sets.
    * Allow to reject packets with 802.1q from the bridge family.
    * Support for matching on the conntrack ID.
  - Drop anonset-crashfix.patch (upstream solved differently)
* Thu May 07 2020 Jan Engelhardt <jengelh@inai.de>
  - Add anonset-crashfix.patch [boo#1171321]
* Wed Apr 01 2020 Jan Engelhardt <jengelh@inai.de>
  - Update to release 0.9.4
    * Add a helper for concat expression handling.
    * Add "typeof" build/parse/print support.

Files

/etc/nftables
/etc/nftables/osf
/etc/nftables/osf/pf.os
/usr/sbin/nft
/usr/share/doc/packages/nftables
/usr/share/doc/packages/nftables/examples
/usr/share/doc/packages/nftables/examples/all-in-one.nft
/usr/share/doc/packages/nftables/examples/arp-filter.nft
/usr/share/doc/packages/nftables/examples/bridge-filter.nft
/usr/share/doc/packages/nftables/examples/ct_helpers.nft
/usr/share/doc/packages/nftables/examples/inet-filter.nft
/usr/share/doc/packages/nftables/examples/inet-nat.nft
/usr/share/doc/packages/nftables/examples/ipv4-filter.nft
/usr/share/doc/packages/nftables/examples/ipv4-mangle.nft
/usr/share/doc/packages/nftables/examples/ipv4-nat.nft
/usr/share/doc/packages/nftables/examples/ipv4-raw.nft
/usr/share/doc/packages/nftables/examples/ipv6-filter.nft
/usr/share/doc/packages/nftables/examples/ipv6-mangle.nft
/usr/share/doc/packages/nftables/examples/ipv6-nat.nft
/usr/share/doc/packages/nftables/examples/ipv6-raw.nft
/usr/share/doc/packages/nftables/examples/load_balancing.nft
/usr/share/doc/packages/nftables/examples/netdev-ingress.nft
/usr/share/doc/packages/nftables/examples/secmark.nft
/usr/share/doc/packages/nftables/examples/sets_and_maps.nft
/usr/share/licenses/nftables
/usr/share/licenses/nftables/COPYING
/usr/share/man/man5/libnftables-json.5.gz
/usr/share/man/man8/nft.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 9 12:50:11 2024