Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nftables-1.1.1-1.2 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: nftables Distribution: openSUSE:Factory:zSystems
Version: 1.1.1 Vendor: openSUSE
Release: 1.2 Build date: Thu Oct 3 09:00:54 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 129783 Source RPM: nftables-1.1.1-1.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://netfilter.org/projects/nftables/
Summary: Userspace utility to access the nf_tables packet filter
nf_tables is a firewalling mechanism in the Linux kernel, running
independently of and parallel to ip_tables, ip6_tables,
arp_tables and ebtables. nftables is the corresponsing userspace
frontend.

The nftables frontend features support for sets and dictionaries of arbitrary
types, meta data types, atomic incremental and full ruleset updates, and,
similar to iptables, support for different protocols, access to connection
tracking and NAT and logging.

Provides

Requires

License

GPL-2.0-only

Changelog

* Thu Oct 03 2024 Jan Engelhardt <[email protected]>
  - Update to release 1.1.1
    * Reduce netlink cache dependencies to speed up incremental
      updates.
    * Allow zero burst in byte ratelimiter expression.
    * Fix double-free when users call nft_ctx_clear_vars() followed
      by nft_ctx_free().
    * Document that the tproxy statement is non-terminal (unlike in
      iptables). This allows for tproxy+log and tproxy+mark combos,
      see man nft(8) for details.
    * Add egress support for the `list hooks` subcommand.
* Wed Jul 17 2024 Jan Engelhardt <[email protected]>
  - Update to release 1.1.0
    * Restore compatibility set element dump with <= 0.9.8
    * Disallow empty interface names
    * Restore rule replace command
    * Search for group, rt_mark, rt_realms at
      /etc/iproute2, /usr/share/iproute2
    * Resolve some timezone issues
    * Support for variables in map expressions
    * VLAN support
* Thu Jan 04 2024 Dirk Müller <[email protected]>
  - buildrequire setuptools explicitly as pip drops the dependency
* Wed Jan 03 2024 Ben Greiner <[email protected]>
  - Fix the python bindings subpackages
    * The PEP517 python build requires setuptools
    * Actually use the rpm subpackage definition
    * The version is actually python3dist(nftables) = 0.1
    * is noarch and requires libnftables1 through dlopen, tell
      rpmlint
    * remove unused shebang
* Thu Oct 19 2023 Jan Engelhardt <[email protected]>
  - Update to release 1.0.9
    * Custom conntrack timeouts can use time specification with
      units other than seconds.
    * Allow combination of dnat with numgen.
    * Allow for using constants as key in dynamic sets.
    * Support for matching on the target address of a IPv6 neighbour
      solicitation/advertisement.
    * Restore bitwise operations in combination with maps, e.g. jump
      to chain depending on bitwise operation on packet mark.
    * Fix crash with log prefix longer that 127 bytes.
  - Drop merged 0001-Revert-py-replace-distutils-with-setuptools.patch
* Fri Jul 14 2023 Jan Engelhardt <[email protected]>
  - Update to release 1.0.8
    * Support for setting meta and ct mark from other fields in
      rules, e.g. set meta mark to ip dscp header field.
    * Enhacements for -o/--optimize to deal with NAT statements, to
      compact masquerade statements.
    * Support for stateful statements in anonymous maps, such as
      counters.
    * Support for resetting stateful expressions in sets, maps and
      elements, e.g. counters.
    * broute support to short-circuit bridge logic from the bridge
      prerouting hook and pass up packets to the local IP stack.
    * JSON support for table and chain comments.
  - Added 0001-Revert-py-replace-distutils-with-setuptools.patch
* Mon Mar 13 2023 Jan Engelhardt <[email protected]>
  - Update to release 1.0.7
    * Support for vxlan/geneve/gre/gretap matching
    * auto-merge support for partial set element deletion
    * Allow for NAT mapping with concatenation and ranges
    * Support for quota in sets
* Wed Dec 21 2022 Jan Engelhardt <[email protected]>
  - Update to release 1.0.6
    * Fix bytecode generation for concatenation of intervals where
      selectors use different byteorder datatypes, e.g. IPv4
      (network byte order).
    * Fix match of uncommon protocol matches with raw expressions
    * Unbreak insertion of rules with intervals ("sport {
      3478-3497, 16384-16387 }")
* Wed Aug 17 2022 Dirk Müller <[email protected]>
  - update to 1.0.5:
    * Fixes for the -o/--optimize, run this --optimize option to automagically
      compact your ruleset using sets, maps and concatenations
    * Fix ethernet and vlan concatenations, eg. define a dynamic set which
      is populated from the packet path
    * Fix ruleset listing with interface wildcard map
    * Fix several regressions in the input lexer which broke valid rulesets.
    * Fix slowdown with large lists of singleton interval elements.
    * Fix set automerge feature for large lists of singleton interval elements.
    * Fix bogus error reporting for exact overlaps.
    * Fix segfault when adding elements to invalid set.
    * fix device parsing in netdev family in json.
* Tue Jun 07 2022 Jan Engelhardt <[email protected]>
  - Update to release 1.0.4
    * Fixed a segfault in -o/--optimize with unsupported statements.
    * Bogus datatype mismatch error report in sets was fixed.
* Tue May 31 2022 Jan Engelhardt <[email protected]>
  - Update to release 1.0.3
    * Support for wildcard interface name matching with sets
    * Support for runtime auto-merge of set elements.
    * Enhancements for the ruleset optimization -o/--optimize
      option which allows to coalesce several NAT rules into map.
    * Support for raw expressions in concatenations.
    * Support for integer type protocol header fields in concatenations.
    * Allow to reset TCP options (requires Linux kernel >= 5.18)
  - Drop 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Tue Feb 22 2022 Jan Engelhardt <[email protected]>
  - Update to release 1.0.2
    * New ruleset optimization -o/--optimize option.
    * Support for IP and TCP options and SCTP chunks in sets.
    * Support for tcp fastopen, md5sig and mptcp options.
    * MP-TCP subtype matching support.
    * JSON support for flowtables.
  - Add 0001-build-add-missing-AM_CPPFLAGS-to-examples.patch
* Thu Nov 18 2021 Jan Engelhardt <[email protected]>
  - Update to release 1.0.1
    * Reduce memory footprint when loading large sets/maps.
    * Speed up reload of large sets/maps.
    * Speed up listing of specific tables in large ruleset, e.g.
      large ruleset with ~100k lines.
    * Speed up --terse option when listing a ruleset large sets/maps.
    * Print raw payload expression in hexadecimal, e.g.
      "@ll,0,8 & 0x80 == 0x80"
    * egress hook support (available since 5.16-rc1).
    * Allow matching and update bytes at inner header/payload
      offset (available since 5.16-rc1).
* Thu Aug 19 2021 Jan Engelhardt <[email protected]>
  - Update to release 1.0.0
    * Catch-all set element support.
    * The command-line option --define is now recognized.
    * Stateful expressions in maps.
    * Allow combination of jhash, symhash and numgen expressions with
      the queue statement.
    * Allow combination of verdict maps with interval concatenations.
* Tue May 25 2021 Jan Engelhardt <[email protected]>
  - Update to release 0.9.9
    * Flowtable hardware offload support
    * Support for the table owner flag.
    * 802.1ad (QinQ) support
    * cgroupsv2 support.
    * match on SCTP packet chunks (dependent on Linux 5.14)
    * Allow to use verdict in set/map typeof definitions
* Fri Jan 15 2021 Jan Engelhardt <[email protected]>
  - Update to release 0.9.8
    * Complete support for matching ICMP header content fields.
    * Added raw tcp option match support.
    * Added ability to check for the presence of any tcp option.
    * Support for rejecting traffic from the ingress chain.

Files

/etc/nftables
/etc/nftables/osf
/etc/nftables/osf/pf.os
/usr/sbin/nft
/usr/share/doc/packages/nftables
/usr/share/doc/packages/nftables/examples
/usr/share/doc/packages/nftables/examples/all-in-one.nft
/usr/share/doc/packages/nftables/examples/arp-filter.nft
/usr/share/doc/packages/nftables/examples/bridge-filter.nft
/usr/share/doc/packages/nftables/examples/ct_helpers.nft
/usr/share/doc/packages/nftables/examples/inet-filter.nft
/usr/share/doc/packages/nftables/examples/inet-nat.nft
/usr/share/doc/packages/nftables/examples/ipv4-filter.nft
/usr/share/doc/packages/nftables/examples/ipv4-mangle.nft
/usr/share/doc/packages/nftables/examples/ipv4-nat.nft
/usr/share/doc/packages/nftables/examples/ipv4-raw.nft
/usr/share/doc/packages/nftables/examples/ipv6-filter.nft
/usr/share/doc/packages/nftables/examples/ipv6-mangle.nft
/usr/share/doc/packages/nftables/examples/ipv6-nat.nft
/usr/share/doc/packages/nftables/examples/ipv6-raw.nft
/usr/share/doc/packages/nftables/examples/load_balancing.nft
/usr/share/doc/packages/nftables/examples/netdev-ingress.nft
/usr/share/doc/packages/nftables/examples/secmark.nft
/usr/share/doc/packages/nftables/examples/sets_and_maps.nft
/usr/share/licenses/nftables
/usr/share/licenses/nftables/COPYING
/usr/share/man/man5/libnftables-json.5.gz
/usr/share/man/man8/nft.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Jan 8 00:25:28 2025