--8w3uRX/HFJGApMzv Content-Type: multipart/mixed; boundary="ctP54qlpMx3WjD+/" Content-Disposition: inline --ctP54qlpMx3WjD+/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! The netfilter coreteam proudly presents: iptables version 1.2.6a Unfortunately iptables 1.2.6, released three days ago, contained two unfixed bugs due to a missing CVS commit. Sorry for this inconvenience, we will=20 include a one-week freeze before every future iptables release to prevent this from happening again. The two bugs fixed from 1.2.6 are: 1) if you use the patch-o-matic/base/conntrack.patch, libipt_conntrack.c does not compile due to a typo. 2) if you use the patch-o-matic/submitted/ip_conntrack_protocol_unregister patch, ip_conntrack_standalone.c does not compile. Version 1.2.6a fixes both of bugs, it can be obtained from: http://www.netfilter.org/files/iptables-1.2.6a.tar.bz2 http://netfilter.samba.org/files/iptables-1.2.6a.tar.bz2 ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.6a.tar.bz2 =09 More information can be found at the netfilter/iptables project homepage, available at: http://www.netfilter.org/ http://www.iptables.org/ Happy firewalling, --=20 Live long and prosper - Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/ =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-=20 V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*) --ctP54qlpMx3WjD+/ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="changes-iptables-1.2.6.txt" Content-Transfer-Encoding: quoted-printable iptables v1.2.6 Changelog =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This version requires kernel >=3D 2.4.4 This version recommends kernel >=3D 2.4.18 Bugs Fixed from 1.2.5: - Fix iptables segfault problem when using `!' without argument [ Dionis Papavramidis, Harald Welte ] - Fix PSD match for psd-delay-threshold > 100 [ Steven Coenen, Dennis Koslowski ] - ip6tables alignment fixes=20 [ Andreas Herrmann ] - patch-o-matic: - Fix NAT-related bug in TCP window tracking code [ Jozsef Kadlecsik ] - Fix support for DNAT of locally-originated connections (NAT in LOCAL_OUT)=20 [ Henrik Nordstrom, Harald Welte ] - Fix string match (is now SMP safe) [ Gianni Tedesco ] - Fix TFTP conntrack/nat helper (now also catches first packet) [ Magnus Boden ] Changes from 1.2.5: - Added global PREFIX makefile variable for all paths [ Harald Welte ] - If compiled without any COPT_FLAGS, debugging is disabled. To enable debugging, use -DIPTC_DEBUG [ Harald Welte ] - New ip6tables-restore and ip6tables-save manpage [ Andras Kis-Szabo ]=20 - Sync ip6tables-restore and ip6tables-save with iptables-restore [ Andras Kis-Szabo ] - Sync ip6tables with iptables [ Andras Kis-Szabo ] - mangle table attaches now to all five netfilter hooks [ Brad Chapman, Harald Welte ] - iptables and ip6tables manpage updates [ Herve Eychenne ] - patch-o-matic program now supports removal of already-applied patches [ Bob Hockney ] - patch-o-matic program now supports patches to the userspace extensions [ Fabrice Marie ] - patch-o-matic: - Extend recent match to support multiple recent lists [ Stephen Frost ] - New GRE and PPTP connection tracking and NAT helper [ Harald Welte ] - New CONNMARK target for marking all packets within one connection [ Henrik Nordstrom ] - New conntrack match, enables matching on more conntrack informatin than state [ Marc Boucher ] - New DSCP match and target (DSCP header field obsoletes TOS) [ Harald Welte ] - New owner match extension: Match on process name [ Marc Boucher ] - Add support for bitwise AND / OR manipulation on nfmark [ Fabrice Marie ] - New experimental patch for disabling TCP connection tracking pickup [ Harald Welte ] - Add support for SACK in all NAT helpers [ Harald Welte ] - Make eggdrop botnet connection tracking support work with eggdrop v1.6.x=20 [ Magnus Sandin ] - Add support to REJECT for sending icmp-unreachable messages from a fake source address [ Fabrice Marie ] - Add support for ntalk2 to talk NAT helper [ Jozsef Kadlecsik ] - Big update to newnat patch [ Jozsef Kadlecsik, Paul P Komkoff ] --ctP54qlpMx3WjD+/-- --8w3uRX/HFJGApMzv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8lKO3NfqJzMqajVsRAmVmAKCb7/lQiyWeBt3deSakABJP7nT5SACfRq9p n1sPgGki7EzPaBJ3KD/luY4=Bz4L -----END PGP SIGNATURE----- --8w3uRX/HFJGApMzv--