Adel Belhouane (1): restore legacy behaviour of iptables-restore when rules start with -4/-6 Duncan Roe (1): netfilter: hashlimit: prefer PRIu64 to avoid warnings on 32bit platforms Fernando Fernandez Mancera (1): utils: nfnl_osf: fix snprintf -Wformat-truncation warning Florian Westphal (6): extensions/libxt_MASQUERADE.man: random and random-fully are now identical nft: exit in case we can't fetch current genid ebtables: fix over-eager -o checks on custom chains libiptc: axe non-building debug code libiptc: silence two comiler warnings ipables: xtables-restore: output filename option in help text Jan Engelhardt (2): build: remove -Wl,--no-as-needed and libiptc.so src: replace IPTABLES_VERSION by PACKAGE_VERSION Jose M. Guisado Gomez (1): extensions: libxt_SYNPROXY: add xlate method Joseph C. Sible (1): doc: Note REDIRECT case of no IP address Juliana Rodrigueiro (1): extensions: nfacct: Fix alignment mismatch in xt_nfacct_match_info Lukasz Pawelczyk (1): extensions: libxt_owner: Add supplementary groups option Pablo Neira Ayuso (1): configure: bump version for 1.8.4 release Phil Sutter (92): xtables-restore: Fix program names in help texts nft: Set socket receive buffer nft: Pass nft_handle down to mnl_batch_talk() nft: Move send/receive buffer sizes into nft_handle xtables-save: Use argv[0] as program name ebtables: Fix error message for invalid parameters ebtables-save: Fix counter formatting xtables-save: Unify *-save header/footer comments xtables-save: Fix table compatibility check nft: Make nft_for_each_table() more versatile xtables-save: Avoid mixed code and declarations xtables-save: Pass optstring/longopts to xtables_save_main() xtables-save: Make COMMIT line optional xtables-save: Pass format flags to do_output() arptables-save: Merge into xtables_save_main() ebtables-save: Merge into xtables_save_main() nft: Set errno in nft_rule_flush() xtables: Drop support for /etc/xtables.conf doc: Install nft-variant man pages only if enabled doc: Install ip{6,}tables-restore-translate.8 man pages nft: Drop stale include directive iptables-test: Support testing host binaries tests/shell: Make ebtables-basic test more verbose DEBUG: Print to stderr to not disturb iptables-save nft: Use nftnl_*_set_str() functions nft: Introduce nft_bridge_commit() nft Increase mnl_talk() receive buffer size nft: Fix add_bitwise_u16() on Big Endian xtables_error() does not return nft: Fix typo in nft_parse_limit() error message nft: Get rid of NFT_COMPAT_EXPR_MAX define tests/shell: Speed up ipt-restore/0004-restore-race_0 tests: shell: Support running for legacy/nft only nft: Fix for add and delete of same rule in single batch nft: Make nftnl_table_list_get() fetch only tables xtables-restore: Minimize caching when flushing nft: Pass nft_handle to flush_cache() nft: Avoid nested cache fetching nft: Extract cache routines into nft-cache.c iptables-test: Run tests in lexical order nft-cache: Introduce cache levels nft-cache: Fetch only chains in nft_chain_list_get() nft-cache: Cover for multiple fetcher invocation nft-cache: Support partial cache per table nft-cache: Support partial rule cache per chain nft: Reduce cache overhead of nft_chain_builtin_init() nft: Support nft_is_table_compatible() per chain nft: Optimize flushing all chains of a table xtables-restore: Treat struct nft_xt_restore_parse as const xtables-restore: Use xt_params->program_name xtables-restore: Introduce rule counter tokenizer function xtables-restore: Constify struct nft_xt_restore_cb iptables-restore: Constify struct iptables_restore_cb xtables-restore: Drop local xtc_ops instance xtables-restore: Drop chain_list callback xtables-restore: Fix --table parameter check xtables-restore: Unbreak *tables-restore nft: Use ARRAY_SIZE() macro in nft_strerror() iptables-xml: Use add_param_to_argv() xshared: Introduce struct argv_store xtables-arp: Use xtables_ipparse_multiple() ip6tables, xtables-arp: Drop unused struct pprot xshared: Share a common add_command() implementation xshared: Share a common implementation of parse_rulenumber() Merge CMD_* defines xtables-arp: Drop generic_opt_check() Replace TRUE/FALSE with true/false xtables-arp: Integrate OPT_* defines into xshared.h xtables-arp: Drop some unused variables xtables-arp: Use xtables_parse_interface() nft-arp: Use xtables_print_mac_and_mask() xtables-restore: Integrate restore callbacks into struct nft_xt_restore_parse xtables-restore: Introduce struct nft_xt_restore_state xtables-restore: Introduce line parsing function xtables-restore: Remove some pointless linebreaks xtables-restore: Allow lines without trailing newline character xtables-restore: Improve performance of --noflush operation tests: shell: Add ipt-restore/0007-flush-noflush_0 nft: CMD_ZERO needs a rule cache nft: Fix -Z for rules with NFTA_RULE_COMPAT nft: family_ops: Pass nft_handle to 'add' callback nft: family_ops: Pass nft_handle to 'rule_find' callback nft: family_ops: Pass nft_handle to 'print_rule' callback nft: family_ops: Pass nft_handle to 'rule_to_cs' callback nft: Keep nft_handle pointer in nft_xt_ctx nft: Eliminate pointless calls to nft_family_ops_lookup() nft: Introduce NFT_CL_SETS cache level nft: Support NFT_COMPAT_SET_ADD nft: Bore up nft_parse_payload() nft: Embed rule's table name in nft_xt_ctx nft: Support parsing lookup expression nft: bridge: Rudimental among extension support Quentin Armitage (1): extensions: fix iptables-{nft,translate} with conntrack EXPECTED Shekhar Sharma (1): iptables-tests: fix python3