The Netfilter HomePage: iptables 1.2.3
This version requires kernel 2.4.4 or above.
This version recommends kernel 2.4.9 or above.
Bugs Fixed from 1.2.2:
- fix ICMPv6 support for IPv6
[ Kis-Szabo Andras ]
- fix problems with REJECT and iptables-restore / iptables-save
[ Harald Welte ]
- fix possible string overflow in psd match
[ Dennis Koslowski ]
- fix string match compile problems
[ Gianni Tedesco ]
- support interfaces with '_' (underscore) in device names
[ Harald Welte ]
- support rules without target in iptables-save
[ Emmanuel Fleury ]
- correct handling of "eth+" type interface names in iptables-save/restore
[ Harald Welte ]
- do incremental checksumming when altering TTL in TTL target
[ Harald Welte ]
- fix no-srr case in ipv4options match
[ Fabrice Marie ]
- Kernel bugfixes in patch-o-matic:
- Fix unexported ip6_table symbols
[ Brad Chapman ]
- Decrement TTL in MIRROR target if used in FORWARD chain
[ Harald Welte, Fabian Melzow ]
- Replace SACKPERM TCP option with NOOP (instead of ENDOFOPT)
[ Guillaume Morin ]
Changes from 1.2.2:
- New "make most-of-pom" feature for application of non-confliction
patches. This should be used instead of "make patch-o-matic" by most
users.
[ Harald Welte ]
- support for statically linking iptables, without need for .so plugins
[ David McCullough ]
- support for multiple ranges in SAME target
[ Martin Josefsson ]
- support for router alert options in ipv4options match
[ Fabrice Marie ]
- modprobe() modules when doing iptables-restore
[ Andries van Schie ]
- remove obsolete fragment matching code in IPv6
[ Kis-Szabo Andras ]
- add support for dns hostnames to IPv6 code
[ Kis-Szabo Andras ]
- New patch-o-matic patches:
- New multiport (mport) match
[ Andreas Ferber ]
- New nth match for matching every n-th packet
[ Fabrice Marie ]
- New realm match for matchin the routing realm
[ Sampsa Ranta ]
- New ctnetlink patch for manipulation of conntrack from userspace
[ Jay Schulist ]
- New REJECT Target for IPv6
[ Harald Welte ]
- New length match for IPv6
[ Imran Patel ]
- New multiport (mport) match for IPv6
[ Andreas Ferber]