iptables v1.3.5 Changelog ====================================================================== This version requires kernel >= 2.4.0 This version recommends kernel >= 2.4.18 Bugs fixed from 1.3.4: - Fix conntrack --ctproto option in iptables-save [ Phil Oester ] - Fix string match '--from' option in iptables-save [ Michael Rash ] - Fix option parser of ttl match [ Patrick McHardy ] - Get rid of gcc-4 warnings [ Patrick McHardy ] - Fix spelling of 'address' in DNAT/SNAT manpage section [ MJ Anthony ] - Fix 'tcp-rst' parsing in REJECT target [ Torsten Hilbrich ] - Fix probing for supported revisions [ Jones Desougi ] - Fix compilation of iptables on [old] systems that don't have IPT_F_GOTO [ Harald Welte ] - Only set revisions on real targets, not on jumps [ Pablo Neira ] - Fix memory leak in TC_COMMIT() of libiptc [ Markus Sundberg ] - Correctly propagate errors of setsockopt to calling function [ Harald Welte ] - Fix connbytes match iptables-save [ Unknown ] - Fix sctp match compilation against recent kernel headers [ Harald Welte ] - Fix conntrack match compilation against 2.4.0 kernel headers [ Harald Welte ] Changes from 1.3.4: - Add support for ip6tables connmark match and target [ Harald Welte ] - Add support for ip6tables state match [ Harald Welte ] - Add support for new policy ip[6]tables match [ Patrick McHardy ] - Major manpage update [ Yasuyuki Kozakai ] - Remove ippool support, it has been deprecated by ipset long time ago [ Harald Welte ] Please note: Since version 1.2.7a, patch-o-matic is now no longer part of iptables but rather distributed as a seperate package (ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot)