Bug 1292990 - iptables-1.6.0 is available
iptables-1.6.0 is available
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-18 19:20 EST by Upstream Release Monitoring
Modified: 2016-04-13 13:23 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-13 13:23:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
[patch] Update to 1.6.0 (#1292990) (1.05 KB, patch)
2015-12-18 19:21 EST, Upstream Release Monitoring
no flags Details | Diff
Spec file changes for iptables-1.6.0 (3.80 KB, patch)
2016-02-12 07:38 EST, Petr Pisar
no flags Details | Diff

  None (edit)
Description Upstream Release Monitoring 2015-12-18 19:20:35 EST
Latest upstream release: 1.6.0
Current version/release in rawhide: 1.4.21-16.el7
URL: http://ftp.netfilter.org/pub/iptables/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.
Comment 1 Upstream Release Monitoring 2015-12-18 19:21:36 EST
Created attachment 1107534 [details]
[patch] Update to 1.6.0 (#1292990)
Comment 2 Upstream Release Monitoring 2015-12-18 19:35:58 EST
Scratch build failed http://koji.fedoraproject.org/koji/taskinfo?taskID=12243706
Comment 3 Account closed by the user 2015-12-19 04:42:57 EST
(In reply to Upstream Release Monitoring from comment #0)

> Latest upstream release: 1.6.0
> Current version/release in rawhide: 1.4.21-16.el7
> URL: http://ftp.netfilter.org/pub/iptables/

https://marc.info/?l=netfilter-devel&m=145046912422904

This release includes accumulated fixes and enhancements for the
following matches:

* ah
* connlabel
* cgroup
* devgroup
* dst
* icmp6
* ipcomp
* ipv6header
* quota
* set
* socket
* string

and targets:

* CT
* REJECT
* SET
* SNAT
* SNPT,DNPT
* SYNPROXY
* TEE

We also got rid of the very very old MIRROR and SAME targets and the
unclean match, that were removed from the kernel tree long time ago.
We also got patches to update different aspects of our manpages.

Moreover, this release includes the first official release of the
iptables over nftables infrastructure, which includes the following
utilities:

* iptables-compat
* iptables-compat-save
* iptables-compat-restore
* ip6tables-compat
* ip6tables-compat-save
* ip6tables-compat-restore
* ebtables-compat
* arptables-compat

that have the same getopt-based parser as the native tool, so the
syntax remains the same, eg.

 # iptables-compat -P INPUT DROP
 # iptables-compat -A INPUT -m state --state ESTABLISHED,RELATED
 # iptables-compat -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
 # iptables-compat -A INPUT -m state --state INVALID -j LOG  --log-prefix "INVALID: "

This infrastructure will allow us to provide an easy path for users to
translate their iptables rulesets to the new nft syntax. Note that
this translation infrastructure and the compat glue code in the nft
userspace tool is still under development, so that is not included in
this release.

The development of ebtables-compat and arptables-compat utilities were
started by Giuseppe Longo, and followed up later on by Arturo Borrero.
This effort was partially covered by the Google Summer of Code
program.

See ChangeLog for more details:
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.6.0.txt
Comment 4 Account closed by the user 2016-01-22 09:08:34 EST
Is there any drawback with 1.6.0 ? Could it be included in Fedora 24 ?
Comment 5 Petr Pisar 2016-02-01 11:11:41 EST
Does it fixes an effect of bug #1300256? Current iptables-devel is not compatible with current rawhide's kernel-headers.
Comment 6 Petr Pisar 2016-02-12 07:38 EST
Created attachment 1123482 [details]
Spec file changes for iptables-1.6.0

Maybe the libxtables.so.11 library should be sub-packaged so that the new nftables-compat tools I put into new subpackage do not install all the unneeded original iptables tools.
Comment 7 Petr Pisar 2016-02-12 07:41:50 EST
Just a reminder: libxtables.so changes SONAME, so iproute and maybe other reverse dependencies must be rebuilt.
Comment 8 Account closed by the user 2016-02-25 08:25:15 EST
Petr Pisar wrote in 0001-1.6.0-bump.patch :

> [...]
> %package nftables-compat
> Summary: Compatibility iptables tools on top of nftables
> Group: System Environment/Base
> # Clashes on /etc/ethertypes
> Conflicts: ebtables
> [...]

Maybe /etc/ethertypes should be moved from ebtables to setup package, to allow the parallel installation of iptables-1.6(nftables-compat) and ebtables.
Comment 9 Thomas Woerner 2016-04-13 12:12:17 EDT
(In reply to Xose Vazquez Perez from comment #4)
> Is there any drawback with 1.6.0 ? Could it be included in Fedora 24 ?

I have been waiting with the build till the tc stuff made it into the iproute-tc sub package.
Comment 10 Thomas Woerner 2016-04-13 12:27:59 EDT
(In reply to Xose Vazquez Perez from comment #8)
> Petr Pisar wrote in 0001-1.6.0-bump.patch :
> 
> > [...]
> > %package nftables-compat
> > Summary: Compatibility iptables tools on top of nftables
> > Group: System Environment/Base
> > # Clashes on /etc/ethertypes
> > Conflicts: ebtables
> > [...]
> 
> Maybe /etc/ethertypes should be moved from ebtables to setup package, to
> allow the parallel installation of iptables-1.6(nftables-compat) and
> ebtables.

Yes, that would be good, but for now the files are the same in iptables and ebtables.
Comment 11 Thomas Woerner 2016-04-13 13:23:33 EDT
Fixed in rawhide in package iptables-1.6.0-1.fc25

Note You need to log in before you can comment on or make changes to this bug.