Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-14147

Rebase iptables in RHEL9

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.4
    • None
    • iptables
    • iptables-1.8.10-2.el9
    • Rebase, Upstream
    • rhel-sst-networking-core
    • ssg_networking
    • 10
    • 13
    • None
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Rebase
    • Hide
      .The `iptables` utility rebased to version 1.8.10

      The `iptables` utility defines rules for packet filtering to manage firewall. This utility has been rebased. Notable changes include:

      Notable features:

      * Add support for newer chunk types in `sctp` match
      * Align ip6tables opt-in column if empty helps when piping output to `jc --iptables`
      * Print numeric protocol numbers with `--numeric` for a more stable output
      * More translations for `*tables-translate` utilities with improved output formatting
      * Several manual page improvements

      Notable fixes:

      * `iptables-restore` error messages incorrectly pointing at the COMMIT line
      * Broken `-p Length` match in ebtables
      * Broken ebtables among match when used in multiple rules restored through `ebtables-restore`
      * Program could crash when renaming a chain depending on the number of chains already present
      * Non-critical memory leaks
      * Missing broute table support in ebtables after the switch to nft-variants
      * Broken ip6tables rule counter setting with '-c' option
      * Unexpected error message when listing a non-existent chain
      * Potential false-positive ebtables rule comparison if among match is used
      * Prohibit renaming a chain to an invalid name
      * Stricter checking of "chain lines" in iptables-restore input to detect invalid chain names
      * Non-functional built-in chain policy counters
      Show
      .The `iptables` utility rebased to version 1.8.10 The `iptables` utility defines rules for packet filtering to manage firewall. This utility has been rebased. Notable changes include: Notable features: * Add support for newer chunk types in `sctp` match * Align ip6tables opt-in column if empty helps when piping output to `jc --iptables` * Print numeric protocol numbers with `--numeric` for a more stable output * More translations for `*tables-translate` utilities with improved output formatting * Several manual page improvements Notable fixes: * `iptables-restore` error messages incorrectly pointing at the COMMIT line * Broken `-p Length` match in ebtables * Broken ebtables among match when used in multiple rules restored through `ebtables-restore` * Program could crash when renaming a chain depending on the number of chains already present * Non-critical memory leaks * Missing broute table support in ebtables after the switch to nft-variants * Broken ip6tables rule counter setting with '-c' option * Unexpected error message when listing a non-existent chain * Potential false-positive ebtables rule comparison if among match is used * Prohibit renaming a chain to an invalid name * Stricter checking of "chain lines" in iptables-restore input to detect invalid chain names * Non-functional built-in chain policy counters
    • Done
    • None

      The rebase in RHEL8 added a bunch of fixes missing in RHEL9, so technically there are regressions now. Among other benefits, a rebase of the package will solve that problem.

              psutter@redhat.com Phil Sutter
              psutter@redhat.com Phil Sutter
              Jaroslav Klech
              Phil Sutter Phil Sutter
              qe-baseos-daemons qe-baseos-daemons
              Mayur Patil Mayur Patil
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: