Cut & past of the announcing mail [ANNOUNCE] Hi! The netfilter coreteam proudly presents: iptables version 1.3.0rc1 1.3.0rc1 is the first release candidate of the iptables-1.3.x branch, featuring a libiptc rewrite for major performance improvements at rule loading time. Apart from that, a surprisingly big number of small bug fixes have accumulated since the 1.2.11 release in June 2004. We ask users to test iptables-1.3.0rc1 and report any issues via https://bugzilla.netfilter.org/. The final 1.3.0 release is expected to be released within the next week. The ChangeLog is attached to this mail. Version 1.3.0rc1 can be obtained from: http://www.netfilter.org/files/iptables-1.3.0rc1.tar.bz2 ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.0rc1.tar.bz2 Please also note: Since Kernel 2.6.x is out, we now use patch-o-matic-ng for both 2.4.x and 2.6.x. patch-o-matic-ng is Distributed as seperate package: ftp://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ More information can be found at the netfilter/iptables project homepage, available at: http://www.netfilter.org/ http://www.iptables.org/ Happy firewalling, -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie [/ANNOUNCE]
Just for testing I've renamed the old 1.2.9 ebuild to give it a try. the following patches doesn't apply ${FILESDIR}/${PV}-files/05_all_install_all_dev_files.patch.bz2 ${FILESDIR}/${PV}-files/01_all_grsecurity.patch.bz2 ${FILESDIR}/${PV}-files/06_all_l7.patch.bz2 building with USE="extensions" fails also removing theese patches The final 1.3.0 version contains some minor bugfixes and is otherwise identical to the 1.3.0rc1 release candidate. Version 1.3.0 can be obtained from: http://www.netfilter.org/files/iptables-1.3.0.tar.bz2 ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.0.tar.bz2
from http://netfilter.org/downloads.html: 2005-Mar-07: iptables-1.3.1 iptables 1.3.1 has been released here is the changelog: http://netfilter.org/files/changes-iptables-1.3.1.txt
Hi, @ Francesco Riosa: could you maybe change the topic of this thread into something like "net-firewall/iptables-1.3.1 ebuild request"? Poly
The final version of 1.3 seems to not compile by simply doing MAKE on amd64 with gentoo dev source. not sure whatsgoing on with it could someone please look into this version?
@Lars done :) @ Chris try this: make KERNEL_DIR=/usr/src/linux-2.6.11 I can say that it *compile* on opteron, sorry but I can't thest it running
I've commited a hard-masked ebuild. It didn't compile against my mm-sources kernel, but does compile against a stock kernel. I've also updated the IMQ and Layer7 stuff, and modified them to fetch directly from external sites. Two of other the patches needed some manual rediffing, and then everything went fine. Aliz: could you please have a look at
well it doesnt compile on amd64 or atleast it doesnt seem to compile on gentoo-dev-sources
cchance: could you attach your compile error please?
Emerge fine here on my hardened system with both hardend-dev-sources 2.6.10-r3 and 2.6.11 Portage 2.0.51.19 (hardened/x86, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.6.11-hard ened i686) ================================================================= System uname: 2.6.11-hardened i686 AMD Athlon(tm) XP 2600+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb 7 2005, 13:42:56) ] distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled ] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/ config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg ccache distcc distlocks fixpackages san dbox strict" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://mirrors.sec .informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors /gentoo/ http://gentoo.osuosl.org/ http://linux.rz.ruhr-uni-bochum.de/download/g entoo-mirror/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://10.0.0.2/gentoo-portage" USE="3dnow apache2 berkdb crypt dlloader gd gdbm gif hardened imagemagick libwww maildir mmx mysql ncurses nls nptl pam perl pic pie png python readline samba s se ssl symlink tcpd test x86 xml2 zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
Created attachment 53151 [details] iptables-1.3.1.ebuild.diff Hi, there is an error in the ebuild, if one tries to unpack the ebuild without having useflag "extensions" set: # emerge -uDav world These are the packages that I would merge, in order: Calculating world dependencies ...done! [ebuild U ] net-firewall/iptables-1.3.1 [1.2.11-r3] -debug -extensions -ipv6 -static 176 kB Total size of downloads: 176 kB Do you want me to merge these packages? [Yes/No] yes >>> emerge (1 of 1) net-firewall/iptables-1.3.1 to / >>> Downloading ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/distfiles/iptables-1.3.1.tar.bz2 --03:28:42-- ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/distfiles/iptables-1.3.1.tar.bz2 => `/usr/portage/distfiles/iptables-1.3.1.tar.bz2' Resolving sunsite.informatik.rwth-aachen.de... 137.226.34.227 Connecting to sunsite.informatik.rwth-aachen.de[137.226.34.227]:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD /pub/Linux/gentoo/distfiles ... done. ==> PASV ... done. ==> RETR iptables-1.3.1.tar.bz2 ... done. Length: 180,670 (unauthoritative) 100%[===============================================>] 180,670 302.37K/s 03:28:44 (301.96 KB/s) - `/usr/portage/distfiles/iptables-1.3.1.tar.bz2' saved [180670] >>> md5 src_uri ;-) iptables-1.3.1.tar.bz2 >>> Unpacking source... >>> Unpacking iptables-1.3.1.tar.bz2 to /home/portage/tmp/portage/iptables-1.3.1/work >>> Unpacking netfilter-layer7-v1.0.tar.gz to /home/portage/tmp/portage/iptables-1.3.1/work tar: /usr/portage/distfiles/netfilter-layer7-v1.0.tar.gz: Cannot open: No such file or directory tar: Error is not recoverable: exiting now tar: Child returned status 2 tar: Error exit delayed from previous errors !!! ERROR: net-firewall/iptables-1.3.1 failed. I fixed this and attatched a patch against iptables-1.3.1.ebuild Poly
sorry about the lack of response lars. this should be fixed in the tree already. I'm going to push iptables-1.3 to ~x86 only, and file a testing bug for all arches.
Hi, no problem Robin. I'm glad to see that I can get rid of the ebuild in my overlay :) Lars