blob: 52de4db7242c5ad5fcac365693769ad729a64090 [file] [log] [blame]
Changelog for v2.0.10-4
* really fix counter setting bug (thanks to James' persistence)
Changelog for v2.0.10-3
* fix counter setting bug (reported by James Sinclair)
Changelog for v2.0.10-2
* enable compiler optimizations (-O3)
* small changes to remove the compiler warnings due to optimization being
turned on (thanks to Peter Volkov)
* respect LDFLAGS in Makefiles (Peter Volkov)
Changelog for v2.0.10-1
* fix --among-dst-file, which translated to --among-src
(reported by Thierry Watelet)
* fix bug in test_ulog.c example
* Makefile: respect LDFLAGS during ebtables build (Peter Volkov)
* Makefile: create directories to avoid build failure when DESTDIR is
supplied (Peter Volkov)
* incorporate fixes for possible issues found by Coverity analysis
(thanks to Jiri Popelka)
* define __EXPORTED_HEADERS__ to get access to the Linux kernel headers
* extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian
* Print a more useful error message when an update of the kernel table
* Add --concurrent option, which enables using a file lock to support
concurrent scripts updating the ebtables kernel tables
Changelog for v2.0.9-2
* fix unwanted zeroing of counters in the last user-defined chain
(reported by Jon Lewis)
* fix hidden symbol compilation error when using ld directly
* fix return value checking of creat to give a correct error
message if the atomic file couldn't be created
* correct info in INSTALL about compilation of ulog
Changelog for v2.0.9 vs v2.0.8-2
* added ip6 module for filtering IPv6 traffic (Kuo-Lang Tseng,
Manohar Castelino)
* added --log-ip6 option for logging IPv6 traffic (Kuo-Lang Tseng,
Manohar Castelino)
* added nflog watcher for logging packets to userspace (Peter Warasin)
* bugfix in ebtables.sysv (Michal Soltys)
* bugfix for among match on x86-64 (reported by Pavel Emelyanov)
Since last entry:
* fixed a few reported bugs
* ebt_among --among-dst-file and --among-src-file: allow
the list to be given in a file (circumvents command line max.
line length
* ebt_nat --snat-arp: if it's an arp packet, also change the source
address in the arp header
* ebt_mark --mark-or, --mark-xor, --mark-and
Since last entry:
* ebtables modules are now located in /usr/lib/ebtables/
* added '/sbin/service ebtables' support
* added ebtables-save (thanks to Rok Papez <>)
and ebtables-restore (the first one a perl script, the second
one written in c (fast))
* optimized the code for the '-A' command, making ebtables-restore
very fast.
* ebtablesd/ebtablesu is deprecated and not compiled by default
the ebtables-save/ebtables-restore scheme is much better
Since last entry:
* added ulog watcher
* made the ebtables code modular (make library functions).
* added the ebtablesd/ebtablesu scheme to allow faster
addition of rules (and to test the modular code).
* some small fixes
* added -c option (initialize counters)
* added -C option (change counters)
Since last entry:
* <> added arpreply and among modules
* <> added limit match
* added (automatic) Sparc64 support, thanks to Michael Bellion and
Thomas Heinz from for providing a test-box.
* added stp frames match type
* added support for deleting all user-defined chains (-X option
without specified chain)
* added --Lmac2
* <> Chris Vitale: basic 802.3/802.2 filtering
(experimental, kernel files are in the CVS)
* added negative rule counter support
* bugfix: bcnt was not updated correctly
* <> Cedric Blancher: add ARP MAC
matching support
* added pkttype match
* fixed check bug in ebt_ip.c (report from
* fixed problem when removing a chain (report from
* Added --help list_extensions which, well, lists the extensions
* changed the way to use the atomic operations. It's now possible
to use the EBTABLES_ATOMIC_FILE environment variable, so it's no
longer necessary to explicitly state the file name. See the man.
* changed the way of compiling. New releases will now contain their
own set of kernel includes. No more copying of kernel includes to
* added getethertype.c (Nick) and use it. Removed name_to_number()
and number_to_name().
* added possibility to specify a rule number interval when deleting
* added ! - option possibility, which is equivalent to - ! option
* since last entry: added byte counters and udp/tcp port matching
* updated the kernel files for 2.4.20-pre5 and 2.5.32
* last big cleanup of kernel and userspace code just finished
* ARP module bugfix
* IP module bugfix
* nat module bugfix
* other things done before 2.0-rc1 that I can think of,
including kernel:
* cache align counters for better smp performance
* simplify snat code
* check for --xxxx-target RETURN on base chain
* cleanup code
* minor bugfixes
* code cleanup
* bugfix for --atomic-commit
* added mark target+match
* added --atomic options
* some unlogged changes (due to lazyness)
* added --Lc, --Ln, --Lx
* user defined chains support: added -N, -X, -E options.
* some unlogged changes (due to lazyness)
* change the output for -L to make it look like it would look when
the user inputs the command.
* try to autoload modules
* some minor bugfixes
* add user defined chains support (without new commands yet,
* comparing rules didn't take the logical devices into account
* update help for -s and -d
* add VLAN in ethertypes
* add SYMLINK option for compiling
* allow -i and --logical-in in BROUTING
* update the manual page
* rename /etc/etherproto into /etc/ethertypes (seems to be a more
standard name)
* add MAC mask for -s and -d, also added Unicast, Multicast and
Broadcast specification for specifying a (family of) MAC
* added broute table.
* added redirect target.
* added --redirect-target, --snat-target and --dnat-target options.
* added logical_out and logical_in
* snat bugfix (->size)
* fixed some things in the manual.
* fixed -P problem.
* -j standard no longer works, is this cryptic? good :)
* lots of beautification.
- made some code smaller
- made everything fit within 80 columns
* fix problems with -i and -o option
* print_memory now prints useful info
* trying to see the tables when ebtables is not loaded in kernel
no longer makes this be seen as a bug.
ebtables v2.0 released, changes:
* A complete rewrite, made everything modular.
* Fixed a one year old bug in br_db.c. A similar bug was present
in ebtables.c. It was visible when the number of rules got
bigger (around 90).
* Removed the option to allow/disallow counters. Frames passing
by are always counted now.
* Didn't really add any new functionality. However, it will be
_alot_ easier and prettier to do so now. Feel free to add an
extension yourself.
* There are 4 types of extensions:
- Tables.
- Matches: like iptables has.
- Watchers: these only watch frames that passed all the matches
of the rule. They don't change the frame, nor give a verdict.
The log extension is a watcher.
- Targets.
* user32/kernel64 architectures like the Sparc64 are unsupported.
If you want me to change this, give me access to such a box,
and don't pressure me.