1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
20051701
Since last entry:
* added ulog watcher
* made the ebtables code modular (make library functions).
* added the ebtablesd/ebtablesu scheme to allow faster
addition of rules (and to test the modular code).
* some small fixes
* added -c option (initialize counters)
* added -C option (change counters)
20031102
Since last entry:
* <grzes_at_gnu.univ.gda.pl> added arpreply and among modules
* <tommy_at_home.tig-grr.com> added limit match
20030724
* added (automatic) Sparc64 support, thanks to Michael Bellion and
Thomas Heinz from hipac.org for providing a test-box.
20030717
* added stp frames match type
20030713
* added support for deleting all user-defined chains (-X option
without specified chain)
20030601
* added --Lmac2
* <csv_at_bluetail.com> Chris Vitale: basic 802.3/802.2 filtering
(experimental, kernel files are in the CVS)
20030503
* added negative rule counter support
* bugfix: bcnt was not updated correctly
* <blancher_at_cartel-securite.fr> Cedric Blancher: add ARP MAC
matching support
* added pkttype match
20030402
* fixed check bug in ebt_ip.c (report from
joe_judge_at_guardium.com).
20030111
* fixed problem when removing a chain (report from
ykphuah_at_greenpacket.com).
* Added --help list_extensions which, well, lists the extensions
20021203
* changed the way to use the atomic operations. It's now possible
to use the EBTABLES_ATOMIC_FILE environment variable, so it's no
longer necessary to explicitly state the file name. See the man.
20021120
* changed the way of compiling. New releases will now contain their
own set of kernel includes. No more copying of kernel includes to
/usr/include/linux
* added getethertype.c (Nick) and use it. Removed name_to_number()
and number_to_name().
20021106
* added possibility to specify a rule number interval when deleting
rules
20021102
* added ! - option possibility, which is equivalent to - ! option
20021102
* since last entry: added byte counters and udp/tcp port matching
20020830
* updated the kernel files for 2.4.20-pre5 and 2.5.32
* last big cleanup of kernel and userspace code just finished
20020820
* ARP module bugfix
* IP module bugfix
* nat module bugfix
20020730
* other things done before 2.0-rc1 that I can think of,
including kernel:
* cache align counters for better smp performance
* simplify snat code
* check for --xxxx-target RETURN on base chain
* cleanup code
* minor bugfixes
20020724
* code cleanup
* bugfix for --atomic-commit
20020720
* added mark target+match
20020714
* added --atomic options
20020710
* some unlogged changes (due to lazyness)
* added --Lc, --Ln, --Lx
20020625
* user defined chains support: added -N, -X, -E options.
20020621
* some unlogged changes (due to lazyness)
* change the output for -L to make it look like it would look when
the user inputs the command.
* try to autoload modules
* some minor bugfixes
* add user defined chains support (without new commands yet,
deliberately)
* comparing rules didn't take the logical devices into account
20020520
* update help for -s and -d
* add VLAN in ethertypes
* add SYMLINK option for compiling
20020501
* allow -i and --logical-in in BROUTING
* update the manual page
* rename /etc/etherproto into /etc/ethertypes (seems to be a more
standard name)
* add MAC mask for -s and -d, also added Unicast, Multicast and
Broadcast specification for specifying a (family of) MAC
addresses.
20020427
* added broute table.
* added redirect target.
* added --redirect-target, --snat-target and --dnat-target options.
* added logical_out and logical_in
* snat bugfix (->size)
20020414
* fixed some things in the manual.
* fixed -P problem.
20020411
* -j standard no longer works, is this cryptic? good :)
* lots of beautification.
- made some code smaller
- made everything fit within 80 columns
* fix problems with -i and -o option
* print_memory now prints useful info
* trying to see the tables when ebtables is not loaded in kernel
no longer makes this be seen as a bug.
20020403
ebtables v2.0 released, changes:
* A complete rewrite, made everything modular.
* Fixed a one year old bug in br_db.c. A similar bug was present
in ebtables.c. It was visible when the number of rules got
bigger (around 90).
* Removed the option to allow/disallow counters. Frames passing
by are always counted now.
* Didn't really add any new functionality. However, it will be
_alot_ easier and prettier to do so now. Feel free to add an
extension yourself.
* There are 4 types of extensions:
- Tables.
- Matches: like iptables has.
- Watchers: these only watch frames that passed all the matches
of the rule. They don't change the frame, nor give a verdict.
The log extension is a watcher.
- Targets.
* user32/kernel64 architectures like the Sparc64 are unsupported.
If you want me to change this, give me access to such a box,
and don't pressure me.
|
