Linux下的防火墙软件Iptables发布1.4.21 2013-11-22 上一个版本是2013-08-06的1.4.20.修正了一些BUG以及一些扩展的增强。 不过据说新的防火墙/包过滤引擎 Nftables(2008年诞生)将在 Linux 3.13 中替代有十多年历史的iptables。建议关注一下。
完全改进:
Eric Dumazet (1): xt_socket: add --nowildcard flag Florian Westphal (3): extensions: libxt_socket: update man page doc: add libnetfilter_queue pointer to libxt_NFQUEUE.man doc: merge ip6table man pages into ipv4 ones Jozsef Kadlecsik (1): extensions: libxt_set, libxt_SET: check the set family too Kevin Cernekee (1): ip6tables: Use consistent exit code for EAGAIN Laurence J. Lane (8): iptables: libxt_hashlimit.man: correct address iptables: libxt_conntrack.man extraneous commas iptables: libip(6)t_REJECT.man default icmp types iptables: iptables-xm1.1 correct man section iptables: libxt_recent.{c,man} dead URL iptables: libxt_string.man add examples extensions: libxt_LOG: use generic syslog reference in manpage iptables: extensions/GNUMakefile.in use CPPFLAGS Lutz Jaenicke (1): iptables: correctly reference generated file Pablo Neira Ayuso (7): Merge branch 'stable-1.4.20' Merge branch 'stable-1.4.20' ip[6]tables: fix incorrect alignment in commands_v_options build: add software version to manpage first line at configure stage extensions: libxt_cluster: add note on arptables-jf utils: nfsynproxy: fix error while compiling the BPF filter iptables 1.4.21 release Patrick McHardy (2): extensions: add SYNPROXY extension utils: add nfsynproxy tool Phil Oester (4): iptables: state match incompatibilty across versions libxtables: xtables_ipmask_to_numeric incorrect with non-CIDR masks iptables: improve chain name validation iptables: spurious error in load_extension stephen hemminger (1): xtables: trivial spelling fix
下载:http://ftp.netfilter.org/pub/iptables/iptables-1.4.21.tar.bz2
推荐阅读:
iptables—包过滤(网络层)防火墙 http://www.linuxidc.com/Linux/2013-08/88423.htm
Linux防火墙iptables详细教程 http://www.linuxidc.com/Linux/2013-07/87045.htm
iptables+L7+Squid实现完善的软件防火墙 http://www.linuxidc.com/Linux/2013-05/84802.htm