Revision history for Perl extension IPTables::ChainMgr.
1.6 Sat Dec 04 15:42:45 2016
- Additional t/basic_tests.pl tests for 'mangle', 'nat', and 'raw' tables.
- Minor additional bug fix for IPTables::Parse version comparison (reported
by github user 'meZee').
- Minor documentation update to ensure to not recommend using predictable
temporary file paths for iptables output. The default paths are
provided via the File::Temp module in IPTables::Parse.
1.5 Sat Dec 19 10:55:12 2015
- Minor bug fix for IPTables::Parse version comparison (reported by github
user 'HellUnit').
1.4 Mon Sep 07 21:03:23 2015
- Added tests for iptables chain names that contain special characters.
This is in response to a bug found by Stuart Schneider where
IPTables::Parse module would not properly handle such chain names.
1.3 Mon Feb 23 22:45:44 2015
- Added support for systems with 'firewalld' (such as Fedora 21).
- For IPTables::Parse versions > 1.1, updated IPTables::ChainMgr to derive
extended hash search keys for find_ip_rule() from IPTables::Parse.
- For IPTables::Parse versions > 1.1, updated IPTables::ChainMgr to derive
iptables 'match' keys to build iptables rules from IPTables::Parse.
- Simplified append_ip_rule() to just be a wrapper around add_ip_rule(),
which was updated to allow the value "-1" to be passed in as the rule
insertion number in order to denote "append" (-A <chain>) mode.
- Added "mac_source" tests to t/basic_tests.pl.
- Added tests for iptables 'length' match.
- Added print_parse_capabilities() so that IPTables::Parse keys/regex's can
easily be seen.
- Bug fix to ensure that state tracking arguments are properly processed
by add_ip_rule().
1.2 Fri Mar 02 21:09:57 2012
- Added set_chain_policy() function to allow built-in chain policies to be
set to the specified target. iptables/ip6tables does not allow the
target to be set for non built-in chains. Behind the scenes this
function runs the command "iptables -t <table> -P <chain> <target>".
- Minor update to print the iptables binary name in 'croak' error
conditions. The binary name is either 'iptables' or 'ip6tables'.
- Minor perldoc updates to render links better (two spaces at the beginning
of lines).
1.1 Tue Feb 28 21:15:11 2012
- Added META.{yml,json} files similarly to fixing this bug filed against
IPTables::Parse:
https://rt.cpan.org/Ticket/Display.html?id=75366
- Minor bug fix to ensure not to look for 'extended' hash keys in returned
IPTables::Parse data without an existence check first.
- Added the ability to specify 'ip6tables' when instantiating an
IPTables::ChainMgr object via 'new'.
- Updated license to the Artistic license.
1.0 Mon Feb 27 21:56:44 2012
- Added 'ctstate' and 'state' keys to extended hashes for find_ip_rule()
and add_ip_rule(). This commit fixes:
https://rt.cpan.org/Ticket/Display.html?id=67614
- Bug fix for missing IPTables::Parse dependency by applying patch from the
CPAN bug tracking system here:
https://rt.cpan.org/Ticket/Display.html?id=43302
0.9.9 Sun Feb 26 14:03:24 2012
- Updated to handle IPv6 via ip6tables. All functions in the previous
version of this module now work with ip6tables - just instantiate the
IPTables::ChainMgr object with something like the following:
my %opts = (
'iptables' => $ip6tables_bin,
'iptout' => '/tmp/ip6tables.out',
'ipterr' => '/tmp/ip6tables.err',
'debug' => 0,
'verbose' => 0
);
- Switched to using NetAddr::IP instead of the old Net::IPv4Addr module.
This greatly assisted in the ability to offer IPv6 support via ip6tables.
- Bug fix to ensure proper handling of empty 'extended' hashes via the
'keys' function.
- (Miloslav Trmac) Bug fix for "Use of qw(...) as parentheses is
deprecated" warnings as described here:
https://bugzilla.redhat.com/show_bug.cgi?id=771781
- Added a test suite at: t/basic_tests.pl
- Migrated to git for source control:
http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-ChainMgr.git;a=summary
https://github.com/mrash/IPTables-ChainMgr
0.9 Sat Feb 11 23:11:45 2008
- Added Net::IPv4Addr prerequisite to Makefile.PL (patch submitted by
Dominik Gehl).
- Updated perldoc documentation to properly discuss the delete_chain()
API. The material about the $jump_from_chain was missing (Darien
Kindlund reported this issue).
- Applied patch from Darien Kindlund to add the ability to specify the
source MAC address via the --mac-source <addr> command line argument to
iptables.
0.8 Fri Oct 17 11:35:15 2008
- Added the ability to control the iptables execution model. The default
is to use waitpid(), but other options are to use system() or popen().
- Added the ability to introduce a configurable time delay between each
iptables command.
- Added the ability to use a function reference for the SIGCHLD signal
handler.
- Added the ability to configure the number of seconds used as the alarm
timeout for iptables command execution in the waitpid() execution model.
- Passed IPTables::ChainMgr options for execution model, configurable alarm
timeouts, the SIGCHLD signal handler reference, and the configurable
number of seconds for additional sleeps between iptables commands to the
IPTables::Parse module.
- Bugfix for SIGALRM handling to be more consistent with an example from
the perlipc man page.
- Added append_ip_rule() so that new iptables rules can be appended to the
end of a chain instead of just inserted at a particular rule number.
0.7 Sat May 17 10:49:15 2008
- Added perldoc documentation for 0.7 release.
0.01 Tue Feb 22 01:18:14 2005
- original version; created by h2xs 1.23 with options
-A -X -b 5.6.0 -n IPTables::ChainMgr