Changes for version 1.6 - 2015-11-07

  • (Miloslav Trmač) Fixed a vulnerability to not use predictable names for temporary files. This vulnerability would allow an attacker on a multi- user system to set up symlinks to overwrite any file the current user has write access to. If a user manually overrides the temporary file locations with the 'iptout' and 'ipterr' hash keys, it is recommended to not use predictable names either.
  • Updated to use the '-w' argument on the iptables command line (a test is performed to see if it is supported). This acquires an exclusive lock on iptables command execution. This can be disable by the user if necessary by setting the new lockless_ipt_exec hash key.

Modules

Perl extension for parsing iptables and ip6tables policies