-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathChanges
116 lines (101 loc) · 5.71 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
Revision history for Perl extension IPTables::Parse.
1.6.1 Fri Nov 27 20:26:46 2015
- Add 'tmpdir', 'iptout_pat', and 'ipterr_pat' optional hash keys when
acquiring an IPTables::Parse object. These keys allow a temporary
directory to be specified for iptables stdout/stderr, and the default
paths are '/some/tmp/dir/iptout.XXXXXX' and '/some/tmp/dir/ipterr.XXXXXX'
respectively. The 'iptout_pat' and 'ipterr_pat' keys allow the file paths
to be changed.
- If the path to firewall-cmd/iptables/ip6tables was not specified when
acquiring an IPTables::Parse object, then an attempt will be made to find
the appropriate path in the filesystem. The directories '/sbin',
'/usr/sbin', '/bin', and '/usr/bin' are searched in that order.
1.6 Sat Nov 07 08:45:15 2015
- (Miloslav Trmač) Fixed a vulnerability to not use predictable names for
temporary files. This vulnerability would allow an attacker on a multi-
user system to set up symlinks to overwrite any file the current user has
write access to. If a user manually overrides the temporary file
locations with the 'iptout' and 'ipterr' hash keys, it is recommended to
not use predictable names either.
- Updated to use the '-w' argument on the iptables command line (a test is
performed to see if it is supported). This acquires an exclusive lock on
iptables command execution. This can be disable by the user if necessary
by setting the new lockless_ipt_exec hash key.
1.5 Mon Sep 07 20:18:16 2015
- Bug fix to support additional characters in iptables chain names such as
dashes and special characters. Stuart Schneider reported this bug and
submitted a patch. Closes github issue #1.
- Added 'rule_num' hash key to chain_rules() results (suggested by Stuart
Schneider).
- Updated _iptout and _ipterr tmp file paths to use the current PID as an
extension by default if these files are not set when instantiating an
IPTables::Parse object. Also added a DESTROY block to clean these tmp
files up. Patch submitted by Stuart Schneider.
1.4 Sun Mar 01 15:30:29 2015
- Bump version to 1.4 so that CPAN recognizes it as a new version.
1.3.1 Sat Feb 28 07:15:55 2015
- Fix version number in META.json and META.yml files.
1.3 Thu Feb 19 20:09:55 2015
- Added support for systems with 'firewalld' via the 'firewall-cmd'
command. Such systems include Fedora 21 for example.
- Added list_table_chains() to return an array reference of all chains
within the specified table. This feature was submitted as a patch by
Fabien Mazieres
- Added 'use_ipv6' and 'ipt_rules_file' keys to object constructor. These
force ip6tables usage and specify a path to a file where
'iptables -nL -v' output is included.
- Updated perldoc documentation.
1.2 Sun Mar 04 21:21:11 2012
- Major update to add a new 'parse_keys' hash to IPTables::Parse objects so
that other modules can easily see what portions of iptables rules can be
parsed into the data returned by chain_rules().
- Added 'mac_source' into extended hash for parsed iptables rules.
- Added support for the iptables 'length' match.
1.1 Fri Mar 02 22:31:12 2012
- Minor update to print the iptables binary name in 'croak' error
conditions. The binary name is either 'iptables' or 'ip6tables'.
- Minor perldoc updates to render links better (two spaces at the beginning
of lines).
1.0 Tue Feb 28 21:45:19 2012
- Added META.{yml,json} files to fix this bug:
https://rt.cpan.org/Ticket/Display.html?id=75366
- Added the ability to specify 'ip6tables' when instantiating an
IPTables::ChainMgr object via 'new'.
- Updated license to the Artistic license.
0.9 Sun Feb 26 21:01:45 2012
- Applied slightly modified patch from SSIMON to properly pick up usage of
state tracking in rule extended information as shown in this bug:
https://rt.cpan.org/Ticket/Display.html?id=67372#txn-925687
Rule 'extended' hash now includes the 'state' or 'ctstate' key
depending on which iptables state tracking module is being used (if
any).
0.8 Sun Feb 26 14:03:24 2012
- Major update to support ip6tables policies.
- Added test suite script t/basic_tests.pl to exercise major functions for
both iptables and ip6tables.
- Bugfix for default_log() and default_drop() functions to ensure that
a proper return value is given in addition to the return of a results
hash.
- Migrated to git for source control:
http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-Parse.git;a=summary
https://github.com/mrash/IPTables-Parse
0.7 Fri Oct 17 11:55:01 2008
- Completely re-worked the manner in which iptables commands are executed
so that they are sent through a single function with various options
(described below) for controlling execution.
- Added the ability to control iptables execution model. The default is to
use waitpid(), but other options are to use system() or popen().
- Added the ability to introduce a configurable time delay between each
iptables command.
- Added the ability to use a function reference for the SIGCHLD signal
handler.
- Added the ability to configure the number of seconds used as the alarm
timeout for iptables command execution in the waitpid() execution model.
0.6 Mon May 19 10:15:01 2008
- Added perldoc documentation for 0.6 release.
0.3 12/18/2005
- Added test for ULOG target
- Update to allow -v iptables output (which may be supplied in a file).
0.01 Sat Feb 5 15:18:37 2005
- original version; created by h2xs 1.23 with options
-A -X -b 5.6.0 -n IPTables::Parse