net-firewall / iptables

Linux kernel (2.4+) firewall, NAT and packet mangling tools

Official package sites : https://www.netfilter.org/projects/iptables/ ·

iptables is the userspace command line program used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. It's a part of packet filtering framework which allows the stateless and stateful packet filtering, all kinds of network address and port translation, and is a flexible and extensible infrastructure with multiple layers of API's for 3rd party extensions. The iptables package also includes ip6tables. ip6tables is used for configuring the IPv6 packet filter. Note that some extensions (e.g. imq and l7filter) are not included into official kernel sources so you have to patch the sources before installation.

v1.8.3-r1 :: 0/1.8.3 :: gentoo

Modified
License
GPL-2
Keywords
~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86
USE flags
conntrack ipv6 netlink nftables pcap split-usr static-libs

v1.8.2-r2 :: 0/12 :: gentoo

Modified
License
GPL-2
Keywords
~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86
USE flags
conntrack ipv6 netlink nftables pcap split-usr static-libs

v1.6.2-r2 :: 0/12 :: gentoo

Modified
License
GPL-2
Keywords
~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86
USE flags
conntrack ipv6 netlink nftables pcap split-usr static-libs

v1.6.1-r3 :: 0/12 :: gentoo

Modified
License
GPL-2
Keywords
alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips
USE flags
conntrack ipv6 netlink nftables pcap split-usr static-libs

General

conntrack
Build against net-libs/libnetfilter_conntrack when enables the connlabel matcher
ipv6
Add support for IP version 6
netlink
Build against libnfnetlink which enables the nfnl_osf util
nftables
Support nftables kernel interface
pcap
Build against net-libs/libpcap which enables the nfbpf_compile util
split-usr
Enable behavior to support maintaining /bin, /lib*, /sbin and /usr/sbin separately from /usr/bin and /usr/lib*
static-libs
Build static versions of dynamic libraries as well

app-portage / elt-patches : Collection of patches for libtool.eclass

net-libs / libmnl : Minimalistic netlink library

net-libs / libnetfilter_conntrack : programming interface (API) to the in-kernel connection tracking state table

net-libs / libnfnetlink : the low-level library for netfilter related kernel/userspace communication

net-libs / libnftnl : Netlink API to the in-kernel nf_tables subsystem

net-libs / libpcap : A system-independent library for user-level network packet capture

sys-devel / flex : The Fast Lexical Analyzer

sys-kernel / linux-headers : Linux system headers

virtual / os-headers : Virtual for operating system headers

virtual / pkgconfig : Virtual for the pkg-config implementation

virtual / yacc : virtual for yacc (yet another compiler compiler)

net-libs / libmnl : Minimalistic netlink library

net-libs / libnetfilter_conntrack : programming interface (API) to the in-kernel connection tracking state table

net-libs / libnfnetlink : the low-level library for netfilter related kernel/userspace communication

net-libs / libnftnl : Netlink API to the in-kernel nf_tables subsystem

net-libs / libpcap : A system-independent library for user-level network packet capture

net-misc / ethertypes : Maps ethernet frame ids to symbolic names

net-misc / ethertypes : Maps ethernet frame ids to symbolic names

app-admin / bastille : Bastille-Linux is a security hardening tool

app-admin / ulogd : A userspace logging daemon for netfilter/iptables related logging

app-emulation / cri-o : OCI-based implementation of Kubernetes Container Runtime Interface

app-emulation / docker : The core functions you need to create Docker images and run Docker containers

app-emulation / libvirt : C toolkit to manipulate virtual machines

app-emulation / lxd : Fast, dense and secure container management

app-metrics / collectd : Collects system statistics and provides mechanisms to store the values

dev-python / python-iptables : Python bindings for iptables

net-analyzer / fail2ban : scans log files and bans IPs that show malicious signs

net-analyzer / ipcad : IP Cisco Accounting Daemon

net-firewall / arno-iptables-firewall : Arno's iptables firewall script

net-firewall / ferm : Command line util for managing firewall rules

net-firewall / firehol : iptables firewall generator

net-firewall / firewalld : A firewall daemon with D-BUS interface providing a dynamic firewall

net-firewall / fwipsec : Firewall scripts that control iptables, FreeS/WAN, and squid

net-firewall / fwknop : Single Packet Authorization and Port Knocking application

net-firewall / ipkungfu : A nice iptables firewall script

net-firewall / ipset : IPset tool for iptables, successor to ippool

net-firewall / ipt_netflow : Netflow iptables module

net-firewall / lutelwall : IPTables firewall setup script

net-firewall / nftables : Linux kernel (3.13+) firewall, NAT and packet mangling tools

net-firewall / nufw : An enterprise grade authenticating firewall based on netfilter

net-firewall / pglinux : Privacy oriented firewall application

net-firewall / psad : Port Scanning Attack Detection daemon

net-firewall / quicktables : a quick iptables script generator

net-firewall / sanewall : iptables firewall generator (fork of firehol)

net-firewall / shorewall : A high-level tool for configuring Netfilter

net-firewall / ufw : A program used to manage a netfilter firewall

net-firewall / xtables-addons : iptables extensions not yet accepted in the main kernel

net-libs / daq : Data Acquisition library, for packet I/O

net-misc / connman : Provides a daemon for managing internet connections

net-misc / miniupnpd : MiniUPnP IGD Daemon

net-misc / monmotha : MonMotha IPTables-based firewall script

net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward

net-proxy / redsocks : Transparent redirector of any TCP connection to proxy

net-proxy / sshuttle : Transparent proxy server that works as a poor man's VPN using ssh

net-wireless / blueman : Simple and intuitive GTK+ Bluetooth Manager

sys-apps / iproute2 : kernel routing and traffic control utilities

sys-apps / systemd : System and service manager for Linux

sys-cluster / kube-router : A turnkey solution for Kubernetes networking

sys-cluster / neutron : A virtual network service for Openstack

sys-cluster / vzctl : OpenVZ ConTainers control utility

422877
net-firewall/iptables: ip6tables "state" test fails; will not jump to ACCEPT on ESTABLISHED,RELATED connections
447530
net-firewall/iptables[netlink] - please add support for loading fingerprint definitions from pf.os file to init script
472388
net-firewall/iptables: x32/n32 ABIs: iptables -L: can't initialize iptables table `filter': Invalid argument
498878
net-firewall/iptables: move from / to /usr
531390
net-firewall/iptables: circular dependencies in systemd restore service units
551606
net-firewall/iptables-1.4.21-r1 fails to compile on armv7a-hardened-musl
555920
net-firewall/iptables: iptables.service systemd unit fails to start - iptables.service lacks both ExecStart= and ExecStop= setting. Refusing.
556918
net-firewall/iptables: ip6rules-save doesn't make space for the parameters SNPT and DNPT
583242
net-firewall/iptables: QA Notice: Files built without respecting CFLAGS have been detected: /lib64/libiptc.so.0.0.0
586106
net-firewall/iptables[conntrack,static-libs]: libxt_connlabel.c:(.text+0x14): undefined reference to `nfct_labelmap_get_name'
625364
net-firewall/iptables-1.4.21-r4 will not build with USE static-libs and conntrack: ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_open':
674284
net-firewall/iptables-1.8.2-r2 with net-firewall/arptables - file collisions in /sbin/arptables-save /sbin/arptables-restore
678044
net-firewall/iptables: failure to run iptables commands where kconfig option CONFIG_BPFILTER is set
688430
net-firewall/iptables[-ipv6] installs ipv6 related stuff
Repository mirror & CI · gentoo
Merge updates from master
Mike Gilbert · gentoo
Convert ebuilds to inherit usr-ldscript
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: fix subslot
Closes: https://bugs.gentoo.org/687092 Package-Manager: Portage-2.3.67, Repoman-2.3.13 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.67, Repoman-2.3.13 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.8.3
Package-Manager: Portage-2.3.67, Repoman-2.3.13 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Andreas K. Hüttel · gentoo
net-firewall/iptables: keyword ~riscv
Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: allow for iptables' module autoload functionality
In commit cdc003118830087bbb409761fe4e0e2c19ea103a, a non working check were fixed. In addition, error handling was added. However, this introduced a behavior change for users who didn't load iptables on their own and relied on iptables' own capability to autoload required modules. This new revision restores previous behavior and allows for relying on iptables' module autoload capability again. Closes: https://bugs.gentoo.org/672366 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Matt Turner · gentoo
net-firewall/iptables-1.6.1-r3: alpha stable, bug 641228
Signed-off-by: Matt Turner <mattst88@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: multiple fixes for runscript
- We are now passing iptables "--wait" option to every iptables command which needs to aquire a lock. [Bug 501710] - In addition, "--wait" (IPTABLES_LOCK_WAIT_TIME) and "--wait-interval" (IPTABLES_LOCK_WAIT_INTERVAL) is now configurable via /etc/conf.d/{iptables,ip6tables}. - We are now only installing one runscript and now using a symlink for the ip6tables runscript. - Error detection improved/added. Closes: https://bugs.gentoo.org/501710 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
Revert "net-firewall/iptables: Removed old."
This reverts commit 070fae35cc6d85cdb9c35b92b476394e17c8c144. Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.8.2
Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: don't install /sbin/ebtables-{save,restore}
If you want to use ebtables-{save,restore} from iptables package, please call ebtables-nft-{save,restore}. Follow up to commit 6f554459eb5269d28c4005456c409c99c6d93ba1. Closes: https://bugs.gentoo.org/669894 Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Fixed build with USE="-nftables"
Closes: https://bugs.gentoo.org/669486 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.8.1
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
net-firewall/iptables: s390/sh/m68k stable wrt bug #641228
Package-Manager: Portage-2.3.49, Repoman-2.3.10
Repository mirror & CI · gentoo
Merge updates from master
Matt Turner · gentoo
net-firewall/iptables-1.6.1-r3: ppc64 stable, bug 641228
Matt Turner · gentoo
net-firewall/iptables-1.6.1-r3: ppc stable, bug 641228
Repository mirror & CI · gentoo
Merge updates from master
Sergei Trofimovich · gentoo
net-firewall/iptables: stable 1.6.1-r3 for hppa, bug #641228
Package-Manager: Portage-2.3.48, Repoman-2.3.10 RepoMan-Options: --include-arches="hppa"
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: don't install /sbin/{arptables,ebtables} symlink
If you want to use arptables or ebtables from iptables package, please call arptables-nft or ebtables-nft. Closes: https://bugs.gentoo.org/660886 Package-Manager: Portage-2.3.41, Repoman-2.3.9
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: avoid autoreconf
Bug: https://bugs.gentoo.org/660790 Package-Manager: Portage-2.3.41, Repoman-2.3.9
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-firewall/iptables: fix building with USE=-nftables
Closes: https://bugs.gentoo.org/660790 Package-Manager: Portage-2.3.41, Repoman-2.3.9
Repository mirror & CI · gentoo
Merge updates from master
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.41, Repoman-2.3.9
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.8.0
Package-Manager: Portage-2.3.41, Repoman-2.3.9
Repository mirror & CI · gentoo
Merge updates from master
Mart Raudsepp · gentoo
net-firewall/iptables-1.6.1-r3: arm64 stable (bug #641228)
Package-Manager: Portage-2.3.40, Repoman-2.3.9
Robin H. Johnson · gentoo
net-firewall/iptables: >=linux-headers-4.4 needed for BPF_OBJ_GET
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> Package-Manager: Portage-2.3.33, Repoman-2.3.9
Michael Mair-Keimberger · gentoo
net-firewall/iptables: use HTTPS
Mike Gilbert · gentoo
net-firewall/iptables: drop /etc/ethertypes
Bug: https://bugs.gentoo.org/647458 Package-Manager: Portage-2.3.24_p18, Repoman-2.3.6_p99
Jason A. Donenfeld · gentoo
net-firewall/iptables: pass -w to ip*tables-restore in systemd units
Otherwise one restore rule will prevent the other from working, and nothing will get restored. Package-Manager: Portage-2.3.24, Repoman-2.3.6
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.6.2
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Markus Meier · gentoo
net-firewall/iptables: arm stable, bug #641228
Package-Manager: Portage-2.3.13, Repoman-2.3.3 RepoMan-Options: --include-arches="arm"
Mikle Kolyada · gentoo
net-firewall/iptables: amd64 stable wrt bug #641228
Package-Manager: Portage-2.3.13, Repoman-2.3.3
Sergei Trofimovich · gentoo
net-firewall/iptables: stable 1.6.1-r2 for ia64, bug #641228
Package-Manager: Portage-2.3.19, Repoman-2.3.6 RepoMan-Options: --include-arches="ia64"
Sergei Trofimovich · gentoo
net-firewall/iptables: stable 1.6.1-r2 for sparc, bug #641228 (thanks to Rolf Eike Beer)
Package-Manager: Portage-2.3.19, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc"
Thomas Deutschmann · gentoo
net-firewall/iptables: x86 stable (bug #641228)
Package-Manager: Portage-2.3.19, Repoman-2.3.6
Sergei Trofimovich · gentoo
net-firewall/iptables: bind to net-libs/libnftnl and net-libs/libmnl subslots
Bug: https://bugs.gentoo.org/634604 Package-Manager: Portage-2.3.11, Repoman-2.3.3
Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Lars Wendler · gentoo
net-firewall/iptables: Revbump to fix sub-slot
and libnetfilter_conntrack dependency. Package-Manager: Portage-2.3.3, Repoman-2.3.1
Lars Wendler · gentoo
net-firewall/iptables: Removed old.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Lars Wendler · gentoo
net-firewall/iptables: Bump to version 1.6.1
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Mike Gilbert · gentoo
net-firewall/iptables: drop iptables.service
This unit really serves no real purpose. The utility of being able to call "systemctl enable iptables" is questionable at best. Given that iptables is not really a daemon but rather a kernel process, having as single unit that persists with RemainAfterExit seems wrong as well. Bug: https://bugs.gentoo.org/555920 Package-Manager: portage-2.3.0_p16
Mike Frysinger · gentoo
net-firewall/iptables: version bump to 1.6.0 #568784
Mike Frysinger · gentoo
net-firewall/iptables: control nfsynproxy tool via USE=pcap #566886
Mike Frysinger · gentoo
net-firewall/iptables: fix from upstream for static builds #558234
Silence constant connlabel.conf warnings when using static libs.
Mike Frysinger · gentoo
net-firewall/iptables: use -fpack-struct w/x32 ABI #472388
Apply a hack for the x32 ABI to try to get it working. The current version is entirely broken, so this is still better than the status quo.
Mike Frysinger · gentoo
net-firewall/iptables: fix configure enable flag parsing #557586
Michał Górny · gentoo
net-firewall/iptables: Restore 1.4.17 required by dev-perl/IPTables-libiptc
Package-Manager: portage-2.2.20
Mike Frysinger · gentoo
net-firewall/iptables: document bug that added gen_usr_ldscript #332175
Mike Frysinger · gentoo
net-firewall/iptables: add subslot to track libxtables #489882
Mike Frysinger · gentoo
net-firewall/iptables: add support for USE=pcap #512934
Mike Frysinger · gentoo
net-firewall/iptables: revbump (no real changes)
Mike Frysinger · gentoo
net-firewall/iptables: add USE=conntrack #492744
Mike Frysinger · gentoo
net-firewall/iptables: drop old
Mike Frysinger · gentoo
net-firewall/iptables: mark 1.4.21-r1 stable for arm64/m68k/s390/sh
Robin H. Johnson · gentoo
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed