Revision history for Perl extension IPTables::ChainMgr. 1.6 Sat Dec 04 15:42:45 2016 - Additional t/basic_tests.pl tests for 'mangle', 'nat', and 'raw' tables. - Minor additional bug fix for IPTables::Parse version comparison (reported by github user 'meZee'). - Minor documentation update to ensure to not recommend using predictable temporary file paths for iptables output. The default paths are provided via the File::Temp module in IPTables::Parse. 1.5 Sat Dec 19 10:55:12 2015 - Minor bug fix for IPTables::Parse version comparison (reported by github user 'HellUnit'). 1.4 Mon Sep 07 21:03:23 2015 - Added tests for iptables chain names that contain special characters. This is in response to a bug found by Stuart Schneider where IPTables::Parse module would not properly handle such chain names. 1.3 Mon Feb 23 22:45:44 2015 - Added support for systems with 'firewalld' (such as Fedora 21). - For IPTables::Parse versions > 1.1, updated IPTables::ChainMgr to derive extended hash search keys for find_ip_rule() from IPTables::Parse. - For IPTables::Parse versions > 1.1, updated IPTables::ChainMgr to derive iptables 'match' keys to build iptables rules from IPTables::Parse. - Simplified append_ip_rule() to just be a wrapper around add_ip_rule(), which was updated to allow the value "-1" to be passed in as the rule insertion number in order to denote "append" (-A ) mode. - Added "mac_source" tests to t/basic_tests.pl. - Added tests for iptables 'length' match. - Added print_parse_capabilities() so that IPTables::Parse keys/regex's can easily be seen. - Bug fix to ensure that state tracking arguments are properly processed by add_ip_rule(). 1.2 Fri Mar 02 21:09:57 2012 - Added set_chain_policy() function to allow built-in chain policies to be set to the specified target. iptables/ip6tables does not allow the target to be set for non built-in chains. Behind the scenes this function runs the command "iptables -t -P ". - Minor update to print the iptables binary name in 'croak' error conditions. The binary name is either 'iptables' or 'ip6tables'. - Minor perldoc updates to render links better (two spaces at the beginning of lines). 1.1 Tue Feb 28 21:15:11 2012 - Added META.{yml,json} files similarly to fixing this bug filed against IPTables::Parse: https://rt.cpan.org/Ticket/Display.html?id=75366 - Minor bug fix to ensure not to look for 'extended' hash keys in returned IPTables::Parse data without an existence check first. - Added the ability to specify 'ip6tables' when instantiating an IPTables::ChainMgr object via 'new'. - Updated license to the Artistic license. 1.0 Mon Feb 27 21:56:44 2012 - Added 'ctstate' and 'state' keys to extended hashes for find_ip_rule() and add_ip_rule(). This commit fixes: https://rt.cpan.org/Ticket/Display.html?id=67614 - Bug fix for missing IPTables::Parse dependency by applying patch from the CPAN bug tracking system here: https://rt.cpan.org/Ticket/Display.html?id=43302 0.9.9 Sun Feb 26 14:03:24 2012 - Updated to handle IPv6 via ip6tables. All functions in the previous version of this module now work with ip6tables - just instantiate the IPTables::ChainMgr object with something like the following: my %opts = ( 'iptables' => $ip6tables_bin, 'iptout' => '/tmp/ip6tables.out', 'ipterr' => '/tmp/ip6tables.err', 'debug' => 0, 'verbose' => 0 ); - Switched to using NetAddr::IP instead of the old Net::IPv4Addr module. This greatly assisted in the ability to offer IPv6 support via ip6tables. - Bug fix to ensure proper handling of empty 'extended' hashes via the 'keys' function. - (Miloslav Trmac) Bug fix for "Use of qw(...) as parentheses is deprecated" warnings as described here: https://bugzilla.redhat.com/show_bug.cgi?id=771781 - Added a test suite at: t/basic_tests.pl - Migrated to git for source control: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=IPTables-ChainMgr.git;a=summary https://github.com/mrash/IPTables-ChainMgr 0.9 Sat Feb 11 23:11:45 2008 - Added Net::IPv4Addr prerequisite to Makefile.PL (patch submitted by Dominik Gehl). - Updated perldoc documentation to properly discuss the delete_chain() API. The material about the $jump_from_chain was missing (Darien Kindlund reported this issue). - Applied patch from Darien Kindlund to add the ability to specify the source MAC address via the --mac-source command line argument to iptables. 0.8 Fri Oct 17 11:35:15 2008 - Added the ability to control the iptables execution model. The default is to use waitpid(), but other options are to use system() or popen(). - Added the ability to introduce a configurable time delay between each iptables command. - Added the ability to use a function reference for the SIGCHLD signal handler. - Added the ability to configure the number of seconds used as the alarm timeout for iptables command execution in the waitpid() execution model. - Passed IPTables::ChainMgr options for execution model, configurable alarm timeouts, the SIGCHLD signal handler reference, and the configurable number of seconds for additional sleeps between iptables commands to the IPTables::Parse module. - Bugfix for SIGALRM handling to be more consistent with an example from the perlipc man page. - Added append_ip_rule() so that new iptables rules can be appended to the end of a chain instead of just inserted at a particular rule number. 0.7 Sat May 17 10:49:15 2008 - Added perldoc documentation for 0.7 release. 0.01 Tue Feb 22 01:18:14 2005 - original version; created by h2xs 1.23 with options -A -X -b 5.6.0 -n IPTables::ChainMgr