Release Notes: A new build system with better configurability. Scalability improvements for large number of chains. Support for multiple new matches, targets, and revisions (supports all features available in the current kernel tree). IPv6 support for more matches and targets. Man page improvements. Many minor improvements and fixes all over the place.
Release Notes: This release contains lots of bugfixes and improvements for the previous release candidate which strongly improves IPv6 support.
Release Notes: A number of iptables-save/restore problems with conntrack were fixed. String, ttl, REJECT, and connbytes match. Some gcc-4 warnings were fixed. Support was added for ip6tables state and conntrack and connmark extensions. Support for new policy match was added. A major manpage update was done.
Release Notes: This release fixes a use-after-free error, support for SNAT and DNAT of ICMP ID ranges, and numerous gcc 4 compiler warnings. It adds support for the upcoming (kernel-2.6.14) NFQUEUE target. The man page has been updated.
Release Notes: This release fixes iptables save/restore for a number of extensions, adds many missing man page snippets, fixes rule deletion in certain cases, and has more sanity checking of user input.
Release Notes: This release fixes CLUSTERIP rule deletion, libip6t_random compilation, and CONNMARK on 32-bit user space / 64-bit kernel architectures. It makes sure that the order of chains in the listing is the same as it was in the 1.2.x releases.
Release Notes: libiptc was rewritten, which greatly speeds up ruleset load time. Numerous bugfixes were made, especially to iptables-save/restore. A compile option to build a multi-call binary for embedded systems was added.
Release Notes: This version requires kernel 2.4.4 or higher and recommends 2.4.18 or higher.
Release Notes: Memory leaks were fixed in ip(6)tables-save/restore. The printout of odd length netmasks was fixed in ip6tables. iptables-save now works properly with condition match, fuzzy match, (inverted) MAC match, the LOG target, and mport match. Invalid port ranges are now checked for by ip6tables UDP match. The ipq_id_t definition in libipq was fixed on "real" 64bit/64bit architectures. Endianness bugs related to ipv6_prefix_length in libip6tc were fixed.