Product SiteDocumentation Site

1.87. iptables

1.87.1. RHBA-2009:1414: bug fix and enhancement update

Updated iptables packages that fix several bugs and add an enhancement are now available.
The iptables utility controls the network packet filtering code in the Linux kernel.
These updated iptables packages provide the following enhancement:
  • while its IPv4 counterpart was present, the Differentiated Services Code Point (DSCP) match target for IPv6 was missing. Two new modules, one for iptables and a separate one for the Linux kernel, now enable this functionality.

    Note

    along with this iptables update, the kernel update for Red Hat Enterprise Linux 5.4 must be installed, and the system must be rebooted, in order to enable Differentiated Services Code Point (DSCP) match target functionality for IPv6. (BZ#480371)
In addition, these updated iptables packages provide fixes for the following bugs:
  • the init scripts for iptables and ip6tables sometimes exited with incorrect or invalid exit statuses. (BZ#242457)
  • the Internet Control Message Protocol (ICMP) '--reject-with' types did not always work as expected. This has been fixed in these updated packages. (BZ#253014)
  • the iptables-restore(8) man page did not contain descriptions of some of the options that were listed in the program's help information. These information sources for the utility's options have now been synchronized. (BZ#474847)
  • the "ROUTE" section of the iptables(8) man page contained misleading information on certain features that do not exist in the iptables packages. (BZ#485834)
  • the iptables-devel package did not include certain header files, which are now included in the updated package. (BZ#487649)
  • the spec file contained a typo on the the Release line. (BZ#440622)

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.