-
Notifications
You must be signed in to change notification settings - Fork 45
/
CHANGELOG.RELEASE
21 lines (20 loc) · 971 Bytes
/
CHANGELOG.RELEASE
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
- 1.7.6-2 | Nov 18 2020:
[New] add iptables locking support with iptables >= 1.4.20; pr #36
IPT_LOCK_SUPPORT
IPT_LOCK_TIMEOUT
[Fix] typos
- 1.7.6-1 | Jun 18 2019:
[New] add mitigation options for TCP SACK Panic vulnerability
SYSCTL_TCP_NOSACK and BLK_TCP_SACK_PANIC added to conf.apf
https://access.redhat.com/security/vulnerabilities/tcpsack
[Change] updated autoconf template
[Change] ignore value of BLK_TCP_SACK_PANIC when SYSCTL_TCP_NOSACK is set
[Change] make init script LSB compliant for use with systemd; pr #26
[Fix] README typos; pr #28
[Fix] flush ip6tables rules on stop/flush if USE_IPV6 enabled; pr #28
[Fix] only the first nameserver in resolv.conf would be whitelisted when
RESV_DNS_DROP is set enabled; issue #25
[Fix] change ipv4.ip_local_port_range to not emmit errors ref:
Marco Padovan <evcz at evcz.tk>
https://access.redhat.com/solutions/2887631
https://www.spinics.net/lists/netdev/msg330895.html