iptables v1.2.8 Changelog
======================================================================
This version requires kernel >= 2.4.4
This version recommends kernel >= 2.4.18

Bugs Fixed from 1.2.7a:

- fix ip6tables-save function of 'length' match
	[ Gerry Skerbitz ]
- fix ip6tables-save function of 'mac' match
	[ Kristian Gronfeldt Sorensen ]
- fix iptables-save function of 'ULOG' target
	[ Jimmy Hedman ]
- fix iptables-save function of 'conntrack' match
	[ Lutz Pressler ]
- fix iptables-save function of 'length' match
	[ Gerry Skerbitz ]
- fix iptables-save function of 'mac' match
	[ Kristian Gronfeldt Sorense ]
- fix iptables-save function of 'mark' match
	[ Harald Welte ]
- fix iptables-save function of 'owner' match
	[ Costa Tsaousis ]
- fix iptables-save function of 'pool' match
	[ Oskar Berggren ]
- fix iptables-save function of 'tcpmss' match
	[ Michael Schwendt ]
- fix iptables-save function of 'tos' match
	[ Harald Welte ]
- fix save/print function of 'connmark' match
	[ Harald Welte ]
- fix error message when invalid TCP flag is specified with 'tcp' match
	[ Aaron Sethman ]

Changes from 1.2.7a:

- updated version of the ROUTE target
	[ Cedric de Launois ]
- updated version of the 'recent' match
	[ Stephen Frost ]
- update the RPC conntrack match, extend it to support filtering on procedures
	[ Ian (Larry) Latter ]
- add support for hexstrings to the 'string' match
	[ Michael Rash ]
- have iptables-restore print the line number in case of an error
	[ Illes Marci ]
- big iptables.8 manpage update
	[ Herve Eychenne ]
- print loglevel human-readable in ip6tables 'LOG' target
	[ Michael Schwendt ]
- print loglevel human-readable in 'LOG' target
	[ Michael Schwendt ]
- remove bogus code from 'ecn' match
	[ Stephane Ouellette ]
- be more specific in help message of 'helper' match
	[ Herve Eychenne ]
- fix semantic problem that '-p icmp -m icmp' was matching icmp type 0 instead
  of 'any'
	[ Harald Welte ]
- fix iptables rename-chain option
	[ Maciej Soltysiak ]
- remove libipulog from iptables since it is distributed with ulogd
	[ Harald Welte ]
- support new ip6tables 'HL' target
	[ Maciej Soltysiak ]
- support new ip6tables 'condition' match
	[ Stephane Ouellette ]
- support new ip6tables 'fuzzy' match
	[ Maciej Soltysiak ]
- support new ip6tables 'hoplimit' match
	[ Maciej Soltysiak ]
- support new iptables 'CLASSIFY' target
	[ unknown ]
- support new iptables TARPIT target
	[ Aaron Hopkins ]
- support new iptables 'condition' match
	[ Stephane Ouellette ]
- support new iptables 'fuzzy' match
	[ Hime Junior ]
- support new iptables 'physdev' match (for 2.5.x bridging)
	[ Bart de Schumyer ]
- support new iptables 'u32' match (based on u32 tc filter)
	[ Don Cohen ]

Please note: As of version 1.2.7a, patch-o-matic is now no longer part of
iptables but rather distributed as a seperate package
(ftp://ftp.netfilter.org/pub/patch-o-matic/)