The IPTables::Parse package provides an interface to parse iptables or ip6tables rules on Linux systems through the direct execution of iptables/ip6tables commands, or from parsing a file that contains an iptables/ip6tables policy listing. Note that the 'firewalld' infrastructure on Fedora21 is also supported through execution of the 'firewall-cmd' binary. By default, the path to iptables is assumed to be '/sbin/iptables', but if the firewall is 'firewalld', then the '/usr/bin/firewall-cmd' is used.
1.610 Nov 2015 15:10
- (Miloslav Trmač) Fixed a vulnerability to not use predictable names for temporary files. This vulnerability would allow an attacker on a multi-user system to set up symlinks to overwrite any file the current user has write access to. If a user manually overrides the temporary file locations with the 'iptout' and 'ipterr' hash keys, it is recommended to not use predictable names either.
- Updated to use the '-w' argument on the iptables command line (a test is performed to see if it is supported). This acquires an exclusive lock on iptables command execution. This can be disable by the user if necessary by setting the new lockless_ipt_exec hash key.