git: 31a3c72d15 - main - 12.4 Release notes: Improve ipfilter entry

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lorenzo Salvadore <salvadore_at_FreeBSD.org>
Date: Sun, 20 Nov 2022 18:23:17 UTC
The branch main has been updated by salvadore (ports committer):

URL: https://cgit.FreeBSD.org/doc/commit/?id=31a3c72d1538aafdbfabf899b29f7f274fe11f9c

commit 31a3c72d1538aafdbfabf899b29f7f274fe11f9c
Author:     Lorenzo Salvadore <salvadore@FreeBSD.org>
AuthorDate: 2022-11-20 18:11:42 +0000
Commit:     Lorenzo Salvadore <salvadore@FreeBSD.org>
CommitDate: 2022-11-20 18:14:14 +0000

    12.4 Release notes: Improve ipfilter entry
    
    - Split entry into multiple entries sorted chronologically by commit
      date and remove generic assertion about more unspecified
      improvements.
    - Add gitref notes.
    
    Approved by:    re (gjb, implicit)
---
 website/content/en/releases/12.4R/relnotes.adoc | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/website/content/en/releases/12.4R/relnotes.adoc b/website/content/en/releases/12.4R/relnotes.adoc
index 0ec8525469..d8d824e3fc 100644
--- a/website/content/en/releases/12.4R/relnotes.adoc
+++ b/website/content/en/releases/12.4R/relnotes.adoc
@@ -444,8 +444,15 @@ The man:dummynet[4] system facility had a bug regarding the validation of the le
 gitref:3f22f161b936b6279a68d6e9439b30f2abb50cad[repository=src]
 {{< sponsored "The FreeBSD Foundation" >}}
 
-The man:ipfilter[4] packet filter added the `SDT` and `DT5` man:dtrace[1] probes. It now has the ability to dump a copy of ippool in ippool.conf format.
-From now on, to improve security, man:ipfilter[4] only allows jails to manipulate ipfilter rules, NAT tables, and ippools if the jail has its own VNET. A number of other improvements have been implemented.
+The man:ipfilter[4] packet filter added the `DT5` and `SDT` man:dtrace[1] probes.
+gitref:67b86b71c19ce44dd98cd63f6f684354cd0f351e[repository=src]
+gitref:09aa9a1f82bfccfd7e87dcf7f2bf055d2c137b52[repository=src]
+
+From now on, to improve security, man:ipfilter[4] only allows jails to manipulate ipfilter rules, NAT tables, and ippools if the jail has its own VNET.
+gitref:ed86cf0121f9a28e754f605c5be6c6576cde6c64[repository=src]
+
+The man:ipfilter[4] packet filter has now the ability to dump a copy of ippool in ippool.conf format.
+gitref:95dfabe85a544f77c926ce799442da5c1ff05756[repository=src]
 
 The man:netmap[4] framework had a fix for a TOCTOU vulnerability as well as a bug regarding an integer overflow.
 ////