Firewall-SOSDG/ChangeLog

148 lines
6.1 KiB
Plaintext
Raw Permalink Normal View History

2013-10-16 00:25:01 -06:00
1.1 - Brielle Bruns <bruns@2mbit.com>
- Reorder rules, place allow before block to allow overrides
2014-01-23 10:03:30 -07:00
- Fixes for conntrack rules for better security (added -o/-i)
- Correct some incorrect info in options.default
2013-10-16 00:25:01 -06:00
2012-05-12 17:54:57 -06:00
1.0 - Brielle Bruns <bruns@2mbit.com>
- Minor tweaks to various config files
- Fix issue with tweaks loading
- Version 1.0
2011-03-02 21:02:07 -07:00
0.9.14 - Brielle Bruns <bruns@2mbit.com>
2011-04-10 16:28:45 -06:00
- IPv6 DHCP bypass rules (IPV6_LANDHCPSERVER)
- Move FORWARD Established,Related rules to inside NAT rules, since without NAT,
we're not really going to need to track connections forwarding through the system.
I can probably be proven wrong if you don't use NAT but use the script for stateful
firewalling with non-RFC1918 IPs....
2011-10-28 15:41:09 -06:00
- Cleanup work on code for v1.0
2011-03-02 21:02:07 -07:00
2011-02-18 13:36:13 -07:00
0.9.13 - Brielle Bruns <bruns@2mbit.com>
- Fix location of ipv6 fi statement, moved to end of ipv6 rules
- Add default policy rules and IPV{4|6}_P{INPUT|OUTPUT|FORWARD} options
to control them. Note the difference between BLOCKINCOMING and the PINPUT variable
2011-02-22 11:43:58 -07:00
- Oops, looks like my state match of allowing NEW was undoing the incoming blocks. Fixed.
- IPV4_ALLOWED and IPV6_ALLOWED which will eventually replace TCPPORTS and UDPPORTS
2011-02-18 13:36:13 -07:00
2011-02-09 00:08:51 -07:00
0.9.12 - Brielle Bruns <bruns@2mbit.com>
- Change IPV6_ROUTEDCLIENTBLOCK so you can specify ranges to
block incoming to.
2011-02-12 13:41:43 -07:00
- Add support for allowing IPV6 critical ICMP messages, on by default
- Add support for interception of IPv4 packets, aka transparent proxy
2011-02-18 11:07:01 -07:00
- Add beginning support for error checking of variable inputs, still not functional yet.
- Test if we are using at least bash 3.x, since some of the more advanced features
we are using to make this script work don't work too well with bash < 3.0 or dash.
2011-02-09 00:08:51 -07:00
0.9.11 - Brielle Bruns <bruns@2mbit.com>
- Move some of the config clutter to conf/ - you can
put your config files anywhere, but by default, they're
now going to be in conf/
- Beginning work on configuration tool. If it ever
gets completed is a whole different story. :)
- Option to use state or conntrack module for state tracking.
By default, use conntrack.
- After some research, we seem to not need NEW state match in FORWARD
2010-12-18 15:08:21 -07:00
- Auto detect default gateway interface and IP of interface. Has potential problems
if run before we've got a default interface, so manually define EXTIF to be sure, and
things should be okay. This is mostly for people with dynamic IPs.
2010-10-21 20:06:39 -06:00
0.9.10 - Brielle Bruns <bruns@2mbit.com>
- Move clamp mss up earlier in the rules to possibly
fix an issue I noticed during testing
- Move icmp allow code
- Prevent duplicate icmp allow rules in NAT code
2010-11-12 22:18:03 -07:00
- NETMAP support in NAT code
2010-10-21 20:06:39 -06:00
2010-10-17 23:44:37 -06:00
0.9.9a - Brielle Bruns <bruns@2mbit.com>
- Minor bug fixes for my coding errors introduced in
the change of IPv6 variables
2010-10-13 14:14:46 -06:00
0.9.9 - Brielle Bruns <bruns@2mbit.com>
- Loadable module support during firewall loading
- More init script fixes.
2010-10-13 14:27:41 -06:00
- Non-conntracked DNS reply packets allow options
- Slightly improved IPv6 support to start to bring
it up to par with IPv4 support.
2010-10-13 14:43:20 -06:00
- ipv6 marking support, changed ipv4 to use | instead of :
2010-10-16 13:27:03 -06:00
- Renamed IPV6 variables, please read INSTALL file about conversion of config file
to new format.
2010-10-13 14:14:46 -06:00
2010-10-08 11:10:43 -06:00
0.9.8a - Brielle Bruns <bruns@2mbit.com>
- Fixing executable file permission issues
- Use /bin/bash in initscript cause dash does not recognize
more advanced methods that bash can use. Oops. Easiest
way to keep up to date is to symlink /etc/init.d/firewall-sosdg
to /etc/firewall-sosdg/doc/firewall-sosdg.init
2010-09-29 17:04:48 -06:00
0.9.8 - Brielle Bruns <bruns@2mbit.com>
- Almost at v1.0 quality for my tastes
- BLOCK_(INCOMING/OUTGOING)_RFC1918 options to help sure up security of LAN space leakage
2010-10-01 23:47:58 -06:00
- Changes to LANDHCPSERVER so it accepts interface names, plus a possible fix for win7
hammering DHCP server for unknown reason?
2010-10-05 13:23:37 -06:00
- Cleanups
2010-10-06 10:25:39 -06:00
- No longer display list of blocked IPs, considering if they are
as long as my list is, they'll take 4 pages to display...
2010-10-06 12:23:08 -06:00
- New block file format, much more capable now, thanks to
an hour or two of improving my bash scripting skills to the
point where I can do more complex breakdowns of formats
- Rename blocked to ipv4-blocked since we're going to have
ipv6 support
- ipv6 blocking support. Different format for config file
2010-10-06 14:59:53 -06:00
because IPv6 uses :, which means we get to use | for both
ipv4 and ipv6 (goes against a previous commit)
2010-09-29 17:04:48 -06:00
2010-09-22 20:17:08 -06:00
0.9.7 - Brielle Bruns <bruns@2mbit.com>
- Support for marking packets, uses new config file and
IPv4_MARK file option
2010-09-24 18:30:11 -06:00
- MULTI-NIC-ARP-LOCK hack added, to fix what I consider to be an annoying 'feature' of
arp requests on Linux
- Allow use of multiport iptables module to reduce amount of rules
2010-09-22 20:17:08 -06:00
0.9.6 - Brielle Bruns <bruns@2mbit.com>
- Minor changes to procedures in planning of 1.0
2010-08-23 17:52:12 -06:00
0.9.5 - Brielle Bruns <bruns@2mbit.com>
- Makefile to automate building tarball and for future use
2010-08-26 16:06:32 -06:00
- More changes to port-forwards file to support source IP and external IP (existing
config _will_ be incompatible)
2010-08-23 17:52:12 -06:00
2010-07-26 09:09:39 -06:00
0.9.4 - Brielle Bruns <bruns@2mbit.com>
- Initscript
- stop-firewall for... stopping the firewall!
- Code cleanups
2010-08-20 13:57:25 -06:00
- Use of functions for some processes
2010-08-21 10:54:46 -06:00
- Fix DHCP rule
- Obsoleted NATRANGE, NATEXTIP, NATEXTIF
- Added NAT_RANGE which can take SNAT/MASQ rules
2010-08-21 11:32:08 -06:00
- Changed port forwarding rules to include external interface
2010-07-26 09:09:39 -06:00
0.9.3 - Brielle Bruns <bruns@2mbit.com>
- Misc tweaks and reorg
- Custom command files
2010-06-21 22:34:28 -06:00
0.9 - Brielle Bruns <bruns@2mbit.com>
- Colorize output
- Added outbound port blocking options
2010-05-15 21:41:56 -06:00
0.8 - Brielle Bruns <bruns@2mbit.com>
- IPv6 Connection Tracking fixes
2010-06-19 15:41:27 -06:00
- Strip ECN off of specific outbound packets
2010-05-15 21:41:56 -06:00
0.7 - Brielle Bruns <bruns@2mbit.com>
2010-05-15 11:25:10 -06:00
- MSS Clamp on IPv6
- MSS Fixes, yes, its ugly
- Beginning support for bogons filtering and updater
2010-05-15 11:25:10 -06:00
script. Does not work yet, so don't use.
2009-08-24 21:56:37 -06:00
0.6 - Brielle Bruns <bruns@2mbit.com>
- Fixed some potential ordering issues with NAT
2009-08-29 18:52:40 -06:00
- Added file for blocked IPs, plus new config option
2009-08-24 21:56:37 -06:00
2009-08-23 15:21:42 -06:00
0.5 - Brielle Bruns <bruns@2mbit.com>
- Fixing ipv6 UDP firewalling rules
2009-08-23 16:51:18 -06:00
- Fixing IPv6 client routing block rules
- Added new IPV6LAN interface option
2009-08-23 15:21:42 -06:00
2009-08-20 12:21:56 -06:00
0.4 - Brielle Bruns <bruns@2mbit.com>
- Added support for pre-run commands
- Fixed several bugs with NAT commands