Softpedia >Linux >System >Networking >Arno's IPTABLES Firewall Script >  Changelog

Arno's IPTABLES Firewall Script Changelog

What's new in Arno's IPTABLES Firewall Script 2.0.1b

Mar 19, 2012
  • This version fixes RESERVED_NET_DROP, which only worked when RESERVED_NET_LOG was enabled (regression), fixes the installation script, and updates/corrects documentation.

New in Arno's IPTABLES Firewall Script 2.0.1 (Dec 23, 2011)

  • This version removes DNS_FAST_FAIL and RESOLV_IPS, since they are both obsolete.
  • It adds miscellaneous tweaks.

New in Arno's IPTABLES Firewall Script 2.0.0c (Sep 16, 2011)

  • This version calls insserv during configure, when available.
  • This is required, for example, on Debian/Ubuntu systems which use dependency-based booting.
  • It fixes MULTICAST jumping, which should be done at the end of EXT_INPUT_CHAIN, not at the beginning, or users won't be able create "normal" rules for it.
  • It updates several plugins.

New in Arno's IPTABLES Firewall Script 2.0.0 (Nov 19, 2010)

  • Several IPv6 fixes and tweaks.

New in Arno's IPTABLES Firewall Script 1.9.9 RC1 (Oct 29, 2010)

  • Support was added for an optional plugin_restart() function in plugins using a new plugin template.
  • The IDENT environment variable is used for plugins.
  • The IPV6_AUTO_CONFIGURATION variable was added to control autoconf when IP_FORWARDING = 0.
  • The IPV6_OVER_IPV4_SERVER variable was added for the ipv6-over-ipv4 plugin, restricting 6to4 source packets.
  • Miscellaneous tweaks and fixes were done.

New in Arno's IPTABLES Firewall Script 1.9.9 Beta 1 (Oct 12, 2010)

  • full IPv6 support

New in Arno's IPTABLES Firewall Script 1.9.2l (Aug 31, 2010)

  • The sysctl_key() function was implemented and is used for IPv6 detection, which fixes a serious security issue.
  • From now on, all variables are explicitly set for sysctl wildcard variables (like "net.ipv4.conf.*.rp_filter") since newer kernels handle those differently now.
  • The "Blocked Host" feature adds the BLOCK_HOSTS_BIDIRECTIONAL option to specify whether hosts are blocked both inbound and outbound (which is the default) or inbound only.
  • An option was added to enable or disable antispoofing for internal and DMZ nets.
  • An option was added to enable or disable IGMP logging.
  • Miscellaneous tweaks and fixes were made.

New in Arno's IPTABLES Firewall Script 1.9.2k (Apr 14, 2010)

  • Another bugfix update

New in Arno's IPTABLES Firewall Script 1.9.2g (Nov 24, 2009)

  • Another bugfix update

New in Arno's IPTABLES Firewall Script 1.9.2d (Aug 29, 2009)

  • An update of the 1.9 series version of my firewall. Fixing and cleaning up a lot of stuff. Note that in order to use some plugins you need to run this version of my firewall. It also contains a minor security fix (vs. 1.9.0 stable) so anyone is recommended to upgrade asap.

New in Arno's IPTABLES Firewall Script 1.9.2a (Jun 9, 2009)

  • Dropped requirement of the ip binary in the main script

New in Arno's IPTABLES Firewall Script 1.9.1 RC1 (May 20, 2009)

  • Fixed DMZ_LAN_HOST_OPEN_xxx source hosts weren't parsed properly (Thanks to Lonnie Abelbeck)
  • Fixed LOG_HOST_OUTPUT_xxx format error (Thanks to Lonnie Abelbeck)
  • Added local DNAT redirect support (Thanks to Philip Prindeville)
  • Added experimental DMZ-NAT plugin (Thanks to Philip Prindeville)
  • Implemented NAT_PREROUTING_CHAIN, POST_NAT_PREROUTING_CHAIN, NAT_POSTROUTING_CHAIN & POST_NAT_POSTROUTING_CHAIN chains
  • Replaced DMZ_IF_TRUST and INT_IF_TRUST with the new IF_TRUSTS variable. You can use | to create seperate groups of interfaces.
  • We now detect whether iptables (/ip4tables/ip6tables) failed (somewhere) during startup and report this at the end
  • Fixed NAT_FORWARD_IP not working
  • Several fixes/changes in the rule parsers
  • Moved from using the $IPTABLES/$IP4TABLES/$IP6TABLES variables to functions (Thanks Philip Prindeville). This should ie. allow proper tracing.
  • Iptables errors will now be shown in red, to better point them out
  • Implemented some additional chains (for ie. plugin use)
  • Reverted flushing user chains before stopping plugins, it causes disconnections.
  • Several cleanups/optimizations (thanks to Philip Prindeville, Lonnie Abelbeck & Roy Lanek)
  • Major cleanup of functions etc.

New in Arno's IPTABLES Firewall Script 1.9.0b (Mar 3, 2009)

  • Some security issues concerning firewall restart were fixed.
  • An invalid EOL causing blocked hosts to fail was fixed.
  • Invalid sed syntax that caused blocked hosts to fail was corrected.
  • The MAC filter was moved from the main script into a separate plugin.
  • An issue where the OUTPUT policy didn't get applied was fixed.
  • LOG_xxx_INPUT was changed to LOG_INPUT_xxx in the config file.
  • Several plugins were updated.

New in Arno's IPTABLES Firewall Script 1.9.0 (Jan 7, 2009)

  • LAN_INET_HOST_DENY_TCP/UDP was fixed.
  • The timeout/retry values are set to the default for dig functions in the env-file.
  • sysctl was fixed for busybox setups which don't support -q.
  • A sysctl wrapper was implemented for this.
  • A new traffic shaper was added.
  • net.netfilter.nf_conntrack_max was added as an additional sysctl key.
  • AIF:-prefix was added to all LOG messages.
  • Fixes and tweaks were done in the install script.
  • Verbose mode was disabled by default in the init script.
  • Miscellaneous plugin updates were made.

New in Arno's IPTABLES Firewall Script 1.9.0 RC4 (Nov 25, 2008)

  • The hfsc plugin and install script were fixed on Ubuntu./usr/share stuff was moved to /usr/local/share (where it belongs).
  • The DynDNS plugin was updated to 0.23BETA.
  • It now automatically creates/removes the cron job.
  • The Traffic Accounting plugin was updated to 0.2BETA.
  • An incorrect configuration file used for the transparent proxy plugin was fixed.
  • An issue where the installer didn't setup a symlink in /etc/rc* to start the firewall at boot was fixed.
  • An uninstall script was added.
  • There were also miscellaneous tweaks and fixes.
  • Updating your config file is strongly recommended.

New in Arno's IPTABLES Firewall Script 1.8.8o (Sep 3, 2008)

  • LOCAL_CONF_SETTING has been removed.
  • Support for new-generation plugins has been fixed.
  • There are miscellaneous fixes and tweaks.

New in Arno's IPTABLES Firewall Script 1.9.0 RC2 (Sep 3, 2008)

  • A new DynDNS plugin was added to open ports for DynDNS (Internet) hosts.
  • New default policy handling was added for LAN->INET, DMZ->INET, INET->DMZ, etc.
  • The use of source destination IPs with NAT forwards was fixed.
  • A basic install script (install.sh) was implemented.
  • Several functions and variables were moved into a new separate "environment" file.
  • Minor changes and updates were done for plugins. DSL-PPP-modem and transparent-proxy support were moved into a seperate plugin.
  • The default firewall log file was changed to /var/log/firewall.log.