Sanewall Changelog

New in version 1.1.5

August 20th, 2013
  • Uses flock(1) instead of lockfile(1), since util-linux should be more commonly installed than procmail and it works much better than the built-in function.
  • Fixes IPv4/IPv6 detection for older versions of iptables(8).
  • Many minor improvements and cleanups.

New in version 1.1.4 (July 8th, 2013)

  • "sanewall save" now creates two files, which is what most init systems expect.
  • "sanewall status" now identifies which blocks are IPv6 or IPv4.
  • "sanewall condrestart" now follows convention by only restarting if already running.
  • Various programs and files are now detected at configure-time rather than run-time.

New in version 1.1.3 (June 7th, 2013)

  • This version fixes IPv4/IPv6 auto-detection so it is not confused by VLAN interface names such as eth0.22.

New in version 1.1.2 (May 13th, 2013)

  • Fixes kernel version detection per 1.0.2.
  • The configure script makes sanewall executable.
  • The unconfigured sanewall.in issues a warning when it is run directly.
  • The configure script now sets /usr/local/etc as the location for Sanewall to look in as well as store configuration files in if --sysconfdir is not given, solving bug 78.
  • There is a switch to enable debug output.
  • Handles domain names that refer to records that are IPv4, IPv6, or both.
  • Fixes protection against direct use of /sbin/iptables and /sbin/ip6tables that was broken from 1.1.0.

New in version 1.1.1 (May 8th, 2013)

  • When startup fails, both IPv4 and IPv6 firewalls are correctly restored.
  • A regression test framework has been added.
  • This release fixes the "mac" helper command for versions of iptables 1.4.12+ per 1.0.1, and also prevents MAC addresses being seen as IPv6 addresses.