wiki:Changelog2004

Changelog for 2004

0.5.59 (2005-01-06)

  • Fixed log-level. If was not working in 'iptables-restore'-mode.
  • Fixed vuurmuur -C not clearing the UPDLIMIT chain.
  • Fixed load_caps sometimes not loading caps correctly.

0.5.58 (2005-01-04)

  • Added limits for number of new udp 'connections'.
  • Updated the helpfile.
  • Next to INS, DEL and Fx keys, 'normal' keys can also be used, because on some systems the keys didn't work.
  • Fixed bash-output mode.

0.5.57 (2005-01-02)

  • The parsing on the tcpflags from the log now ignores the logprefix.
  • Added ttl info to the logs.
  • Vuurmuur can now create rules using iptables-restore, which is much faster, and can apply changes atomicly.
  • Big changes to internal data-structures.
  • Updated the helpfile.
  • Vuurmuur now checks if the iptables targets and matches it needs are available, and loads them if needed. Vuurmuur_conf can show the capabilities.
  • Added four new antispoofs: link-local-net, iana reserved 0.0.0.0/8, broadcast source 0.0.0.0/32 and broadcast dest 255.255.255.255.
  • Macaddresses with lowercase letters are now also supported.
  • Vuurmuur can now check the dynamic interfaces for changes on a configurable interval.

0.5.56 (2004-11-20)

  • Added the posibility to select only one interface from a network when using portfw and redirect. This is meant for cases where a NAT-firewall has multiple ipaddresses and multiple similar servers behind it.
  • Added the posibility to QUEUE instead of ACCEPT when using portfw and redirect.
  • Fixed a crash when saving the comment of a group.
  • Added support for the AH and ESP protocol so ipsec should be able to pass the firewall.
  • Virtual interfaces no longer have 'protect' rules.
  • With virtual interfaces, it's now checked if it an oldstyle device like eth0:0 or a normal device with multiple ipaddresses.

0.5.55 (2004-11-13)

  • Cleanups: removed global var 'debug' from vuurmuur-conf
  • Vuurmuur now only reloads changed parts of the config when applying changes
  • In the commentfield basic input validation is now performed.
  • When reloading the rules, vuurmuur no longer gives an error when the log_policy option is off.
  • The broadcast address 255.255.255.255 no longer shows in the log like internet.ext(broadcast).
  • Converted the int's in the hashtables to unsigned int's.
  • Improved error-checking in the backend.
  • Slightly updated the helpfile.

0.5.54 (2004-11-04)

  • Rules now also can be active and inactive.
  • Added support for additional logfiles in the logviewer.
  • The name of the logging program is now shown in the log.
  • get_mac_address and a few other functions now also takes the size of the buffer as an arg.
  • cleanups: removed libvuurmuur_debug, renamed QueryData?? to RuleData??, moved read_options to rules.c and renamed it to rules_read_options.
  • Totally redesigned the 'protect'-rules. They are no longer a part of the rulesfile, but are connected to the networks and interfaces now.
  • Anti-spoofing is now also checked in the FORWARD-chain.
  • Fixed a bug where vuurmuur tried (and failed) to create rules for an interface with a dynamic ip, which was down. Thanks voor the report Stanks!
  • Add a -C option to Vuurmuur which removes all rules in memory and set default policy to ACCEPT. So it unloads the firewall.
  • The 'iptables' command is now first tested before it is used inside vuurmuur.
  • The 'vuurmuur' command can now also be loaded without supplying the fullpath.
  • Fixed a bug where inserting a new service or interface with a wrong name would still show the name in the list. Thanks voor the report Stanks!

0.5.53 (2004-10-30)

  • Fixed default policy loglimiting not working
  • Improved performance of the Rules Section in Vuurmuur_conf when filter is enabled.
  • Fixed changed 'virtual' not being detected when reloading an interface.
  • Vuurmuur no longer quits when there are non-fatal warnings in the config.
  • Vuurmuur_log now also has a shared memory segment for ipc. Vuurmuur-conf now talks to it.
  • Moved 'pipe_command' from vuurmuur to libvuurmuur.
  • Cleanups again, this time in Vuurmuur-conf, where a lot of structures were remove from main.h.
  • (Maybe) fixed a crash-case in compare_ports in libvuurmuur.
  • get_dynamic_ip no longer uses ifconfig, but now ioctl. Thanx for the report Guillaume!
  • Added a statusbox to the mainmenu, which displays the status of your firewall (can be disabled).
  • Redesigned the 'apply changes' in Vuurmuur_conf. It now has a simple progress indicator.
  • Fixed a bug were opening the connections section or the status section when no zones or services were defined caused 'internal error' messages. Thanx for the report Dennis!

0.5.52 (2004-10-13)

  • Added ruleoption 'loglimit' which limits the number of logs per second for a rule.
  • Rules now can have a comment.
  • Added a helpfunction. Pressing F12 in most places will popup a help-window.
  • When creating a rule, it is now automaticly logged, and a loglimit is set.
  • Various parts of the Gui now have 'advanced options' which can be enabled per screen or globally.
  • Virtual interfaces (e.g. eth0:0) are now supported.
  • The number of loglines in the logviewer can now be configured. Furthermore, HOME and END now work in the logviewer.
  • Vuurmuur-conf won't die when the rulesfile or blocklistfile are not found.
  • The windows for selecting a ICMP type or code are now no longer saying 'add host'.
  • Removed all but one malloc functioncalls from vuurmuur_log
  • An installation/upgrading script was added.
  • The init.d script now checks the returncode of vuurmuur and vuurmuur_log and now also works with redhat's chkconfig.
  • Redesigned the configsection in the ncurses Gui.

0.5.51 (2004-09-24)

  • Added the logging of the tcpflags to the log, as well as the length of the packet.
  • Changed the log so the interface is now shown earlier.
  • Fixed bug where you couldn't open the hosts menu is there were not hosts defined yet.

0.5.50 (2004-09-23)

  • Added a blocklist. This is a list on which you can place ip's, host and groups to be blocked.
  • Added synflood protection.
  • The logging of all kinds of malicious traffic is now limited to one per sec.
  • Fixed a bug that could crash vuurmuur if a zone was added.
  • Improved the connectionviewer.
  • When applying changes, the config is now also reloaded.
  • Paths in the config are now checked.
  • Before searching trough the log a check is now done to see if the script can be opened.

0.5.49 (2004-08-29)

  • Improved/fixed the markiptstate stuff.
  • Added a search function in vuurmuur_conf to search trough logs, even the 'rotated' ones.
  • In the configfile you no longer need to supply the location of each logfile, but now you just need to tell vuurmuur the directory.
  • When creating/editing a rule the rule is now checked for sanety.
  • Added some basic checking in the configure scripts.
  • Added an scripts_dir option.
  • Various code cleanups.
  • Fixed a bug where reading a very long hostname or groupname from the backend would fail.

0.5.48 (2004-07-31)

  • Added 'markiptstate' option to the ruleoptions which adds support for the Snort_inline iptstate-patch by William Metcalf and myself. The patch will probably/hopefully be included in the next release of Snort_inline.
  • Cleaned up create_rule more.
  • The logprefix field in vuurmuur_conf was too big, adjusted.
  • Logging of incoming broadcasts was fixed.
  • When creating a QUEUE rule an optional protocol helper is now supported (needs the iptables helper module). In a service the protocol helper (like ip_conntrack_ftp) can be supplied.
  • Macaddresses are now also logged in the trafficlog.

0.5.47 (2004-07-25)

  • Fixed a bug that would crash vuurmuur if it tried to create a rule with a group without members.
  • Redirect was fixed.
  • The create_rule function was cleaned up
  • When forwarding rules are created, ip-forwarding is now automagicly enabled and vice-versa.
  • An initscript was added, look in vuurmuur/scripts
  • Fixed redirectport option not appearing when selecting the action redirect in the edit_rule window.
  • A few cosmetic changes
  • In the log a broadcast-address is now shown a networkname(broadcast), like in the connectionssection in vuurmuur_conf
Last modified 11 years ago Last modified on 09/13/07 23:14:11