Changes between Initial Version and Version 1 of Changelog2004

09/13/07 23:14:11 (15 years ago)
Victor Julien



  • Changelog2004

    v1 v1  
     1= Changelog for 2004 =
     30.5.59 (2005-01-06)
     4 * Fixed log-level. If was not working in 'iptables-restore'-mode.
     5 * Fixed vuurmuur -C not clearing the UPDLIMIT chain.
     6 * Fixed load_caps sometimes not loading caps correctly.
     80.5.58 (2005-01-04)
     9 * Added limits for number of new udp 'connections'.
     10 * Updated the helpfile.
     11 * Next to INS, DEL and Fx keys, 'normal' keys can also be used, because on some systems the keys didn't work.
     12 * Fixed bash-output mode.
     140.5.57 (2005-01-02)
     15 * The parsing on the tcpflags from the log now ignores the logprefix.
     16 * Added ttl info to the logs.
     17 * Vuurmuur can now create rules using iptables-restore, which is much faster, and can apply changes atomicly.
     18 * Big changes to internal data-structures.
     19 * Updated the helpfile.
     20 * Vuurmuur now checks if the iptables targets and matches it needs are available, and loads them if needed. Vuurmuur_conf can show the capabilities.
     21 * Added four new antispoofs: link-local-net, iana reserved, broadcast source and broadcast dest
     22 * Macaddresses with lowercase letters are now also supported.
     23 * Vuurmuur can now check the dynamic interfaces for changes on a configurable interval.
     250.5.56 (2004-11-20)
     26 * Added the posibility to select only one interface from a network when using portfw and redirect. This is meant for cases where a NAT-firewall has multiple ipaddresses and multiple similar servers behind it.
     27 * Added the posibility to QUEUE instead of ACCEPT when using portfw and redirect.
     28 * Fixed a crash when saving the comment of a group.
     29 * Added support for the AH and ESP protocol so ipsec should be able to pass the firewall.
     30 * Virtual interfaces no longer have 'protect' rules.
     31 * With virtual interfaces, it's now checked if it an oldstyle device like eth0:0 or a normal device with multiple ipaddresses.
     330.5.55 (2004-11-13)
     34 * Cleanups: removed global var 'debug' from vuurmuur-conf
     35 * Vuurmuur now only reloads changed parts of the config when applying changes
     36 * In the commentfield basic input validation is now performed.
     37 * When reloading the rules, vuurmuur no longer gives an error when the log_policy option is off.
     38 * The broadcast address no longer shows in the log like internet.ext(broadcast).
     39 * Converted the int's in the hashtables to unsigned int's.
     40 * Improved error-checking in the backend.
     41 * Slightly updated the helpfile.
     430.5.54 (2004-11-04)
     44 * Rules now also can be active and inactive.
     45 * Added support for additional logfiles in the logviewer.
     46 * The name of the logging program is now shown in the log.
     47 * get_mac_address and a few other functions now also takes the size of the buffer as an arg.
     48 * cleanups: removed libvuurmuur_debug, renamed QueryData? to RuleData?, moved read_options to rules.c and renamed it to rules_read_options.
     49 * Totally redesigned the 'protect'-rules. They are no longer a part of the rulesfile, but are connected to the networks and interfaces now.
     50 * Anti-spoofing is now also checked in the FORWARD-chain.
     51 * Fixed a bug where vuurmuur tried (and failed) to create rules for an interface with a dynamic ip, which was down. Thanks voor the report Stanks!
     52 * Add a -C option to Vuurmuur which removes all rules in memory and set default policy to ACCEPT. So it unloads the firewall.
     53 * The 'iptables' command is now first tested before it is used inside vuurmuur.
     54 * The 'vuurmuur' command can now also be loaded without supplying the fullpath.
     55 * Fixed a bug where inserting a new service or interface with a wrong name would still show the name in the list. Thanks voor the report Stanks!
     570.5.53 (2004-10-30)
     58 * Fixed default policy loglimiting not working
     59 * Improved performance of the Rules Section in Vuurmuur_conf when filter is enabled.
     60 * Fixed changed 'virtual' not being detected when reloading an interface.
     61 * Vuurmuur no longer quits when there are non-fatal warnings in the config.
     62 * Vuurmuur_log now also has a shared memory segment for ipc. Vuurmuur-conf now talks to it.
     63 * Moved 'pipe_command' from vuurmuur to libvuurmuur.
     64 * Cleanups again, this time in Vuurmuur-conf, where a lot of structures were remove from main.h.
     65 * (Maybe) fixed a crash-case in compare_ports in libvuurmuur.
     66 * get_dynamic_ip no longer uses ifconfig, but now ioctl. Thanx for the report Guillaume!
     67 * Added a statusbox to the mainmenu, which displays the status of your firewall (can be disabled).
     68 * Redesigned the 'apply changes' in Vuurmuur_conf. It now has a simple progress indicator.
     69 * Fixed a bug were opening the connections section or the status section when no zones or services were defined caused 'internal error' messages. Thanx for the report Dennis!
     710.5.52 (2004-10-13)
     72 * Added ruleoption 'loglimit' which limits the number of logs per second for a rule.
     73 * Rules now can have a comment.
     74 * Added a helpfunction. Pressing F12 in most places will popup a help-window.
     75 * When creating a rule, it is now automaticly logged, and a loglimit is set.
     76 * Various parts of the Gui now have 'advanced options' which can be enabled per screen or globally.
     77 * Virtual interfaces (e.g. eth0:0) are now supported.
     78 * The number of loglines in the logviewer can now be configured. Furthermore, HOME and END now work in the logviewer.
     79 * Vuurmuur-conf won't die when the rulesfile or blocklistfile are not found.
     80 * The windows for selecting a ICMP type or code are now no longer saying 'add host'.
     81 * Removed all but one malloc functioncalls from vuurmuur_log
     82 * An installation/upgrading script was added.
     83 * The init.d script now checks the returncode of vuurmuur and vuurmuur_log and now also works with redhat's chkconfig.
     84 * Redesigned the configsection in the ncurses Gui.
     860.5.51 (2004-09-24)
     87 * Added the logging of the tcpflags to the log, as well as the length of the packet.
     88 * Changed the log so the interface is now shown earlier.
     89 * Fixed bug where you couldn't open the hosts menu is there were not hosts defined yet.
     910.5.50 (2004-09-23)
     92 * Added a blocklist. This is a list on which you can place ip's, host and groups to be blocked.
     93 * Added synflood protection.
     94 * The logging of all kinds of malicious traffic is now limited to one per sec.
     95 * Fixed a bug that could crash vuurmuur if a zone was added.
     96 * Improved the connectionviewer.
     97 * When applying changes, the config is now also reloaded.
     98 * Paths in the config are now checked.
     99 * Before searching trough the log a check is now done to see if the script can be opened.
     1010.5.49 (2004-08-29)
     102 * Improved/fixed the markiptstate stuff.
     103 * Added a search function in vuurmuur_conf to search trough logs, even the 'rotated' ones.
     104 * In the configfile you no longer need to supply the location of each logfile, but now you just need to tell vuurmuur the directory.
     105 * When creating/editing a rule the rule is now checked for sanety.
     106 * Added some basic checking in the configure scripts.
     107 * Added an scripts_dir option.
     108 * Various code cleanups.
     109 * Fixed a bug where reading a very long hostname or groupname from the backend would fail.
     1110.5.48 (2004-07-31)
     112 * Added 'markiptstate' option to the ruleoptions which adds support for the Snort_inline iptstate-patch by William Metcalf and myself. The patch will probably/hopefully be included in the next release of Snort_inline.
     113 * Cleaned up create_rule more.
     114 * The logprefix field in vuurmuur_conf was too big, adjusted.
     115 * Logging of incoming broadcasts was fixed.
     116 * When creating a QUEUE rule an optional protocol helper is now supported (needs the iptables helper module). In a service the protocol helper (like ip_conntrack_ftp) can be supplied.
     117 * Macaddresses are now also logged in the trafficlog.
     1190.5.47 (2004-07-25)
     120 * Fixed a bug that would crash vuurmuur if it tried to create a rule with a group without members.
     121 * Redirect was fixed.
     122 * The create_rule function was cleaned up
     123 * When forwarding rules are created, ip-forwarding is now automagicly enabled and vice-versa.
     124 * An initscript was added, look in vuurmuur/scripts
     125 * Fixed redirectport option not appearing when selecting the action redirect in the edit_rule window.
     126 * A few cosmetic changes
     127 * In the log a broadcast-address is now shown a networkname(broadcast), like in the connectionssection in vuurmuur_conf