| 1 | = Changelog for 2004 = |
| 2 | |
| 3 | 0.5.59 (2005-01-06) |
| 4 | * Fixed log-level. If was not working in 'iptables-restore'-mode. |
| 5 | * Fixed vuurmuur -C not clearing the UPDLIMIT chain. |
| 6 | * Fixed load_caps sometimes not loading caps correctly. |
| 7 | |
| 8 | 0.5.58 (2005-01-04) |
| 9 | * Added limits for number of new udp 'connections'. |
| 10 | * Updated the helpfile. |
| 11 | * Next to INS, DEL and Fx keys, 'normal' keys can also be used, because on some systems the keys didn't work. |
| 12 | * Fixed bash-output mode. |
| 13 | |
| 14 | 0.5.57 (2005-01-02) |
| 15 | * The parsing on the tcpflags from the log now ignores the logprefix. |
| 16 | * Added ttl info to the logs. |
| 17 | * Vuurmuur can now create rules using iptables-restore, which is much faster, and can apply changes atomicly. |
| 18 | * Big changes to internal data-structures. |
| 19 | * Updated the helpfile. |
| 20 | * Vuurmuur now checks if the iptables targets and matches it needs are available, and loads them if needed. Vuurmuur_conf can show the capabilities. |
| 21 | * Added four new antispoofs: link-local-net, iana reserved 0.0.0.0/8, broadcast source 0.0.0.0/32 and broadcast dest 255.255.255.255. |
| 22 | * Macaddresses with lowercase letters are now also supported. |
| 23 | * Vuurmuur can now check the dynamic interfaces for changes on a configurable interval. |
| 24 | |
| 25 | 0.5.56 (2004-11-20) |
| 26 | * Added the posibility to select only one interface from a network when using portfw and redirect. This is meant for cases where a NAT-firewall has multiple ipaddresses and multiple similar servers behind it. |
| 27 | * Added the posibility to QUEUE instead of ACCEPT when using portfw and redirect. |
| 28 | * Fixed a crash when saving the comment of a group. |
| 29 | * Added support for the AH and ESP protocol so ipsec should be able to pass the firewall. |
| 30 | * Virtual interfaces no longer have 'protect' rules. |
| 31 | * With virtual interfaces, it's now checked if it an oldstyle device like eth0:0 or a normal device with multiple ipaddresses. |
| 32 | |
| 33 | 0.5.55 (2004-11-13) |
| 34 | * Cleanups: removed global var 'debug' from vuurmuur-conf |
| 35 | * Vuurmuur now only reloads changed parts of the config when applying changes |
| 36 | * In the commentfield basic input validation is now performed. |
| 37 | * When reloading the rules, vuurmuur no longer gives an error when the log_policy option is off. |
| 38 | * The broadcast address 255.255.255.255 no longer shows in the log like internet.ext(broadcast). |
| 39 | * Converted the int's in the hashtables to unsigned int's. |
| 40 | * Improved error-checking in the backend. |
| 41 | * Slightly updated the helpfile. |
| 42 | |
| 43 | 0.5.54 (2004-11-04) |
| 44 | * Rules now also can be active and inactive. |
| 45 | * Added support for additional logfiles in the logviewer. |
| 46 | * The name of the logging program is now shown in the log. |
| 47 | * get_mac_address and a few other functions now also takes the size of the buffer as an arg. |
| 48 | * cleanups: removed libvuurmuur_debug, renamed QueryData? to RuleData?, moved read_options to rules.c and renamed it to rules_read_options. |
| 49 | * Totally redesigned the 'protect'-rules. They are no longer a part of the rulesfile, but are connected to the networks and interfaces now. |
| 50 | * Anti-spoofing is now also checked in the FORWARD-chain. |
| 51 | * Fixed a bug where vuurmuur tried (and failed) to create rules for an interface with a dynamic ip, which was down. Thanks voor the report Stanks! |
| 52 | * Add a -C option to Vuurmuur which removes all rules in memory and set default policy to ACCEPT. So it unloads the firewall. |
| 53 | * The 'iptables' command is now first tested before it is used inside vuurmuur. |
| 54 | * The 'vuurmuur' command can now also be loaded without supplying the fullpath. |
| 55 | * Fixed a bug where inserting a new service or interface with a wrong name would still show the name in the list. Thanks voor the report Stanks! |
| 56 | |
| 57 | 0.5.53 (2004-10-30) |
| 58 | * Fixed default policy loglimiting not working |
| 59 | * Improved performance of the Rules Section in Vuurmuur_conf when filter is enabled. |
| 60 | * Fixed changed 'virtual' not being detected when reloading an interface. |
| 61 | * Vuurmuur no longer quits when there are non-fatal warnings in the config. |
| 62 | * Vuurmuur_log now also has a shared memory segment for ipc. Vuurmuur-conf now talks to it. |
| 63 | * Moved 'pipe_command' from vuurmuur to libvuurmuur. |
| 64 | * Cleanups again, this time in Vuurmuur-conf, where a lot of structures were remove from main.h. |
| 65 | * (Maybe) fixed a crash-case in compare_ports in libvuurmuur. |
| 66 | * get_dynamic_ip no longer uses ifconfig, but now ioctl. Thanx for the report Guillaume! |
| 67 | * Added a statusbox to the mainmenu, which displays the status of your firewall (can be disabled). |
| 68 | * Redesigned the 'apply changes' in Vuurmuur_conf. It now has a simple progress indicator. |
| 69 | * Fixed a bug were opening the connections section or the status section when no zones or services were defined caused 'internal error' messages. Thanx for the report Dennis! |
| 70 | |
| 71 | 0.5.52 (2004-10-13) |
| 72 | * Added ruleoption 'loglimit' which limits the number of logs per second for a rule. |
| 73 | * Rules now can have a comment. |
| 74 | * Added a helpfunction. Pressing F12 in most places will popup a help-window. |
| 75 | * When creating a rule, it is now automaticly logged, and a loglimit is set. |
| 76 | * Various parts of the Gui now have 'advanced options' which can be enabled per screen or globally. |
| 77 | * Virtual interfaces (e.g. eth0:0) are now supported. |
| 78 | * The number of loglines in the logviewer can now be configured. Furthermore, HOME and END now work in the logviewer. |
| 79 | * Vuurmuur-conf won't die when the rulesfile or blocklistfile are not found. |
| 80 | * The windows for selecting a ICMP type or code are now no longer saying 'add host'. |
| 81 | * Removed all but one malloc functioncalls from vuurmuur_log |
| 82 | * An installation/upgrading script was added. |
| 83 | * The init.d script now checks the returncode of vuurmuur and vuurmuur_log and now also works with redhat's chkconfig. |
| 84 | * Redesigned the configsection in the ncurses Gui. |
| 85 | |
| 86 | 0.5.51 (2004-09-24) |
| 87 | * Added the logging of the tcpflags to the log, as well as the length of the packet. |
| 88 | * Changed the log so the interface is now shown earlier. |
| 89 | * Fixed bug where you couldn't open the hosts menu is there were not hosts defined yet. |
| 90 | |
| 91 | 0.5.50 (2004-09-23) |
| 92 | * Added a blocklist. This is a list on which you can place ip's, host and groups to be blocked. |
| 93 | * Added synflood protection. |
| 94 | * The logging of all kinds of malicious traffic is now limited to one per sec. |
| 95 | * Fixed a bug that could crash vuurmuur if a zone was added. |
| 96 | * Improved the connectionviewer. |
| 97 | * When applying changes, the config is now also reloaded. |
| 98 | * Paths in the config are now checked. |
| 99 | * Before searching trough the log a check is now done to see if the script can be opened. |
| 100 | |
| 101 | 0.5.49 (2004-08-29) |
| 102 | * Improved/fixed the markiptstate stuff. |
| 103 | * Added a search function in vuurmuur_conf to search trough logs, even the 'rotated' ones. |
| 104 | * In the configfile you no longer need to supply the location of each logfile, but now you just need to tell vuurmuur the directory. |
| 105 | * When creating/editing a rule the rule is now checked for sanety. |
| 106 | * Added some basic checking in the configure scripts. |
| 107 | * Added an scripts_dir option. |
| 108 | * Various code cleanups. |
| 109 | * Fixed a bug where reading a very long hostname or groupname from the backend would fail. |
| 110 | |
| 111 | 0.5.48 (2004-07-31) |
| 112 | * Added 'markiptstate' option to the ruleoptions which adds support for the Snort_inline iptstate-patch by William Metcalf and myself. The patch will probably/hopefully be included in the next release of Snort_inline. |
| 113 | * Cleaned up create_rule more. |
| 114 | * The logprefix field in vuurmuur_conf was too big, adjusted. |
| 115 | * Logging of incoming broadcasts was fixed. |
| 116 | * When creating a QUEUE rule an optional protocol helper is now supported (needs the iptables helper module). In a service the protocol helper (like ip_conntrack_ftp) can be supplied. |
| 117 | * Macaddresses are now also logged in the trafficlog. |
| 118 | |
| 119 | 0.5.47 (2004-07-25) |
| 120 | * Fixed a bug that would crash vuurmuur if it tried to create a rule with a group without members. |
| 121 | * Redirect was fixed. |
| 122 | * The create_rule function was cleaned up |
| 123 | * When forwarding rules are created, ip-forwarding is now automagicly enabled and vice-versa. |
| 124 | * An initscript was added, look in vuurmuur/scripts |
| 125 | * Fixed redirectport option not appearing when selecting the action redirect in the edit_rule window. |
| 126 | * A few cosmetic changes |
| 127 | * In the log a broadcast-address is now shown a networkname(broadcast), like in the connectionssection in vuurmuur_conf |