Changes between Version 1 and Version 2 of Changelog


Ignore:
Timestamp:
09/13/07 23:03:06 (14 years ago)
Author:
Victor Julien
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Changelog

    v1 v2  
    22
    330.5.73 alpha 7 (2007-09-08)
    4 Memory problems (corruption & leaks) in the connection viewer were fixed.
    5 Russian translation updated by Alex.
     4 * Memory problems (corruption & leaks) in the connection viewer were fixed.
     5 * Russian translation updated by Alex.
    66
    770.5.73 alpha 6 (2007-09-01)
    8 Add a separate message for when a user wants to apply changes when the Vuurmuur daemon is not running.
    9 Add support for conntack 'unknown' lines with unreplied state.
     8 * Add a separate message for when a user wants to apply changes when the Vuurmuur daemon is not running.
     9 * Add support for conntack 'unknown' lines with unreplied state.
    1010
    11110.5.73 alpha 5 (2007-08-23)
    12 Fix in_int and out_int not working in rules from and to the firewall. Thanks for reporting Jorijn.
    13 Updated Dutch translation.
     12 * Fix in_int and out_int not working in rules from and to the firewall. Thanks for reporting Jorijn.
     13 * Updated Dutch translation.
    1414
    15150.5.73 alpha 4 (2007-07-22)
    16 Add the option to limit rules per minute, hour and day.
    17 Allow limit option for all rules.
    18 Fix for the prevention of duplicate NFQUEUE rules.
    19 Make sure only one set of rules is created per queue number in the NFQUEUE chains. This prevents lot's of unneeded and uneffective rules.
     16 * Add the option to limit rules per minute, hour and day.
     17 * Allow limit option for all rules.
     18 * Fix for the prevention of duplicate NFQUEUE rules.
     19 * Make sure only one set of rules is created per queue number in the NFQUEUE chains. This prevents lot's of unneeded and uneffective rules.
    2020
    21210.5.73 alpha 3 (2007-06-01)
    22 Added support for NFQUEUE
    23 Fixed loading of modules and checking of capabilities on more recent systems.
    24 Removed the obsolete markiptstate option.
     22 * Added support for NFQUEUE
     23 * Fixed loading of modules and checking of capabilities on more recent systems.
     24 * Removed the obsolete markiptstate option.
    2525
    26260.5.73 alpha 2 (2007-01-21)
    27 Fixed the killing of grouped connections.
    28 Fixed the Debian initscript for systems not linking /bin/sh to /bin/bash
     27 * Fixed the killing of grouped connections.
     28 * Fixed the Debian initscript for systems not linking /bin/sh to /bin/bash
    2929
    30300.5.73 alpha 1 (2007-01-08)
    31 Fixed the killing of DNAT/PORTFW connections.
     31 * Fixed the killing of DNAT/PORTFW connections.
    3232
    33330.5.72 (2007-01-05)
    34 No changes since alpha7.
     34 * No changes since alpha7.
    3535
    36360.5.72 alpha 7 (2006-12-23)
    37 Hide 'wait window' after the logmanagement was called on an empty logviewer.
    38 Updated Russian translation.
    39 Make grouplist window wider so long names work correctly.
     37 * Hide 'wait window' after the logmanagement was called on an empty logviewer.
     38 * Updated Russian translation.
     39 * Make grouplist window wider so long names work correctly.
    4040
    41410.5.72 alpha 6 (2006-12-15)
    42 Added a work-around to the install script for issues with older versions of automake and newer versions of gettext.
    43 Make a few cosmetic changes to Vuurmuur_conf
    44 Updated Russian (thanx Alex!) and Dutch translations.
     42 * Added a work-around to the install script for issues with older versions of automake and newer versions of gettext.
     43 * Make a few cosmetic changes to Vuurmuur_conf
     44 * Updated Russian (thanx Alex!) and Dutch translations.
    4545
    46460.5.72 alpha 5 (2006-11-18)
    47 Fixed a 'post error' for the log- and connection management.
    48 The top menu is now properly restored after the log management has been used.
    49 Added a wait-window for loading the log management.
    50 Addition of a new string creation function, one that allows limiting the length.
    51 Update helpfile for connection and log management.
    52 Add support for help in the code for the log and connection management.
    53 Small cosmetic manpage updates by Alex.
    54 Fix connection killing for unknown objects. Handle filtered connections and logs better.
    55 NL translation update.
    56 Updated pt_BR translation by Hugo
     47 * Fixed a 'post error' for the log- and connection management.
     48 * The top menu is now properly restored after the log management has been used.
     49 * Added a wait-window for loading the log management.
     50 * Addition of a new string creation function, one that allows limiting the length.
     51 * Update helpfile for connection and log management.
     52 * Add support for help in the code for the log and connection management.
     53 * Small cosmetic manpage updates by Alex.
     54 * Fix connection killing for unknown objects. Handle filtered connections and logs better.
     55 * NL translation update.
     56 * Updated pt_BR translation by Hugo
    5757
    58580.5.72.alpha 4 (2006-11-07)
    59 Connection viewer will now also do reverse lookup of the service name if the service is unrecognized. This matches the behaviour of vuurmuur_log.
    60 Don't set an inactive rule to active because the 'in_int' is active.
    61 Don't show 'kill this connection' for DROP and REJECT logs.
    62 Added nicer error message for removal failure of a non-empty zone. Fixed connection killing when the connection viewer was set to grouping.
    63 Fixed new parts of the gui not being translatable. Updated Russian translation.
     59 * Connection viewer will now also do reverse lookup of the service name if the service is unrecognized. This matches the behaviour of vuurmuur_log.
     60 * Don't set an inactive rule to active because the 'in_int' is active.
     61 * Don't show 'kill this connection' for DROP and REJECT logs.
     62 * Added nicer error message for removal failure of a non-empty zone. Fixed connection killing when the connection viewer was set to grouping.
     63 * Fixed new parts of the gui not being translatable. Updated Russian translation.
    6464
    65650.5.72.alpha 3 (2006-10-31)
    66 Extended the connection management GUI to the logviewer.
    67 Applied patch by Alerandre SIMON that adds pre vuurmuur chains to all tables.
     66 * Extended the connection management GUI to the logviewer.
     67 * Applied patch by Alerandre SIMON that adds pre vuurmuur chains to all tables.
    6868
    69690.5.72.alpha 2 (2006-09-03)
    70 Switched SCM from Bazaar 1.4 to Bazaar-NG 0.8.
    71 Changed page up and page down behaviour in logview. It now scrolls an entire page instead of just 1/3.
    72 Prepared support for pre-vuurmuur chains in non-filter tables.
    73 Cosmetic updates to connection management.
    74 Updated nl and ru translations.
     70 * Switched SCM from Bazaar 1.4 to Bazaar-NG 0.8.
     71 * Changed page up and page down behaviour in logview. It now scrolls an entire page instead of just 1/3.
     72 * Prepared support for pre-vuurmuur chains in non-filter tables.
     73 * Cosmetic updates to connection management.
     74 * Updated nl and ru translations.
    7575
    76760.5.72 alpha 1 (2006-08-16)
    77 Add a function to the library to search an interface by its ip address.
    78 Don't try to open a plugin if the plugin name is not set.
    79 Don't use the mac addres in the postrouting rule for the bounce action since it makes the ruleset fail.
    80 Dhcp rules fixes and cleanups.
    81 Add support for pre-vuurmuur chains. Patch and idea by Alexandre Simon.
    82 Replace all strcpy calls with memset and strlcpy just to be sure, although there was no real risk.
    83 Added initial version of new gui abstraction functions, still in development.
    84 Added connection killing option to the connection viewer. Needs the conntrack tool.
     77 * Add a function to the library to search an interface by its ip address.
     78 * Don't try to open a plugin if the plugin name is not set.
     79 * Don't use the mac addres in the postrouting rule for the bounce action since it makes the ruleset fail.
     80 * Dhcp rules fixes and cleanups.
     81 * Add support for pre-vuurmuur chains. Patch and idea by Alexandre Simon.
     82 * Replace all strcpy calls with memset and strlcpy just to be sure, although there was no real risk.
     83 * Added initial version of new gui abstraction functions, still in development.
     84 * Added connection killing option to the connection viewer. Needs the conntrack tool.
    8585
    86860.5.71 (2006-04-30)
    87 No changes since 0.5.71 alpha 5.
     87 * No changes since 0.5.71 alpha 5.
    8888
    89890.5.71 alpha 5 (2006-04-28)
    90 Hide mark option for SNAT, DNAT and MASQ. Show listen- and remoteport options for DNAT.
    91 Fix a race condition where a logline that was to big caused vuurmuur_log and vuurmuur_conf to keep retrying to read it.
    92 Fix showing traffic volume for the previous month.
     90 * Hide mark option for SNAT, DNAT and MASQ. Show listen- and remoteport options for DNAT.
     91 * Fix a race condition where a logline that was to big caused vuurmuur_log and vuurmuur_conf to keep retrying to read it.
     92 * Fix showing traffic volume for the previous month.
    9393
    94940.5.71 alpha 4 (2006-04-21)
    95 Add anti-spoof and bad packet checks also to outgoing traffic. Bad packet checks are now also enforced for incoming forwarded traffic.
    96 Updated Russian translation.
    97 Small cosmetic fixes.
     95 * Add anti-spoof and bad packet checks also to outgoing traffic. Bad packet checks are now also enforced for incoming forwarded traffic.
     96 * Updated Russian translation.
     97 * Small cosmetic fixes.
    9898
    99990.5.71 alpha 3 (2006-04-18)
    100 fix a crash in setting up the rule description when not in bash mode
    101 changed the way it is prevented that multiple identical iptables are created for one vuurmuur rule. This is especially relevant for setups with many virtual interfaces.
    102 more topmenu changes
    103 updated Russian translation by Alex.
    104 made the description in the helpfile of the via-option more clear. Thanx for the suggestion Alex.
    105 hide (more) indication on an empty ruleslist
    106 added a translatable check and warning for the presence of the via-option when using the bounce action and the redirectport option for the redirect action.
     100 * fix a crash in setting up the rule description when not in bash mode
     101 * changed the way it is prevented that multiple identical iptables are created for one vuurmuur rule. This is especially relevant for setups with many virtual interfaces.
     102 * more topmenu changes
     103 * updated Russian translation by Alex.
     104 * made the description in the helpfile of the via-option more clear. Thanx for the suggestion Alex.
     105 * hide (more) indication on an empty ruleslist
     106 * added a translatable check and warning for the presence of the via-option when using the bounce action and the redirectport option for the redirect action.
    107107
    1081080.5.71 alpha 2 (2006-04-15)
    109 add build script for creating slackware package. By Nicolas Dejardin.
    110 separator rules are now also printed in the bash output mode
    111 fix capabilities checking on kernel 2.6.16 with the xt_tcpudp module.
    112 dont save log option for separator rule
    113 fix dhcp-server rules. Thanks to Danny for the patch and the report.
    114 fix rule numbers in bash out sometimes being wrong.
    115 fix renaming an interface would not update in_int and out_int options in rules. Also via_int is now also updated.
    116 fix error when adding a host to a network that has no network address and/or netmask set.
    117 fixed the try-load-modules-question not being displayed right on a 80-column screen.
    118 fix wrong titles and topmenu being shown in log selection dialog.
    119 fix portfw and bounce not looking yellow in the logviewer
    120 updated translations for Russian, French and Brazilian Portuguese! Thanx to Alex, Nicolas and Hugo.
    121 add descriptions for new actions to helpfile
     109 * add build script for creating slackware package. By Nicolas Dejardin.
     110 * separator rules are now also printed in the bash output mode
     111 * fix capabilities checking on kernel 2.6.16 with the xt_tcpudp module.
     112 * dont save log option for separator rule
     113 * fix dhcp-server rules. Thanks to Danny for the patch and the report.
     114 * fix rule numbers in bash out sometimes being wrong.
     115 * fix renaming an interface would not update in_int and out_int options in rules. Also via_int is now also updated.
     116 * fix error when adding a host to a network that has no network address and/or netmask set.
     117 * fixed the try-load-modules-question not being displayed right on a 80-column screen.
     118 * fix wrong titles and topmenu being shown in log selection dialog.
     119 * fix portfw and bounce not looking yellow in the logviewer
     120 * updated translations for Russian, French and Brazilian Portuguese! Thanx to Alex, Nicolas and Hugo.
     121 * add descriptions for new actions to helpfile
    122122
    1231230.5.71 alpha 1 (2006-04-10)
    124 Added a description to the Debian default file.
    125 Added a separate DNAT action, which acts like the PORTFW action, but it creates rules in the nat table only. In the logs PORTFW rules now say 'PORTFW' instead of 'DNAT'.
    126 Added a new action 'Bounce'. Bounce solves the problem that it isn't it possible to access NATed services by the public IP address from LAN. Normally this should be solved on dns-level, but that is not always possible in every environment.
    127 Fixed a problem with rules from a group to the firewall where the firewall has more than one interface in the groups network.
    128 Fixed two cosmetic issues in vuurmuur_conf.
     124 * Added a description to the Debian default file.
     125 * Added a separate DNAT action, which acts like the PORTFW action, but it creates rules in the nat table only. In the logs PORTFW rules now say 'PORTFW' instead of 'DNAT'.
     126 * Added a new action 'Bounce'. Bounce solves the problem that it isn't it possible to access NATed services by the public IP address from LAN. Normally this should be solved on dns-level, but that is not always possible in every environment.
     127 * Fixed a problem with rules from a group to the firewall where the firewall has more than one interface in the groups network.
     128 * Fixed two cosmetic issues in vuurmuur_conf.
    129129
    1301300.5.70 (2006-03-29)
    131 Fix small issue with 'Mark IptState' toggle in Edit Rule window.
    132 Fix typo in error message in Debian initscript.
     131 * Fix small issue with 'Mark IptState' toggle in Edit Rule window.
     132 * Fix typo in error message in Debian initscript.
    133133
    1341340.5.70 alpha 8 (2006-03-27)
    135 Fix scrolling issue in vuurmuur_conf logview.
    136 Fix log parsing issues on Ubuntu Breezy and with some syslog-ng setups.
    137 Fix portfw and redirect not using NEWACCEPT for rules in filter table.
     135 * Fix scrolling issue in vuurmuur_conf logview.
     136 * Fix log parsing issues on Ubuntu Breezy and with some syslog-ng setups.
     137 * Fix portfw and redirect not using NEWACCEPT for rules in filter table.
    138138
    1391390.5.70 alpha 7 (2006-03-12)
    140 Fix interface filters for rules with both firewall and any in them.
    141 fix wrong d_list_append calls
    142 fixed a few memoryleaks in vuurmuur_script
    143 add option --list-devices to vuurmuur_script so we can list the devices _and_ their ipaddresses in the wizard which will be created for 0.5.71. The ip command can also do this but on many systems it is not installed by default. The ifconfig command has different output with different localizations, which has bitten me in the past...
     140 * Fix interface filters for rules with both firewall and any in them.
     141 * fix wrong d_list_append calls
     142 * fixed a few memoryleaks in vuurmuur_script
     143 * add option --list-devices to vuurmuur_script so we can list the devices _and_ their ipaddresses in the wizard which will be created for 0.5.71. The ip command can also do this but on many systems it is not installed by default. The ifconfig command has different output with different localizations, which has bitten me in the past...
    144144splint fixes for textdir
    145 Show interfaces in the right order in interface filter selection (was in reverse order).
    146 updated Russian translation by Alex.
    147 fix an error in status window with getting system load.
    148 Filter window is now also translateble.
    149 Updated Dutch translation.
    150 Small cosmetic fix to status screen to indicate that memory is in megabytes.
     145 * Show interfaces in the right order in interface filter selection (was in reverse order).
     146 * updated Russian translation by Alex.
     147 * fix an error in status window with getting system load.
     148 * Filter window is now also translateble.
     149 * Updated Dutch translation.
     150 * Small cosmetic fix to status screen to indicate that memory is in megabytes.
    151151
    1521520.5.70 alpha 6 (2006-03-08)
    153 updated default dns service to include server to server communications as well.
    154 fixed errors with creating dhcp rules for virtual interfaces
    155 fixed udp connections always showing state 'disconnecting' in the connection viewer.
    156 updated the Dutch translation.
    157 interfaces are now in a sorted list, which means they are sorted in the GUI
    158 fixed many mostly harmless issues found by the splint source code checker
    159 fixed the interface filter for incoming rules (destination firewall)
    160 fixed two memoryleaks in bashout mode
     153 * updated default dns service to include server to server communications as well.
     154 * fixed errors with creating dhcp rules for virtual interfaces
     155 * fixed udp connections always showing state 'disconnecting' in the connection viewer.
     156 * updated the Dutch translation.
     157 * interfaces are now in a sorted list, which means they are sorted in the GUI
     158 * fixed many mostly harmless issues found by the splint source code checker
     159 * fixed the interface filter for incoming rules (destination firewall)
     160 * fixed two memoryleaks in bashout mode
    161161
    1621620.5.70 alpha 5 (2005-02-14)
    163 fix a crash with parsing 'unknown' connections.
    164 only start vuurmuur when vuurmuur is configured (Adi Kriegisch)
    165 improved initscript so we dont try to kill vuurmuur if it is not running (Adi Kriegisch)
    166 Russian manual pages added (Aleksandr Shubnik)
    167 fixed another widec/utf-8 issue
     163 * fix a crash with parsing 'unknown' connections.
     164 * only start vuurmuur when vuurmuur is configured (Adi Kriegisch)
     165 * improved initscript so we dont try to kill vuurmuur if it is not running (Adi Kriegisch)
     166 * Russian manual pages added (Aleksandr Shubnik)
     167 * fixed another widec/utf-8 issue
    168168
    1691690.5.70 alpha 4 (2006-01-28)
    170 Gentoo ebuilds
    171 an improved connection viewer (including accounting data if your system supports it)
    172 the possibility to filter on interface for all rules, not just snat/portfw
    173 improved verbose output for vuurmuur and vuurmuur_script
    174 SIGTERM support for vuurmuur
    175 traffic volume bug with showing data for the last month if is was in the previous year.
     170 * Gentoo ebuilds
     171 * an improved connection viewer (including accounting data if your system supports it)
     172 * the possibility to filter on interface for all rules, not just snat/portfw
     173 * improved verbose output for vuurmuur and vuurmuur_script
     174 * SIGTERM support for vuurmuur
     175 * traffic volume bug with showing data for the last month if is was in the previous year.
    176176
    1771770.5.70 alpha 3 (2005-12-27)
    178 Many fixes for UTF-8 support in vuurmuur_conf.
    179 Improved connection viewer, which supports showing accounting data per connection.
    180 Vuurmuur, vuurmuur_log and vuurmuur_conf now also have long options thanx to Stefan Ubbink!
    181 Added manual pages for vuurmuur, vuurmuur_log, vuurmuur_script and vuurmuur_conf.
    182 Many fixes for manipulating an empty ruleset.
     178 * Many fixes for UTF-8 support in vuurmuur_conf.
     179 * Improved connection viewer, which supports showing accounting data per connection.
     180 * Vuurmuur, vuurmuur_log and vuurmuur_conf now also have long options thanx to Stefan Ubbink!
     181 * Added manual pages for vuurmuur, vuurmuur_log, vuurmuur_script and vuurmuur_conf.
     182 * Many fixes for manipulating an empty ruleset.
    183183
    1841840.5.70 alpha 2 (2005-12-18)
    185 UTF-8 support for translations in vuurmuur_conf
     185 * UTF-8 support for translations in vuurmuur_conf
    186186
    1871870.5.70 alpha 1 (2005-12-07)
    188 Made the logging of INVALID packets, SCAN probes, new TCP no SYN and fragments optional.
    189 Synlimits and udplimits are now enforced against accepted and queue'd connections, not against all packets.
    190 Added a -k (keep) option to the 'vuurmuur'-command, that does not remove the input file for iptables-restore. Useful for debugging.
    191 If you change the devicename, the interface will automaticly be set 'virtual' if the devicename contains a ":"-character.
    192 Added a fix for vuurmuur_conf not being able to use any other path for its config than /etc/vuurmuur/vuurmuur_conf.conf
    193 The rpm specs now also support Fedora Core, Mandriva and Redwall. Thanx Alex!
    194 Added Norwegian translation. Thanx Per Olav Siggerud!
    195 Fixed a crash in saving the vuurmuur_conf settings if the configfile could not be found.
     188 * Made the logging of INVALID packets, SCAN probes, new TCP no SYN and fragments optional.
     189 * Synlimits and udplimits are now enforced against accepted and queue'd connections, not against all packets.
     190 * Added a -k (keep) option to the 'vuurmuur'-command, that does not remove the input file for iptables-restore. Useful for debugging.
     191 * If you change the devicename, the interface will automaticly be set 'virtual' if the devicename contains a ":"-character.
     192 * Added a fix for vuurmuur_conf not being able to use any other path for its config than /etc/vuurmuur/vuurmuur_conf.conf
     193 * The rpm specs now also support Fedora Core, Mandriva and Redwall. Thanx Alex!
     194 * Added Norwegian translation. Thanx Per Olav Siggerud!
     195 * Fixed a crash in saving the vuurmuur_conf settings if the configfile could not be found.