Changelog

Current ​svn tree

• Added services for the IM protocols ​AIM, ​ICQ and ​Yahoo

0.7beta3 (2008-10-11)

• Implement the TCPMSS pmtu clamping rules. Closes #57.
• Add help in vuurmuur_conf traffic shaping sections.
• Add warning when shaping configuration is incomplete: if no interfaces have shaping enabled, but there are shaping rules. Fixes #58.

0.7beta2 (2008-10-05)

• Add detection for the NAT random option to the capability detection code. Closes #50.
• Use a different method of testing the paths of the iptables, iptables-restore and tc commands. Fixes #56.

0.7beta1 (2008-09-30)

• Prevent Vuurmuur from starting when no rules are present. Add a commandline override option for it as well. Closes #55.
• Enable missing translation for shaping gui.
• Update Dutch translation.
• Fix building and installing of translations.
• Add checking for the 'tc' command location and warn the user if it's not set while shaping rules are present. Closes #53.
• Fix 'tc' location field not being handled right.
• Add iproute to the recommends in the Debian control file. Closes #54.

0.6 (2008-09-27)

• No changes since 0.6rc1

0.6rc1 (2008-09-22)

• introduced new version numbering scheme
• updated build system to automake 1.9.6

0.5.74 alpha 6 (2008-07-25)

• Added support for the --random option for NAT targets/actions.

0.5.74 alpha 5 (2008-07-20)

• Fix --block for an empty blocklist. Closes #49.
• Fix clearing of vars using vuurmuur_script.
• Some small fixes for widec in the GUI.
• Build rpms with debugging symbols enabled.
• Fix a memory corruption error in the new shaping GUI functions.
• Add escape key to be able to exit every screen. Closes #34.

0.5.74 alpha 4 (2008-05-17)

• Add separate Fedora vuurmuur_conf spec file as our spec doesn't work on both OpenSUSE and Fedora
• Code cleanups

0.5.74 alpha 3 (2008-05-11)

• Installer can now upgrade from SVN. Thanks Tiger!P
• Enable gettext for new GUI parts
• Add shaping unit selection GUI

0.5.74 alpha 2 (2007-12-16)

• Add --reload option to vuurmuur_script to make vuurmuur and vuurmuur_log reload their config
• Add support for Checkboxes in the GUI functions. Add support for enabling and disabling shaping per interface. Closes #32.
• Fix building of vuurmuur_conf rpm on Fedora 7. Thanks for fixing Stefan Ubbink.
• Add support for the Vuurmuur pc acting as a DHCP server where the host already has an ip, but requests a new one anyway.
• Add fix for creation of duplicate tc rules.
• Fix the ncurses fix for systems without wide ncurses headers but with ncursesw libs.

0.5.74 alpha 1 (2007-11-15)

• Add support for traffic shaping.
• Rewrite rules engine fixing a lot of issues.
• Fix parsing errors showing up in the connection viewer.

0.5.73 (2007-09-17)

• update links to reflect new site
• fix a number of support scripts not working when /bin/sh didn't point to bash
• fix a few stats in the status window
• fix a parse bug in the logview management

0.5.73 alpha 7 (2007-09-08)

• Memory problems (corruption & leaks) in the connection viewer were fixed.
• Russian translation updated by Alex.

0.5.73 alpha 6 (2007-09-01)

• Add a separate message for when a user wants to apply changes when the Vuurmuur daemon is not running.
• Add support for conntrack 'unknown' lines with unreplied state.

0.5.73 alpha 5 (2007-08-23)

• Fix in_int and out_int not working in rules from and to the firewall. Thanks for reporting Jorijn.
• Updated Dutch translation.

0.5.73 alpha 4 (2007-07-22)

• Add the option to limit rules per minute, hour and day.
• Allow limit option for all rules.
• Fix for the prevention of duplicate NFQUEUE rules.
• Make sure only one set of rules is created per queue number in the NFQUEUE chains. This prevents lot's of unneeded and uneffective rules.

0.5.73 alpha 3 (2007-06-01)

• Added support for NFQUEUE
• Fixed loading of modules and checking of capabilities on more recent systems.
• Removed the obsolete markiptstate option.

0.5.73 alpha 2 (2007-01-21)

• Fixed the killing of grouped connections.
• Fixed the Debian initscript for systems not linking /bin/sh to /bin/bash

0.5.73 alpha 1 (2007-01-08)

• Fixed the killing of DNAT/PORTFW connections.

0.5.72 (2007-01-05)

• No changes since alpha7.

0.5.72 alpha 7 (2006-12-23)

• Hide 'wait window' after the logmanagement was called on an empty logviewer.
• Updated Russian translation.
• Make grouplist window wider so long names work correctly.

0.5.72 alpha 6 (2006-12-15)

• Added a work-around to the install script for issues with older versions of automake and newer versions of gettext.
• Make a few cosmetic changes to Vuurmuur_conf
• Updated Russian (thanx Alex!) and Dutch translations.

0.5.72 alpha 5 (2006-11-18)

• Fixed a 'post error' for the log- and connection management.
• The top menu is now properly restored after the log management has been used.
• Added a wait-window for loading the log management.
• Addition of a new string creation function, one that allows limiting the length.
• Update helpfile for connection and log management.
• Add support for help in the code for the log and connection management.
• Small cosmetic manpage updates by Alex.
• Fix connection killing for unknown objects. Handle filtered connections and logs better.
• NL translation update.
• Updated pt_BR translation by Hugo

0.5.72.alpha 4 (2006-11-07)

• Connection viewer will now also do reverse lookup of the service name if the service is unrecognized. This matches the behaviour of vuurmuur_log.
• Don't set an inactive rule to active because the 'in_int' is active.
• Don't show 'kill this connection' for DROP and REJECT logs.
• Added nicer error message for removal failure of a non-empty zone. Fixed connection killing when the connection viewer was set to grouping.
• Fixed new parts of the gui not being translatable. Updated Russian translation.

0.5.72.alpha 3 (2006-10-31)

• Extended the connection management GUI to the logviewer.
• Applied patch by Alerandre SIMON that adds pre vuurmuur chains to all tables.

0.5.72.alpha 2 (2006-09-03)

• Switched SCM from Bazaar 1.4 to Bazaar-NG 0.8.
• Changed page up and page down behaviour in logview. It now scrolls an entire page instead of just 1/3.
• Prepared support for pre-vuurmuur chains in non-filter tables.
• Cosmetic updates to connection management.
• Updated nl and ru translations.

0.5.72 alpha 1 (2006-08-16)

• Add a function to the library to search an interface by its ip address.
• Don't try to open a plugin if the plugin name is not set.
• Don't use the mac addres in the postrouting rule for the bounce action since it makes the ruleset fail.
• Dhcp rules fixes and cleanups.
• Add support for pre-vuurmuur chains. Patch and idea by Alexandre Simon.
• Replace all strcpy calls with memset and strlcpy just to be sure, although there was no real risk.
• Added initial version of new gui abstraction functions, still in development.
• Added connection killing option to the connection viewer. Needs the conntrack tool.

0.5.71 (2006-04-30)

• No changes since 0.5.71 alpha 5.

0.5.71 alpha 5 (2006-04-28)

• Hide mark option for SNAT, DNAT and MASQ. Show listen- and remoteport options for DNAT.
• Fix a race condition where a logline that was to big caused vuurmuur_log and vuurmuur_conf to keep retrying to read it.
• Fix showing traffic volume for the previous month.

0.5.71 alpha 4 (2006-04-21)

• Add anti-spoof and bad packet checks also to outgoing traffic. Bad packet checks are now also enforced for incoming forwarded traffic.
• Updated Russian translation.
• Small cosmetic fixes.

0.5.71 alpha 3 (2006-04-18)

• fix a crash in setting up the rule description when not in bash mode
• changed the way it is prevented that multiple identical iptables are created for one vuurmuur rule. This is especially relevant for setups with many virtual interfaces.
• more topmenu changes
• updated Russian translation by Alex.
• made the description in the helpfile of the via-option more clear. Thanx for the suggestion Alex.
• hide (more) indication on an empty ruleslist
• added a translatable check and warning for the presence of the via-option when using the bounce action and the redirectport option for the redirect action.

0.5.71 alpha 2 (2006-04-15)

• add build script for creating slackware package. By Nicolas Dejardin.
• separator rules are now also printed in the bash output mode
• fix capabilities checking on kernel 2.6.16 with the xt_tcpudp module.
• dont save log option for separator rule
• fix dhcp-server rules. Thanks to Danny for the patch and the report.
• fix rule numbers in bash out sometimes being wrong.
• fix renaming an interface would not update in_int and out_int options in rules. Also via_int is now also updated.
• fix error when adding a host to a network that has no network address and/or netmask set.
• fixed the try-load-modules-question not being displayed right on a 80-column screen.
• fix wrong titles and topmenu being shown in log selection dialog.
• fix portfw and bounce not looking yellow in the logviewer
• updated translations for Russian, French and Brazilian Portuguese! Thanx to Alex, Nicolas and Hugo.
• add descriptions for new actions to helpfile

0.5.71 alpha 1 (2006-04-10)

• Added a description to the Debian default file.
• Added a separate DNAT action, which acts like the PORTFW action, but it creates rules in the nat table only. In the logs PORTFW rules now say 'PORTFW' instead of 'DNAT'.
• Added a new action 'Bounce'. Bounce solves the problem that it isn't it possible to access NATed services by the public IP address from LAN. Normally this should be solved on dns-level, but that is not always possible in every environment.
• Fixed a problem with rules from a group to the firewall where the firewall has more than one interface in the groups network.
• Fixed two cosmetic issues in vuurmuur_conf.

0.5.70 (2006-03-29)

• Fix small issue with 'Mark IptState' toggle in Edit Rule window.
• Fix typo in error message in Debian initscript.

0.5.70 alpha 8 (2006-03-27)

• Fix scrolling issue in vuurmuur_conf logview.
• Fix log parsing issues on Ubuntu Breezy and with some syslog-ng setups.
• Fix portfw and redirect not using NEWACCEPT for rules in filter table.

0.5.70 alpha 7 (2006-03-12)

• Fix interface filters for rules with both firewall and any in them.
• fix wrong d_list_append calls
• fixed a few memoryleaks in vuurmuur_script
• add option --list-devices to vuurmuur_script so we can list the devices _and_ their ipaddresses in the wizard which will be created for 0.5.71. The ip command can also do this but on many systems it is not installed by default. The ifconfig command has different output with different localizations, which has bitten me in the past...

splint fixes for textdir

• Show interfaces in the right order in interface filter selection (was in reverse order).
• updated Russian translation by Alex.
• fix an error in status window with getting system load.
• Filter window is now also translateble.
• Updated Dutch translation.
• Small cosmetic fix to status screen to indicate that memory is in megabytes.

0.5.70 alpha 6 (2006-03-08)

• updated default dns service to include server to server communications as well.
• fixed errors with creating dhcp rules for virtual interfaces
• fixed udp connections always showing state 'disconnecting' in the connection viewer.
• updated the Dutch translation.
• interfaces are now in a sorted list, which means they are sorted in the GUI
• fixed many mostly harmless issues found by the splint source code checker
• fixed the interface filter for incoming rules (destination firewall)
• fixed two memoryleaks in bashout mode

0.5.70 alpha 5 (2006-02-14)

• fix a crash with parsing 'unknown' connections.
• only start vuurmuur when vuurmuur is configured (Adi Kriegisch)
• improved initscript so we dont try to kill vuurmuur if it is not running (Adi Kriegisch)
• Russian manual pages added (Aleksandr Shubnik)
• fixed another widec/utf-8 issue

0.5.70 alpha 4 (2006-01-28)

• Gentoo ebuilds
• an improved connection viewer (including accounting data if your system supports it)
• the possibility to filter on interface for all rules, not just snat/portfw
• improved verbose output for vuurmuur and vuurmuur_script
• SIGTERM support for vuurmuur
• traffic volume bug with showing data for the last month if is was in the previous year.