Be notified of new releases
Create your free GitHub account today to subscribe to this repository for new releases and build software alongside 28 million developers.Sign up
- Move dynamic host handling (no longer via DynDNS-host-open plugin but handled internally)
- Added capability for host names resolving to multiple IPs in dynamic host support
- New job manager to accommodate improved (plugin) helper support (replaces cron jobs)
- Move duplicate code from some of the plugins to environment (like locking for instance)
- Various other tweaks/refactoring
- Fixed log line being too long (>28 chars)
- Fixed systemd installation failed on some systems
- Service file should start AIF after network is up and local filesystems are mounted
- Tweaks/improvements in configure/install scripts
- Added new Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream.
- Improve lock-file handling in the "DynDNS Host Open" and "Traffic Accounting" plugins.
- Disable nf_conntrack automatic helper assignment when possible, attach with CT target, Issue #35
- Fixed IPv6 NAT table was not flushed on start/stop/restart, Issue #36
- Added EXT_IF_DHCPV6_IPV6 config variable supporting DHCPv6 when DHCP is not enabled, Issue #34
- Added ability to selectively log blocked hosts by inbound and outbound direction.
BLOCKED_HOST_LOG Options: 0 = Disable, 1 = Inbound & Outbound, 2 = Inbound, 3 = Outbound
- Added new BLOCK_NETSET_DIR variable which efficiently creates ipsets for blocklists using .netset files.
- Added expert DEFAULT_NETSET_WHITELIST and DEFAULT_NETSET_WHITELISTV6 variables when BLOCK_NETSET_DIR is defined.
- Added ipset support when IPTABLES_IPSET=1 and ipset is installed, disabled by default, Issues: #1, #24, #31
- Added LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable, Issue #30
- Added NAT_IF option to optionally specify external interfaces to be used for NAT
- Added LAN to LAN (Inter-LAN) filtering rules, LAN_LAN_HOST_OPEN_xxx, Issue #28
- Removed unused INT_FORWARD_IN_CHAIN and INT_FORWARD_OUT_CHAIN user chains, related to Issue #28
Note: Any custom rule or plugin should generally use the FORWARD_CHAIN or POST_FORWARD_CHAIN to access the FORWARD chain.
Additionally, the new LAN_LAN_HOST_OPEN_xxx rules natively handle Inter-LAN filtering.
- New support for ICMPv6 Multicast Listener Discovery, enable with OPEN_ICMPV6_MLD=1, disabled by default
- Keep external ICMPv6 packets appearing as annoying logs, common with native IPv6 ISP's. Thanks to David Kerr
- Added new PPTP VPN Passthrough plugin, suggested by Yuriy Cherniavsky, Issue #27
- Detect and remove stale lockfiles for plugin helpers
- Support kernel version check where "uname -r" doesn't contain a '-' character
- Leave the IPv6 sysctl accept_ra setting alone when forwarding=1, fixes WAN DHCPv6-client, Issue #21
- Honour Debian recommendations for systemd service file
- Enable xtables lock "wait" option found in iptables 1.4.20+, Issue #17
- Using NAT_STATIC_IP with multiple ext interfaces would fail in case not enough ext IPs were specified
- Don't hardcode IP4TABLES/IP6TABLES binary in the config file. Just autodetect it like the other binaries
- Misc. fixes for newer SuSE & Redhat systems concerning systemd & init
- Moved get host cache logic from traffic accounting plugin to environment to avoid (future) code duplication
- Fixed NAT_LOCAL_REDIRECT=1 packets from being logged as if they were dropped
- Added tcp_be_liberal option
- Allow rp_filter to be mode 2 (loose)
- Fixed functions get_ifs() and get_ips() with a '#', distinguish IPv4 from VLAN interfaces and check for
IPv6 addresses (thanks to Mike C. Fletcher)
- Improve y/n user handling
- Improve log handling for dyndns plugin
- Try to auto detect external net settings automatically on start
- Improve error handling especially for plugins
- Several plugin updates