Releases: arno-iptables-firewall/aif
Releases · arno-iptables-firewall/aif
arno-iptables-firewall-v2.1.1a
- Fixed newer kernels no longer provide sysctl net.netfilter.nf_conntrack_helper. Workaround by performing kernel version check
- Move start script handling from configure script to install script
- Added missing LAN_LAN_OPEN_ICMP setting
arno-iptables-firewall-v2.1.1
- Improve stdout/stderr handling in ip4tables/ip6tables/ip4tables_restore/ip6tables_restore functions
- Fixed ip4tables/ip6tables functions were broken for multiline result since 2.1.0 breaking eg. the traffic-accounting-plugin
- Cleanup log handling + rename /var/log/firewall.log to /var/log/arno-iptables-firewall + enable logrotate
- Fixed stale lock file removal didn't work properly
- Get rid of ENV_FILE/PLUGIN_CONF_PATH/PLUGIN_BIN_PATH setting in config file and improve autodetection
2.1.0
- Fixed systemd script had private tmp enabled causing problems with the job manager
- Use start-stop-daemon to start the job manager. Hopefully fixes the issue of it sometimes terminating suddenly
- Some tweaks/cleanups for the job manager
- Fixed potential systemd service file shutdown problem (thanks to Sven Geuer from Debian upstream)
- Have installer install rsyslog config file, if rsyslog is available
- Fixed (dynamic) host multi IP handling in plugins
- Default FRAG_DROP to off
- Tweaks in the job manager process
2.1.0-RC2
2.1.0-RC1
2.1.0-BETA1
- Move dynamic host handling (no longer via DynDNS-host-open plugin but handled internally)
- Added capability for host names resolving to multiple IPs in dynamic host support
- New job manager to accommodate improved (plugin) helper support (replaces cron jobs)
- Move duplicate code from some of the plugins to environment (like locking for instance)
- Various other tweaks/refactoring
2.0.3
2.0.2a
2.0.2
- Added new Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream.
- Improve lock-file handling in the "DynDNS Host Open" and "Traffic Accounting" plugins.
- Disable nf_conntrack automatic helper assignment when possible, attach with CT target, Issue #35
- Fixed IPv6 NAT table was not flushed on start/stop/restart, Issue #36
- Added EXT_IF_DHCPV6_IPV6 config variable supporting DHCPv6 when DHCP is not enabled, Issue #34
- Added ability to selectively log blocked hosts by inbound and outbound direction.
BLOCKED_HOST_LOG Options: 0 = Disable, 1 = Inbound & Outbound, 2 = Inbound, 3 = Outbound