Pre-release

@arnova arnova released this Jun 29, 2018 · 11 commits to master since this release

Assets 2
  • Move dynamic host handling (no longer via DynDNS-host-open plugin but handled internally)
  • Added capability for host names resolving to multiple IPs in dynamic host support
  • New job manager to accommodate improved (plugin) helper support (replaces cron jobs)
  • Move duplicate code from some of the plugins to environment (like locking for instance)
  • Various other tweaks/refactoring

@arnova arnova released this Jun 28, 2018

Assets 2
  • Various fixes in the installer
  • Improvements in the parasitic net plugin
  • Various tweaks

@arnova arnova released this Nov 23, 2017 · 48 commits to master since this release

Assets 2
  • Fixed log line being too long (>28 chars)
  • Fixed systemd installation failed on some systems
  • Service file should start AIF after network is up and local filesystems are mounted
  • Tweaks/improvements in configure/install scripts

@abelbeck abelbeck released this Jul 28, 2017 · 59 commits to master since this release

Assets 4
  • Added new Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream.
  • Improve lock-file handling in the "DynDNS Host Open" and "Traffic Accounting" plugins.
  • Disable nf_conntrack automatic helper assignment when possible, attach with CT target, Issue #35
  • Fixed IPv6 NAT table was not flushed on start/stop/restart, Issue #36
  • Added EXT_IF_DHCPV6_IPV6 config variable supporting DHCPv6 when DHCP is not enabled, Issue #34
  • Added ability to selectively log blocked hosts by inbound and outbound direction.
    BLOCKED_HOST_LOG Options: 0 = Disable, 1 = Inbound & Outbound, 2 = Inbound, 3 = Outbound

@abelbeck abelbeck released this Oct 11, 2016 · 98 commits to master since this release

Assets 2
  • Added new BLOCK_NETSET_DIR variable which efficiently creates ipsets for blocklists using .netset files.
  • Added expert DEFAULT_NETSET_WHITELIST and DEFAULT_NETSET_WHITELISTV6 variables when BLOCK_NETSET_DIR is defined.
  • Added ipset support when IPTABLES_IPSET=1 and ipset is installed, disabled by default, Issues: #1, #24, #31
  • Added LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable, Issue #30
  • Added NAT_IF option to optionally specify external interfaces to be used for NAT
  • Added LAN to LAN (Inter-LAN) filtering rules, LAN_LAN_HOST_OPEN_xxx, Issue #28
  • Removed unused INT_FORWARD_IN_CHAIN and INT_FORWARD_OUT_CHAIN user chains, related to Issue #28
    Note: Any custom rule or plugin should generally use the FORWARD_CHAIN or POST_FORWARD_CHAIN to access the FORWARD chain.
    Additionally, the new LAN_LAN_HOST_OPEN_xxx rules natively handle Inter-LAN filtering.
  • New support for ICMPv6 Multicast Listener Discovery, enable with OPEN_ICMPV6_MLD=1, disabled by default
  • Keep external ICMPv6 packets appearing as annoying logs, common with native IPv6 ISP's. Thanks to David Kerr
  • Added new PPTP VPN Passthrough plugin, suggested by Yuriy Cherniavsky, Issue #27
  • Detect and remove stale lockfiles for plugin helpers
  • Support kernel version check where "uname -r" doesn't contain a '-' character
  • Leave the IPv6 sysctl accept_ra setting alone when forwarding=1, fixes WAN DHCPv6-client, Issue #21

External Link:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.tar.gz

@abelbeck abelbeck released this Oct 5, 2015 · 146 commits to master since this release

Assets 2
  • Honour Debian recommendations for systemd service file
  • Enable xtables lock "wait" option found in iptables 1.4.20+, Issue #17
  • Using NAT_STATIC_IP with multiple ext interfaces would fail in case not enough ext IPs were specified
  • Don't hardcode IP4TABLES/IP6TABLES binary in the config file. Just autodetect it like the other binaries
  • Misc. fixes for newer SuSE & Redhat systems concerning systemd & init
  • Moved get host cache logic from traffic accounting plugin to environment to avoid (future) code duplication
  • Fixed NAT_LOCAL_REDIRECT=1 packets from being logged as if they were dropped
  • Added tcp_be_liberal option
  • Allow rp_filter to be mode 2 (loose)
  • Fixed functions get_ifs() and get_ips() with a '#', distinguish IPv4 from VLAN interfaces and check for
    IPv6 addresses (thanks to Mike C. Fletcher)
  • Improve y/n user handling
  • Improve log handling for dyndns plugin
  • Try to auto detect external net settings automatically on start
  • Improve error handling especially for plugins
  • Several plugin updates

External Link:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1f.tar.gz

Aug 24, 2015
tagged: 2.0.1f-rc1

@arnova arnova released this Feb 2, 2014 · 226 commits to master since this release

Assets 2
changed: Update CHANGELOG
Nov 16, 2012
tagged: 2.0.1d release