Skip to content

@arnova arnova released this Sep 16, 2020 · 1 commit to master since this release

  • Improve stdout/stderr handling in ip4tables/ip6tables/ip4tables_restore/ip6tables_restore functions
  • Fixed ip4tables/ip6tables functions were broken for multiline result since 2.1.0 breaking eg. the traffic-accounting-plugin
  • Cleanup log handling + rename /var/log/firewall.log to /var/log/arno-iptables-firewall + enable logrotate
  • Fixed stale lock file removal didn't work properly
  • Get rid of ENV_FILE/PLUGIN_CONF_PATH/PLUGIN_BIN_PATH setting in config file and improve autodetection
Assets 2

@arnova arnova released this Jan 3, 2020 · 50 commits to master since this release

  • Fixed systemd script had private tmp enabled causing problems with the job manager
  • Use start-stop-daemon to start the job manager. Hopefully fixes the issue of it sometimes terminating suddenly
  • Some tweaks/cleanups for the job manager
  • Fixed potential systemd service file shutdown problem (thanks to Sven Geuer from Debian upstream)
  • Have installer install rsyslog config file, if rsyslog is available
  • Fixed (dynamic) host multi IP handling in plugins
  • Default FRAG_DROP to off
  • Tweaks in the job manager process
Assets 2

@arnova arnova released this Feb 13, 2019 · 80 commits to master since this release

  • Fixed ipt_if() expansion didn't work as it should
  • Improve copy/overwrite logic in install.sh
  • Tweak job manager start/stop logic
Assets 2

@arnova arnova released this Feb 10, 2019 · 91 commits to master since this release

  • Various fixes/tweaks in the job manager
  • Various fixes/tweaks for use with iptables-compat/nftables
  • Various misc. fixes/tweaks
  • Get rid of BAD_TCP_FLAGS option
  • Replace FRAG_LOG option with FRAG_DROP
Assets 2
Pre-release
Pre-release

@arnova arnova released this Jun 29, 2018 · 145 commits to master since this release

  • Move dynamic host handling (no longer via DynDNS-host-open plugin but handled internally)
  • Added capability for host names resolving to multiple IPs in dynamic host support
  • New job manager to accommodate improved (plugin) helper support (replaces cron jobs)
  • Move duplicate code from some of the plugins to environment (like locking for instance)
  • Various other tweaks/refactoring
Assets 2

@arnova arnova released this Jun 28, 2018

  • Various fixes in the installer
  • Improvements in the parasitic net plugin
  • Various tweaks
Assets 2

@arnova arnova released this Nov 23, 2017 · 182 commits to master since this release

  • Fixed log line being too long (>28 chars)
  • Fixed systemd installation failed on some systems
  • Service file should start AIF after network is up and local filesystems are mounted
  • Tweaks/improvements in configure/install scripts
Assets 2

@abelbeck abelbeck released this Jul 28, 2017 · 193 commits to master since this release

  • Added new Parasitic Network plugin, allows "clients" on the same subnet to use this device as a gateway upstream.
  • Improve lock-file handling in the "DynDNS Host Open" and "Traffic Accounting" plugins.
  • Disable nf_conntrack automatic helper assignment when possible, attach with CT target, Issue #35
  • Fixed IPv6 NAT table was not flushed on start/stop/restart, Issue #36
  • Added EXT_IF_DHCPV6_IPV6 config variable supporting DHCPv6 when DHCP is not enabled, Issue #34
  • Added ability to selectively log blocked hosts by inbound and outbound direction.
    BLOCKED_HOST_LOG Options: 0 = Disable, 1 = Inbound & Outbound, 2 = Inbound, 3 = Outbound
Assets 4

@abelbeck abelbeck released this Jun 16, 2017 · 204 commits to master since this release

tag: 2.0.2-RC1
Assets 4

@abelbeck abelbeck released this Oct 11, 2016 · 232 commits to master since this release

  • Added new BLOCK_NETSET_DIR variable which efficiently creates ipsets for blocklists using .netset files.
  • Added expert DEFAULT_NETSET_WHITELIST and DEFAULT_NETSET_WHITELISTV6 variables when BLOCK_NETSET_DIR is defined.
  • Added ipset support when IPTABLES_IPSET=1 and ipset is installed, disabled by default, Issues: #1, #24, #31
  • Added LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable, Issue #30
  • Added NAT_IF option to optionally specify external interfaces to be used for NAT
  • Added LAN to LAN (Inter-LAN) filtering rules, LAN_LAN_HOST_OPEN_xxx, Issue #28
  • Removed unused INT_FORWARD_IN_CHAIN and INT_FORWARD_OUT_CHAIN user chains, related to Issue #28
    Note: Any custom rule or plugin should generally use the FORWARD_CHAIN or POST_FORWARD_CHAIN to access the FORWARD chain.
    Additionally, the new LAN_LAN_HOST_OPEN_xxx rules natively handle Inter-LAN filtering.
  • New support for ICMPv6 Multicast Listener Discovery, enable with OPEN_ICMPV6_MLD=1, disabled by default
  • Keep external ICMPv6 packets appearing as annoying logs, common with native IPv6 ISP's. Thanks to David Kerr
  • Added new PPTP VPN Passthrough plugin, suggested by Yuriy Cherniavsky, Issue #27
  • Detect and remove stale lockfiles for plugin helpers
  • Support kernel version check where "uname -r" doesn't contain a '-' character
  • Leave the IPv6 sysctl accept_ra setting alone when forwarding=1, fixes WAN DHCPv6-client, Issue #21

External Link:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.tar.gz

Assets 2
You can’t perform that action at this time.