v0.7.1

Bug Fixes & Improvements

• Fixed the GitHub Actions releases. Binaries were not working on some operating systems.

v0.6.1

New

• Added login information to the UI (run by diswall -i).
• Added Postfix SASL authentication errors parser, will ban those brute-forcers.

Bug Fixes & Improvements

• Updated dependencies.
• Changed the library that gets open ports to maintained one (netsock).
• Fixed rare bug with reading of journald logs.

Documentation & others

• Updated documentation on website (removed mention of rsyslog that we don't use anymore, clarified things).
• The quick-install script was updated to support more firewall configurations.

v0.6.0

New

• Added a new mode of operation for unregistered users.
  The generated config now has default/default credentials, so that if you forget to set credentials you will not end up with not working state. It will connect to our NATS-server and start working.
  But there is a catch: your node will not get fresh IPs with ban-time lower than 24h. You'll get only IPs of persistent attackers.

Bug Fixes & Improvements

• This version doesn't need rsyslog for it's operation! You can safely uninstall rsyslog package if you don't use it yourself.

Other

• Updated dependencies.

Updating

• Just issue diswall --update and take a sip of coffee (or tea).

v0.5.3

New

• Added ignore_ips config option to ignore some IPs. This is sometimes a good idea if you are tinkering with your own machine and can ban yourself.

Bug Fixes & Improvements

• Fixed installation for new Debian versions.
• Fixed NATS connection in case of empty or default credentials (will work in local mode in that case).
• Updated dependencies.

Documentation & others

• Updated quick-install script on website that you use for installation.
  Now it will check if you have needed utilities installed and will show appropriate errors ahead of installation.

Updating

• Just issue diswall --update and take a sip of coffee (or tea).

v0.5.2

New

• Added an ability to edit firewall config faster!
  Just use diswall -e - it will open either /usr/bin/diswall_init.sh or /etc/nftables.conf.

Bug Fixes & Improvements

• Now we will fix group ownership of /var/log/diswall/diswall.pipe for rsyslog after install. (In recent Ubuntus there was an issue)
• Added Ctrl+C handling for the UI.
• Added waiting mechanism for UI that will wait for service socket to become available if it was recently restarted.
• Improved some error messages.
• Improved post-installation messages to reflect diswall -e feature.

Updating

• Just issue diswall --update and take a sip of coffee (or tea).

v0.5.1

New - a text user interface!

This release brings a great new feature - a user interface!
You can just run sudo diswall -i on your device and see how the things are going on.

Take a look at the preview:

Bug Fixes & Improvements

• Fixed a bug in nft-mode when the IPs always were banned with default timeout (1h).

v0.5.0

Bug Fixes & Improvements

• The main point in this update is a fix of a common problem:
  You install new service on your server protected by DisWall, you forget to add an exclusion in firewall and begin to check service availability from another device - and get banned by your server instantly!
  Now this problem is gone away - DisWall will check for open ports, and if some new port is open it will not ban clients.
  But in this case you will need to add exclusion in firewall of course, as there is no magic involved :)

Other

• Updated dependencies.

Update instructions

Just run sudo diswall --update and it will update itself.

v0.4.3

Bug Fixes & Improvements

• Added reconnection mechanism for NATS connections.
• Updated dependencies.

v0.4.2

Bug Fixes & Improvements

• Last release introduced port numbers into consideration for blocking. But there is some bug with rsyslog that leads to some strange behavior after some string that has no port number, and it hinders normal logging to the pipe.
  We've fixed this by changes to the logging lines in firewall configs.
• Made some tuning to blocking, it will work somewhat faster.
• Various fixes and stability improvements.

New

• To make config changes upon update we've introduced new command line parameter --after-update that you will use once this time, but it will not be needed in upcoming updates.

Updating

1. Run diswall --update as usual
2. Run diswall --after-update - it will update firewall config
3. Restart diswall service: service diswall restart or systemctl restart diswall.
   This three-step procedure is needed only for this update, it will not be needed for upcoming releases.

v0.4.1

Bug Fixes & Improvements

• Recent info shows that sometimes Linux kernel looses connection info, and some packets from legit IPs are considered as "not related" to any connections, even if that was an outgoing connection. To fix this we introduced counters for those ports, that are used for outgoing connections (so called ephemeral ports).
  For this to work we added port and protocol information, that is now written by rsyslog to the diswall.pipe. This info may be used in future versions for further traffic distinguish.

Updating

As always, you can issue diswall --update from root user, and new version will be downloaded from GitHub, and all needed services will be restarted.