-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathHISTORY
148 lines (126 loc) · 4.39 KB
/
HISTORY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
0.13:
Changed build system to SCons.
Reorganised code structure.
Added filtergen syntax emitter.
Added option to turn off the resolver (useful for debugging!)
Fixed bug with DROP targets at the end of forwaring chains.
Added iptables-save input parser.
0.12.8:
Fix some easy to cause crashes.
Remove some obsolete code that caused long compilation times.
Prevents inclusion of the root filesystem path directly.
Test that the example programs compile.
0.12.7:
Supports iptables-restore output format.
Supports IPv6 names.
Supports ip6tables and ip6tables-restore output format.
Better warnings when services don't resolve.
Increases include file recursion depth to 512 from 16.
Directory includes now have stable ordering of the files within.
Runs tests in parallel so their output is captured, and generate more output.
Adds more compiler warnings.
Compiles clean under clang.
0.12.6:
Support shell globbing in include directives.
Allow '*' as a network interface name.
Modernise build environment:
Fix many compiler warnings.
Finish migration to Git as upstream host.
0.12.5:
Small fixes to test correctness.
0.12.4:
Added directory include support.
Fixed relative-path include error in fgadm.
Improved tests for include file parsing.
0.12.3:
Fix critical resolver bug.
0.12.2:
New resolver code removes need for struct casting
Altered test suite to be more robust
minor cosmetic bugs
0.12.1:
fixed some dumb bugs
fixed some compile bugs on 64 bit platforms
0.12:
converted build system to automake
rewrote parser
added test suite
add "oneway" option
fix iptables log message format (append a space)
add "fgadm" command
multi-homed host support
0.11:
fixed non-working example in filter_syntax man page
fix 64-bit warning in filter.c netmask calculation
add "-F [policy]" flush option
better feedback on parse errors
0.10:
some cleanups, slight memory usage reduction
add log messages: 'log text "foo etc"'
fixed iptables and ipchains brace-grouping
fix filter_unroll loop-making bug
add RPM spec file from Wil Cooley <[email protected]>
rename package to "filtergen"
add init scripts and makefile
add samples for router, host and proxy firewall
0.9:
fix install target to install section 7 manpages too
do protocol lookups properly, support protocol numbers
lookup/normalise service names
force normalisation of netmasks
add "-m" to force service and host names and to be
turned into port numbers and IP addresses
0.8:
cleanup for iptables and ipchains to save reallocs
fix input vs output thing in forwarding support for iptables
and ipchains
0.7:
add "local" and "forward" syntax to state that packets are only
for local or remote consumption (and "-h" option to
default rules to the former)
begin manpages
add "-o" option to specify output file
fix "make install"
getopt()ify filtergen.c
add "-l" option to minimise the number of rules for established
connections, implemented for iptables backend
add more stuff to the iptables skeleton
warning fixups
implement "local" and "forward" for iptables backend
add "-r" option to mirror "-h"
cleanup ipchains driver somewhat
implement "local" for ipchains backend ("forward" is not possible)
fix bug where accept would get lost from:
input eth0 { ! dest bar drop; accept; };
iptables and ipchains add "established packet" rules to head of chain
add "proxy" as an alias for "redirect"
0.6:
disable negation of conjunctions ("or"s, aka brace-grouping) for now
add "no skeleton" option
fix a couple of segfaults/aborts where input filter is invalid
allow literal +, ", and _ signs in input
add sub-groups -- where supported, large sub-sections can be moved
out-of-line to improve performance
0.5: that's better
much fixing of iptables driver. Now shouldn't leak
like the proverbial sieve
0.4: testing begins
add transproxy and masquerading support
fix syntax problems with iptables and ipchains output
simple logging support (logs only initiating packets)
rule checking -- ports only allowed with tcp or udp
initial icmp support
0.3:
add ipfilter backend
fix yet another silly bug in main()
add warning notice to cisco driver
cisco driver supports port ranges now
0.2: Various improvements
rewrote iptables driver
added ipchains driver
added beginnings of Cisco IOS ACL driver
(see TODO for why this doesn't work yet)
added TODO and HONESTY files
0.1: Initial release
iptables driver
a few bugs