Linux IP Firewalling Chains: History 1.3.10 release 5-Oct-2000 Bug Fixes * Fixed wildcard interfaces getting extra + with `-A input -v'. [ Howard Lowndes ] * `Maximize throughput' not `minimize throughput' for TOS [ Adam Kumiszcza ] * --delete-chain now takes optional arg, like -X. [ Lothar Gerlach ] * Man page grammar and typo fixes, [ Hans Persson ] * -h message fixes [ Hans Persson ] Changes * Now make install directories if they don't exist [ Marc Haber ] * PREFIX prefix to installation directories [ Ytiddo ] * Warn about `-i !eth0' and `-i eth0:0'. [ John Martinez ] * ICMP numbers printed in -h icmp [ Brett Eldridge ] 1.3.9 release 27-May-1999 Bug Fixes * `!' argument handling cleanup: no longer swallowed silently if ! used after a single arg to `-d' and `-s' options. * `--sport ! 53' now parses. * Fixed usage message (--delete-chain not --delete, and --set not --masquerade). * Fixed TOS value warning for Minimize Cost. Changes * warns about manipulating forward chain when forwarding disabled, to avoid #1 FAQ (use --no-warnings) to suppress. [ Based on Andrew Wansink's patch ] * Changed --proto to --protocol (you can still used --proto of course). * Added --line-numbers option for listing chains. [ Thanks to Danek Duvall ] * Improved warning for `-j MASQ' if not masq. kernel. * Clarified -i meaning (for different chains) in man page. * Added DIAGNOSTICS section to man page. * ipfw man page now mentions fw_outputsize field in /proc. * libipfwc now has ipfwc_get_raw_socket() function. * libipfwc now returns "" not "-" for accounting rules. * refcard updated to Scott's latest masterpiece. 1.3.8 release 27-Oct-1998 Bug Fixes * -L of chains other than `input' now works. [ Thanks to Bernhard Weisshuhn ] 1.3.7 release 24-Oct-1998 Bug Fixes * -Z option no longer acts like -F. [ Thanks to Win Raets ] * -M by itself no longer causes an abort. * -C works again. * -L -M doesn't report an error after successful completion. Changes * Long options are here at last! [ Thanks to Andi Kleen ] 1.3.6 release 20-Oct-1998 Bug Fixes * No longer asks for bug report if invalid rulenum supplied. [ Unknown source: lost in hard drive crash, sorry. ] Changes * Includes reference card! * HOWTO updated: 1.0.3. DNS corrections, new section on typical network layouts in which ipchains is interesting. * Now only includes text version of HOWTO: rest in separate package. * Reworked to move manip routines into separate library for others to reuse. 1.3.5 release 31-Jul-1998 Bug Fixes * Makefile `install' target fixed. [ Thanks to Samuli Kaski and others ] * ipchains manpage reference to `REDIR' target fixed (it's `REDIRECT'). [ Thanks to Russell Coker ] * ipchains man page reference to multiple ports removed. * ipchains now stricter checking on possible policies. [ Thanks to Ryszard Lach ] * ipchains prints timeout correctly for when HZ != 100 [ Thanks to Richard Henderson ] * ipchains gives an intelligent error when trying to create an already existing chain. Changes * HOWTO updated: closer to LDP style guide, new FAQ section, minor corrections. * ipchains tells you which compulsory option you missed. * Makefile updated for new HOWTO targets. * ipchains.c global variables cleaned up. ipchains-scripts 1.0.2 release 26-May-1998 Bug Fixes * Handles arguments slightly better. Changes * New man pages for ipchains-save, ipchains-restore and the ipfwadm wrapper. Thanks to the Debian maintainer for these. 1.3.4 release 21-May-1998 Bug Fixes * `-j REDIRECT' (without a port number) works. [Thanks to Leos Bitto] ipchains-scripts 1.0.1 release 17-May-1998 Bug Fixes * ipfwadm-wrapper calls /sbin/ipfwadm.real if it exists, and we seem to be on an old kernel. * ipfwadm-wrapper should now work with bash 1.x. * ipfwadm-wrapper now accepts the obsolescent `-a m' flag. ipchains-scripts 1.0 release 17-May-1998 Bug Fixes * ipchains-save now updated to work with latest kernel. * ipfwadm-wrapper interface handling fixed. Changes * Split scripts and libfw into separate archives from main ipchains source. 1.3.3 release 16-May-1998 (userspace only -- patch integrated into official 2.1.102 kernel) Bug Fixes * Header order changed; should now compile under libc5 [Thanks to Shaw Carruthers] * -o option added to man page. * ipchains-save now works again, and ipchains-restore checks that ipchains command actually succeeds. Changes * Mark value printed as hex, for easier human parsing. * HOWTO updates to cover new official status, and treatment of truncated packets as fragments (expected in 2.1.103). 1.3.2a release 11-May-1998 (kernel patch only) Bug Fixes * Packet dumping code now prints dst IP (not src IP twice). [Thanks to Alexey Kuznetsov]. * Reject too-small ICMP fragments just like UDP fragments. * Fixed Makefile and bogus patch element. 1.3.2 release 7-May-1998 Changes * Reduced in-kernel size (now only 3.5k bigger than old ip_fw.c code). * ipchains now understands arbitrary masqueraded protocols. [Thanks to Marco Kremer (mabi)] Bug Fixes * HOWTO example fixed. [Thanks to Jim Kunzman] * ipchains version string now fixed. [Thanks to Jim Kunzman] * ipchains now gives error on specifying a too-long chain name. [Thanks to Gerard Gerritsen] * ipchains -S works again, with or without -M. [Thanks to Serge Sivkov] 1.3.1 release 19-Mar-1998 Changes * Format of policy-change kernel interface changed, to allow same ipchains binary under both 2.0 and 2.1 kernels, and simplify glibc interface. * Userspace tools now compile under glibc. * Binary release now glibc. * Binary release no longer includes `ipfw.4' man page. * Updated HOWTO. Bug Fixes * Fixed typo which cause mark not to be initialised to 0. [Thanks to Alexey Kuznetsov]. * Removed extraneous debug messages for 2.0 kernels. [Thanks to Ricardo Kustner]. * Fixed race condition correctly. * Now compiles under SMP. 1.3.0 release 8-Mar-1998 Changes * `ipchains -X' now deletes all user-defined chains. [Thanks to feedback from John D. Hardin] * Can now specify what packets to be copied to NETLINK device (2.1.x kernels only). * A simple library to make using the netlink device easier. * Understands ICMP masquerading. * Policies have packet and byte counters, for completeness. * Should be SMP safe now (testers wanted; my laptop is not SMP). * Introduced libfw. Bug Fixes * Many documentation and HOWTO fixes and updates. [Thanks to Dr. Liviu Daia and Matt Kemner.] * ipchains-save bugfix with destination ports. [Thanks to Kevin Littlejohn.] * Masquerading listing fixed. [Thanks to Franck Sicard.] * Bogus `loop detected' message due to race condition now fixed (also fixes possibility of counter inaccuracies). [Thanks to Helmut Adams] * Masquerading modules now fixed for 2.0.x kernels. [Thanks to Marko Injac, and feedback from R. Garth Wood]. * Verbose packet info now logged at KERN_INFO level. [Thanks to Dr. Liviu Daia.] 1.2.2 release 26-Jan-1998 Changes * HOWTO updates. * Kernel policies output changed from numbers to names, for consistency across kernel versions. * Introduced 2.0 kernel series support. Bug Fixes * ipchains-save and ipchains-restore fixed to handle userdefined chains better. * Fixed TOS handling in ipfwadm-wrapper script. 1.2.1 release 21-Jan-1998 Bug Fixes * Fixed interface (`-i') parsing in ipchains. 1.2 release 19-Jan-1998 Changes * Wildcard interface support. 1.1.1 release 23-Nov-1997 Changes * ICMP codes (as well as types) supported. * icmp names supported. * ipfwadm-wrapper released. Bug Fixes * ipchains-save and ipchains-restore fixed. * -b flag when used with address masks fixed. 1.1 release 20-Nov-1997 Changes * HOWTO introduced. * ipchains-save and ipchains-restore introduced. * Inverse rule support. * -k (TCP ACK) option removed. * -b (BIDIR) option removed from kernel: handled in userspace. * Multiple port support removed. * Test suite removed from release. Bug Fixes * Handling of listing > 8 rules fixed. 1.0.2 release 30-Sep-1997 Changes * Interface address support removed. * Added skbuff marking support. 1.0.1 release 25-Aug-1997 Changes * Generic protocol support added. * Tighter TOS checking. * TOS can now be specified by name. * New target: RETURN. Bug Fixes * Port range handling fixed. * Append and delete entry heisenbug fixed. Enjoy! Rusty Russell _________________________________________________________________