Release Notes: Additional debug logging was added for the MySQL code. A new rc.blockit2 was included for SySV systems. A "UseChain" parameter that is set to BLOCKIT by default was added.
Release Notes: rc.blockit was added to the contrib directory. Two new configuration options were added: FirewallTemporaryTarget and FirewallPermanentTarget. check_blockit_log.pl was added in the contrib directory for permanent blocking. Fixes were made for parsing of snort, SSH, and syslog ranging over more than one line.
Release Notes: Another SSH bad login check for invalid users was added. The minimum firewall time was changed from 60 to 1. A log entry is now added when the intruder blocking time is less than the minimum firewall time.
Release Notes: Support was added for IPFW, IPFILTER, PF, and Snort SigID Whitelist. Bad SSH Login support was added via syslog. Half of the code was rewritten.
Release Notes: Crashes in the write_intruders_email function and the main rules function were fixed.
Release Notes: A bad SSH login attempt check was added and the detection code was fixed.
Release Notes: This release includes an all network interfaces option. It autodetects host IP and gateway addresses, scans syslog for iptables logs, ignores established connections using connection tracking, ignores filters using regexp filtering, adds cumulative timing support, and includes more command line options.
Release Notes: A minor bug in the build hash functions was fixed.
Release Notes: IPFW and IPFILTER support were added. Snort SigID whitelist support was added. More information was added to email logging, including the triggering alert line and the number of minutes the IP will be blocked for. The triggering alert line was added to the normal log. This release was tested against Snort 2.1.3.
Release Notes: A major bug in minute processing has been fixed (it wasn't working). Blocked IPs stayed blocked for an infinite amount of time instead of looking at the corresponding time variable.