Release Notes: This version was updated to parse the latest format of the IANA reservations page. Support for custom actions for services was added. This opens a way to allow actions that can be controlled externally without restarting the firewall. Several minor issues were fixed, providing better NAT support for all services, handling for external pager commands, kernel config parsing, a config wizard, etc.
Release Notes: Minor updates were made for the latest IANA reservations. A check-iana.sh cron job script was provided to notify the administrator when IANA reservations change.
Release Notes: This maintenance release mainly fixed kernel 2.6.20+ and BASH 3.2 issues and added support for external definitions of all IP address space definitions. All users are advised to upgrade to this release.
Release Notes: This version fixes issues with the security of the created temporary files.
Release Notes: This release fixed vulnerabilities where malicious local system users could use FireHOL's temporary files to overwrite arbitrary files on the system. All users are advised to update to this version. This release included new service definitions: ANYSTATELESS, TIMESTAMP, and DICT. A TRANSPARENT_PROXY helper was added. Support for knockd as an argument to the accept action was added.
Release Notes: This is a major release and all users are advised to update. It includes new services: NIS, NUT, NNTPS, ASTERISK, DISTCC, ESERVER, GIFT, H323, IAX, ICP, RTP, SIP, STUN, UPNP, RDP, and more. Updated services: DHCP, SAMBA, and NFS. New helpers: TOS, DSCP, TCPMSS, and ECN_SHAME. New parameters: TOS, MARK, and DSCP. It has support for automatic installation of service definitions, better interoperability with various Linux distributions, updated RESERVED_IPS for current IANA IPv4 reservations, finer control on ACCEPTed traffic, the ability to control loopback access, and support for service groups.
Release Notes: This release features more services, including Oracle, Gkrellmd, DCC, and whois. CUPS has been fixed and Samba has been enhanced. There are new optional rule parameters, including PHYSIN and PHYSOUT. There is an updated MAC helper, better compatibility, better kernel module management, support for ULOG logging, and better iptables statement generation. PRIVATE_IPS has been updated for IANA reservations. There are various bugfixes. All users are advised to update to this version.
Release Notes: This release features more services (MSN, DCPP, Jabber, Jabberd, Webmin, time, Postgres, Hylafax, XDMCP, TFTP, and Veritas NetBackup). It has new helpers: MAC (global pairing of MAC and IP addresses), BLACKLIST (blacklist certain IPs, unidirectional or bidirectional), and MARK (mark packets for use by QoS). There are two new optional rule parameters: MAC (match source MAC address) and OWNER (match the user sending traffic). There is better interoperability with various distributions (mainly Gentoo), more control on kernel module management, cleaner iptables rules generation, better support for kernel 2.6.x, and more.
Release Notes: The main new feature of this release is the HELPME function that detects and produces the FireHOL configuration for the host run. Additionally, this release introduces a new PANIC mode which is now handled entirely by FireHOL, has better handling of the MIRROR target, has wider support for SNMPTRAP and SYSLOG, a definition for the SOCKS service, and better interoperability with various Linux distributions (e.g., Debian).
Release Notes: This release adds support for controlling log levels on a per rule basis, updated RESERVED_IPS variable according to the latest releases of IANA, and a few minor fixes to increase compatibility on various Linux distributions.