Firewall/SOSDG

Release Notes: IPv6 DHCP rules were fixed. Certain conn track rules were moved around, because they normally would not be used outside of a specific context. Code was cleaned up and some bugs were fixed.

Release Notes: This release fixes the location of the closing IPv6 if statement, adds default policy rules, fixes a stray NEW conntrack match that was causing incoming connections to be allowed even if blocked, and adds advanced port controls for IPv4 and IPv6.

Release Notes: IPV6_ROUTEDCLIENTBLOCK has been changed to allow blocking only on specific subnets. There is support for allowing IPV6 critical ICMP messages (on by default), a new config option for interception of IPv4 packets (aka transparent proxy support), the script now requires bash 3.0 or higher, and work has begun on variable error checking.

Release Notes: Some of the configuration clutter was moved to conf/. Work on a configuration tool was begun. An option to use state or the conntrack module for state tracking was added. The default gateway interface and IP address of an interface can now be optionally automatically detected.

Release Notes: This release adjusted the order of certain rules, prevented duplication of rules in some cases, added NETMAP (1:1 NAT mapping) support, and re-included the NAT_RANGE option in options.default after it was accidentally removed.