All releases of Firewall/SOSDG
Release Notes: This is just a maintenance release fixing a few minor bugs and upping the version to 1.0.
Release Notes: IPv6 DHCP rules were fixed. Certain conn track rules were moved around, because they normally would not be used outside of a specific context. Code was cleaned up and some bugs were fixed.
Release Notes: This release fixes the location of the closing IPv6 if statement, adds default policy rules, fixes a stray NEW conntrack match that was causing incoming connections to be allowed even if blocked, and adds advanced port controls for IPv4 and IPv6.
Release Notes: IPV6_ROUTEDCLIENTBLOCK has been changed to allow blocking only on specific subnets. There is support for allowing IPV6 critical ICMP messages (on by default), a new config option for interception of IPv4 packets (aka transparent proxy support), the script now requires bash 3.0 or higher, and work has begun on variable error checking.
Release Notes: Some of the configuration clutter was moved to conf/. Work on a configuration tool was begun. An option to use state or the conntrack module for state tracking was added. The default gateway interface and IP address of an interface can now be optionally automatically detected.
Release Notes: This release adjusted the order of certain rules, prevented duplication of rules in some cases, added NETMAP (1:1 NAT mapping) support, and re-included the NAT_RANGE option in options.default after it was accidentally removed.
Release Notes: Important fixes were made for coding errors involving IPv6 variable changes.
Release Notes: Module loading, init script fixes, trusted DNS servers options, improved IPv6 code to bring it partially in sync with IPv4 features, and the addition of IPv6 marking support. IPv6 variables/options have been renamed.
Release Notes: Fixes a permissions issue with miscellaneous files. Changes from /bin/sh to /bin/bash in the init script to avoid failure on loading during boot.
Release Notes: RFC1918 blocking, some possible fixes for DHCP, advanced blocking support for IPv4/IPv6, and general cleanups.
