Release Notes: The --internal-net and --dmz-net options were added so that internal and DMZ networks can be manually specified without having to parse the output of ifconfig. This is most useful for running fwsnort on a Linux system that is acting as a bridge where no IP addresses are assigned to the interfaces. A bugfix was made for missing icmp-port-unreachable rejects for UDP packets.
Release Notes: A bug in which DMZ interface rules were not added to the INPUT chain was fixed. A bug in which a DMZ network interface was not seen was fixed.
Release Notes: This version features a bugfix for the DMZ interface code, a bugfix for multiple ip_proto fields, removes the IP protocol as an allowed protocol for translation, includes a bugfix for negated port numbers, removes the "<-" rule direction, and fixes the snort rule updates from snort.org.
Release Notes: tcp-reset reject support was added for TCP sessions under the --ipt-block option. The ability to automatically download the latest rules from snort.org was added. Better checking was added for iptables extensions such as the opv4options and ttl extensions. A bugfix was made for IP protocol numbers in snort rules.