Release Notes: The PEER_GW_INTERNAL, QUICK_IDENT, and DISABLE_P2P Code was updated inside the Main Script. An IANA Reserved IPv4 blocked host list was implemented. SSH_ACCESS and SQUID_LOCAL code was updated to allow for mult-interfaces. ICMPUP, ICMPDOWN, P2P-UPTCP, and DOWNTCP code was updated for better P2P support. The Forward Rule for HTTPS was fixed in the Main Script. An SMTP_Allow list was implemented to control outbound SMTP. Sysctl options are now configurable from the main config file.
Release Notes: The PEER_GW_INTERNAL option inside the main config and code in the min script were fixed. The FTP and IRC IPTables module configuration in the main config and main script was updated. The scripts and configuration files in the contrib directory were updated. The IANA reserved IPv4 blocked host list in the main configuration was updated. The hosting section in the main config was updated to help people trying to set up port forwarding.
Release Notes: The way TTL STEATH'ing works in the Mangle Tables has been changed. TCP Clamp and PMTU have been changed to use the Mangle Tables instead of the Filter and Nat Tables. The order of the State rules in the User tables EXTIN and DOWNLOAD has been changed to be more effecient. The ability to only load the IRC and / or FTP modules has been added (handy for static kernels with FTP, IRC IPTables Conntrack, and NAT helpers included as modules, so the default port options can changed).
Release Notes: DNAT --to PORT for SSH in Hosting was fixed. A bug in which QUICK_IDENT TCP-Reset didn't work in EXTOUT was fixed. The IANA reserved IPv4 blocked host list was updated in the main configuration file. A problem created with 15-Stable-3 with the SQUID accounting rule in the User Table LOCOUT was fixed.
Release Notes: Comments were added to the main firewall script. Some of the code at the start of the main script was changed. Snort active IDS guardian support was added in the contrib directory. This release has gone though a four-week closed testing period to ensure that it doesn't break anything for anyone that is using 15-Stable-1.
Release Notes: Logging was changed to suit the iptables log analyzer. The way the drop chains work was changed to suit setups where you are bridging on the LAN side. The way strict local ports work was changed for better use. The way IP to MAC security works was also changed to suit bridges. The denied ports lists in DOWNSPAM and UPSPAM were updated. A logging feature was added to Samba in the HwFw main conf file. The abitlity not to log traffic with a destination of the local LAN was added.
Release Notes: This release adds a check to see if the user is 'root' or 'Super User'.