All releases of IP Filter
Release Notes: This release makes substantial changes to the FTP proxy to improve reliability, security, and functionality. It doesn't send ICMP errors/TCP RSTs in response to blocked proxy packets and fixes memory leaks that could occur when unloading ipfilter from the kernel.
No changes have been submitted for this release.
Release Notes: Fixes to parsing and printing of NAT rules with regression tests, new code to adjust TCP checksums inside ICMP errors where present and as required for NAT, fixes for documentation problems in install documents, and fixes for locking problems with auth codes on Solaris.
Release Notes: Patches to install IPFilter into OpenBSD 3.0 (for both kernel compiles and complete system builds), a fix for a bug in automatic flushing of state table which would cause it to hang in an infinite loop introduced in 3.4.20, and more.
Release Notes: This release includes many bugfixes and a few enhancements, especially for IPv6 and the Solaris and BSD code.
Release Notes: This release fixes the FTP proxy to allow logins with passwords, uses irc_walk to look for ire cache, fixes a fragment#0 handling bug, deals with bad SPL assumptions for log reading on BSD, supports LOG_SECURITY, adds some auth rule patches, and introduces fr_icmpacktimeout to timeout entries once an ICMP reply has been seen separately.
No changes have been submitted for this release.
No changes have been submitted for this release.
No changes have been submitted for this release.
Release Notes: Addition of ratoui() and a fix for parsing of group numbers to allow 0 through UINT_MAX, non-inclusion of opt_inet6.h for FreeBSD if KLD_MODULE is defined, use of copyin() by Solaris for all types of ioctl() args, fixups for the screen/tty when leaving "top mode" of ipfstat, fix for an incorrectly set up linked list for maptable in nat_hostmap(), checking for maptable rather than nat_table[1] to see if malloc for maptable, succeeded in nat_init, fixes for handling of map NAT rules with "from/to" host specs and printout out of source address when using "from/to" with map rules, and conversion of ip_len back to network byte order (not plen) for Solaris as ip_len may have been changed by NAT and plen won't reflect this.
