All releases of Arno's IPTABLES Firewall Script
Release Notes: This release fixes RESERVED_NET_DROP, which only worked when RESERVED_NET_LOG was enabled (regression), fixes the installation script, and updates/corrects documentation.
Release Notes: The LAN_INET_OPEN_xxx, LAN_INET_HOST_OPEN_xxx, DMZ_INET_OPEN_xxx, and DMZ_INET_HOST_OPEN logic and handling was changed, and handling of some of the sysctl kernel settings was tweaked. It is now possible to disable setting/resetting of some settings (like forwarding). The default UDP connection timeout is now 60 seconds. Support for a new LOCAL_CONFIG_DIR variable was added. It defaults to "/etc/arno-iptables-firewall/conf.d". Documentation was improved. Miscellaneous tweaks were made for arno-fwfilter.
Release Notes: This release removes DNS_FAST_FAIL and RESOLV_IPS, since they are both obsolete. It adds miscellaneous tweaks.
Release Notes: This release fixes the kernel_ver_chk() function to properly handle kernel 3, fixes variables containing REJECT_UDP with IPv6 enabled (it should use "icmp6-addr-unreachable" for IPv6), parses AIF variables with a common function, and logs missing fields with a warning.
Release Notes: This release calls insserv during configure, when available. This is required, for example, on Debian/Ubuntu systems which use dependency-based booting. It fixes MULTICAST jumping, which should be done at the end of EXT_INPUT_CHAIN, not at the beginning, or users won't be able create "normal" rules for it. It updates several plugins.
Release Notes: Kernel support check is performed when IPv6 support is enabled. Several bash-isms were fixed. A workaround was provided for a Busybox 'ash' bug when IPV6_SUPPORT is enabled. A pptp-vpn plugin was provided for local PPTP server support. An incorrect URL for location lookup in arno-fwfilter was fixed. All IPv6 packets with Routing Header Type 0 are dropped when the new IPV6_DROP_RH_ZERO variable is set. Handling of HOST_OPEN_ICMP, HOST_DENY_ICMP_NOLOG, and HOST_DENY_ICMP variables with IPv6 addresses was fixed. There were several other tweaks and fixes.
Release Notes: Batch wrappers that failed in some cases were fixed. Legacy plugin support that used the PLUGIN_PATH variable was removed. An issue when the value of IPV6_SUPPORT was changed, and this was followed with a 'restart' was fixed. There were some cosmetic tweaks.
Release Notes: Several IPv6 fixes and tweaks.
Release Notes: Support was added for an optional plugin_restart() function in plugins using a new plugin template. The IDENT environment variable is used for plugins. The IPV6_AUTO_CONFIGURATION variable was added to control autoconf when IP_FORWARDING = 0. The IPV6_OVER_IPV4_SERVER variable was added for the ipv6-over-ipv4 plugin, restricting 6to4 source packets. Miscellaneous tweaks and fixes were done.
Release Notes: Full IPv6 support was implemented, along with a mixed IPv4/IPv6 mode. There were many tweaks and fixes.
