Release Notes: This release fixes RESERVED_NET_DROP, which only worked when RESERVED_NET_LOG was enabled (regression), fixes the installation script, and updates/corrects documentation.
Release Notes: The LAN_INET_OPEN_xxx, LAN_INET_HOST_OPEN_xxx, DMZ_INET_OPEN_xxx, and DMZ_INET_HOST_OPEN logic and handling was changed, and handling of some of the sysctl kernel settings was tweaked. It is now possible to disable setting/resetting of some settings (like forwarding). The default UDP connection timeout is now 60 seconds. Support for a new LOCAL_CONFIG_DIR variable was added. It defaults to "/etc/arno-iptables-firewall/conf.d". Documentation was improved. Miscellaneous tweaks were made for arno-fwfilter.
Release Notes: This release removes DNS_FAST_FAIL and RESOLV_IPS, since they are both obsolete. It adds miscellaneous tweaks.
Release Notes: This release calls insserv during configure, when available. This is required, for example, on Debian/Ubuntu systems which use dependency-based booting. It fixes MULTICAST jumping, which should be done at the end of EXT_INPUT_CHAIN, not at the beginning, or users won't be able create "normal" rules for it. It updates several plugins.
Release Notes: Kernel support check is performed when IPv6 support is enabled. Several bash-isms were fixed. A workaround was provided for a Busybox 'ash' bug when IPV6_SUPPORT is enabled. A pptp-vpn plugin was provided for local PPTP server support. An incorrect URL for location lookup in arno-fwfilter was fixed. All IPv6 packets with Routing Header Type 0 are dropped when the new IPV6_DROP_RH_ZERO variable is set. Handling of HOST_OPEN_ICMP, HOST_DENY_ICMP_NOLOG, and HOST_DENY_ICMP variables with IPv6 addresses was fixed. There were several other tweaks and fixes.
Release Notes: Batch wrappers that failed in some cases were fixed. Legacy plugin support that used the PLUGIN_PATH variable was removed. An issue when the value of IPV6_SUPPORT was changed, and this was followed with a 'restart' was fixed. There were some cosmetic tweaks.
Release Notes: Several IPv6 fixes and tweaks.
Release Notes: The check_interface() function was fixed to work for VLAN interfaces. Several plugins were updated. Several tweaks and fixes were made in the install script.
Release Notes: Several problems in the install script were fixed.
Release Notes: The install script was modified to make the firewall start after the network is brought up on boot. A dig() function wrapper that degrades to nslookup if dig is not available was added. New DynDNS and Traffic Accounting plugins featuring host caching were added. The install script now detects interfaces and their properties instead of the main script. sysctl() no longer always applies the -w argument. A DNS failure on startup was fixed. Certain rules now default to ANYHOST and/or ANYPORT less if it is not specified, as it is too user sensitive. Miscellaneous tweaks and cosmetic enhancements were made.