Release Notes: Generated code for Linux iptables is highly optimized now. Deeply nested chains are used to minimize the number of tests for each checked packet. Support has been added for Cisco ASA devices as packet filter, VPN gateway, and for LAN-to-LAN IPSec tunnels. A new option to generate outgoing access lists has been added. Many other improvements and bugfixes have been applied.
Release Notes: The rule set can be better adapted to stateful and stateless devices. New "automatic" groups can be used for simpler definition of similar rules which affect a large set of objects. Loopback interfaces and negotiated interfaces are now supported. Support for Cisco VPN 3000 devices has been added, but currently isn't well documented. More checks are done to prevent an inconsistent configuration. There are many other improvements and some bugfixes.
Release Notes: IPSec encryption is supported now. A new concept of areas was introduced. An area denotes a part of the topology which is delimited by a set of interfaces. The IP address and mask of networks may alternatively be declared as an IP address and a prefix length. Some network objects get an optional attribute "owner" which is used for documentation purposes. Optimization has been improved by automatically joining rules with adjacent port ranges. Netspoc now runs on 64-bit systems.
Release Notes: This release fixes a bug in local optimization, where some deny rules could inadvertently be marked as redundant, leading to missing ACLs for these rules in generated code. A second bug with automatically generated rules at stateless packet filters has also been fixed. For TCP, reverse deny rules no longer generated.
Release Notes: PIX commands like "icmp" and "telnet", which filter traffic for the device itself, are generated now. There was a syntax error with IOS routers when applying an access list to an interface. This has been fixed.
Release Notes: Support of redundancy protocols (VRRP, HSRP) has been enhanced. Other minor improvements have been made.
Release Notes: A bug in the internal handling of NAT has been fixed. This could lead to missing optimization of subnets and possibly to incorrect code.
Release Notes: "chains" of iptables and "object-groups" of Cisco PIX are supported now. NAT code for PIX ("static" and "global") is supported for both directions. Handling of NAT has been generally enhanced to support dynamic translation of multiple networks to a single address range. Optimization of generated access control lists has been augmented by a local optimization step for each router. Handling of subnets is improved to get better results from optimization. Code for "any" rules is now inserted at top of ACLs, following deny rules.
Release Notes: The routing protocol EIGRP is supported.
Release Notes: This release supports NAT and VRRP, generates code for Linux devices using iptables, and has many other improvements.