Release Notes: This release fixes the bug where the loopback rules were being QUEUED via the ESTABLISHED,RELATED rule, and so snort-inline boxes would not allow loopback traffic.
Release Notes: DNAT interfaces are now properly selected when editing a Path where the action = DNAT. This fixed the bug where the previous interface was not being selected and the available interfaces were not being updated properly. This is a major issue for anyone using DNAT.
Release Notes: The bug that prevented you from deleting a path when editing a ServiceGroup has been fixed.
Release Notes: The mangle table check was not catching the stderr output, and so the mangle chains were always trying to be used. This has been fixed.
Release Notes: A fix for an issue when IPv6 is enabled in the system, updating the iptables.pcx startup script, and RPMs are built for Perl 5.6.1 (read the README for details on building RPMs for older Perl versions).
Release Notes: A fix for IPSec dropping outgoing ESP packets in the host-host and host-network scenarios, a new comment attribute to the config file so you can remember what you were trying to do, and some more samples to the VeryTight.xml config file.
Release Notes: Ability to ping yourself when allowAllICMP = 1, and DNS traffic comes back in instead of getting dropped. These were both byproducts of the enhancements to the PREROUTING chain.
Release Notes: This release fixes the bug that allowed ports that were being opened on only a single interface (external or internal), not on all interfaces, to stop working after upgrading from 1.2. A check needed to be removed from the PREROUTING accept rule so that the rule was generated regardless of whether you are blocking all internal to external traffic.