-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCHANGELOG
252 lines (244 loc) · 12.5 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
Turtle Firewall
2001/11/23 13:25:00
Copyright (c) 2001-2024 Andrea Frigido
You may distribute under the terms of either
the GNU General Public License (GPL)
CHANGELOG
---------
05-12-2001 v.0.91
- Modificato il nome da fwconf in Turtle Firewall (turtlefw)
10-01-2002 v.0.92
- Inserite le regole di accesso da/verso interfaccia lo
che precedentemente impedivano l'accesso a se stesso.
- Impostati i diritti sul file sh generato per l'esecuzione.
- Corretta la definizione delle lan nei file di configurazione
di esempio (samples).
19-03-2002 v.0.93
- Aggiunto l'uso del modulo turtlefirewall.pm (/usr/lib)
22-03-2002 v.0.94
- Aggiunto supporto dell'attributo ACTIVE delle rule.
02-04-2002 v.0.95
- Aggiunto il file setup al tarball.
17-04-2002 v.0.96
- Add webmin module languages files for English and Italian.
- Fix Masquerade and NAT bug.
17-05-2002 v.0.97
- Add franch webmin language file.
- Fix bugs.
23-05-2002 v.0.98 Giampaolo Tomassoni <[email protected]>
- Do you need port-based natting? Here it is...
- Fixed the I-Wanna-Reply-To-Pings-But-It-Doesn't bug: when
the fw accepts pings on a <somewere> => FIREWALL base,
don't turn the /proc/sys/net/ipv4/icmp_echo_ignore_all
kernel flag on...
- Applied few ahestetic make-ups
14-06-2002 v.0.99
- Fix turtlefirewall privileges bug.
- Use iptables from PATH (iptables directory need to be in PATH env. var.)
- PreLoad modules for ftp connections and NAT.
- Add CVS, NNTP services.
20-06-2002 v.1.00
- Change SystemV service start/stop order from 00/99 to 08/92.
- Change TurtleFirewall package file name.
- Check if XML::Parser perl module is installed.
- Add Telnet service.
26-06-2002 v.1.10
- Add description field for rules and items.
- Add experimental H.323 service.
- Fix bugs.
08-07-2002 v.1.11
- Setup procedure into webmin module, now Turtle Firewall installation is very easy.
- Removed chkconfig command for setup, it isn't availabe in all GNU/Linux distributions.
- Fix bug in "Create Nat" web interface.
- Other minor changes.
09-07-2002 v.1.12
- Fix bug in XML::Parser module checking.
03-09-2002 v.1.13
- Add NAT from a zone interface to a real host (etc. modem interface ip to my pc host).
- Add Redirect module (For Transparent Proxy).
- Fix security hole with INVALID packets filter code by Mark Francis.
- Enhanced Log.
- Add firewall rules for IPsec VPN service.
- Add firewall rules for Webmin service.
10-09-2002 v.1.14
- The configurable options contains now the option to select the logfile (Karl Lovink)
- The dutch language has been added (Karl Lovink).
13-09-2002 v.1.15
- Fix "DROP INVALID unclean" bug.
26-09-2002 v.1.16
- Change webmin category from System to Networking.
- Fix a bug on tcp/udp Local Redirection (Soep).
16-10-2002 v.1.17
- Fix bug with "--log-level info" iptables option.
- Enhanced log report.
- Enhanced interface.
- Add afp-over-tcp service: AFP (Apple Filing Protocol) over TCP.
(Alain Terriault)
- Add nfs (experimental)
13-11-2002 v.1.18
- Add Firewall Configuration Options.
- Now you can change firewall rules order (more readable).
- Add fwuserdefservices.xml file for userdefined services. With this file you can write your own
services filter without changing official fwservices.xml file.
The structure of this new file is identical of fwservices.xml file structure.
If you write a service with a name used by fwservices.xml, this new service definition overwrite
the original service definition so, if you want, you can rewrite all services.
IMPORTANT: I invite all to send me your userdefined service filter definitions, so I can add them into
the predefined services list (fwservices.xml) for all Turtle Firewall users.
26-11-2002 v.1.19
- Fix bug in Zone deletion.
- Fix a bug using aliased interfaces (signaled by Torsten)
- Add German translation (Jimmy Collins)
- Add mysql and kazaa services (Jimmy Collins)
- Add pptp (vpn) and rdp services (Joe MacDonald)
- Add PC-Anyware service (Chris Carter)
- Change setup script for Slackware Linux distribution (A.Frigido, Patrik)
15-01-2003 v.1.20
- Add optional MAC address field in host edit form.
- Add target field (ACCEPT/DROP/REJECT) in rule edit form.
- Fix bug in Log prefix string, it must be up to 29 chars length.
- Add x11: X Window System service.
- Use numerical notation for ports in fwservices.xml.
- Add Active flag to NAT, Masquerade and Redirect rules.
16-01-2003 v.1.21
- Fix a bug in Redirection.
12-02-2003 v.1.22
- Firewall and NAT rules with multiple services.
- Change LOG prefix from "TFW DROP" to "TFW".
- Add --start, --stop and --status options to turtlefirewall main script.
- Add stop button in the webmin turtlefirewall index page.
- Translate error messages (english and italian).
- Add icmp_all service for all messages (request+reply).
- Add all icmp messages in the special service "all".
18-02-2003 v.1.23
- Add proxy, ssh21, dhcp, snmptrap, socks and eDonkey services (Karl Lovink).
- Fix a bug into log viewer (Fredrik Tuomas).
- Add Configuration Backup/Restore.
31-03-2003 v.1.24
- Change Turtle Firewall stop process, ping will be reenabled.
- Add AIM/ICQ and Soulseek std services (Frank Förster).
- Add Oracle, VNC, VNC-http services.
- Add rip, syslog, icecast, icp, irc (Karl Lovink).
- Local Redirection Improved.
- Now you can rename all firewall items.
- More options.
02-04-2003 v.1.25
- Fix bugs.
07-05-2003 v.1.26
- Fix "de" language file (Frank Förster).
- NAT Improved, now you can change rules order.
- NAT rules bugfix.
- Configuration backup download bugfix.
14-05-2003 v.1.27
- Small Bug-fix.
15-07-2004 v.1.28
- Add port 445 to netbios service.
- Add jabber and jabber-s2s (server to server) services.
- Add lpr Line Printer Protocol.
- Add rdp - Windows Remote Desktop Protocol.
- Fix bugs.
19-11-2004 v.1.29
- Set icmp_echo_ignore_all flag to 0. Turtle Firewall use iptables
rules for drop or allow icmp echo packets. This fix a bug in tfw ping.
- Disable tcp_ecn flag.
- In masquerading configuration now you can specify source,destinatio,service,
port and action (masquerade or not masquerade).
21-11-2004 v.1.30
- Add * option in source and destination field of a firewall rule: all zones except FIREWALL.
30-11-2004 v.1.31
- Change rules display in turtlefirewall startup.
- Fix bugs.
17-02-2005 v.1.32
- Use iptables-restore command to speed up firewall start up.
??-??-2005 v.1.33
- Add source and destination option to the NAT rules.
- Bugfix on rules with target REJECT (from v.1.32).
31-11-2005 v.1.34
- Add mangle mark rule attribute for QoS (iproute2).
- Bugfix on turtlefirewall stop procedure (signaled by Ulf Seltmann).
11-01-2006 v.1.36
- Add multisources and multidestinations in firewall rules.
- Add service attribute in filter xml tag of services definition files.
- Eliminate drop_unclean option, doesn't work with kernel 2.6.x
- Bugfix.
02-02-2006 v.1.37
- New service definitions were added:
igmp (Internet Group Management Protocol).
bpalogin (BPALogin).
Thanks to Rene Cunningham for this two services.
openvpn (OpenVPN protocolo, www.openvpn.net).
- Bugs were fixed.
20-05-2011 v.1.38
- Debian 6.0 compatibility (chocolateboy).
23-04-2020 v.2.0
- OS : Systemd support, RPM package, Ensure running via cron.
- Feature : Added Time, GeoIP and nDPI support.
- Feature : Added Optional IP Blacklist.
- Feature : Added NAT Map to Port.
- Feature : Added HostName Set and IP Set items.
- Feature : Added pptp, sip, h323 and tftp kernel module options.
- Feature : Added Flow Statistics.
- Feature : Moved Marking to Mangle Rules. ( Connmark : for use with tc )
- Feature : Added Preroute Mangle Rules. ( Connmark Preroute : for use with iproute )
- Logging : Added Logging per rule and Flowinfo logging for target ACCEPT.
- Services : Removed www service. ( duplicate of http service )
- Services : Added Google QUIC, Ubiquiti Unifi, Whatsapp, Zoom, Teams, etc.
- Bug : Fixed MAC filtering. ( no ip required )
- Bug : Fixed Mangle table flush on firewall stop.
- Bug : Migrated ip_conntrack_max to nf_conntrack_max.
- Bug : Limit zone name max characters.
- Bug : Fixed zone deletion verification.
- Connection Tracking : Replaced "-m state --state" with "-m conntrack --ctstate".
- Connection Tracking : Enabled automatic helpers. ( Todo : migrate to CT target )
- Connection Tracking : Enabled connection marking.
- Connection Tracking : Flush conntrack table on firewall stop.
- Connection Tracking : Added conntrack tools.
- Theme : New Webmin support. ( Todo : Translate new features )
09-10-2022 v.2.1
- OS : Kernel 6 compatibility.
- Feature : Removed pptp, sip, h323 and tftp kernel module options.
- Feature : Added Preroute Raw Rules. ( Conntrack Preroute : for use with CT helpers )
- Feature : Added Raw Rules. ( Conntrack : for use with CT helpers )
- Connection Tracking : Migrated helpers to CT target.
03-06-2023 v.2.2
- Bug : Code cleanup.
- Bug : Fixed rename and delete of multi select items used in rules.
- Bug : Fixed port or port range verification in rules.
- Bug : Fixed service display wrap in rules.
- Feature : Added Flow Risk support.
- Feature : Added Optional Domain, JA3 and SHA1 Blacklist support.
- Feature : Added Rate Limit support.
- Feature : Added "dport" Flow Statistics option.
- Feature : Removed Blacklist Flow Reports.
- Feature : Improve Blacklist view.
18-02-2024 v.2.3
- Bug : Code cleanup.
- Bug : Fixed --mac-source masquerade.
- Bug : Removed depreciated HTML <tt>, <strike>, <font>, <align> and <valign> tags.
- Bug : Limit Blacklist sizes.
- Bug : Remove Domain Blacklist wildcard match.
- Bug : Fixed zone name item verification.
- Bug : Fixed Rate Limit apply when used in multiple rules.
- Feature : Rework action log format.
- Feature : Extend nDPI support.
- Logging : Replaced JA3 server with JA4 client.
- Theme : Rework group item selection.
- Theme : Split Port and nDPI service column in rule views.
- Theme : Update edit forms to use ui standard.
- Theme : Standardize Webmin images.
22-08-2024 v.2.4
- OS : Old fw.xml format fixes in fixconfig.sh.
- OS : Restore setup.cgi for WBM install.
- OS : Support for Debian 12 syslog date format.
- OS : Standardize shebang.
- Bug : Fixed ApplyRule risk variable not initialised.
- Bug : Fixed GeoIP include for Masquerade and Redirect.
- Bug : Include reserved name check on item rename.
- Services : Removed depreciated smtps TCP port 465 service.
- Services : Added DNS over TLS TCP port 853 service.
- Feature : nDPI 4.9.11 support.
- Feature : Add ipset support.
- Feature : Add prefix support for net items.
- Feature : Add item reference lookup support.
- Todo : Translate new features
- Todo : Fix backup.cgi restore upload.