File: ChangeLog

package info (click to toggle)
firestarter 0.8.2-3woody1
links: PTS
area: main
in suites: woody
size: 3,108 kB
ctags: 543
sloc: sh: 9,269; ansic: 7,205; makefile: 418
file content (917 lines) | stat: -rw-r--r-- 28,310 bytes
Tue Apr 16 2002 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c:
	- Fixed broken CR on TCPMSS rule.
	(found by Bob Jones)

Sat Apr 06 2002 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c, netfilter-script.c:
	- Fixed unterminated ; on port forwarding rules

Sat Feb 17 2002 Tomas Junnonen <majix@sci.fi>

	* src/firestarter.c:
	- Existing firewall is not stopped when running Firestarter
	for the first time (until we are ready to start the new one).
	- 'Allow all connections' rules are now located above the
	'Deny all..' on the dynrules tab, to reflect new chain order.
	* src/util.c: Scripts from older program versions are now
	backed up, not removed.

Thu Feb 14 2002 Paul Drain <pd@cipherfunk.org>

	* src/portfw.c:
	- Forwarding rules should be "A"dded to the list, not
	"I"nserted.
	
Thu Feb 08 2002 Paul Drain <pd@cipherfunk.org>

	* src/portfw.c:
	- Added forwarding :|

Wed Jan 16 2002 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c:
	- Moved the 'Allow All' chain above the 'Deny All' chain
	
Mon Jan 14 2002 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c, netfilter-script.c:
	- Removed 10.0.0.x and 192.168.0.x from the IANA
	blocklist 
	(until we make it dynamic or the FAQ is updated to 
	include information on how to remove your detected range 
	from the firewall script output)

Sun Jan 13 2001 Tomas Junnonen <majix@sci.fi>

	* src/ipchains-script.c, netfilter-script.c:
	- Latest IANA nonroutable block list implemented. (Nick Hill)

Mon Jan 07 2001 Tomas Junnonen <majix@sci.fi>

	* !ipchains.init, !netfilter.init, firestarter.spec:
	- The init scripts now have their own files
	- Fixed init scripts being deleted when upgrading
	  to a newer RPM.
	* src/druid.h, druid.c, druid-choices.c, service.c,
	netfilter-script.c, ipchains-script.c:
	- uPNP is now a known service. Blocked by default.

Mon Jan 07 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: Fixed the loading of the
	connection tracking modules - these modules are
	now loaded as part of the masquerading chain, as 
	opposed to *only* being loaded if the user had
	enabled FTP or IRC as a specific service.

Sat Jan 05 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: Added IRC connection
	tracking and NAT configuration.
	
Fri Jan 04 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: Moved the loading of the 
	external files to later in the script. Fixes the bug
	of clering the NAT table right after the rules being
	loaded. Allows usage of default result chains in the
	external files.
	* src/firestarter.c: New command line options to
	manage firewall, start without applet support. Fixes
	CORBA errors when running remotely. (Simone Contini)

Tue Jan 01 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c,ipchains-script.c:
	Some previously nonroutable ip blocks are now
	allowed.

Thu Dec 20 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c: fixed TTL mangling being
	used in the postrouting chain instead of the OUTPUT
	chain. 

Tue Dec 18 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: ' character used where
          ` needed
	* src/ipchains-script.c: fixed -y option being used
          together with the UDP protocol
	* src/preferences.c: fixed some already removed objects
          still being referenced, causing GTK errors

Sun Dec 16 2001 Tomas Junnnonen <majix@sci.fi>

	* src/preferences.c:
	- Fixed the logfile being set to null
	- Autosizing of all frames (Roy-Magne Mo)
	* src/portfw.c:
	- Fixed only last portfw entry showing in the GUI
	* src/druid.c,druid-choices.c:
	- The advanced druid setting is now saved and loaded
	* src/netfilter-script.c:
	- Outbound traffic (!syn, state new) on high connections
	  that get caught is no longer logged. If we implement
	  a destination field in the GUI we start logging.

Sat Dec 15 2001 Tomas Junnonen <majix@sci.fi>

	* src/preferences.c, src/firestarter.c:
	- All options and features to do with
	  sound playing removed
	- Renamed Do Not Log port option to
	"Block and stop logging this port"
	- Removed the option to specify the logfile manually
	* src/util.c:
	- Linux 2.5 kernels default to iptables
	* src/netfilter-script.c:
	- Rules for tcp and protocol 50 ipsec handling
	* pixmaps/top.png,left.png: New watermarks
	* src/firestarter.src:
	- Removed Paul's fixes for the stop firewall
	  function. When stopped traffic flow freely.
	  The Halt function drops packets.

Sun Dec 09 2001 Paul Drain <pd@cipherfunk.org>
	* src/firestarter.c:
	- Fixes to deny / drop packets
	correctly when the firewall script is
	stopped.

Sat Nov 24 2001 Tomas Junnonen <majix@sci.fi>
	* config.sub, config.guess
	- Updated GNU config scripts
	* po/*po: Updated translations from GNOME CVS
	* doc/C/Makefile.am/in, firestarter.spec:
	- Small fixes

Thu Nov 22 2001 Tomas Junnonen <majix@sci.fi>
	* src/parse.c:
	- The hitlog now tails (scrolls) as hits arrive
	* src/logread.c: Fixed problem with hits arriving
	even after firewall stopped (lag)

Wed Oct 31 2001 Paul Drain <pd@cipherfunk.org>
	* src/netflter-script.c, src/ipchains-script.c:
	- Changed references to GTK_RADIO_BUTTONS to
	GTK_TOGGLE_BUTTONS (patch provided by Ali Akcaagac)

Mon Oct 29 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c:
	- Added support for FTP connection tracking
	- Added support for NAT-based FTP connection tracking
	(you must define FTP as an available service for these
	two options to work)
	- Fixed syn mismatching in NEW connection state
	- Fixed FIN timeout option

	* src/ipchains-script.c:
	- Fixed FIN timeout option


Sun Oct 28 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c: Removed reference to the
	IPTables "mirror" module - formally only used for
	compatibility anyway.

Fri Oct 26 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c: Reverted the --log-info
	option from the log and {drop/reject} chains (as
	of 1.2.3, the default is to log to whatever syslog
	defines as info anyway)

Thu Oct 25 2001 Paul Drain <pd@cipherfunk.org>
	* src/ipchains-script.c, src/netfilter-script.c:
	Removed duplicated 127.0.0. bans from the reserved
	block list.

Wed Oct 24 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c: Fixed unclean packet
	matching for the Outbound chain
	(thanks to Paul Blackman for chasing it down)

Tue Oct 23 2001 Paul Drain <pd@cipherfunk.org>
	* src/service.c: added MS-RPC to the list of known
	problem ports
	* src/ipchains-script.c, src/netfilter-script.c:
	added default block for MS-RPC

Mon Oct 22 2001 Paul Drain <pd@cipherfunk.org>
	
	* src/sort-clist.c:
	- Removed duplicated g_free()
	* src/druid.c:
	- Enabled detection of AH-based ipsec
	tunnels
	* src/ipchains-script.c, src/netfilter-script.c:
	- Fixed automatic blocking of DHCP port 67:68

Sat Oct 20 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c:
	- Added logging state information to Log-and-Drop
	and Log-and-Reject chains to allow logging to the
	kernel specified logfile, rather than the console
	(suggested by Marc van de Wert)

Wed Oct 17 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c:
	- Fixed TCPMSS matching bug (reported by Paul Blackman)
	- Fixed STATE chain flag reference
	- Added support for filtering INVALID and UNCLEAN flags
	for the Outbound and Forwarded chains.

	* src/util.c:
	- Fixed the 'insmod ip_tables.o' problem, now uses modprobe
	with the autoclean flag instead.

Tue Oct 16 2001 Paul Drain <pd@cipherfunk.org>
	* src/netfilter-script.c:
	- Added stateful fixes for NEW packets that don't match a
	given synflag
	- Minor typo cleanups and documentation added to various
	tunable parameters.

Fri Oct 12 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c:
	- Added TTL Matching (defaults to 64, you have to change
	the configuration manually, and it's probably broken
	in IPTables <= 1.2.3 unless you use Patch-o-Matic)

	* src/portfw.c:
	- Added UDP support to port forwarding

Sun Sep 16 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c, src/netfilter-script.c:	
	- Corrected proxy_arp sysctl variable (it's always 0)

	* src/firestarter.c:
	- locatesbins variable is true, formally always returned
	false, meaning FS had difficulty establishing which firewall
	utility to run (IPT vs IPC) at runtime.
	- Fixed indents to be tabstop compliant

Sat Sep 15 2001 Paul Drain <pd@cipherfunk.org>

	* src/portfw.c:
	- Corrected ipmasqadm entry (was hardcoded to /usr/sbin)

Tue Sep 04 2001 Paul Drain <pd@cipherfunk.org>

        * src/netfilter-script.c:
	- Fixed SSH and FTP hotfixes to only be applied if support
	for the protocol was included.
    
Mon Jul 16 2001 Paul Drain <pd@cipherfunk.org>

    * src/netfilter-script.c:
    - Added SYN ACK retry Sysctl

Tue Jul 10 2001 Paul Drain <pd@cipherfunk.org>

    * src/netfilter-script.c:
    - Restored blocking of packets with INVALID flags

Wed Jul 04 2001 Tomas Junnonen <majix@sci.fi>

    * src/netfilter-script.c:
    - The chains were being flushed after we had read the external 
    files. Moved the flushing code up in the script.
    - Typo: input instead of INPUT in default policy section
    
Tue Jul 03 2001 Paul Drain <pd@cipherfunk.org>

    * NEWS, README, TODO, INSTALL: Updated these to reflect
    the impending 0.8.0 release.
    
    * postinstall: Updated to 1.1.x - Changelog included at
    the top of the file
    
    * src/netfilter-script.c: Merged 'variables' (see top of
    generated script file) section back in to main tree.

Tue Jul 03 2001 Tomas Junnonen <majix@sci.fi>

    * src/firestarter.c: Display the hostname in the main
    window title.
    * src/util.c: Fixed detect_netfiler() spamming to the
    console and constantly reloading the iptables module.
    * src/service.c: Fixed all service lookups being made
    with tcp as the protocol.
    * src/druid.c: Changed the advanced/simple druid flow

Mon Jul 02 2001 Paul Drain <pd@cipherfunk.org>

    * src/netfilter-script.c: Fixed some of the outbound
    interface chains that were causing IPTables to bomb out
    at runtime (specifically the outbound SMB check)
    
Sun Jul 01 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c, src/netfilter-script.c:

    Added new Sysctl checks from the -fnk tree including:
    - Fragmented packets (including time-to-live)
    - Packet Redirection (arp, accept, reject and secure_redirects)
    - SYN Cookies (buffers, retry-in-memory attempts)
    - ECN (IPTables only - defaults to off)
    - 'Odd' Packet Logging (logging martians, interface changes)
    - TCP Timeouts (timestamping, redirections, timeouts, retry counts)
    - TCP Scaling (window scaling, FIN checking, ACK counts)
    - ICMP Checking (group membership(s))
    - Routing (FIB scaling, RFC-Compliant rp_filter checking)

Thu Jun 28 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c, src/netfilter-script.c:
    - Added descriptive help to some sections of the generated script
    that were causing confusion.
    
Tue Jun 26 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c, src/netfilter-script.c:
    - Merged changes to the layout of the generated script
    from the -fnk tree

Fri Jun 22 2001 Paul Drain <pd@cipherfunk.org>

    * src/netfilter-script.c: Added rate limiting to the
    fragmentation check

Wed Jun 20 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c: Removed the logging options
    for broadcasting and stuffed routing packets. Resolves
    request #413720 in the Sourceforge Tracker
    
Tue Jun 19 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c, src/netfilter-script.c:
    - Added block for SMB on the default Outbound chain

Thu Jun 14 2001 Paul Drain <pd@cipherfunk.org>

    * src/ipchains-script.c, src/netfilter-script.c:
    - Added TCP Timestamping Sysctl check
   
Mon Jun 11 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: 
	Fixed FTP via NAT rule (was commented out)
    
Mon Jun 04 2001 Paul Drain <pd@cipherfunk.org>

	* src/druid.c, src/ipchains-script.c, src/netfilter-script.c:
	- Removed 'Outbound Filtering' Rules
	* src/preferences.c:
	- Added "Experimental Rulesets' Options
	(this allows advanced users to play with iptables patch-o-matic
	options without breaking functionality for existing users)
	
Fri Jun 01 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: 
	- Cleaned up references to chain creation
	- Added new chains for unclean, stateful & sanity
	checks (enables use of newer netfilter modules to
	cut down on code)
	- Fixed 'stuffed routing' double-space check
	
Mon May 28 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: 
	- Fixed the reference to rmmod so it unloads the ipchains 
	module on systems that don't have their 'rmmod' in /sbin.
	- Added TCPMSS fix from -fnk tree to help broken PPPO{A/E}
	clients masquerade properly.
	
Sat May 20 2001 Tomas Junnonen <majix@sci.fi>

	* src/druid.c: Added a branch page for either simple
	or advanced mode and accompanying branch logic code.

Sat May 19 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: Now unloads the ipchains module
	correctly on 2.4 systems (mostly for RH 7.1)
	* src/util.c,logread.c,portfw.c: Fixed the problem with
	the never ending script detection
	* src/sort-clist.c: Fixed crash when sorting as
	non-root user

Wed May 02 2001 Tomas Junnonen <majix@sci.fi>

	* src/*.c: proper checks for fopen + errno messages
	on failure, by Mattias Eriksson

Fri Apr 20 2001 Tomas Junnonen <majix@sci.fi>

	* firestarter.spec: The manual is now properly installed
	when using RPM.

Sun Apr 08 2001 Tomas Junnonen <majix@sci.fi>

	* src/portfw.c: Portforwarding feature is now complete.
	Works both in Linux 2.2 (with ipmasqadm) and in Linux 2.4.

Sat Mar 31 2001 Tomas Junnonen <majix@sci.fi>

	* !/src/portfw.c/h, /src/druid.c: Started
	work on port forwarding configuration interface.
	* /src/firestarter.c, /src/sort-clist.c: Sorting
	of the dynamic clists is messing up the rules. 
	Removed the sorting for now.

Thu Mar 22 2001 Paul Drain <pd@cipherfunk.org>

	* Makefile.in: added doc/ directory
	* src/menus.c: added "Manual" option to Help Menu
	* src/ipchains-script.c: one too many -y's in the Subseven
	detection options - removed.

Thu Mar 22 2001 Paul Drain <pd@cipherfunk.org>

	* configure.in: updated to include hooks for
	documentation.
	* src/druid.c: typo cleanup.

Wed Mar 21 2001 Paul Drain <pd@cipherfunk.org>

	* doc/*: everything added - beginnings of a proper
	manual, in Docbook format.  Anyone who can work with
	SGML is encouraged to send me patches to it.

Tue Mar 20 2001 Paul Drain <pd@cipherfunk.org>

	* src/service.c: added other known trojan ports
	* src/ipchains-script.c, src/netfilter-script.c:
	- Updated the known trojan listing (now includes subseven &
	stacheldraht)
	- Added outbound port filtering for all known trojans
	- Fixed port filtering for Multicast addresses
	- Added support for stuffed routing packets (0.0.0.0, etc)
	- Added support for fragmented packet filtering

Sun Mar 18 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c, src/netfilter-script.c: 
	- Updated the block IP address range listing.
	- Added block for Trinity v3 DDoS attacks
	(was meant to go in 0.6.0, but got lost in the
	patch queue)
	- Added support for blocking and rate-limiting
	various trojan ports.

Fri Mar 16 2001 Paul Drain <pd@cipherfunk.org>

	* src/service.c/h: Added AH (protocol 51) to the services
	list to support IPSec.

Thu Mar 15 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c, src/netfilter-script.c: Added
	IPSec / KLIPS support to default rulesets.

Sat Mar 10 2001 Tomas Junnonen <majix@sci.fi>

	* src/firestarter.src, src/sort-clist.c: Proper clist arrows
	by Joaquin.

Fri Mar 02 2001 Tomas Junnonen <majix@sci.fi>

	* !src/sort-clist.c/h, src/firestarter.c: Merged clist sort
	patch from Joaquin.
	* src/sort-clist.c: Added small + and - signs to the hitlist
	to mark the sorting order.

Thu Mar 01 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter.c: Fixed severe backward compatibility bug
	in the final input rules - now only doing RELATED checks on
	the protocols that need it, rather than everything > 513.

Mon Feb 25 2001 Tomas Junnonen <majix@sci.fi>

	* src/firestarter.c: Added session managment
	* !util.c/h !logread.c/h: Spring cleaning time! :)
	Big code exodus from firestarter.c
	Work in progress.

Sun Feb 25 2001 Tomas Junnonen <majix@sci.fi>

	* src/ipchains-script.c: The policies for the input and output
	chains are restored to ACCEPT at the end.

Thu Feb 22 2001 Tomas Junnonen <majix@sci.fi>

	* src/lookup.c: Error dialogs for various lookup failures (Joaqun)

Tue Feb 20 2001 Tomas Junnonen <majix@sci.fi>

	* src/ipchains-script.c: if statement checking for bsd_comp
	was missing a ending fi. Effect: The script was left in a
	deny all state.
	* src/firestarter.c: Don't g_print out every line when reloading
	the hit list.
	* po/: Translation updates

Mon Feb 19 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: TOS rules upgraded for
	IPTables 1.2.

Sun Feb 18 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: Fixed lowercase table names
	in the TOS rules (output).

Sat Feb 17 2001 Tomas Junnonen <majix@sci.fi>

	* Lots of translation changes
	* Bumped version for 0.6.0 release

Wed Feb 14 2001 Tomas Junnonen <majix@sci.fi>

	* po/various: Brought a lot of translations up to date.

Tue Feb 13 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Resolved a spacing problem in the
	incoming TCP high-port chain.

Mon Feb 12 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: Disabling ICMP filtering really,
	truly, 100% sure, allows all ICMP packets. Honest this time.

Sun Feb 11 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter.c: Added TOS configuration options
	(yes!, finally - the script will DO ToS configurations)
	* src/ipchains-script.c: Same

Sat Feb 10 2001 Tomas Junnonen <majix@sci.fi>

	* src/druid.c: The masq intrange was not being loaded
	from the GNOME registry
	* src/firestarter.c: When detecting old scripts, now asks
	for confirmation before removing anything. Only removes
	firestarter files (instead of entire directory!)
	* src/netfilter-script.c: Forward policy is now DROP
	($STOP wasn't working). Minor cleanups here and there.

Fri Feb 09 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter.c: ip_conntrack module cleanups, limit increases for
	ip_conntrack.

Thu Feb 08 2001 Tomas Junnonen <majix@sci.fi>

	* src/ipchains-script.c, src/netfilter-script.c: Some
	brackets were not properly closed.

Mon Feb 05 2001 Tomas Junnonen <majix@sci.fi>

	* src/preferences.c, src/druid.c: Merged the "show masq" &
	"show tos" options into a single "show all" wizard option.
	* src/ipchains-script.c, src/netfilter-script.c: The Disable
	ICMP Filtering wizard option REALLY disables ICMP filtering.
	* src/firestarter.c: Fixed a crash problem when reloading the
	hitlist. Added Paul Drain to the about box.

Sat Feb 02 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Changed the Dynamic IP hack rule in 
	/proc to only be active if the PPP interface is loaded.
	* src/netfilter-script.c: Same
	
Sat Jan 27 2001 Tomas Junnonen <majix@sci.fi>

	* src/firestarter.c: stop_firewall() & halt_firewall() now
	checks for the locatesbin option
	* src/netfilter-script.c: removed the lines setting the default
	chain policy to DROP

Fri Jan 26 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Added location checks for system
	binaries.

Thu Jan 25 2001 Tomas Junnonen <majix@sci.fi>

	* src/netfilter-script.c: Quick fix for NAT and SSH
	* src/menus.c: Added homepage url link to the Help menu

Wen Jan 24 2001 Tomas Junnonen <majix@sci.fi>

	* !src/druid-choices.h, !src/druid-choices.c, src/druid.c,
	src/scriptwriter.c, src/Makefile.am: Druid now remembers
	choices between sessions
	* src/firestarter.c: fixed segfault when removing old scripts and
	running the druid again

Tue Jan 23 2001 Tomas Junnonen <majix@sci.fi>

	* src/modrules.c: deny-all rules now always drop/deny
	* po/ca.po configure.in: added Catalan translation from Pablo Saratxaga
	* po/: fixes for es, fr, ga, and hu pot file headers
	* firestarter.c: fixed a string format issue

Sat Jan 20 2001 Tomas Junnonen <majix@sci.fi>

	* src/firestarter.c, src/firestarter.h, src/menus.c:
	Added "Halt all network traffic" option. Needs icon.
	Small appbar messaging changes.
	* src/firestarter.c, src/parse.h, src/parse.c
	Added proper script checks at startup:
	If made for wrong kernel or a program version older than
	the current version, remove scripts and start fresh.
	* firestarter.spec: Removed ipchains dependency

Sun Jan 07 2001 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: Finished modprobe detection, also fixed
	some of the standard rules (flushing shouldn't only apply for the
	filter table for example)

Mon Jan 01 2001 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c
	* src/netfilter-script.c: Seperated INPUT & OUTPUT default rules

Mon Jan 01 2001 Paul Drain <pd@cipherfunk.org>

	* src/preferences.c: Added Outbound Filtering checkbox. If you are
	using a dialup firewall, or don't need the facility - leave this
	option off.

Sun Dec 31 2000 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c
	* src/ipchains-script.c: Added variables for modprobe and lsmod (some
	distributions do not ship modprobe in /sbin either)
	* src/preferences.c: altered the description for locate 
	ipchains/iptables to reflect the change above.

Sat Dec 30 2000 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c
	* src/ipchains-script.c: Implemented first revision of OUTBOUND packet 
	filtering. NOTE: This severely breaks dial-up firewalls at present, it 
	will be changed into an advanced option (as it is useful for filtering 
	hosts) at a later date.

Sat Dec 30 2000 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: mangle & NAT tables are now only loaded 
	 and / or flushed when the modules exist.

Fri Dec 29 2000 Paul Drain <pd@cipherfunk.org>

	* src/druid.*: Merged with Tomas's changes to the wizard control panel
	* src/preferences.c: Same

Thu Dec 28 2000 Tomas Junnonen <majix@sci.fi>

	* src/preferences.c: moved some options around

Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Removed X Windows auto reject to allow ToS 
	testing to work
	* src/netfilter-script.c: Same	

Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Added standard policy rules before piping 
	in the modrules rules - eliminated possible security flaw.
	* src/netfilter-script.c: Added initial ruleset of ToS pages.

Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Added initial ruleset for ToS pages.
	
Wed Dec 27 2000 Tomas Junnonen <majix@sci.fi>

	* src/druid.c: did some major work on the wizard, it's now white with
	  small graphics on each page and large graphics on splash and end 
	  screen. Many string changes
	* pixmaps/card.png
	* pixmaps/left.png
	* pixmaps/masq.png
	* pixmaps/top.png: Added

Tue Dec 26 2000 Paul Drain <pd@cipherfunk.org>

	* src/druid.c: More ToS merges - fixed the services_next page to 
	skip over the ToS selection if it wasn't explicitly selected in the
	advanced settings

Mon Dec 25 2000 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: reverted LOADER variable fix,
	completely rewrote the module autoloader hack.
	* src/netfilter-script.c
	* src/ipchains-script.c: changed bsd_comp / ppp_deflate loader

Mon Dec 25 2000 Tomas Junnonen <majix@sci.fi>

	* src/ipchains-script.c: merged LOADER variable fix from Claudio Bley
	* src/netfilter-script.c: fixed do-not-log-port not being parsed

Sun Dec 24 2000 Paul Drain <pd@cipherfunk.org>

	* Changelog: Created standardized changelog to satisfy CVS requirements
	
Sat Dec 23 2000 Paul Drain <pd@cipherfunk.org>

	* src/ipchains-script.c: Fixed 2.2 IP Masquerading Module loader 
	(hopefully)
	* src/preferences.c: Fixed secondary occurance of destoy_filesel to 
	avoid killing GTK if a second version of Firestarter was loaded.

Thu Dec 21 2000 Paul Drain <pd@cipherfunk.org>

	* src/druid.c: remerged NLS notebook fix from Takeshi Aihana

Wed Dec 20 2000 Paul Drain <pd@cipherfunk.org>

	* src/druid.c
	* src/druid.h
	* src/preferences.c: First attempt at Type of Service dialog merge. 
	No Rulesets yet just the wizard.
		
Mon Dec 11 2000 Paul Drain <pd@cipherfunk.org>

	* src/netfilter-script.c: Changed default rule for forwarding from DROP 
	to the $STOP variable
	

2000-11-20

	* merged netfilter minor fixes and cleanups from Paul Drain
	* allowing icmp echo-reply packets
	* cosmetic fixes

2000-11-01

	* merged netfilter target, traceroute fix and casesensitivty fix 
	  patches from Paul Drain
	* merged preference window browse buttons/frames patch Joaqun

2000-10-25

	* merged icmp filtering, cleanups and iptables patches from Paul Drain
	* merged reject/deny patch from Joaqun

2000-10-24

	* merged smb, synflag and typo patches from Paul Drain

2000-10-21

	* small cleanups here and there

2000-10-20

	* added proper column optimizing and progress tailing of the hitlog
	* don't query gnome_config for netfilter status anymore

2000-10-17

	* added "Do not log this port" modifier
	* added Logging preference sheet

2000-10-16

	* restarted development....
	* small build enviroment fixes here and there
	* fixed RH7 i18N parse error bug
	* small gfx changes
	* removed some duplicate code in addrules.c
	* fixed #!/bin/sh not being first line in scripts

2000-09-07

	* put in the new icon set by Susan Emery
	* lots of small changes here and there
	* finished up the iptables support

2000-08-23

	* added sound support
	* preferences dialog remake

2000-08-17

	* finally fixed that DHCP/IP Masquerade hostname bug

2000-08-13

	* new better service determination scheme, uses /etc/services

2000-08-07

	* added option to launch firewall on ppp connect
	* added DHCP button to the device page
	* tooltips in the wizard and preferences menu
	* fixed problem with NFS and Xwindows ports


2000-08-06

	* don't display masq page if only one device in the machine
	* device on masq page defaults to second device in machine

2000-08-01

	* firestarter now stores its scripts in the default config
	  file dir, for example "/etc/firestarter"

2000-07-31

	* fixed the translations some more
	* program now resizes itself to minimize space needed

2000-07-30

	* fixed IP/Masquerade detection code
	* fixed translations, honestly

2000-07-29

	* added autodection of masqueraded net
	* small changes to the wizard

2000-07-26

	* fixed translations not working
	* hitlog clist is now 'tails', i.e. the focus stays at the bottom

2000-07-24

	* fixed DNS lookup crash
	* fixed the dynamic rules defaulting to TCP

2000-07-21
	* added a DNS lookup feature

2000-07-19

	* major cleanup of firestarter.c
	* added mini window icons
	* added a popup menu to the docklet
	* finally tracked down and fixed the segfault on exit,
	  looks like a bug in GNOME.

2000-07-17

	* now runs the druid on the first startup.
	* added "remove identical firewall hit lines" preference
	* changed by default allowed upper port limit to 49151

2000-07-16

	* must start using the ChangeLog again. Lazy me.
	* marked a lot of strings for translation
	* cleanups and code comments

	* previously: released 0.3.0beta1
		      finished the dynamic rules functionality
		      added a statusbar
		      removed the applet code and put in a docklet
		      some other things I've since forgotten

2000-06-01

	* added root password query using consolehelper

2000-05-31

	* fixed segault that occured with malformed log entries
	* fixed not closing properly when not running the applet
	* fixed logs not being saved to disk properly

2000-05-30

	* fixed segfault problem with older gnome libs
	* code cleanup
	* fixed spawning multiple wizards or pref. windows
	* added option not to display applet on panel
	* script now sets the TCP/IP address hacking option in proc
	* other minor changes to the script and interface

2000-05-29

	* second release, version 0.2.0
	* firewall monitoring tool working

2000-05-12

	* first public release, version 0.1
	* firewall creation wizard working