1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
2000-02-17 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_25_1
* fwctl.logrotate: Moved back weekly report to log rotation script.
* fwctl.cron: Moved back weekly report to log rotation script.
2000-02-16 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_25
* fwctl.logrotate: Moved weekly reports to fwctl.cron.
* fwctl.cron: Added weekly reports from logrotate.d sample
configuration.
2000-02-11 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* fwctl: Fixed problem with the way the new switches were
interpreted.
* fwctlreport.pm: Changed way to select subset of records with
an expression rather than many switches.
* Fwctl/Report.pm: Changed way to select subset of records with
an expression rather than many switches.
* Fwctl.spec: Updated for version 0.25.
* Fwctl/Report.pm: When removing duplicates, we should compare
src and dst ip using eq not ==.
2000-02-07 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* fwctl.logrotate: Added service_host_sum to weekly report and
drop src_host.
* Fwctl/Services/name_service.pm: When using the server option,
accepts UDP queries from any source port.
* fwctl.logrotate: endpostrotate -> endscript.
2000-01-30 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* fwctl: Added --nocopy, --nolog, --default and --mark options
to override default policy.
* Fwctl.pm: Possibility to override defaults policy for logging,
copy, deny policy and marking.
2000-01-26 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_24
* fwctl.logrotate: Make sure that only one week of report is
generated in the postrotate script.
* Fwctl/Report.pm: (BEGIN) Conditional loading of Date::Manip
wasn't working.
* IPChains/PortFW.pm: (new) Added /sbin:/bin:/usr/sbin:/usr/bin to
PATH.
* fwctlreport: Fix problem when there are no records, and
output NO RECORDS. Default details report wasn't working properly.
* fwctlacctreport: Fix problem when there are no records, and
output NO RECORDS.
* Fwctl.pm: Check for ipchains in PATH at startup. Use die and
warn instead than croak and carp for user errors. Incremented
version number.
2000-01-23 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_23
* fwctl.cron: Transform to crontab format. Dumps accounting
counters every 15mins. Preprocess kernel logs every hour and
generates daily reports.
* fwctl.logrotate: Added fwctl_log to rotation. Generates
weekly reports in the postrotate script.
* Fwctl/AcctReport.pm: (read_records) Fix problem with opening STDIN.
* Fwctl/Report.pm: (read_records) Fix problem with opening STDIN.
* Fwctl.pm: (version) Updated version number to 0.23.
* fwctlacctreport: (pod) Added program documentation.
* Fwctl/AcctReport.pm: (pod) Added module documentation.
2000-01-21 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl/AcctReport.pm: New module to generates report from
accounting data.
* fwctlacctreport: Added program to generates text report
from accounting data.
2000-01-18 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* test.pl(test): Add tests for interfaces with same IPs and
aliases with interface specification.
* Fwctl.pm (expand): Each elements of the expansions is now
an array ref which contains ( host_or_network, interface ).
(find_host_alias): Normalize IP addresses (.001 -> .1). Removes
interface specification.
(configure): Rewrite for new semantics of expand.
(read_aliases): Permit interface specification in expansion by
giving the interface name in parentheses after the host or subnet.
Tagged all default aliases with their proper interface.
(read_rules): Rewrote for new expand semantics. This makes the
function simpler, the only special cases being portfw.
2000-01-17 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* test.pl (test): Added test for masquerading of ftp service.
* Fwctl/Services/ftp.pm (accept_rules): Problem with masquerading
of the ftp port data connection fixed.
(account_rules): Wasn't switching between src and dst ports in
port forwarding condition. Problem with masquerading of the ftp
port data connection fixed.
2000-01-14 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl.pm (read_interfaces): Allow wildcard interface
specification (ppp+).
2000-01-10 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl/Report.pm: Module to generate reports. This module
is the report backend. fwctlreport is a frontend which displays
the generated report in text.
* fwctlreport: Packet filter report generation utility added.
* fwctllog: Added possibility to generates record log for only
a specific period of time.
* TODO: Removed items about log report tool.
1999-12-22 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* fwctllog (main): Fix for broken turn of year logic.
1999-12-21 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl.pm (find_interface_by_dev): New method to find an interface
by its associated device.
(find_host_alias): New method to find the alias related to an
host.
(find_host_alias): When looking for subnets alias, we were
skipping aliases with a /.
* fwctllog: New program to preprocess kernel firewall logs for
later analysis.
1999-12-20 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* test.pl: Added test for pptp with portfw option.
* Fwctl/Services/ipsec.pm: Added support for portfw option.
* Fwctl/Services/pptp.pm: Added support for portfw option.
* Fwctl.pm(BEGIN): Even if ipmasqadm was not present, loading
IPChains::PortFW was considered sucessfully loaded and triggered
an error at configuration time.
* Fwctl/RuleSet.pm(BEGIN): Use eval {} rather than eval "".
(ip_forward_ruleset): Removed restrictions on tcp and udp for the
portfw option.
(ip_portfw_forward_ruleset): Generates rules suitable for generic
IP forwarding.
f1999-12-17 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Tag: FWCTL_0_22
* fwctl(flush): Flush with warning if there is a configuration
file problem.
* Fwctl.pm(flush_chains,really_flush_chains) Added a
really_flush_chains method that can be called without
an object.
* Several: Added port forwarding support.
1999-12-16 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* IPChains/PortFW.pm: New.
* Fwctl/Services/ipsec.pm: New service module.
* Fwctl/Services/pptp.pm: New service module.
* Fwctl.pm(reset_fw): Added oth-in, oth-out and oth-fwd
chains. Protocol optimisation on the output chains wasn't
working. (Packets passed through all the chain)
* Fwctl/Services/icmp_pkt.pm: New service module.
* Fwctl/Services/udp_pkt.pm: New service module.
* Fwctl/Services/ip_pkt.pm: New service module.
* Fwctl/RuleSet.pm (constants and others): MASQ constants are
not a bit fields and added FWDMASQ and MASQNOHIGH values.
(determine_base,accept_ip_ruleset): Masquerading isn't
limited to icmp,udp and tcp protocol anymore.
1999-12-15 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl.pm(read_aliases,pod): Added IF_REM_NETS alias
that expands to all remote network attach to an interface.
* test.pl: Print current test being run and strip
whitespace before comparing regression tests results.
* Fwctl/RuleSet.pm(accept_ip_ruleset): Handle case of
forwarding on the same interface when src and dst are on
different network.
1999-11-22 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* fwctl.init(check): Check was flushing the rules instead
of doing a check.
1999-10-20 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* Fwctl.pm (read_aliases): <IF>_NETS aliases was defined
as an array references which caused a bug in expand().
1999-10-19 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_21
* Fwctl/Services/rsh.pm: Documentation fixes.
* Fwctl/Services/redirect.pm: New service definition.
* Fwctl/Services/lpd.pm: New service definition.
* Fwctl/Services/pcanywhere.pm: New service definition.
* Fwctl/Services/hylafax.pm: Properly inherits from ftp now.
* Fwctl/Services/ping.pm (account_rules): Was calling
accept_ip_ruleset instead of acct_ip_ruleset.
* test.pl: Removed bytes and packets counters from regression test.
Added new tests.
* Several files: Network::IPv4Addr got renamed to Net::IPv4Addr.
* fwctl.logrotate: New file for logrotate.
* fwctl (main): Added flush command which resets the firewall.
* Fwctl.pm (flush_chains): Added flush_chains method which
reset the packet filters to ACCEPT everything.
(Thanks to Bernd Eckenfels <ecki@lina.inka.de>)
(global): Moved configuration under /etc rather than
/etc/sysconfig.
(read_rules): Services expect IPChains options in
$options->{options}.
* debian/: Debian packaging b Bernd Eckenfels <ecki@lina.inka.de>.
1999-09-15 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_20
* Fwctl.pm: Fixes documentation.
* README: Add instructions for non RedHat users.
1999-09-03 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_18
* Fwctl/Services/dhcp.pm Added missing rules from client ip
to all broadcast address.
* etc/rules Fixed some small errors in the
example rules file.
1999-08-23 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_17
* Fwctl.pm Forgot to increment version number.
1999-08-23 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_16
* Fwctl.pm Fixed quote inserted before commit.
1999-08-23 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_15
* Fwctl.pm(find_interface) Check first for local IP. This caused
a problem when there multiple
interface aliases on the same subnet.
1999-08-19 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_14
* etc/aliases Updated to give a more
* etc/rules complete example setup.
* etc/interfaces
* Fwctl/Services/ftp.pm ctrl_port wasn't listed
as a valid option.
Added a data_port option.
* Fwctl/Services/hylafax.pm Added HylaFAX module.
* Fwctl/Services/syslog.pm Added syslog module.
1999-07-13 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_13
* Fwctl/Services/ping.pm: Corrected masquerading error.
* test.pl: Added test for masqueraded
ping to the Internet.
1999-07-09 Francis J. Lacoste <francis.lacoste@iNsu.COM>
* TAG: FWCTL_0_12.
* Fwctl/Services/rsh.pm: Stderr is from dst to src.
* fwctl.init: Added restart and reload action.
Fixed a typo.
* Fwctl.pm (dump_acct): Add -n switch when dumping
chains to preven DNS lockup.
1999-07-05 Francis J. Lacoste <francis.lacoste@iNsu.COM>
- Completed test suite.
- TAG: FWCTL_0_11.
1999-05-29 Francis J. Lacoste <francis.lacoste@iNsu.COM>
- Internal release. Completed all features and documentation.
- Begin testing.
- Version 0.10
1999-05-15 Francis J. Lacoste <francis.lacoste@iNsu.COM>
- original version; created by h2xs 1.19
|
