1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
|
<html>
<head><title>Linux IP Firewalling Chains: History</title></head>
<body bgcolor="#ffffff" text="#101010">
<center><h1>Linux IP Firewalling Chains: History</h1></center>
<h4>1.3.10 release</h4>
5-Oct-2000<br>
<strong>Bug Fixes</strong>
<ul>
<li>Fixed wildcard interfaces getting extra + with `-A input -v'.<br>
[ Howard Lowndes ]
<li>`Maximize throughput' not `minimize throughput' for TOS<br>
[ Adam Kumiszcza ]
<li>--delete-chain now takes optional arg, like -X.<br>
[ Lothar Gerlach ]
<li>Man page grammar and typo fixes,<br>
[ Hans Persson ]
<li>-h message fixes<br>
[ Hans Persson ]
</ul>
<strong>Changes</strong>
<ul>
<li>Now make install directories if they don't exist<br>
[ Marc Haber ]
<li>PREFIX prefix to installation directories<br>
[ Ytiddo ]
<li>Warn about `-i !eth0' and `-i eth0:0'.<br>
[ John Martinez ]
<li>ICMP numbers printed in -h icmp<br>
[ Brett Eldridge ]
</ul>
<h4>1.3.9 release</h4>
27-May-1999<br>
<strong>Bug Fixes</strong>
<ul>
<li> `!' argument handling cleanup: no longer swallowed silently if
! used after a single arg to `-d' and `-s' options.
<li> `--sport ! 53' now parses.
<li> Fixed usage message (--delete-chain not --delete, and --set not
--masquerade).
<li> Fixed TOS value warning for Minimize Cost.
</ul>
<strong>Changes</strong>
<ul>
<li> warns about manipulating forward chain when forwarding disabled,
to avoid #1 FAQ (use --no-warnings) to suppress. <br>
[ Based on Andrew Wansink's patch ]
<li> Changed --proto to --protocol (you can still used --proto of course).
<li> Added --line-numbers option for listing chains. <br>
[ Thanks to Danek Duvall ]
<li> Improved warning for `-j MASQ' if not masq. kernel.
<li> Clarified -i meaning (for different chains) in man page.
<li> Added DIAGNOSTICS section to man page.
<li> ipfw man page now mentions fw_outputsize field in /proc.
<li> libipfwc now has ipfwc_get_raw_socket() function.
<li> libipfwc now returns "" not "-" for accounting rules.
<li> refcard updated to Scott's latest masterpiece.
</ul>
<h4>1.3.8 release</h4>
27-Oct-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> -L of chains other than `input' now works.
[ Thanks to Bernhard Weisshuhn ]
</ul>
<h4>1.3.7 release</h4>
24-Oct-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> -Z option no longer acts like -F.
[ Thanks to Win Raets ]
<li> -M by itself no longer causes an abort.
<li> -C works again.
<li> -L -M doesn't report an error after successful completion.
</ul>
<strong>Changes</strong>
<ul>
<li> Long options are here at last!
[ Thanks to Andi Kleen ]
</ul>
<h4>1.3.6 release</h4>
20-Oct-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> No longer asks for bug report if invalid rulenum supplied.
[ Unknown source: lost in hard drive crash, sorry. ]
</ul>
<strong>Changes</strong>
<ul>
<li> Includes reference card!
<li> HOWTO updated: 1.0.3. DNS corrections, new section on typical
network layouts in which ipchains is interesting.
<li> Now only includes text version of HOWTO: rest in separate package.
<li> Reworked to move manip routines into separate library for others to
reuse.
</ul>
<h4>1.3.5 release</h4>
31-Jul-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> Makefile `install' target fixed.
[ Thanks to Samuli Kaski and others ]
<li> ipchains manpage reference to `REDIR' target fixed (it's `REDIRECT').
[ Thanks to Russell Coker ]
<li> ipchains man page reference to multiple ports removed.
<li> ipchains now stricter checking on possible policies.
[ Thanks to Ryszard Lach ]
<li> ipchains prints timeout correctly for when HZ != 100
[ Thanks to Richard Henderson ]
<li> ipchains gives an intelligent error when trying to create an already
existing chain.
</ul>
<strong>Changes</strong>
<ul>
<li> HOWTO updated: closer to LDP style guide, new FAQ section, minor
corrections.
<li> ipchains tells you which compulsory option you missed.
<li> Makefile updated for new HOWTO targets.
<li> ipchains.c global variables cleaned up.
</ul>
<h4>ipchains-scripts 1.0.2 release</h4>
26-May-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> Handles arguments slightly better.
</ul>
<strong>Changes</strong>
<ul>
<li> New man pages for ipchains-save, ipchains-restore and the ipfwadm
wrapper. Thanks to the Debian maintainer for these.
</ul>
<h4>1.3.4 release</h4>
21-May-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> `-j REDIRECT' (without a port number) works.
[Thanks to Leos Bitto]
</ul>
<h4>ipchains-scripts 1.0.1 release</h4>
17-May-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> ipfwadm-wrapper calls /sbin/ipfwadm.real if it exists, and we seem
to be on an old kernel.
<li> ipfwadm-wrapper should now work with bash 1.x.
<li> ipfwadm-wrapper now accepts the obsolescent `-a m' flag.
</ul>
<h4>ipchains-scripts 1.0 release</h4>
17-May-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> ipchains-save now updated to work with latest kernel.
<li> ipfwadm-wrapper interface handling fixed.
</ul>
<strong>Changes</strong>
<ul>
<li> Split scripts and libfw into separate archives from main ipchains
source.
</ul>
<h4>1.3.3 release</h4>
16-May-1998<br>
(userspace only -- patch integrated into official 2.1.102 kernel)<br>
<strong>Bug Fixes</strong>
<ul>
<li> Header order changed; should now compile under libc5
[Thanks to Shaw Carruthers]
<li> -o option added to man page.
<li> ipchains-save now works again, and ipchains-restore checks that
ipchains command actually succeeds.
</ul>
<strong>Changes</strong>
<ul>
<li> Mark value printed as hex, for easier human parsing.
<li> HOWTO updates to cover new official status, and treatment of truncated
packets as fragments (expected in 2.1.103).
</ul>
<h4>1.3.2a release</h4>
11-May-1998<br>
(kernel patch only)<br>
<strong>Bug Fixes</strong>
<ul>
<li> Packet dumping code now prints dst IP (not src IP twice).
[Thanks to Alexey Kuznetsov].
<li> Reject too-small ICMP fragments just like UDP fragments.
<li> Fixed Makefile and bogus patch element.
</ul>
<h4>1.3.2 release</h4>
7-May-1998<br>
<strong>Changes</strong>
<ul>
<li> Reduced in-kernel size (now only 3.5k bigger than old ip_fw.c code).
<li> ipchains now understands arbitrary masqueraded protocols.
[Thanks to Marco Kremer (mabi)]
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> HOWTO example fixed.
[Thanks to Jim Kunzman]
<li> ipchains version string now fixed.
[Thanks to Jim Kunzman]
<li> ipchains now gives error on specifying a too-long chain name.
[Thanks to Gerard Gerritsen]
<li> ipchains -S works again, with or without -M.
[Thanks to Serge Sivkov]
</ul>
<h4>1.3.1 release</h4>
19-Mar-1998<br>
<strong>Changes</strong>
<ul>
<li> Format of policy-change kernel interface changed, to allow same ipchains
binary under both 2.0 and 2.1 kernels, and simplify glibc interface.
<li> Userspace tools now compile under glibc.
<li> Binary release now glibc.
<li> Binary release no longer includes `ipfw.4' man page.
<li> Updated HOWTO.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> Fixed typo which cause mark not to be initialised to 0.<br>
[Thanks to Alexey Kuznetsov].
<li> Removed extraneous debug messages for 2.0 kernels.<br>
[Thanks to Ricardo Kustner].
<li> Fixed race condition correctly.
<li> Now compiles under SMP.
</ul>
<h4>1.3.0 release</h4>
8-Mar-1998<br>
<strong>Changes</strong>
<ul>
<li> `ipchains -X' now deletes all user-defined chains.<br>
[Thanks to feedback from John D. Hardin]
<li> Can now specify what packets to be copied to NETLINK device
(2.1.x kernels only).
<li> A simple library to make using the netlink device easier.
<li> Understands ICMP masquerading.
<li> Policies have packet and byte counters, for completeness.
<li> Should be SMP safe now (testers wanted; my laptop is not SMP).
<li> Introduced libfw.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> Many documentation and HOWTO fixes and updates.<br>
[Thanks to Dr. Liviu Daia and Matt Kemner.]
<li> ipchains-save bugfix with destination ports.<br>
[Thanks to Kevin Littlejohn.]
<li> Masquerading listing fixed.<br>
[Thanks to Franck Sicard.]
<li> Bogus `loop detected' message due to race condition now
fixed (also fixes possibility of counter inaccuracies).<br>
[Thanks to Helmut Adams]
<li> Masquerading modules now fixed for 2.0.x kernels.<br>
[Thanks to Marko Injac, and feedback from R. Garth Wood].
<li> Verbose packet info now logged at KERN_INFO level.<br>
[Thanks to Dr. Liviu Daia.]
</ul>
<h4>1.2.2 release</h4>
26-Jan-1998<br>
<strong>Changes</strong>
<ul>
<li> HOWTO updates.
<li> Kernel policies output changed from numbers to names, for consistency
across kernel versions.
<li> Introduced 2.0 kernel series support.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> ipchains-save and ipchains-restore fixed to handle userdefined chains
better.
<li> Fixed TOS handling in ipfwadm-wrapper script.
</ul>
<h4>1.2.1 release</h4>
21-Jan-1998<br>
<strong>Bug Fixes</strong>
<ul>
<li> Fixed interface (`-i') parsing in ipchains.
</ul>
<h4>1.2 release</h4>
19-Jan-1998<br>
<strong>Changes</strong>
<ul>
<li> Wildcard interface support.
</ul>
<h4>1.1.1 release</h4>
23-Nov-1997<br>
<strong>Changes</strong>
<ul>
<li> ICMP codes (as well as types) supported.
<li> icmp names supported.
<li> ipfwadm-wrapper released.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> ipchains-save and ipchains-restore fixed.
<li> -b flag when used with address masks fixed.
</ul>
<h4>1.1 release</h4>
20-Nov-1997<br>
<strong>Changes</strong>
<ul>
<li> HOWTO introduced.
<li> ipchains-save and ipchains-restore introduced.
<li> Inverse rule support.
<li> -k (TCP ACK) option removed.
<li> -b (BIDIR) option removed from kernel: handled in userspace.
<li> Multiple port support removed.
<li> Test suite removed from release.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> Handling of listing > 8 rules fixed.
</ul>
<h4>1.0.2 release</h4>
30-Sep-1997<br>
<strong>Changes</strong>
<ul>
<li> Interface address support removed.
<li> Added skbuff marking support.
</ul>
<h4>1.0.1 release</h4>
25-Aug-1997<br>
<strong>Changes</strong>
<ul>
<li> Generic protocol support added.
<li> Tighter TOS checking.
<li> TOS can now be specified by name.
<li> New target: RETURN.
</ul>
<strong>Bug Fixes</strong>
<ul>
<li> Port range handling fixed.
<li> Append and delete entry heisenbug fixed.
</ul>
<p>Enjoy!
<address>Rusty Russell</address>
<hr>
</body></html>
|
