Linux IP Firewalling Chains: History
1.3.10 release
5-Oct-2000
Bug Fixes
- Fixed wildcard interfaces getting extra + with `-A input -v'.
[ Howard Lowndes ]
- `Maximize throughput' not `minimize throughput' for TOS
[ Adam Kumiszcza ]
- --delete-chain now takes optional arg, like -X.
[ Lothar Gerlach ]
- Man page grammar and typo fixes,
[ Hans Persson ]
- -h message fixes
[ Hans Persson ]
Changes
- Now make install directories if they don't exist
[ Marc Haber ]
- PREFIX prefix to installation directories
[ Ytiddo ]
- Warn about `-i !eth0' and `-i eth0:0'.
[ John Martinez ]
- ICMP numbers printed in -h icmp
[ Brett Eldridge ]
1.3.9 release
27-May-1999
Bug Fixes
- `!' argument handling cleanup: no longer swallowed silently if
! used after a single arg to `-d' and `-s' options.
- `--sport ! 53' now parses.
- Fixed usage message (--delete-chain not --delete, and --set not
--masquerade).
- Fixed TOS value warning for Minimize Cost.
Changes
- warns about manipulating forward chain when forwarding disabled,
to avoid #1 FAQ (use --no-warnings) to suppress.
[ Based on Andrew Wansink's patch ]
- Changed --proto to --protocol (you can still used --proto of course).
- Added --line-numbers option for listing chains.
[ Thanks to Danek Duvall ]
- Improved warning for `-j MASQ' if not masq. kernel.
- Clarified -i meaning (for different chains) in man page.
- Added DIAGNOSTICS section to man page.
- ipfw man page now mentions fw_outputsize field in /proc.
- libipfwc now has ipfwc_get_raw_socket() function.
- libipfwc now returns "" not "-" for accounting rules.
- refcard updated to Scott's latest masterpiece.
1.3.8 release
27-Oct-1998
Bug Fixes
- -L of chains other than `input' now works.
[ Thanks to Bernhard Weisshuhn ]
1.3.7 release
24-Oct-1998
Bug Fixes
- -Z option no longer acts like -F.
[ Thanks to Win Raets ]
- -M by itself no longer causes an abort.
- -C works again.
- -L -M doesn't report an error after successful completion.
Changes
- Long options are here at last!
[ Thanks to Andi Kleen ]
1.3.6 release
20-Oct-1998
Bug Fixes
- No longer asks for bug report if invalid rulenum supplied.
[ Unknown source: lost in hard drive crash, sorry. ]
Changes
- Includes reference card!
- HOWTO updated: 1.0.3. DNS corrections, new section on typical
network layouts in which ipchains is interesting.
- Now only includes text version of HOWTO: rest in separate package.
- Reworked to move manip routines into separate library for others to
reuse.
1.3.5 release
31-Jul-1998
Bug Fixes
- Makefile `install' target fixed.
[ Thanks to Samuli Kaski and others ]
- ipchains manpage reference to `REDIR' target fixed (it's `REDIRECT').
[ Thanks to Russell Coker ]
- ipchains man page reference to multiple ports removed.
- ipchains now stricter checking on possible policies.
[ Thanks to Ryszard Lach ]
- ipchains prints timeout correctly for when HZ != 100
[ Thanks to Richard Henderson ]
- ipchains gives an intelligent error when trying to create an already
existing chain.
Changes
- HOWTO updated: closer to LDP style guide, new FAQ section, minor
corrections.
- ipchains tells you which compulsory option you missed.
- Makefile updated for new HOWTO targets.
- ipchains.c global variables cleaned up.
ipchains-scripts 1.0.2 release
26-May-1998
Bug Fixes
- Handles arguments slightly better.
Changes
- New man pages for ipchains-save, ipchains-restore and the ipfwadm
wrapper. Thanks to the Debian maintainer for these.
1.3.4 release
21-May-1998
Bug Fixes
- `-j REDIRECT' (without a port number) works.
[Thanks to Leos Bitto]
ipchains-scripts 1.0.1 release
17-May-1998
Bug Fixes
- ipfwadm-wrapper calls /sbin/ipfwadm.real if it exists, and we seem
to be on an old kernel.
- ipfwadm-wrapper should now work with bash 1.x.
- ipfwadm-wrapper now accepts the obsolescent `-a m' flag.
ipchains-scripts 1.0 release
17-May-1998
Bug Fixes
- ipchains-save now updated to work with latest kernel.
- ipfwadm-wrapper interface handling fixed.
Changes
- Split scripts and libfw into separate archives from main ipchains
source.
1.3.3 release
16-May-1998
(userspace only -- patch integrated into official 2.1.102 kernel)
Bug Fixes
- Header order changed; should now compile under libc5
[Thanks to Shaw Carruthers]
- -o option added to man page.
- ipchains-save now works again, and ipchains-restore checks that
ipchains command actually succeeds.
Changes
- Mark value printed as hex, for easier human parsing.
- HOWTO updates to cover new official status, and treatment of truncated
packets as fragments (expected in 2.1.103).
1.3.2a release
11-May-1998
(kernel patch only)
Bug Fixes
- Packet dumping code now prints dst IP (not src IP twice).
[Thanks to Alexey Kuznetsov].
- Reject too-small ICMP fragments just like UDP fragments.
- Fixed Makefile and bogus patch element.
1.3.2 release
7-May-1998
Changes
- Reduced in-kernel size (now only 3.5k bigger than old ip_fw.c code).
- ipchains now understands arbitrary masqueraded protocols.
[Thanks to Marco Kremer (mabi)]
Bug Fixes
- HOWTO example fixed.
[Thanks to Jim Kunzman]
- ipchains version string now fixed.
[Thanks to Jim Kunzman]
- ipchains now gives error on specifying a too-long chain name.
[Thanks to Gerard Gerritsen]
- ipchains -S works again, with or without -M.
[Thanks to Serge Sivkov]
1.3.1 release
19-Mar-1998
Changes
- Format of policy-change kernel interface changed, to allow same ipchains
binary under both 2.0 and 2.1 kernels, and simplify glibc interface.
- Userspace tools now compile under glibc.
- Binary release now glibc.
- Binary release no longer includes `ipfw.4' man page.
- Updated HOWTO.
Bug Fixes
- Fixed typo which cause mark not to be initialised to 0.
[Thanks to Alexey Kuznetsov].
- Removed extraneous debug messages for 2.0 kernels.
[Thanks to Ricardo Kustner].
- Fixed race condition correctly.
- Now compiles under SMP.
1.3.0 release
8-Mar-1998
Changes
- `ipchains -X' now deletes all user-defined chains.
[Thanks to feedback from John D. Hardin]
- Can now specify what packets to be copied to NETLINK device
(2.1.x kernels only).
- A simple library to make using the netlink device easier.
- Understands ICMP masquerading.
- Policies have packet and byte counters, for completeness.
- Should be SMP safe now (testers wanted; my laptop is not SMP).
- Introduced libfw.
Bug Fixes
- Many documentation and HOWTO fixes and updates.
[Thanks to Dr. Liviu Daia and Matt Kemner.]
- ipchains-save bugfix with destination ports.
[Thanks to Kevin Littlejohn.]
- Masquerading listing fixed.
[Thanks to Franck Sicard.]
- Bogus `loop detected' message due to race condition now
fixed (also fixes possibility of counter inaccuracies).
[Thanks to Helmut Adams]
- Masquerading modules now fixed for 2.0.x kernels.
[Thanks to Marko Injac, and feedback from R. Garth Wood].
- Verbose packet info now logged at KERN_INFO level.
[Thanks to Dr. Liviu Daia.]
1.2.2 release
26-Jan-1998
Changes
- HOWTO updates.
- Kernel policies output changed from numbers to names, for consistency
across kernel versions.
- Introduced 2.0 kernel series support.
Bug Fixes
- ipchains-save and ipchains-restore fixed to handle userdefined chains
better.
- Fixed TOS handling in ipfwadm-wrapper script.
1.2.1 release
21-Jan-1998
Bug Fixes
- Fixed interface (`-i') parsing in ipchains.
1.2 release
19-Jan-1998
Changes
- Wildcard interface support.
1.1.1 release
23-Nov-1997
Changes
- ICMP codes (as well as types) supported.
- icmp names supported.
- ipfwadm-wrapper released.
Bug Fixes
- ipchains-save and ipchains-restore fixed.
- -b flag when used with address masks fixed.
1.1 release
20-Nov-1997
Changes
- HOWTO introduced.
- ipchains-save and ipchains-restore introduced.
- Inverse rule support.
- -k (TCP ACK) option removed.
- -b (BIDIR) option removed from kernel: handled in userspace.
- Multiple port support removed.
- Test suite removed from release.
Bug Fixes
- Handling of listing > 8 rules fixed.
1.0.2 release
30-Sep-1997
Changes
- Interface address support removed.
- Added skbuff marking support.
1.0.1 release
25-Aug-1997
Changes
- Generic protocol support added.
- Tighter TOS checking.
- TOS can now be specified by name.
- New target: RETURN.
Bug Fixes
- Port range handling fixed.
- Append and delete entry heisenbug fixed.
Enjoy!
Rusty Russell