2000-08-04 Francis J. Lacoste * Tag: FWCTL_0_28 * fwctllog: Only warn (don't die) when encoutering an invalid syslog line. 2000-08-01 Francis J. Lacoste * test.pl: Added test for ICA module. * Fwctl/Services/ica.pm: New ICA module. * README: Added requirements for Net::IPv4Addr 0.10. * NEWS: News for 0.28. * Fwctl.spec: Updated for version 0.28. Updated spec file to use new macros. * Fwctl.pm (VERSION): Changed version number to 0.28. Required Net::IPv4Addr 0.10. * Changed copyright to GPL only. * test-data/in/deny-snmp-INT_NET-nolog: Removed unessary rules because of Net::IPv4Addr 0.10 * test-data/in/deny-netbios-INT_NET-nolog: Removed unessary rules because of Net::IPv4Addr 0.10 2000-06-20 Francis J. Lacoste * Copyright: put under GPL only for ipchains. * Fwctl/Services/ipsec.pm (accept_rules): Load module when portfw is turned on. * Fwctl/Services/pptp.pm (accept_rules): Load module when portfw is turned on. 2000-06-11 Francis J. Lacoste * TAG: FWCTL_0_27 * Fwctl/RuleSet.pm: (all_masq_forward_ruleset) removed. (all_umasq_forward_ruleset) removed. (ip_forward_ruleset) Changed implementation for all service. (doc) Changed copyright. * Fwctl/Services/all.pm: Add rules to all chains: tcp, udp and icmp, to fix problem related to rules optimization. 2000-06-07 Francis J. Lacoste * Fwctl.pm: (routes) Return a destination based routing table. (find_interface) Handle case of two routes with one more specific than the other. (interfaces) Fixed a bug when setting the interfaces. (doc) Copyright is all to iNsu. * test-data/etc/interfaces: Better interface definition for an IP alias. * IPChains/PortFW.pm: Changed Copyright. Removed assignment to undef which requires perl 5.005. 2000-05-12 Francis J. Lacoste * fwctlreport: Removed page header and put report's date under the title. * Fwctl/Report.pm (report_iterator): Assumes that records are already sorted by time stamp to reduce memory consumption. (remove_duplicates): Was transformed on is_duplicate which is called before adding each records, again to reduce memory usage. 2000-05-08 Francis J. Lacoste * Fwctl.spec (Requires): Requires Net-IPv4Addr >= 0.09 * Makefile.PL (PREREQ): Requires Net::IPv4Addr >= 0.09 * TAG: FWCTL_0_26 * Fwctl.spec (Version): Updated version number to 0.26. * Fwctl.pm (VERSION): Updated version number to 0.26 * fwctllog (read_records): Throw exception when it is not possible to parse a Packet log: line. * NEWS : Added user changes for 0.26. * TODO: Added list of requested enhancements. 2000-05-05 Francis J. Lacoste * fwctllog : Fixe parsing of chains with - in it. (Thanks Bernd Eckenfels). 2000-02-17 Francis J. Lacoste * TAG: FWCTL_0_25_1 * fwctl.logrotate: Moved back weekly report to log rotation script. * fwctl.cron: Moved back weekly report to log rotation script. 2000-02-16 Francis J. Lacoste * TAG: FWCTL_0_25 * fwctl.logrotate: Moved weekly reports to fwctl.cron. * fwctl.cron: Added weekly reports from logrotate.d sample configuration. 2000-02-11 Francis J. Lacoste * fwctl: Fixed problem with the way the new switches were interpreted. * fwctlreport.pm: Changed way to select subset of records with an expression rather than many switches. * Fwctl/Report.pm: Changed way to select subset of records with an expression rather than many switches. * Fwctl.spec: Updated for version 0.25. * Fwctl/Report.pm: When removing duplicates, we should compare src and dst ip using eq not ==. 2000-02-07 Francis J. Lacoste * fwctl.logrotate: Added service_host_sum to weekly report and drop src_host. * Fwctl/Services/name_service.pm: When using the server option, accepts UDP queries from any source port. * fwctl.logrotate: endpostrotate -> endscript. 2000-01-30 Francis J. Lacoste * fwctl: Added --nocopy, --nolog, --default and --mark options to override default policy. * Fwctl.pm: Possibility to override defaults policy for logging, copy, deny policy and marking. 2000-01-26 Francis J. Lacoste * TAG: FWCTL_0_24 * fwctl.logrotate: Make sure that only one week of report is generated in the postrotate script. * Fwctl/Report.pm: (BEGIN) Conditional loading of Date::Manip wasn't working. * IPChains/PortFW.pm: (new) Added /sbin:/bin:/usr/sbin:/usr/bin to PATH. * fwctlreport: Fix problem when there are no records, and output NO RECORDS. Default details report wasn't working properly. * fwctlacctreport: Fix problem when there are no records, and output NO RECORDS. * Fwctl.pm: Check for ipchains in PATH at startup. Use die and warn instead than croak and carp for user errors. Incremented version number. 2000-01-23 Francis J. Lacoste * TAG: FWCTL_0_23 * fwctl.cron: Transform to crontab format. Dumps accounting counters every 15mins. Preprocess kernel logs every hour and generates daily reports. * fwctl.logrotate: Added fwctl_log to rotation. Generates weekly reports in the postrotate script. * Fwctl/AcctReport.pm: (read_records) Fix problem with opening STDIN. * Fwctl/Report.pm: (read_records) Fix problem with opening STDIN. * Fwctl.pm: (version) Updated version number to 0.23. * fwctlacctreport: (pod) Added program documentation. * Fwctl/AcctReport.pm: (pod) Added module documentation. 2000-01-21 Francis J. Lacoste * Fwctl/AcctReport.pm: New module to generates report from accounting data. * fwctlacctreport: Added program to generates text report from accounting data. 2000-01-18 Francis J. Lacoste * test.pl(test): Add tests for interfaces with same IPs and aliases with interface specification. * Fwctl.pm (expand): Each elements of the expansions is now an array ref which contains ( host_or_network, interface ). (find_host_alias): Normalize IP addresses (.001 -> .1). Removes interface specification. (configure): Rewrite for new semantics of expand. (read_aliases): Permit interface specification in expansion by giving the interface name in parentheses after the host or subnet. Tagged all default aliases with their proper interface. (read_rules): Rewrote for new expand semantics. This makes the function simpler, the only special cases being portfw. 2000-01-17 Francis J. Lacoste * test.pl (test): Added test for masquerading of ftp service. * Fwctl/Services/ftp.pm (accept_rules): Problem with masquerading of the ftp port data connection fixed. (account_rules): Wasn't switching between src and dst ports in port forwarding condition. Problem with masquerading of the ftp port data connection fixed. 2000-01-14 Francis J. Lacoste * Fwctl.pm (read_interfaces): Allow wildcard interface specification (ppp+). 2000-01-10 Francis J. Lacoste * Fwctl/Report.pm: Module to generate reports. This module is the report backend. fwctlreport is a frontend which displays the generated report in text. * fwctlreport: Packet filter report generation utility added. * fwctllog: Added possibility to generates record log for only a specific period of time. * TODO: Removed items about log report tool. 1999-12-22 Francis J. Lacoste * fwctllog (main): Fix for broken turn of year logic. 1999-12-21 Francis J. Lacoste * Fwctl.pm (find_interface_by_dev): New method to find an interface by its associated device. (find_host_alias): New method to find the alias related to an host. (find_host_alias): When looking for subnets alias, we were skipping aliases with a /. * fwctllog: New program to preprocess kernel firewall logs for later analysis. 1999-12-20 Francis J. Lacoste * test.pl: Added test for pptp with portfw option. * Fwctl/Services/ipsec.pm: Added support for portfw option. * Fwctl/Services/pptp.pm: Added support for portfw option. * Fwctl.pm(BEGIN): Even if ipmasqadm was not present, loading IPChains::PortFW was considered sucessfully loaded and triggered an error at configuration time. * Fwctl/RuleSet.pm(BEGIN): Use eval {} rather than eval "". (ip_forward_ruleset): Removed restrictions on tcp and udp for the portfw option. (ip_portfw_forward_ruleset): Generates rules suitable for generic IP forwarding. f1999-12-17 Francis J. Lacoste * Tag: FWCTL_0_22 * fwctl(flush): Flush with warning if there is a configuration file problem. * Fwctl.pm(flush_chains,really_flush_chains) Added a really_flush_chains method that can be called without an object. * Several: Added port forwarding support. 1999-12-16 Francis J. Lacoste * IPChains/PortFW.pm: New. * Fwctl/Services/ipsec.pm: New service module. * Fwctl/Services/pptp.pm: New service module. * Fwctl.pm(reset_fw): Added oth-in, oth-out and oth-fwd chains. Protocol optimisation on the output chains wasn't working. (Packets passed through all the chain) * Fwctl/Services/icmp_pkt.pm: New service module. * Fwctl/Services/udp_pkt.pm: New service module. * Fwctl/Services/ip_pkt.pm: New service module. * Fwctl/RuleSet.pm (constants and others): MASQ constants are not a bit fields and added FWDMASQ and MASQNOHIGH values. (determine_base,accept_ip_ruleset): Masquerading isn't limited to icmp,udp and tcp protocol anymore. 1999-12-15 Francis J. Lacoste * Fwctl.pm(read_aliases,pod): Added IF_REM_NETS alias that expands to all remote network attach to an interface. * test.pl: Print current test being run and strip whitespace before comparing regression tests results. * Fwctl/RuleSet.pm(accept_ip_ruleset): Handle case of forwarding on the same interface when src and dst are on different network. 1999-11-22 Francis J. Lacoste * fwctl.init(check): Check was flushing the rules instead of doing a check. 1999-10-20 Francis J. Lacoste * Fwctl.pm (read_aliases): _NETS aliases was defined as an array references which caused a bug in expand(). 1999-10-19 Francis J. Lacoste * TAG: FWCTL_0_21 * Fwctl/Services/rsh.pm: Documentation fixes. * Fwctl/Services/redirect.pm: New service definition. * Fwctl/Services/lpd.pm: New service definition. * Fwctl/Services/pcanywhere.pm: New service definition. * Fwctl/Services/hylafax.pm: Properly inherits from ftp now. * Fwctl/Services/ping.pm (account_rules): Was calling accept_ip_ruleset instead of acct_ip_ruleset. * test.pl: Removed bytes and packets counters from regression test. Added new tests. * Several files: Network::IPv4Addr got renamed to Net::IPv4Addr. * fwctl.logrotate: New file for logrotate. * fwctl (main): Added flush command which resets the firewall. * Fwctl.pm (flush_chains): Added flush_chains method which reset the packet filters to ACCEPT everything. (Thanks to Bernd Eckenfels ) (global): Moved configuration under /etc rather than /etc/sysconfig. (read_rules): Services expect IPChains options in $options->{options}. * debian/: Debian packaging b Bernd Eckenfels . 1999-09-15 Francis J. Lacoste * TAG: FWCTL_0_20 * Fwctl.pm: Fixes documentation. * README: Add instructions for non RedHat users. 1999-09-03 Francis J. Lacoste * TAG: FWCTL_0_18 * Fwctl/Services/dhcp.pm Added missing rules from client ip to all broadcast address. * etc/rules Fixed some small errors in the example rules file. 1999-08-23 Francis J. Lacoste * TAG: FWCTL_0_17 * Fwctl.pm Forgot to increment version number. 1999-08-23 Francis J. Lacoste * TAG: FWCTL_0_16 * Fwctl.pm Fixed quote inserted before commit. 1999-08-23 Francis J. Lacoste * TAG: FWCTL_0_15 * Fwctl.pm(find_interface) Check first for local IP. This caused a problem when there multiple interface aliases on the same subnet. 1999-08-19 Francis J. Lacoste * TAG: FWCTL_0_14 * etc/aliases Updated to give a more * etc/rules complete example setup. * etc/interfaces * Fwctl/Services/ftp.pm ctrl_port wasn't listed as a valid option. Added a data_port option. * Fwctl/Services/hylafax.pm Added HylaFAX module. * Fwctl/Services/syslog.pm Added syslog module. 1999-07-13 Francis J. Lacoste * TAG: FWCTL_0_13 * Fwctl/Services/ping.pm: Corrected masquerading error. * test.pl: Added test for masqueraded ping to the Internet. 1999-07-09 Francis J. Lacoste * TAG: FWCTL_0_12. * Fwctl/Services/rsh.pm: Stderr is from dst to src. * fwctl.init: Added restart and reload action. Fixed a typo. * Fwctl.pm (dump_acct): Add -n switch when dumping chains to preven DNS lockup. 1999-07-05 Francis J. Lacoste - Completed test suite. - TAG: FWCTL_0_11. 1999-05-29 Francis J. Lacoste - Internal release. Completed all features and documentation. - Begin testing. - Version 0.10 1999-05-15 Francis J. Lacoste - original version; created by h2xs 1.19