| 1 |
fwsnort-0.6.2 (03/19/2004); |
|---|
| 2 |
- Added --internal-net and --dmz-net options so that internal and |
|---|
| 3 |
dmz networks can be manually specified without having to parse |
|---|
| 4 |
the output of ifconfig. This is most useful for running fwsnort |
|---|
| 5 |
on a linux system that is acting as a bridge where no ip addresses |
|---|
| 6 |
are assigned to the interfaces. |
|---|
| 7 |
- Bugfix for missing icmp-port-unreachable rejects for UDP packets. |
|---|
| 8 |
|
|---|
| 9 |
fwsnort-0.6.1 (02/01/2004): |
|---|
| 10 |
- Bugfix for not adding dmz interface rules to INPUT chain. |
|---|
| 11 |
- Bugfix for not getting the DMZ interface network. |
|---|
| 12 |
|
|---|
| 13 |
fwsnort-0.6 (01/04/2004): |
|---|
| 14 |
- Speed increase and disk access decrease by writing iptables |
|---|
| 15 |
commands to the iptables script only after all lines have been |
|---|
| 16 |
generated. |
|---|
| 17 |
- Bugfix for DMZ interface. |
|---|
| 18 |
- Bugfix for multiple ip_proto fields. |
|---|
| 19 |
- Removed the ip protocol as an allowed protocol for translation. |
|---|
| 20 |
- Bugfix for negated port numbers. |
|---|
| 21 |
- Removed "<-" rule direction since not even snort supports this. |
|---|
| 22 |
- Fixed snort rule updates from snort.org. |
|---|
| 23 |
|
|---|
| 24 |
fwsnort-0.5 (12/21/2003): |
|---|
| 25 |
- Added "-j REJECT --reject-with tcp-reset" for tcp sessions |
|---|
| 26 |
if the --ipt-block option is specified. |
|---|
| 27 |
- Added ability to download latest snort rules from snort.org. |
|---|
| 28 |
- Added --no-ipt-jumps. |
|---|
| 29 |
- Added better checking for iptables build characteristics such |
|---|
| 30 |
as the LOG target and wether or not the ipv4options extension |
|---|
| 31 |
is compiled in. |
|---|
| 32 |
- Added config preservation code from psad in install.pl. |
|---|
