• Back to project

All releases tagged Major feature enhancements

Changes: You can now open ports on specifics interfaces if you have more than one. You can now limit the TCP/UDP access from your LAN. New support for PPTP/IPSEC has been added. IPSEC is still in development, but PPTP works for a PPTP server on the firewall box. A new spyware updating script has been added to keep you up to date. The upload limit function has been removed. Support for PeerProtect has been written. Support for the iprange modules has been added (for the blocking IP option). The script configuration has been reviewed a little bit. Autodetection of the binary tools is now done.

Changes: The TCP/UDP forward support is now able to select the incoming interface(s) for each ports forwarded. An exclusion option was added for block-ip files (for denying an entire subnet, except for specific hosts). MAC address blocking file support has been added, which works like the files for blocking IP addresses, but can only deny a host from the source address MAC. An option for reloading the blocking IP/MAC address files without restarting the firewall was added. The structure of the FORWARD chain has been rewritten. Pre/Post script support has been added.

Changes: In this version, the IRC modules have been add to the firewall options. Support for transparent (HTTP/FTP) proxies has been added. The firewall now has an option for testing the configuration file. A small bug has been fixed in the script configuration (for undetected interfaces). A new '--update' option has been added to the configuration script to perform an easy update of the configuration file. The argument checking of 'firewall-config.pl' has been rewritten, so that '--config' can now be used with other options such as '--new' , '--generate', or '--update'.

Changes: The configuration's script is now able to manage undetected external interfaces (like ppp0 when it is not connected).

Changes: The iptables structure was rewritten for optimisation of the packets classification. The verification of the packets by the kernel is now faster, as is starting the script. The spyware blocking and IP blocking features were merged. You may now use the "block-ip-{in|out}.*" files for blocking the incoming and outgoing denied traffic. The spywares files were renamed to "block-ip-out.spywares" and "block-ip-out.spywares-lite".

Changes: Custom rules support was added; the rules are read from a file (default is /var/lib/firewall-jay/firewall-custom.rules) and are started at the beginning of the firewall. The option which made it possible to keep the current configuration of iptables intact was removed. The firewall now flushes all iptables before starting, for security reasons. The spyware list was updated.

Changes: A text mode interface was added for the creation/modification of the config file. The spyware list was updated.

Changes: The firewall now provides 3 files that list the IPs/subnets coming from alt.privacy.spyware (Spyware, Doubleclick, & co.) and a BLOCKLIST feature. The files are: 'block-ip.all' (167 ip/subnets, all ip and subnets found on alt.privacy.spyware), 'block-ip.lite' (21 ip/subnets, Doubleclick and Gator), and 'block-ip.doubleclick' (14 ip/subnets from Doubleclick). DHCP from Windows was debugged; if you use a DHCP server on your Linux box, it will receive now requests from 0.0.0.0/0 and not only from 169.254.x.y.