Codebase list filtergen / HEAD HISTORY
HEAD

Tree @HEAD (Download .tar.gz)

HISTORY @HEADraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
0.12.8:
    Fix some easy to cause crashes.
    Remove some obsolete code that caused long compilation times.
    Prevents inclusion of the root filesystem path directly.
    Test that the example programs compile.

0.12.7:
	Supports iptables-restore output format.
	Supports IPv6 names.
	Supports ip6tables and ip6tables-restore output format.
	Better warnings when services don't resolve.
	Increases include file recursion depth to 512 from 16.
	Directory includes now have stable ordering of the files within.
	
	Runs tests in parallel so their output is captured, and generate more output.
	Adds more compiler warnings.
	Compiles clean under clang.

0.12.6:
	Support shell globbing in include directives.
	Allow '*' as a network interface name.

	Modernise build environment:
	Fix many compiler warnings.
	Finish migration to Git as upstream host.

0.12.5:
	Small fixes to test correctness.

0.12.4:
	Added directory include support.
	Fixed relative-path include error in fgadm.
	Improved tests for include file parsing.

0.12.3:
	Fix critical resolver bug.

0.12.2:
	New resolver code removes need for struct casting
	Altered test suite to be more robust
	minor cosmetic bugs

0.12.1:
	fixed some dumb bugs
	fixed some compile bugs on 64 bit platforms

0.12:
	converted build system to automake
	rewrote parser
	added test suite
	add "oneway" option
	fix iptables log message format (append a space)
	add "fgadm" command
	multi-homed host support

0.11:
	fixed non-working example in filter_syntax man page
	fix 64-bit warning in filter.c netmask calculation
	add "-F [policy]" flush option
	better feedback on parse errors

0.10:
	some cleanups, slight memory usage reduction
	add log messages: 'log text "foo etc"'
	fixed iptables and ipchains brace-grouping
	fix filter_unroll loop-making bug
	add RPM spec file from Wil Cooley <wcooley@nakedape.cc>
	rename package to "filtergen"
	add init scripts and makefile
	add samples for router, host and proxy firewall

0.9:
	fix install target to install section 7 manpages too
	do protocol lookups properly, support protocol numbers
	lookup/normalise service names
	force normalisation of netmasks
	add "-m" to force service and host names and to be
		turned into port numbers and IP addresses

0.8:
	cleanup for iptables and ipchains to save reallocs
	fix input vs output thing in forwarding support for iptables
		and ipchains

0.7:
	add "local" and "forward" syntax to state that packets are only
		for local or remote consumption (and "-h" option to
		default rules to the former)
	begin manpages
	add "-o" option to specify output file
	fix "make install"
	getopt()ify filtergen.c
	add "-l" option to minimise the number of rules for established
		connections, implemented for iptables backend
	add more stuff to the iptables skeleton
	warning fixups
	implement "local" and "forward" for iptables backend
	add "-r" option to mirror "-h"
	cleanup ipchains driver somewhat
	implement "local" for ipchains backend ("forward" is not possible)
	fix bug where accept would get lost from:
		input eth0 { ! dest bar drop; accept; };
	iptables and ipchains add "established packet" rules to head of chain
	add "proxy" as an alias for "redirect"

0.6:
	disable negation of conjunctions ("or"s, aka brace-grouping) for now
	add "no skeleton" option
	fix a couple of segfaults/aborts where input filter is invalid
	allow literal +, ", and _ signs in input
	add sub-groups -- where supported, large sub-sections can be moved
		out-of-line to improve performance

0.5: that's better
	much fixing of iptables driver.  Now shouldn't leak
	like the proverbial sieve

0.4: testing begins
	add transproxy and masquerading support
	fix syntax problems with iptables and ipchains output
	simple logging support (logs only initiating packets)
	rule checking -- ports only allowed with tcp or udp
	initial icmp support

0.3:
	add ipfilter backend
	fix yet another silly bug in main()
	add warning notice to cisco driver
	cisco driver supports port ranges now

0.2: Various improvements
	rewrote iptables driver
	added ipchains driver
	added beginnings of Cisco IOS ACL driver
		(see TODO for why this doesn't work yet)
	added TODO and HONESTY files

0.1: Initial release
	iptables driver
	a few bugs