Tue Jan 21 2002 Tomas Junnonen <majix@sci.fi> * Big cleanup of CVS tree: Every file which can be generated by autogen.sh has been removed from the tree. * src/netfilter-script.c: Fix highport blocking * src/preferences.c: Pressing help loads the online manual Mon Jan 05 2002 Tomas Junnonen <majix@sci.fi> * -firestarter.spec,+firestarter.spec.in: - Generate RPM spec file at configure time, syncs version numbers * src/util.c: - get_text_between always returns a freeable string (seg. fix) - Small (1-2 line) usability fixes all around, no errors at 1st run. * src/firestarter.c,util.c/h, scriptwriter.c: - New error dialog, HIG style - Better error messages - Fixed netfilter detection not being run * src/firestarter.c, netfilter-script.c: - Unique return values and error messages for interface failures Sun Jan 05 2002 Tomas Junnonen <majix@sci.fi> * src/wizard.c, preferences.c: String and layout cleanups * src/ruleview.c: New rule editing dialogs, HIG work * firestarter.h,hitview.c,logread.c,modrules.c,preferences.c, savelog.c, service.c util.c/h: Memory leak fixes Thu Dec 12 2002 Tomas Junnonen <majix@sci.fi> * +src/eggtrayicon.c/h, +tray.c/h, firestarter.c/h, gui.c, hitview.c/h, util.c: - Support for the GNOME Notification Area applet - Tray operation mode: Hide on window close * src/netfilter-script.c: - ICMP limit raised to 10/s - Reject option now works, substituted --reject-with with LRTCP chain Sat Nov 16 2002 Tomas Junnonen <majix@sci.fi> * postinstall: Changelog in file Wed Nov 13 2002 Tomas Junnonen <majix@sci.fi> * src/menus.h/c: - Created a new menu system, uses only gtk+ (no GNOMEUI) - All context menu options reachable trough the menu system - Added keyboard accelerator support - Last xpm graphics deprecated. PNG/Pixbufs all the way. * src/netfilter-script.c: - Removed rules that were created when some service was not enabled, to explicitly block the service. * src/hitview.c/h,ruleview.c/h,gui.c/h: - Added option to copy the selected hit or rule to the system clipboard Thu Oct 17 2002 Tomas Junnonen <majix@sci.fi> * src/modrules.c: - Fixed crash when editing an existing rule * src/hitview.c: - The hitview autoscrolls to the latest entry, if sorted in ascending mode and no entries are selected. * src/scriptwriter.c/h,-modify_ipup.c/h: - Facility to recognize DHCP client processes (dhclient & DHCPCD) - Start firewall when an IP lease is acquired from a DHCP server - Starting firewall on dial-out works again Wed Oct 16 2002 Tomas Junnonen <majix@sci.fi> * src/util.c/h,firestarter.c,hitview.c,logread.c: - The system log location is now determined at run time * src/firestarter.c: - Rewrote command line option parsing - New simpler command line help screen * src/netfilter-script.c,firewall.c: - Introduced the Firestarter system lock file - GUI state reflects lock file state Mon Oct 14 2002 Tomas Junnonen <majix@sci.fi> * src/firestarter.c: i18n UTF-8 fix by Jerome Uzel Sun Sep 22 2002 Tomas Junnonen <majix@sci.fi> * src/xpm/Makefile.am,+*png: - Build csource from PNG files with gdk-pixbuf on the fly using make Fri Aug 30 2002 Tomas Junnonen <majix@sci.fi> * src/* - Renamed druid to wizard Thu Aug 22 2002 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Script checks for a valid mask and can exit grafecefully, instead of exploding all over the screen. * netfilter.init: Checks the return value from firewall.sh in start * src/firestarter.c: - Check the return value from iptables and firewall.sh when starting/stopping/halting the firewall - Error message dialogs * src/druid-choices.c,druid.c/h,netfilter-script.c,preferences.c scriptwriter.c: - All wizard pages now also show in the preferences - Removed all pointers to box types in Druid struct, replaced with radiobuttons for consistency Fri Aug 09 2002 Tomas Junnonen <majix@sci.fi> * src/hitview.c: The hitview columns are now sortable * src/menus.c,src/xpm/pixbufs-images.h: New toolbar, new icons * src/util.c: Fixed "Someone else's problem" filter breaking after using the lookup function * src/util.c/h,parse.c,logread.c,hitview.c: Plugged leaks, rewrote horrible text matching pointer spaghetti, frequently used text matching patterns are now compiled static. Tue Aug 06 2002 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: The rules are now loaded in the same order as they are shown in the GUI. * src/logread.c,modrules.c,parse.c: Hit/Rule system memory leak fixes * src/menus.c: Link to online manual * Makefile.am, pixmaps/Makefile.am: Deprecated doc/ directory, all graphics except icon in pixmaps/ Wed Jul 24 2002 Tomas Junnonen <majix@sci.fi> * src/util.c/h, ruleview.c: - Do basic data validation on user input when creating rules Tue Jul 23 2002 Tomas Junnonen <majix@sci.fi> * src/*.h,*.c,+ruleview.c/h,+hitview.c/h,-lookup.c/h: - Restructuring work: gui split into hitview and ruleview modules, lookup merged into util. Cleanup work all around. Thu Jul 11 2002 Tomas Junnonen <majix@sci.fi> * src/firestarter.h,gui.c/h,modrules.c,netfilter-script.c, parse.c/h,scriptwriter.c,util.c: - Port forwarding reimplemented * src/druid-choices.c,druid.c,gui.c,netfilter-script.c,parse.c, preferences.c,util.c/h: - NAT page in druid and forwarding option on rules page are only show if the machine is capable of NAT. - Removed preference to "show every page in druid" that didn't do anything. - Druid now correctly remembers previous choices between sessions. Thu Jun 27 2002 Tomas Junnonen <majix@sci.fi> * src/savelog.c: - Saving the hit list to a file works again * src/firestarter.c,druid.c,scriptwriter.c: - Do not show the main GUI until the user has completed wizard Wed Jun 12 2002 Tomas Junnonen <majix@sci.fi> * src/gui.c/h, menus.c, modrules.c/h, util.c/h: - Dialog for editing of existing rules and from scratch creation - Default actions on hits and rules (add, edit, view etc.) * src/druid.c, src/xpm/pixbuf-images.h: - Eye candy for the druid Tue Jun 11 2002 Tomas Junnonen <majix@sci.fi> * src/gui.c/h, menus.c/h: - Added ability to customize the hitview columns. 5 out of the 10 columns are now visible by default. * src/gui.c/h, modrules.c/h, util.c: - The rules are now being written to disk - Ruleview context menu added (removing rules works) * src/netfilter-script.c, scriptwriter.c, util.c: - The shell scripts now read in the rules files - Nameserver (parsed from resolv.conf) responses are now always accepted - The output policy is now set to accept while we walk trough the rule files, then reset to drop Mon Jun 10 2002 Tomas Junnonen <majix@sci.fi> * src/*.h/c: - Hitview context menu added (fully functional) - Rule creation from selected hits added - "Stealthed" group added to Rules - Code cleanups * src/gui.c, lookup.c/h, menus.c, preferences.c: - Added preference to always resolve hostname on hits - Removed docklet related preferences Wed Jun 05 2002 Tomas Junnonen <majix@sci.fi> * src/druid.c/h, src/scriptwriter.c/h: - Major druid fixing and cleanup work. Modelled after Pan (pan.rebelbase.com). * Merged Pauls' GNOME 2.0 changes: * src/*.c - Changed gtk_object, gtk_signal_connect, gtk_signal_func and gtk_signal_connect_object to their GNOME 2 counterparts. - Dialogs are now parented - Overall fixes * src/logread.c: Hits are now properly read from the syslog with a timeout. Sun Jun 02 2002 Tomas Junnonen <majix@sci.fi> * Initial GNOME 2.0 work landed Status: Compiles, but critical functionality missing - Syslog parsing "works" (very verbose at the moment) - Wizard is still missing in action - Rules reworked, "trusted" and "blocked" host parsing works so far. - Rule files simplified. For example, trusted hosts file includes only hostname or ip address. - ipchains dropped - docklet dropped Tue Apr 16 2002 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Fixed broken CR on TCPMSS rule. (found by Bob Jones) Sat Apr 06 2002 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, netfilter-script.c: - Fixed unterminated ;'s on port forwarding rules Sat Feb 17 2002 Tomas Junnonen <majix@sci.fi> * src/firestarter.c: - Existing firewall is not stopped when running Firestarter for the first time (until we are ready to start the new one). - 'Allow all connections' rules are now located above the 'Deny all..' on the dynrules tab, to reflect new chain order. * src/util.c: Scripts from older program versions are now backed up, not removed. Thu Feb 14 2002 Paul Drain <pd@cipherfunk.org> * src/portfw.c: - Forwarding rules should be "A"dded to the list, not "I"nserted. Thu Feb 08 2002 Paul Drain <pd@cipherfunk.org> * src/portfw.c: - Added forwarding :| Mon Jan 28 2002 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Fixed STATE chain (new packets are now loaded first in the chain, instead of after an established packet) Wed Jan 16 2002 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Moved the 'Allow All' chain above the 'Deny All' chain Mon Jan 14 2002 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, netfilter-script.c: - Removed 10.0.0.x and 192.168.0.x from the IANA blocklist (until we make it dynamic or the FAQ is updated to include information on how to remove your detected range from the firewall script output) Sun Jan 13 2001 Tomas Junnonen <majix@sci.fi> * src/ipchains-script.c, netfilter-script.c: - Latest IANA nonroutable block list implemented. (Nick Hill) Mon Jan 07 2001 Tomas Junnonen <majix@sci.fi> * !ipchains.init, !netfilter.init, firestarter.spec: - The init scripts now have their own files - Fixed init scripts being deleted when upgrading to a newer RPM. * src/druid.h, druid.c, druid-choices.c, service.c, netfilter-script.c, ipchains-script.c: - uPNP is now a known service. Blocked by default. Mon Jan 07 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Fixed the loading of the connection tracking modules - these modules are now loaded as part of the masquerading chain, as opposed to *only* being loaded if the user had enabled FTP or IRC as a specific service. Sat Jan 05 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Added IRC connection tracking and NAT configuration. Fri Jan 04 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Moved the loading of the external files to later in the script. Fixes the bug of clering the NAT table right after the rules being loaded. Allows usage of default result chains in the external files. * src/firestarter.c: New command line options to manage firewall, start without applet support. Fixes CORBA errors when running remotely. (Simone Contini) Tue Jan 01 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c,ipchains-script.c: Some previously nonroutable ip blocks are now allowed. Thu Dec 20 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: fixed TTL mangling being used in the postrouting chain instead of the OUTPUT chain. Tue Dec 18 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: ' character used where ` needed * src/ipchains-script.c: fixed -y option being used together with the UDP protocol * src/preferences.c: fixed some already removed objects still being referenced, causing GTK errors Sun Dec 16 2001 Tomas Junnnonen <majix@sci.fi> * src/preferences.c: - Fixed the logfile being set to null - Autosizing of all frames (Roy-Magne Mo) * src/portfw.c: - Fixed only last portfw entry showing in the GUI * src/druid.c,druid-choices.c: - The advanced druid setting is now saved and loaded * src/netfilter-script.c: - Outbound traffic (!syn, state new) on high connections that get caught is no longer logged. If we implement a destination field in the GUI we start logging. Sat Dec 15 2001 Tomas Junnonen <majix@sci.fi> * src/preferences.c, src/firestarter.c: - All options and features to do with sound playing removed - Renamed Do Not Log port option to "Block and stop logging this port" - Removed the option to specify the logfile manually * src/util.c: - Linux 2.5 kernels default to iptables * src/netfilter-script.c: - Rules for tcp and protocol 50 ipsec handling * pixmaps/top.png,left.png: New watermarks * src/firestarter.src: - Removed Paul's fixes for the stop firewall function. When stopped traffic flow freely. The Halt function drops packets. Sun Dec 09 2001 Paul Drain <pd@cipherfunk.org> * src/firestarter.c: - Fixes to deny / drop packets correctly when the firewall script is stopped. Sat Nov 24 2001 Tomas Junnonen <majix@sci.fi> * config.sub, config.guess - Updated GNU config scripts * po/*po: Updated translations from GNOME CVS * doc/C/Makefile.am/in, firestarter.spec: - Small fixes Thu Nov 22 2001 Tomas Junnonen <majix@sci.fi> * src/parse.c: - The hitlog now tails (scrolls) as hits arrive * src/logread.c: Fixed problem with hits arriving even after firewall stopped (lag) Wed Oct 31 2001 Paul Drain <pd@cipherfunk.org> * src/netflter-script.c, src/ipchains-script.c: - Changed references to GTK_RADIO_BUTTONS to GTK_TOGGLE_BUTTONS (patch provided by Ali Akcaagac) Mon Oct 29 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Added support for FTP connection tracking - Added support for NAT-based FTP connection tracking (you must define FTP as an available service for these two options to work) - Fixed syn mismatching in NEW connection state - Fixed FIN timeout option * src/ipchains-script.c: - Fixed FIN timeout option Sun Oct 28 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Removed reference to the IPTables "mirror" module - formally only used for compatibility anyway. Fri Oct 26 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Reverted the --log-info option from the log and {drop/reject} chains (as of 1.2.3, the default is to log to whatever syslog defines as info anyway) Thu Oct 25 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: Removed duplicated 127.0.0. bans from the reserved block list. Wed Oct 24 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Fixed unclean packet matching for the Outbound chain (thanks to Paul Blackman for chasing it down) Tue Oct 23 2001 Paul Drain <pd@cipherfunk.org> * src/service.c: added MS-RPC to the list of known problem ports * src/ipchains-script.c, src/netfilter-script.c: added default block for MS-RPC Mon Oct 22 2001 Paul Drain <pd@cipherfunk.org> * src/sort-clist.c: - Removed duplicated g_free() * src/druid.c: - Enabled detection of AH-based ipsec tunnels * src/ipchains-script.c, src/netfilter-script.c: - Fixed automatic blocking of DHCP port 67:68 Sat Oct 20 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Added logging state information to Log-and-Drop and Log-and-Reject chains to allow logging to the kernel specified logfile, rather than the console (suggested by Marc van de Wert) Wed Oct 17 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Fixed TCPMSS matching bug (reported by Paul Blackman) - Fixed STATE chain flag reference - Added support for filtering INVALID and UNCLEAN flags for the Outbound and Forwarded chains. * src/util.c: - Fixed the 'insmod ip_tables.o' problem, now uses modprobe with the autoclean flag instead. Tue Oct 16 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Added stateful fixes for NEW packets that don't match a given synflag - Minor typo cleanups and documentation added to various tunable parameters. Fri Oct 12 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Added TTL Matching (defaults to 64, you have to change the configuration manually, and it's probably broken in IPTables <= 1.2.3 unless you use Patch-o-Matic) * src/portfw.c: - Added UDP support to port forwarding Sun Sep 16 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Corrected proxy_arp sysctl variable (it's always 0) * src/firestarter.c: - locatesbins variable is true, formally always returned false, meaning FS had difficulty establishing which firewall utility to run (IPT vs IPC) at runtime. - Fixed indents to be tabstop compliant Sat Sep 15 2001 Paul Drain <pd@cipherfunk.org> * src/portfw.c: - Corrected ipmasqadm entry (was hardcoded to /usr/sbin) Tue Sep 04 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Fixed SSH and FTP hotfixes to only be applied if support for the protocol was included. Mon Jul 16 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Added SYN ACK retry Sysctl Tue Jul 10 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Restored blocking of packets with INVALID flags Wed Jul 04 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: - The chains were being flushed after we had read the external files. Moved the flushing code up in the script. - Typo: input instead of INPUT in default policy section Tue Jul 03 2001 Paul Drain <pd@cipherfunk.org> * NEWS, README, TODO, INSTALL: Updated these to reflect the impending 0.8.0 release. * postinstall: Updated to 1.1.x - Changelog included at the top of the file * src/netfilter-script.c: Merged 'variables' (see top of generated script file) section back in to main tree. Tue Jul 03 2001 Tomas Junnonen <majix@sci.fi> * src/firestarter.c: Display the hostname in the main window title. * src/util.c: Fixed detect_netfiler() spamming to the console and constantly reloading the iptables module. * src/service.c: Fixed all service lookups being made with tcp as the protocol. * src/druid.c: Changed the advanced/simple druid flow Mon Jul 02 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Fixed some of the outbound interface chains that were causing IPTables to bomb out at runtime (specifically the outbound SMB check) Sun Jul 01 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: Added new Sysctl checks from the -fnk tree including: - Fragmented packets (including time-to-live) - Packet Redirection (arp, accept, reject and secure_redirects) - SYN Cookies (buffers, retry-in-memory attempts) - ECN (IPTables only - defaults to off) - 'Odd' Packet Logging (logging martians, interface changes) - TCP Timeouts (timestamping, redirections, timeouts, retry counts) - TCP Scaling (window scaling, FIN checking, ACK counts) - ICMP Checking (group membership(s)) - Routing (FIB scaling, RFC-Compliant rp_filter checking) Thu Jun 28 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Added descriptive help to some sections of the generated script that were causing confusion. Tue Jun 26 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Merged changes to the layout of the generated script from the -fnk tree Fri Jun 22 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Added rate limiting to the fragmentation check Wed Jun 20 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Removed the logging options for broadcasting and stuffed routing packets. Resolves request #413720 in the Sourceforge Tracker Tue Jun 19 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Added block for SMB on the default Outbound chain Thu Jun 14 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Added TCP Timestamping Sysctl check Mon Jun 11 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Fixed FTP via NAT rule (was commented out) Mon Jun 04 2001 Paul Drain <pd@cipherfunk.org> * src/druid.c, src/ipchains-script.c, src/netfilter-script.c: - Removed 'Outbound Filtering' Rules * src/preferences.c: - Added "Experimental Rulesets' Options (this allows advanced users to play with iptables patch-o-matic options without breaking functionality for existing users) Fri Jun 01 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Cleaned up references to chain creation - Added new chains for unclean, stateful & sanity checks (enables use of newer netfilter modules to cut down on code) - Fixed 'stuffed routing' double-space check Mon May 28 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: - Fixed the reference to rmmod so it unloads the ipchains module on systems that don't have their 'rmmod' in /sbin. - Added TCPMSS fix from -fnk tree to help broken PPPO{A/E} clients masquerade properly. Sat May 20 2001 Tomas Junnonen <majix@sci.fi> * src/druid.c: Added a branch page for either simple or advanced mode and accompanying branch logic code. Sat May 19 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Now unloads the ipchains module correctly on 2.4 systems (mostly for RH 7.1) * src/util.c,logread.c,portfw.c: Fixed the problem with the never ending script detection * src/sort-clist.c: Fixed crash when sorting as non-root user Wed May 02 2001 Tomas Junnonen <majix@sci.fi> * src/*.c: proper checks for fopen + errno messages on failure, by Mattias Eriksson Fri Apr 20 2001 Tomas Junnonen <majix@sci.fi> * firestarter.spec: The manual is now properly installed when using RPM. Sun Apr 08 2001 Tomas Junnonen <majix@sci.fi> * src/portfw.c: Portforwarding feature is now complete. Works both in Linux 2.2 (with ipmasqadm) and in Linux 2.4. Sat Mar 31 2001 Tomas Junnonen <majix@sci.fi> * !/src/portfw.c/h, /src/druid.c: Started work on port forwarding configuration interface. * /src/firestarter.c, /src/sort-clist.c: Sorting of the dynamic clists is messing up the rules. Removed the sorting for now. Thu Mar 22 2001 Paul Drain <pd@cipherfunk.org> * Makefile.in: added doc/ directory * src/menus.c: added "Manual" option to Help Menu * src/ipchains-script.c: one too many -y's in the Subseven detection options - removed. Thu Mar 22 2001 Paul Drain <pd@cipherfunk.org> * configure.in: updated to include hooks for documentation. * src/druid.c: typo cleanup. Wed Mar 21 2001 Paul Drain <pd@cipherfunk.org> * doc/*: everything added - beginnings of a proper manual, in Docbook format. Anyone who can work with SGML is encouraged to send me patches to it. Tue Mar 20 2001 Paul Drain <pd@cipherfunk.org> * src/service.c: added other known trojan ports * src/ipchains-script.c, src/netfilter-script.c: - Updated the known trojan listing (now includes subseven & stacheldraht) - Added outbound port filtering for all known trojans - Fixed port filtering for Multicast addresses - Added support for stuffed routing packets (0.0.0.0, etc) - Added support for fragmented packet filtering Sun Mar 18 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: - Updated the block IP address range listing. - Added block for Trinity v3 DDoS attacks (was meant to go in 0.6.0, but got lost in the patch queue) - Added support for blocking and rate-limiting various trojan ports. Fri Mar 16 2001 Paul Drain <pd@cipherfunk.org> * src/service.c/h: Added AH (protocol 51) to the services list to support IPSec. Thu Mar 15 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c, src/netfilter-script.c: Added IPSec / KLIPS support to default rulesets. Sat Mar 10 2001 Tomas Junnonen <majix@sci.fi> * src/firestarter.src, src/sort-clist.c: Proper clist arrows by Joaquin. Fri Mar 02 2001 Tomas Junnonen <majix@sci.fi> * !src/sort-clist.c/h, src/firestarter.c: Merged clist sort patch from Joaquin. * src/sort-clist.c: Added small + and - signs to the hitlist to mark the sorting order. Thu Mar 01 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter.c: Fixed severe backward compatibility bug in the final input rules - now only doing RELATED checks on the protocols that need it, rather than everything > 513. Mon Feb 25 2001 Tomas Junnonen <majix@sci.fi> * src/firestarter.c: Added session managment * !util.c/h !logread.c/h: Spring cleaning time! :) Big code exodus from firestarter.c Work in progress. Sun Feb 25 2001 Tomas Junnonen <majix@sci.fi> * src/ipchains-script.c: The policies for the input and output chains are restored to ACCEPT at the end. Thu Feb 22 2001 Tomas Junnonen <majix@sci.fi> * src/lookup.c: Error dialogs for various lookup failures (Joaquín) Tue Feb 20 2001 Tomas Junnonen <majix@sci.fi> * src/ipchains-script.c: if statement checking for bsd_comp was missing a ending fi. Effect: The script was left in a deny all state. * src/firestarter.c: Don't g_print out every line when reloading the hit list. * po/: Translation updates Mon Feb 19 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: TOS rules upgraded for IPTables 1.2. Sun Feb 18 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Fixed lowercase table names in the TOS rules (output). Sat Feb 17 2001 Tomas Junnonen <majix@sci.fi> * Lots of translation changes * Bumped version for 0.6.0 release Wed Feb 14 2001 Tomas Junnonen <majix@sci.fi> * po/various: Brought a lot of translations up to date. Tue Feb 13 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Resolved a spacing problem in the incoming TCP high-port chain. Mon Feb 12 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Disabling ICMP filtering really, truly, 100% sure, allows all ICMP packets. Honest this time. Sun Feb 11 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter.c: Added TOS configuration options (yes!, finally - the script will DO ToS configurations) * src/ipchains-script.c: Same Sat Feb 10 2001 Tomas Junnonen <majix@sci.fi> * src/druid.c: The masq intrange was not being loaded from the GNOME registry * src/firestarter.c: When detecting old scripts, now asks for confirmation before removing anything. Only removes firestarter files (instead of entire directory!) * src/netfilter-script.c: Forward policy is now DROP ($STOP wasn't working). Minor cleanups here and there. Fri Feb 09 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter.c: ip_conntrack module cleanups, limit increases for ip_conntrack. Thu Feb 08 2001 Tomas Junnonen <majix@sci.fi> * src/ipchains-script.c, src/netfilter-script.c: Some brackets were not properly closed. Mon Feb 05 2001 Tomas Junnonen <majix@sci.fi> * src/preferences.c, src/druid.c: Merged the "show masq" & "show tos" options into a single "show all" wizard option. * src/ipchains-script.c, src/netfilter-script.c: The Disable ICMP Filtering wizard option REALLY disables ICMP filtering. * src/firestarter.c: Fixed a crash problem when reloading the hitlist. Added Paul Drain to the about box. Sat Feb 02 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Changed the Dynamic IP hack rule in /proc to only be active if the PPP interface is loaded. * src/netfilter-script.c: Same Sat Jan 27 2001 Tomas Junnonen <majix@sci.fi> * src/firestarter.c: stop_firewall() & halt_firewall() now checks for the locatesbin option * src/netfilter-script.c: removed the lines setting the default chain policy to DROP Fri Jan 26 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Added location checks for system binaries. Thu Jan 25 2001 Tomas Junnonen <majix@sci.fi> * src/netfilter-script.c: Quick fix for NAT and SSH * src/menus.c: Added homepage url link to the Help menu Wen Jan 24 2001 Tomas Junnonen <majix@sci.fi> * !src/druid-choices.h, !src/druid-choices.c, src/druid.c, src/scriptwriter.c, src/Makefile.am: Druid now remembers choices between sessions * src/firestarter.c: fixed segfault when removing old scripts and running the druid again Tue Jan 23 2001 Tomas Junnonen <majix@sci.fi> * src/modrules.c: deny-all rules now always drop/deny * po/ca.po configure.in: added Catalan translation from Pablo Saratxaga * po/: fixes for es, fr, ga, and hu pot file headers * firestarter.c: fixed a string format issue Sat Jan 20 2001 Tomas Junnonen <majix@sci.fi> * src/firestarter.c, src/firestarter.h, src/menus.c: Added "Halt all network traffic" option. Needs icon. Small appbar messaging changes. * src/firestarter.c, src/parse.h, src/parse.c Added proper script checks at startup: If made for wrong kernel or a program version older than the current version, remove scripts and start fresh. * firestarter.spec: Removed ipchains dependency Sun Jan 07 2001 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Finished modprobe detection, also fixed some of the standard rules (flushing shouldn't only apply for the filter table for example) Mon Jan 01 2001 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c * src/netfilter-script.c: Seperated INPUT & OUTPUT default rules Mon Jan 01 2001 Paul Drain <pd@cipherfunk.org> * src/preferences.c: Added Outbound Filtering checkbox. If you are using a dialup firewall, or don't need the facility - leave this option off. Sun Dec 31 2000 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c * src/ipchains-script.c: Added variables for modprobe and lsmod (some distributions do not ship modprobe in /sbin either) * src/preferences.c: altered the description for locate ipchains/iptables to reflect the change above. Sat Dec 30 2000 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c * src/ipchains-script.c: Implemented first revision of OUTBOUND packet filtering. NOTE: This severely breaks dial-up firewalls at present, it will be changed into an advanced option (as it is useful for filtering hosts) at a later date. Sat Dec 30 2000 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: mangle & NAT tables are now only loaded and / or flushed when the modules exist. Fri Dec 29 2000 Paul Drain <pd@cipherfunk.org> * src/druid.*: Merged with Tomas's changes to the wizard control panel * src/preferences.c: Same Thu Dec 28 2000 Tomas Junnonen <majix@sci.fi> * src/preferences.c: moved some options around Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Removed X Windows auto reject to allow ToS testing to work * src/netfilter-script.c: Same Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Added standard policy rules before piping in the modrules rules - eliminated possible security flaw. * src/netfilter-script.c: Added initial ruleset of ToS pages. Thu Dec 28 2000 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Added initial ruleset for ToS pages. Wed Dec 27 2000 Tomas Junnonen <majix@sci.fi> * src/druid.c: did some major work on the wizard, it's now white with small graphics on each page and large graphics on splash and end screen. Many string changes * pixmaps/card.png * pixmaps/left.png * pixmaps/masq.png * pixmaps/top.png: Added Tue Dec 26 2000 Paul Drain <pd@cipherfunk.org> * src/druid.c: More ToS merges - fixed the services_next page to skip over the ToS selection if it wasn't explicitly selected in the advanced settings Mon Dec 25 2000 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: reverted LOADER variable fix, completely rewrote the module autoloader hack. * src/netfilter-script.c * src/ipchains-script.c: changed bsd_comp / ppp_deflate loader Mon Dec 25 2000 Tomas Junnonen <majix@sci.fi> * src/ipchains-script.c: merged LOADER variable fix from Claudio Bley * src/netfilter-script.c: fixed do-not-log-port not being parsed Sun Dec 24 2000 Paul Drain <pd@cipherfunk.org> * Changelog: Created standardized changelog to satisfy CVS requirements Sat Dec 23 2000 Paul Drain <pd@cipherfunk.org> * src/ipchains-script.c: Fixed 2.2 IP Masquerading Module loader (hopefully) * src/preferences.c: Fixed secondary occurance of destoy_filesel to avoid killing GTK if a second version of Firestarter was loaded. Thu Dec 21 2000 Paul Drain <pd@cipherfunk.org> * src/druid.c: remerged NLS notebook fix from Takeshi Aihana Wed Dec 20 2000 Paul Drain <pd@cipherfunk.org> * src/druid.c * src/druid.h * src/preferences.c: First attempt at Type of Service dialog merge. No Rulesets yet just the wizard. Mon Dec 11 2000 Paul Drain <pd@cipherfunk.org> * src/netfilter-script.c: Changed default rule for forwarding from DROP to the $STOP variable 2000-11-20 * merged netfilter minor fixes and cleanups from Paul Drain * allowing icmp echo-reply packets * cosmetic fixes 2000-11-01 * merged netfilter target, traceroute fix and casesensitivty fix patches from Paul Drain * merged preference window browse buttons/frames patch Joaquín 2000-10-25 * merged icmp filtering, cleanups and iptables patches from Paul Drain * merged reject/deny patch from Joaquín 2000-10-24 * merged smb, synflag and typo patches from Paul Drain 2000-10-21 * small cleanups here and there 2000-10-20 * added proper column optimizing and progress tailing of the hitlog * don't query gnome_config for netfilter status anymore 2000-10-17 * added "Do not log this port" modifier * added Logging preference sheet 2000-10-16 * restarted development.... * small build enviroment fixes here and there * fixed RH7 i18N parse error bug * small gfx changes * removed some duplicate code in addrules.c * fixed #!/bin/sh not being first line in scripts 2000-09-07 * put in the new icon set by Susan Emery * lots of small changes here and there * finished up the iptables support 2000-08-23 * added sound support * preferences dialog remake 2000-08-17 * finally fixed that DHCP/IP Masquerade hostname bug 2000-08-13 * new better service determination scheme, uses /etc/services 2000-08-07 * added option to launch firewall on ppp connect * added DHCP button to the device page * tooltips in the wizard and preferences menu * fixed problem with NFS and Xwindows ports 2000-08-06 * don't display masq page if only one device in the machine * device on masq page defaults to second device in machine 2000-08-01 * firestarter now stores its scripts in the default config file dir, for example "/etc/firestarter" 2000-07-31 * fixed the translations some more * program now resizes itself to minimize space needed 2000-07-30 * fixed IP/Masquerade detection code * fixed translations, honestly 2000-07-29 * added autodection of masqueraded net * small changes to the wizard 2000-07-26 * fixed translations not working * hitlog clist is now 'tails', i.e. the focus stays at the bottom 2000-07-24 * fixed DNS lookup crash * fixed the dynamic rules defaulting to TCP 2000-07-21 * added a DNS lookup feature 2000-07-19 * major cleanup of firestarter.c * added mini window icons * added a popup menu to the docklet * finally tracked down and fixed the segfault on exit, looks like a bug in GNOME. 2000-07-17 * now runs the druid on the first startup. * added "remove identical firewall hit lines" preference * changed by default allowed upper port limit to 49151 2000-07-16 * must start using the ChangeLog again. Lazy me. * marked a lot of strings for translation * cleanups and code comments * previously: released 0.3.0beta1 finished the dynamic rules functionality added a statusbar removed the applet code and put in a docklet some other things I've since forgotten 2000-06-01 * added root password query using consolehelper 2000-05-31 * fixed segault that occured with malformed log entries * fixed not closing properly when not running the applet * fixed logs not being saved to disk properly 2000-05-30 * fixed segfault problem with older gnome libs * code cleanup * fixed spawning multiple wizards or pref. windows * added option not to display applet on panel * script now sets the TCP/IP address hacking option in proc * other minor changes to the script and interface 2000-05-29 * second release, version 0.2.0 * firewall monitoring tool working 2000-05-12 * first public release, version 0.1 * firewall creation wizard working