mbse-firewall: changelog

changelog

Version 0.0.27 Fix for igmp protocol, do not use -m option. default tip

Mon, 30 Oct 2023 16:24:44 +0100
by Michiel Broek <mbroek@mbse.eu> [Mon, 30 Oct 2023 16:24:44 +0100] rev 14
Version 0.0.27 Fix for igmp protocol, do not use -m option.

Version 0.0.26 Add TCPMSS also to the filter table. Log script invocation.

Mon, 27 Feb 2023 11:41:02 +0100
by Michiel Broek <mbroek@mbse.eu> [Mon, 27 Feb 2023 11:41:02 +0100] rev 13
Version 0.0.26 Add TCPMSS also to the filter table. Log script invocation.

Make sure ipset tables exist.

Sun, 26 Feb 2023 15:23:19 +0100
by Michiel Broek <mbroek@mbse.eu> [Sun, 26 Feb 2023 15:23:19 +0100] rev 12
Make sure ipset tables exist.

Version 0.0.23 drop ICMPv6 neighbour advertisement packets with hoplimit not 256

Wed, 12 Jul 2017 22:21:28 +0200
by Michiel Broek <mbroek@mbse.eu> [Wed, 12 Jul 2017 22:21:28 +0200] rev 11
Version 0.0.23 drop ICMPv6 neighbour advertisement packets with hoplimit not 256

Added icmpv6 code 132. Version 0.0.22

Thu, 01 Sep 2016 19:01:21 +0200
by Michiel Broek <mbroek@mbse.eu> [Thu, 01 Sep 2016 19:01:21 +0200] rev 10
Added icmpv6 code 132. Version 0.0.22

Added options to log to syslog or nflog.

Sun, 25 Oct 2015 11:33:03 +0100
by Michiel Broek <mbroek@mbse.eu> [Sun, 25 Oct 2015 11:33:03 +0100] rev 9
Added options to log to syslog or nflog.

Hosts blocked by the ipset global tables are now stateless blocked. Version 0.0.19.

Sun, 19 Apr 2015 11:13:22 +0200
by Michiel Broek <mbroek@mbse.eu> [Sun, 19 Apr 2015 11:13:22 +0200] rev 8
Hosts blocked by the ipset global tables are now stateless blocked. Version 0.0.19.

Added global block ipset tables. Bumped to version 0.0.18

Mon, 13 Apr 2015 17:22:53 +0200
by Michiel Broek <mbroek@mbse.eu> [Mon, 13 Apr 2015 17:22:53 +0200] rev 7
Added global block ipset tables. Bumped to version 0.0.18

Fixed an error when reloading blocklists. Version 0.0.17

Fri, 19 Dec 2014 09:45:21 +0100
by Michiel Broek <mbroek@mbse.eu> [Fri, 19 Dec 2014 09:45:21 +0100] rev 6
Fixed an error when reloading blocklists. Version 0.0.17

Allow inverse neighbour discovery solicitation (141) / advertisement (142)

Thu, 18 Dec 2014 17:01:36 +0100
by Michiel Broek <mbroek@mbse.eu> [Thu, 18 Dec 2014 17:01:36 +0100] rev 5
Allow inverse neighbour discovery solicitation (141) / advertisement (142)

ipset now adds the hostname to the blocklists so that the firewall scripts works on hosts and Linux Container clients without conflicts. The ipset tables are visible on the host and in the lxc clients. Then, silently drop icmpv6 router sollicitaion and neighbour sollicitation messages that come in with the hoplimit field not set to 255. Some Windows systems do this. Version 0.0.16

Thu, 18 Dec 2014 16:56:55 +0100
by Michiel Broek <mbroek@mbse.eu> [Thu, 18 Dec 2014 16:56:55 +0100] rev 4
ipset now adds the hostname to the blocklists so that the firewall scripts works on hosts and Linux Container clients without conflicts. The ipset tables are visible on the host and in the lxc clients. Then, silently drop icmpv6 router sollicitaion and neighbour sollicitation messages that come in with the hoplimit field not set to 255. Some Windows systems do this. Version 0.0.16

Upgrades to version 0.0.14 and 0.0.15

Thu, 06 Nov 2014 14:10:08 +0100
by Michiel Broek <mbroek@mbse.eu> [Thu, 06 Nov 2014 14:10:08 +0100] rev 3
Upgrades to version 0.0.14 and 0.0.15

Added support for nfacct objects. Version 0.0.13

Sat, 01 Feb 2014 20:06:04 +0100
by Michiel Broek <mbroek@mbse.eu> [Sat, 01 Feb 2014 20:06:04 +0100] rev 2
Added support for nfacct objects. Version 0.0.13

Added dist command to the Makefile

Thu, 30 Jan 2014 15:20:46 +0100
by Michiel Broek <mbroek@mbse.eu> [Thu, 30 Jan 2014 15:20:46 +0100] rev 1
Added dist command to the Makefile

Initial import

Thu, 30 Jan 2014 14:46:10 +0100
by Michiel Broek <mbroek@mbse.eu> [Thu, 30 Jan 2014 14:46:10 +0100] rev 0
Initial import

(0) tip