Version 0.0.23 drop ICMPv6 neighbour advertisement packets with hoplimit not 256

Added icmpv6 code 132. Version 0.0.22

Added options to log to syslog or nflog.

Hosts blocked by the ipset global tables are now stateless blocked. Version 0.0.19.

Added global block ipset tables. Bumped to version 0.0.18

Fixed an error when reloading blocklists. Version 0.0.17

Allow inverse neighbour discovery solicitation (141) / advertisement (142)

ipset now adds the hostname to the blocklists so that the firewall scripts works on hosts and Linux Container clients without conflicts. The ipset tables are visible on the host and in the lxc clients. Then, silently drop icmpv6 router sollicitaion and neighbour sollicitation messages that come in with the hoplimit field not set to 255. Some Windows systems do this. Version 0.0.16

Upgrades to version 0.0.14 and 0.0.15

Added support for nfacct objects. Version 0.0.13

(0) -10 tip

mercurial