changelog

Linux系统下著名的个人防火墙

2005-01-29  Tomas Junnonen  <tomas@fs-security.com>

	* src/wizard.c:
	- Fixed wizard failing on single interface machines

2005-01-27  Tomas Junnonen  <tomas@fs-security.com>

	* src/statusview.c:
	- Don't update active connections list when it is hidden,
	  lowers resource usage on slower machines
	* src/dhcp-server.c:
	- Fixed DHCP configuration for non-dhcp3 Debian machines
	* src/hitview.c:
	- Distinguish unknown direction from the inbound case
	* src/netfilter-script.c, scriptwriter.c:
	- All logging targets go through new chain LOG_FILTER for
	  guaranteed respect of user filtering settings
	- LS target renamed LSI, added LSO as a final outbound target
	- System log level can now be changed from the configuration file
	- Updated firestarter.sh to be dhcp3 aware

2005-01-16  Tomas Junnonen  <tomas@fs-security.com>

	* src/wizard.c:
	- Fixed crash on startup on first run

2005-01-11  Tomas Junnonen  <tomas@fs-security.com>

	* src/logread.c:
	- Fixed crash when reloading the events (Bug 161067)
	* src/netfilter-script.c:
	- Allow special casing the services (Bug 161310)
	- Samba service bundle overrides broadcast block settings
	* configure.in: Fixed patch gone wrong
	* src/wizard.c:
	- Fixed main gui not being shown on wizard completion

2005-01-11  Kjartan Maraas  <kmaraas@gnome.org>

	* configure.in: Add «nb» to ALL_LINGUAS.

2005-01-10  Tomas Junnonen  <tomas@fs-security.com>

	* src/service.c:
	- Add port 1900 to Samba service bundle

2005-01-09  Tomas Junnonen  <tomas@fs-security.com>

	* src/menus.c, src/xpm/Makefile.am, +src/xpm/icon_start_toolbar.png,
	  icon_stop_toolbar.png:
	- New start/stop firewall toolbar icons
	* src/hitview.c, policyview.c, statusview.c:
	- Increased padding at the the top of the notebook pages (Bug 161074)
	* src/util.c:
	- Try /var/log/kernel if /var/log/messages file not found
	* src/scriptwriter.c:
	- Set execute permissions on ip-up.local
	* src/netfilter-script.c, util.c:
	- Allow listing multiple ports in a single rule, separated by spaces
	* src/service.c:
	- SMB->Samba, include port 445 as part of the service

2005-01-07  Tomas Junnonen  <tomas@fs-security.com>

	* src/netfilter-script.c:
	- Enabled state check in outbound chain
	* src/firestarter.c:
	- Fixed external interface still being listed when in
	  reality the internal interface is the one failing

2005-01-06  Tomas Junnonen  <tomas@fs-security.com>

	* src/netfilter-script.c:
	- Extend connection tracking to the privileged ports
	* scripts/non-routables:
	- Following netblocks have been allocated: 71/8 and 72/8
	* firestarter.schemas.in, src/netfilter-script.c,
	  preferences.c/glade/h, scriptwriter.c:
	- The non-routables check is now an option and disabled by default
	* src/dhcp-server.c:
	- Added support for dhcp3
	* src/scriptwriter.c, wizard.c/h:
	- Give the user the choice not to start the firewall on wizard
	  completion

2004-12-13  Tomas Junnonen  <majix@sci.fi>

	* src/netfilter-script.c:
	- Log traffic that fall of the default chains

2004-12-12  Tomas Junnonen  <majix@sci.fi>

	* src/scriptwriter.c:
	- Require bash
	* firestarter.schemas.in, src/netfilter-script.c, preferences.c/h,
	  preferences.glade, scriptwriter.c:
	- Separate controls for blocking internal and external network
	  broadcasts (Bug 160481)
	* src/netfilter-script.c:
	- Forward rules only apply to traffic from the Internet
	* src/firestarter.c, scriptwriter.c/h:
	- Automatically generate a new firewall when upgrading to a newer
	  version

2004-11-29  Tomas Junnonen  <majix@sci.fi>

	* src/statusview.c:
	- Fixed crash on active connection lookup when the entry has
	  already disappeared from the list (Bug 158003)
	* src/scriptwriter.c:
	- Fixed crash on save in wizard (Bug 159537)
	* src/service.c:
	- Fixed /etc/services lookups failing
	* src/statusview.c:
	- Only resolve service name for new connection entries

2004-11-28  Tomas Junnonen  <majix@sci.fi>

	* src/netfilter-script.c:
	- Handle the case where a broadcast address is not applicable
	* src/preferences.c, scriptwriter.c/h:
	- Fixed PPP and DHCP hooks and the DHCP configuration not being
	  written unless enabled from the wizard
	* src/scriptwriter.c:
	- Fixed DHCP hook not being removed if client is not running
	* src/preferences.c, scriptwriter.c, wizard.c:
	- Fixed DHCP configuration being overwritten (Bug 159419)
	* src/policyview.c, util.c:
	- Fixed commas in rules crashing the program, better checking
	  for valid port and host inputs (Bug 159307)
	* src/service.c:
	- Fixed unknown service not being translated (Bug 158001)
	* src/hitview.c:
	- Fixed direction field of events not being translated (Bug 158001)

2004-11-26  Tomas Junnonen  <majix@sci.fi>

	* src/scriptwriter.c:
	- Fixed dhcp client configurations not being written
	  except for systems using dhclient
	- Fixed broadcast filtering being hardcoded to eth0 (oops)

2004-11-24  Tomas Junnonen  <majix@sci.fi>

	* src/menus.c, preferences.c, wizard.c:
	- Fixed manual urls
	* src/preferences.c, preferences.glade:
	- Disabled the system service option

2004-11-17  Tomas Junnonen  <majix@sci.fi>

	* src/policy-view.c:
	- Try to suggest an internal port range from the service
	  when forwarding
	* HACKING, README, src/menus.c, netfilter-script.c,
	  preferences.c, wizard.c:
	- The homepage and manual is now at http://www.fs-security.com

2004-11-11  Tomas Junnonen  <majix@sci.fi>
	* src/wizard.c:
	- Marked strings for translation (Bug 157897)
	* src/firestarter.c:
	- Fixed command line help not being translated (Bug 157897)
	* src/menus.c:
	- Fixed menu entries not being translated (Bug 157897)

2004-11-10  Tomas Junnonen  <majix@sci.fi>

	* src/logread.c:
	- Fixed crash on failed protocol name lookup

2004-11-02  Tomas Junnonen  <majix@sci.fi>

	* src/scriptwriter.c:
	- Allow firewall to be stopped even if network is down
	- Flush nat and mangle tables when stopping firewall
	* src/scriptwriter.c, netfilter-script.c:
	- Fixed forwarding a port range not working when internal
	  port destination was also a range
	* src/netfilter-script.c:
	- Removed unnecessary ttl check (Bug 156693)

2004-10-08  Tomas Junnonen  <majix@sci.fi>

	* src/menus.c, policyview.c:
	- Fixed misspellings (Bug 154622)

2004-10-05  Tomas Junnonen  <majix@sci.fi>

	* src/menus.c:
	- Mark menu texts for localization

2004-09-17  Tomas Junnonen  <majix@sci.fi>

	* src/netfilter-script.c:
	- Allow access to the configuration and the predefined
	  variables in user-pre and user-post

2004-09-15  Tomas Junnonen  <majix@sci.fi>

	* src/netfilter-script.c:
	- Moved forwarding from inbound/setup to firewall
	* src/policyview.c:
	- Fixed forwarding rules not being removed properly when
	  apply pressed
	- Show script output on policy group reload
	* src/firestarter.c:
	- Show script output when firewall operations fail

2004-09-13  Tomas Junnonen  <majix@sci.fi>

	* src/policyview.c:
	- Fixed rules created from the events page being malformed
	- Fixed the apply button being active when creating new rules
	  from the events page
	* src/netfilter-script.c, scriptwriter.c:
	- Fixed forward rule parameters not being properly scrubbed

2004-09-12  Tomas Junnonen  <majix@sci.fi>

	* src/firestarter.c:
	- Firewall script output now printed to stdout
	* src/policyview.c/h, preferences.c, preferences.glade, util.c:
	- Controls specific to NAT environments are now disabled for
	  single NIC machines or when NAT has been disabled
	* src/preferences.c:
	- Validate supplied DHCP configuration
	* src/firestarter.c, policyview.c, preferences.c, util.c/h:
	- New HIG style error dialogs
	- Validate DHCP configuration in the preferences
	- Validate user entered data in the rule creation dialogs
	* src/netfilter-script.c:
	- Hostnames can now once again be used in all rules
	* src/policyview.c:
	- Update the service name as the user types the port number
	* src/netfilter-script.c:
	- Put limits on logging of events
	* src/preferences.c:
	- Suppress libglade warnings

2004-09-11  Tomas Junnonen  <majix@sci.fi>

	* src/netfilter-script.c, src/policyview.c:
	- Restored service forwarding functionality
	- Fixed bug where a new rule could overwrite an existing one
	* src/statusview.c:
	- Fix crash caused by freeing invalid memory
	- Fix column rendering glitch on resize
	* src/util.c, statusview.c, logread.c:
	- Fixed a file descriptor leak and a few memory leaks
	* src/gui.c, tray.c:
	- Switched tray icon to single click mode for show and hide

2004-09-10  Tomas Junnonen  <majix@sci.fi>

	* src/gui.h, statusview.c/h:
	- The active connections list now also includes the name of the
	  program that created the socket
 	* src/hitview.c:
	- Fixed crash when using accelerator key for looking up hostnames
	* src/netfilter-script.c:
	- Fixed ICMP traffic from local network being blocked
	- Fixed services running on high ports on the firewall host being
	  blocked
	 * src/netfilter-script.c, preferences.c/h, preferences.glade,
	   scriptwriter.c:
	 - Separated ICMP echo into request and reply parts in the preferences

2004-09-05  Tomas Junnonen  <majix@sci.fi>

	* +src/preferences.glade, Makefile.am, firestarter.c, gui.c,
	  hitview.c, menus.c, policyview.c, preferences.c/h, scriptwriter.c,
	  util.c/h, wizard-choices.c, wizard.c/h:
	- New preferences dialog
	* configure.in:
	- New libglade requirement
	* firestarter.schemas.in:
	- New preferences for new dialog
	* src/eggtrayicon.c/h:
	- New tray icon code from GNOME CVS
	* src/gui.c, preferences.c, tray.c/h:
	- New tray icons
	- Ability to add and remove the tray icon based on preferences
	* src/policyview.c, preferences.c, service.c, util.c, wizard.c:
	- Fix GtkTreeIter leakage
	* src/gui.c, hitview.c, tray.c:
	- Clear tray hit icon on events tab focus or events list click

2004-09-03  Tomas Junnonen  <majix@sci.fi>

	* src/scriptwriter.c:
	- Fixed problem with return values on interface failure

2004-09-02  Tomas Junnonen  <majix@sci.fi>

	* src/gui.c, policyview.c/h, statusview.c:
	- Switched from GtkExpanders to a GtkCombo for the policy groups
	- Re-enabled resizing of the main window
	* src/scripwriter.c:
	- Reverted dhcp/ppp hook to a single line

2004-08-30  Tomas Junnonen  <majix@sci.fi>

	* src/hitview.c/h, menus.c/h, statusview.c/h:
	- Added context menu to active connections list
	- Added ability to lookup hostnames in the connections list
	- Doing a lookup on an event now resolves all IPs in one go
	- Fixed rendering glitch in events list when columns resized
	* src/netfilter-script.c, scriptwriter.c:
	- Fixed some NAT-specific rules being reached even when NAT
	  disabled
	- Fixed DHCP server starting if it had been configured
	  previously even if NAT has since been disabled
	* src/policyview.c:
	- Added the option to attach a comment to each rule
	* src/menus.c, savelog.c/h:
	- Use the new GtkFileChooserDialog when saving the events
	* src/policyview.c:
	- Fixed rule dialogs being accidentally destroyed
	* -ipchains.init, -netfilter.init, +fedora.init, Makefile.am:
	- New init script for Fedora Core, removed old broken scripts
	* src/policyview.c:
	- Don't show comments in TreeViews for now
	- Edit the selected rule on doubleclick
	* firestarter.spec.in:
	- New spec file from Fedora Extras, by Phillip Compton

2004-08-29  Tomas Junnonen  <majix@sci.fi>

	* src/logread.c, netfilter-script.c, policyview.c, service.c/h,
	  statusview.c:
	- Reworked network service identification
	- Finished the service selector for the rule creation dialogs, ports
	  are now suggested based on the selected service names
	* src/preferences.c/h, wizard-choices.c, wizard.c/h:
	- Removed the services page in the wizard
	- Simplified the NAT page a bit
	* src/statusview.c, util.c/h, wizard-choices.c, wizard.c/h:
	- Replaced the wizard interface entry widgets with GtkCombos
	- Show device descriptions instead of raw interface names
	- Validate choices on NAT page
	* src/netfilter-script.c, policyview.c, scriptwriter.c:
	- Data files are now in CSV format
	* src/firestarter.c, policyview.c/h:
	- First time in restrictive outbound mode allow: DNS, HTTP, DHCP
	  so the user doesn't lock himself out
	* src/netfilter-script.c:
	- Fix LAN to firewall traffic being blocked instead of being
	  matched against the policy

2004-08-28  Tomas Junnonen  <majix@sci.fi>

	* +src/xpm/icon_unlocked.png, +icon_locked.png, +icon_locked_large.png
	  src/firestarter.c/h, menus.c, scriptwriter.c, statusview.c/h,
	  tray.c:
	- "Halt" operation replaced by "Lock Firewall"
	- Stateful lock/unlock button on status tab toolbar
	* src/firestarter.h, hitview.c/h, menus.c/h, netfilter-script.c,
	  policyview.c/h, scriptwriter.c/h, util.c/h:
	- Implemented the context menu for the Events list

2004-08-27  Tomas Junnonen  <majix@sci.fi>

	* src/menus.c/h, policyview.c/h:
	- Implemented editing of existing rules in the policy tab
	* -src/parse.c/h, firestarter.h, hitview.c/h, logread.c/h,
	  menus.c, netfilter-script.c, parse.c/h, preferences.h,
	  util.c:
	- New Events column: direction
	- syslog entries prefixed with name of policy group that
	  generated the hit
	- Outbound counters on Status tab enabled