Ok, now that I've got that state bug fixed, it seems like a good time
to roll together a new patch release.
I'm not sure what else to say at this point, besides the usual mumbo
jumbo, except to say that I need to get to work and put this stuff up
on sourceforge too...and to look out for another email later in the
week with more interesting ipfilter developments...
Oh, one other bug that got fixed here that others might have noticed
(or might not have) is the first one listed - rules like this:
rdr ab0 0/0 port 80 -> 127.0.0.1 port 12345 tcp
rdr ab0 0/0 port 80 -> 127.0.0.1 port 12346 tcp
would not have been allowed...now fixed :)
Darren
http://coombs.anu.edu.au/~avalon/ip_fil4.1.16.tar.gz
4.1.16 - Released 20 December 2006
allow rdr rules to only differ on the new port number
when creating state entry orphans, leave them on the linked list but not
attached to the hash table and mark them visible as orphans in "ipfstat -sl"
log state removed when unloading differently to allow visible cues
return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display ttl
abort logging a packet if the mbuf pointer is null when ipflog is called
Some NetBSD's have a selinfo.h instead of select.h
SIOCIPFFL was using copyoutptr and should have been using bcopy for /dev/ipauth
listing accounting rules using ioctl interface wasn't possible
fix leakage of state entries due to packets not matching up with NAT
improve ICMP error packet matching with state/NAT
fix problems with parsing and printing "-" as an interface name in ipnat.conf
4.1.15 - Released 03 November 2006
MD5 (ip_fil4.1.16.tar.gz) = b3f03da3973becba0ec9ef2a8882bffd
MD5 (patch-4.1.16.gz) = e649cc0a54af6b23b6c2c9572ab99ec1
|