1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
ufw (0.29.3) RELEASED; urgency=low
* unconditionally restore new 'skip-to-policy' chains, fully resolving
LP: #488032
-- Jamie Strandboge <jamie@ubuntu.com> Fri, 29 Jan 2010 08:23:17 -0600
ufw (0.29.2) RELEASED; urgency=low
* src/ufw-init-functions: don't run 'already started' check unless
ENABLED. This should improve boot speed such that iptables is not
needlessly called which results in an unneeded modprobe.
* manpage fixes thanks to Loic Minier
* set "default" sysctl values before "all" values. Thanks to Loic Minier
* Makefile: clean up POTFILES target
* generate binary translations in setup.py rather than shipping them in
source (LP: #490366)
* don't log LIMIT rules if logging is off (LP: #512131)
* restore all toplevel chains. This is introduced in 0.29.1 in the fix
for LP: #459925. (LP: #513387)
* fix for noisy services getting logged. Added new 'skip-to-policy' chains
that are now used in after*.rules (LP: #488032)
-- Jamie Strandboge <jamie@ubuntu.com> Thu, 28 Jan 2010 17:30:56 -0600
ufw (0.29.1) RELEASED; urgency=low
* error out when filesystem is read-only (LP: #430053)
* catch exception if can't find parent pid when refreshing application
profiles (LP: #424528)
* add upstart example
* src/ufw-init: add add 'quiet' option on start, also check for QUIET
* write loglevel rules to user rules (LP: #459925)
* properly log INVALID packets for medium and higher (LP: #480789)
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 30 Nov 2009 10:08:23 -0600
ufw (0.29) RELEASED; urgency=low
* add egress filtering support:
- CLI command allows specifying direction in simple and extended syntax
- status reporting shows outgoing policy and outgoing rules
- allow changing default outgoing policy
- connection tracking rules for state NEW, when using a default policy
of ACCEPT for INPUT and OUTPUT, are now put in their own chains, rather
than configured in before*.rules
- add state RELATED,ESTABLISHED rule to ufw-before-output in before*.rules
like we do with ufw-before-input, to increase performance
- DEFAULT_OUTPUT_POLICY and DEFAULT_INPUT_POLICY can now also be set to
ACCEPT_NO_TRACK, which avoids adding connection tracking rules for
state NEW
- update documentation for the above
* add tests/check-requirements and integrate into test suite. This script
can be used to make sure that your system has all the required iptables
and netfilter functionality as described in README
* add doc/ufw-framework.8
* allow deletion of non-existent application rules introduced in 0.24.
(LP: #407810)
* import Launchpad translations:
- po/ar.po, po/bg.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po,
po/en_AU.po, po/en_GB.po, po/fi.po, po/fr.po, po/he.po, po/hu.po,
po/id.po, po/it.po, po/nb.po, po/nl.po, po/pl.po, po/pt_BR.po, po/pt.po,
po/ru.po, po/sk.po, po/sl.po, po/sr.po, po/sv.po, po/tl.po, po/zh_CN.po
- thanks to all contributors: https://translations.launchpad.net/ufw
- moved translations into locales/po and locales/mo. setup.py installs
files in locales/mo
- translations are now installed into ${prefix}/share/ufw/messages
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 25 Aug 2009 09:12:10 -0500
ufw (0.28) RELEASED; urgency=low
* translation fixes
* add interface rules
* update Makefile to fail if byte-compiling failed
* install rules files 0640 (LP: #393187)
* adjust help command for proper translation and bash completion support
* add limit command to help (LP: #358964)
* add shell-completion/bash. Based on work by Didier Roche
* tests/*: updated with 'nostats' option so redundant tests are counted
in test results. Update many root tests to use 'nostats'
* look for location of iptables and set IPTABLES_DIR in common.py. Adjust
calls to ip[6]tables* to use IPTABLES_DIR
* fix harmless but annoying bug where multi-rule application rules ended
up with ::/0 in the tuple line in user.rules (IPV4) when not specifying a
destination or source address and IPV6 is enabled
* make insert rule logic more robust
* update setup.py to install user rules and init script helpers into
/lib, rather than /var/lib and /usr/share/ufw. Update tests,
backend_iptables.py, ufw-init and documentation accordingly. (LP: #400208)
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 15 Jul 2009 09:30:25 -0500
ufw (0.27.1) RELEASED; urgency=low
* update README for instructions on integrating ufw into the boot process
* adjust strings to better conform with translation guidelines (LP: #353424)
* adjust translation location to work with rosetta
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 23 Mar 2009 12:06:27 -0500
ufw (0.27) RELEASED; urgency=low
* don't do symlink check anymore (LP: #317700)
* don't do hidden file check anymore (LP: #319226). Hidden application
profiles are already skipped, so this check only bumps into revision
control systems
* add 'status numbered' command
* more comments in conf/sysctl.conf
* add insert rule support (LP: #260745)
* read in rules from /var/lib/ufw/*.rules. This helps keep status inline
with reality and fixes (LP: #262975)
* add loglevel support. This also changed the default rules files
* add per rule logging support
* get rid of redundant RETURN rules
* update LIMIT logging prefix
* update setup.py to use subprocess instead of Popen3
-- Jamie Strandboge <jamie@ubuntu.com> Sat, 17 Jan 2009 07:15:25 -0600
ufw (0.26) RELEASED; urgency=low
* fix formatting when using 'app update all' (LP: #300726)
* add runtime version check for iptables and warn if using IPv6 application
rules with iptables < 1.4
* Makefile: depend on translations when making tarball
* remove more useless newlines
* man page updates
* display interfaces and exact packet counters in 'status raw'
* support REJECT for rules, default policy and default application policy
(LP: #197322)
* only flush and delete ufw chains
* add a 'flush-all' command to ufw-init
* add MANAGE_BUILTINS option to /etc/default/ufw, and when set to 'yes'
flush the built-in chains too
-- Jamie Strandboge <jamie@ubuntu.com> Fri, 16 Jan 2009 07:01:38 -0600
ufw (0.25) RELEASE; urgency=low
* new ChangeLog files for upstream tarballs. See ChangeLog.pre-0.25 for
previous changes, including Ubuntu-specific changes
* setup.py: don't install initscript anymore
* add example (non-LSB) initscript to doc/initscript.example
* split out initscript into ufw-init-functions, ufw-init (for use by
ufw itself) and doc/initscript.example (for use by distributions). This
makes ufw more robust and portable
* don't stop the firewall via the initscripts if ufw is not enabled
(LP: #311066)
* rename skel-ui to skel-ui.example
* README:
- add Distributions section
- update for initscript changes
- update What's in a Name
-- Jamie Strandboge <jamie@ubuntu.com> Mon, 22 Dec 2008 08:53:14 -0600
|