1.2.2 (19 Nov 2006) * Added SCTP match. * Added addrtype match. * Added link to policy routing using linux by Matthew G. Marsh. * Added some internal links for better cross linking. * Added comment match. * Added hashlimit match. * Added new --cmd-owner to owner match. * Added realm match. * Added important.gif image sign. * Added l7-filter to ip_filtering_introduction.sgml. * Added l7-filter link to other_resources.sgml. * Added raw table in traversing_of_tables_and_chains.sgml * Added raw table in how_a_rule_is_built.sgml chapter. * Added SECMARK and CONNSECMARK to traversing_of_tables_and_chains.sgml. * Added user specified chains section in traversing_of_tables_and_chains.sgml. * Added UNTRACKED and new untracked connections section in statemachine.sgml. * Added SCTP characteristics section to tcp_ip_repetition.sgml * Added all images for the SCTP chapters. * Added Whats next? to all chapters. * Added SCTP headers section in the tcp_ip_repetition.sgml chapter. * Added CLUSTERIP target. * Added CONNMARK target. * Added connmark match. * Added CONNSECMARK target. * Added SECMARK target. * Added NOTRACK target. * Added NFQUEUE target. * Added index of all chapters and appendixes. * Updated all header images from the tcp_ip_repetition.sgml chapter. * Updated all diagrammatical images to a nicer look. * Updated admonition images (Jens Larsson ) * Updated tables_traverse.gif with raw table and switched fonts. * Updated information for the QUEUE target for 2.6.14 kernel. * Updated ttl match explanation somewhat. * Updated Print indentation 0.8 inch. * Updated centered header and footer. * Removed internal catalogs etc, living off of local ones instead. * Removed old data in TOS and TTL targets. * Fixed history.sgml layout. * Fixed indexing system. * Fixed minor error in recent match explanation. * Fixed --limit-burst, bad explanation. * Fixed s/package/packet/ in MARK target. ("G.W. Haywood" ) * Fixed all sgml tables. * Indexed commercial_products.sgml. * Indexed and fixed markup of debugging.sgml. * Indexed and fixed markup of example_scripts.sgml. * Indexed and fixed markup of how_a_rule_is_built.sgml. * Indexed and fixed markup of introduction.sgml * Indexed and fixed markup of ip_filtering_introduction.sgml. * Indexed and fixed markup of iptables_matches.sgml. * Indexed and fixed markup of iptables_targets.sgml. * Indexed and fixed markup of nat_introduction.sgml. * Indexed and fixed markup of rc_firewall.sgml. * Indexed and fixed markup of statemachine.sgml. * Indexed and fixed markup of tcp_ip_repetition.sgml. * Indexed and fixed markup of traversing_of_tables_and_chains.sgml. 1.2.1 (29 Sep 2006) * Added commercial_products.sgml for commercial products based on Linux/iptables. * Added several new entries in other_resources. * Added several entries in "Terms used in this document" section. * Fixed bad link to icmp_parameter_problem_headers.jpg (Petr Kras ) * Clarified ESTABLISHED,RELATED rule in allowed chain. (Andrzej Szelachowski ) * Fixed inverted numbering of the OSI and TCP/IP reference model. (Ian Martin ) * Fixed PDF creation * Fixed PS creation * Upscaled all images to higher resolutions. * Created better image conversion routines for print versions. 300 DPI images. * Rewritten dsl files for print version. New margins, indentations and resized for printable version of the tutorial. * Improved imagequality and removed artifacts. * Added link to ingate. * Fixed error in example for pkttype match. (Ortwin Glueck , Mao and Marcos Roberto Greiner ) * Fixed error in extended DNAT example (-i does not work in POSTROUTING). (Christian Font and Tatiana ) * Missing end bracket in 2.2 IP Characteristics. (Andrius ) * Bad grammar in State term explanation. (Alexey Dushechkin ) * Misspelled --ctreplsrc/dst as --ctreplysrc/dst. (Tatsuya Nonogaki ) * Added secondary possibility in iptables-save command. * Switched to relative numbering in TOS/DSCP/ECN explanation in IP headers section. (Fred ) * Added notes about ICMP type 255 in --icmp-type explanation and ICMP types appendix. (Fred ) * Rewritten "about the author" preface from scratch. * Rewritten "how to read" preface partially from scratch. * Minor updates to Conventions used in this document preface. * Fixed some bugs in the Makefile 1.20.0 (20 July 2005) * Forgotten link to iptsave-ruleset.txt (neil ) * traversing of tables and chains and how a rule is built has been translated to spanish (spanish translation team). * Fixed explanation of SNAT target, it is possible to make non-locally generated streams to log properly. (Watz ) * Added tcp_ip_explanation.sgml chapter. * Removed link to ICMP pages by Walden since it is gone. * Fixed description of chain traversal. the text was inconsistent. * Fixed bad one-line explanations of scripts. (Spanish translation team) * Added more text to the TCP/IP reference. * Finished TCP explanation. * Finished TCP/IP introduction chapter. * Finished IP filtering introduction. * Lots of minor updates. * Split how a rule is built chapter into 3 smaller chapters since it was huge. * Added NAT introduction chapter. * Added IP filtering introduction chapter. * Added TCP/IP Introduction chapter. * Added Iptables matches chapter. * Added Iptables targets chapter. * Started on debugging chapter. * Added TCP options appendix. * Added several new references in other resources appandix. * Debugged all the new sgml code. * Added field in ICMP_types pointing to RFC. * Added all ICMP types and codes available on iana.org. * Added more stuff to the wordlist in the introduction. * Added guis.sgml chapter. * Added several images pertaining to guis.sgml chapter. * Added field describing which kernels all targets/matches works under. * Added several matches. * Gone through a huge list of spelling fixes (Corey Becker ) * Fixed mono space on all literallayouts. * Fixed broken tables/missing entries. * Added several new entries in the other resources appendix. 1.1.19 (21 May 2003) * Moved all admonition images to images/ and removed stylesheet-images * Fixed missing admonitions in html.tgz * Added warning for SMTP open relay and bad logging in dnattarget (Peter van Kampen ) * Added scripts/ and other/ to chunkyhtml. * Added RFC793 to other_resources.sgml. * Added protocols.txt to other_resources.sgml. * Added RFC792 to other_resources.sgml. * Added theicmp to other_resources.sgml. * Added services.txt to other_resources.sgml. * Added IETF to other_resources.sgml. * Added LARTC to other_resources.sgml. * Added paksecured to other_resources.sgml. * Added Limit-match.txt to example_scripts.sgml. * Added pid-owner.txt to example_scripts.sgml. * Added sid-owner.txt to example_scripts.sgml. * Added ttl-inc.txt to example_scripts.sgml. * Added tldp to other_resources.sgml. * Remade all links to internal links within the document, except for other_resources.sgml and example_scripts.sgml. * Updated --protocol match explanation for better clarity. (Xavier Bartol ) * Updated TTL target explanation to reflect that it must be patched from patch-o-matic (Jon ANDERSON ) * Updated spanish translation (Spanish Translation team) * Fixed static links in html.tgz to relative ones, for downloaders. * Fixed static links in chunkyhtml.tgz to relative ones, for downloaders. * Totally rewrote changes.sh for above needs. * Removed dead code in the Makefile. * Improved limit match explanation. * Added new mirror at tu-darmstadt.de (Thorsten Bremer ) 1.1.18 (24 Apr 2003) * Added spanish translation section. * Added firewall_rules_table_final.pdf and links in other_resources.sgml (Stuart Clark ) * Removed duplicate CONFIG_PACKET in example_scripts.sgml, strictly not needed (Robert P. J. Day ) * Fixed a whole bunch of errors and grammatical incorrectness (Robert P. J. Day ) * Revised explanation of state NEW (Robert P. J. Day ) * Fixed bad sed fix in last version, which deleted state in -m state... (Mark Orenstein ) * Deleted LAN_BROADCAST_ADDRESS variable, and corresponding rules since they where just filler (Edmond Shwayri ) * Minor changes. Some preparations to get portuguese and spanish translations inside the tutorial. * Fixed deep links with chunkyhtml again. * Fixed blackened images so they now look correct. 1.1.17 (6 Apr 2003) * Fixed lost admonition images, forgotten to reset the admon-graphics-path (prerelease made under 1.1.16 name). * Fixed minor spelling errors etc (Geraldo Amaral Filho ) * Added how to list nat and mangle table to detailed explanations appendix. * Added rules for SYN/ACK and NEW packets and added explanations etc. (Ondrej Suchy ) * Fixed LAN_IP variable in rc.DMZ.firewall.txt to cohere with the texts. (Dino Conti ). * Fixed garbled programlistings in saveandrestore.sgml (Robert P. J. Day ) * Fixed clarity in traversing_of_tables_and_chains.sgml (Robert P. J. Day ) * Fixed inversion explanation of limit match (Velev Dimo ) * Fixed bad statement that REJECT can be used as a policy (Spencer Rouser ) * Fixed CONFIG_CONNTRACK to CONFIG_IP_NF_CONNTRACK in preparations.sgml (DAVEONOS ) * Added Prerequisites in bookinfo.sgml (Amanda Hickman ) * Fixed preparations.sgml to say "shell script file" instead of "file" for clarity (Amanda Hickman ) * Changed "state-full" to "stateful" throughout the document (Olle Jonsson ) * Added explanation of state ESTABLISHED,RELATED rule in INPUT chain of rc.firewall.txt explanation (Bengt Aspvall ) 1.1.16 (16 Dec 2002) * Fixed /docbook-dsssl/ into stylesheet-images/ properly so all images should load ok now. * Added more download-friendly html and chunkyhtml formats for those who wish to download. * Created a totally separate catalog for the tutorial, to get rid of problems between platforms. * Fixed index.html to work properly for those mirroring the tutorial. * Fixed bad SNAT/DNAT example rules in how a rule is built (Clemens Schwaighofer ) * Fixed DMZ being able to contact LAN in rc.DMZ.firewall.txt (Uwe Dippel ). * Erased unused variables and chains in rc.DMZ.firewall.txt (Uwe Dippel ). * Partially fixed mirroring problems which occured since I moved to Debian as a main workstation. * Got rid of mirror target, mirror people mainly uses wget / anyways (Dave Wreski ). * Minor final fixes before release. 1.1.15 (13 Nov 2002) * Bad timeout value in statemachine.sgml. * Fixed missed word-change in mangle table description (five instead of two) * defragmented should read fragmented in -f explanation. * Inconsistency fixed in MARK match explanation * Fixed all haringstad.com URL's to frozentux.net. * Fixed an unclear explanation in DNAT extra explanation (Mark (sonarteSNABELAapplinkDOTnet>) * Erased part of common_problems appendix. * Fixed stale udpincoming_packets --jump rule. * Updated rc.test-iptables.txt to work with mangle5hooks.patch (A. Lester Buck ) * Fixed tables_traverse.gif according to mangle5hooks.patch (Robert P. J. Day ) * Updated ordering in traversing_of_tables_and_chains according to mangle5hooks.patch (A. Lester Buck ) * Fixed consistency in most cases regarding to table names in the tutorial. (Robert P. J. Day ) * Fixed cutnpaste error in sid-owner.txt (Robert P. J. Day ) * Fixed unclearness about SNAT port specifications (Robert P. J. Day (rpjdaySNABELAmindspringDOTcom>) * Updated netfilter FAQ link in other resources (Togan Muftuoglu ). * Got rid of routing decision that is not there in the traversal_of_tables_and_chains.sgml. (Antony Stone ) * Fixed tables_traverse.gif according to previous changelog entry. * Added more descriptive explanation of the limit match (Robert P. J. Day ) * Fixed SNAT examples (Robert P. J. Day ) * Fixed some smaller typos and bad punctuation (Matthew F. Barnes ) * Fixed more typos and confusing things (Otto Matejka ) * Gone through all chapters with aspell. * Got through all of the appendices with aspell, as well as the bookinfo.sgml * Updated SGML tags to create better HTML output (Otto Matejka ) * Added forgotten save and restore chapter (Otto Matejka ) * Minor preparations for release. * Erased old passiveftpnodcc appendix, replaced in other places. (Marek Januszewski ) 1.1.14 (14 Oct 2002) * Fixed explanation of packet traversals (Carol Anne ) * Fixed bad link to sid-owner.txt in how_a_rule_is_built.sgml (Manuel Minzoni ) * Fixed all code snippets inside the tutorial with proper linebreaks etc(Carol Anne ) * Fixed bad state change explanation in the statemachine.sgml (Yves Soun ) * Fixed references to old mangle table to reflect mangle5hooks.patch. * Fixed tables_traverse.gif to better reflect mangle5hooks.patch, etcetera. * Added target for chunky HTML output. * Fixed IPT_CONTINUE misunderstanding in how a rule is built (Miernik ). * Added some rules to get rid of excessive logging of DHCP, Multicast and Broadcasts (Uwe Dippel ) * Added descriptions of the new rules described above to rc_firewall.sgml (Uwe Dippel ) * Added note admonition in DNAT long explanation regarding ACCEPT rules in FORWARD (Dave Klipec ). * Fixed bad cutnpaste in header of retreiveip.txt (Eddy L O Jansson ) * Fixed bad cut expression in rc.DHCP.firewall.txt example in example_scripts.sgml (Eddy L O Jansson ) * Created a preface section in the beginning. * Moved data from introduction.sgml to preface. * Copied data from ipsysctl tutorial to preface in iptables tutorial. * Fixed all stale links to frozentux.net for always. * Erased two sed lines in Makefile, stale since all links are fixed. * Added ID tags to all chapters, sections and tables including the titles. * Fixed Makefile to copy all images necessary to correct places for chunkyhtml and html target * Sorted all targets alphabetically. * Sorted Explicit matches alphabetically. * Fixed unclear statement about --protocol inversion. 1.1.13 (22 Aug 2002) * Temporarily fixed HTML output, which was corrupted due to bad SGML stylesheets. 1.1.12 (19 Aug 2002) * Fixed bad TTL examples in how a rule is built (Peter Schubnell ) * Typo in introduction.sgml fixed (Stephen J. Lawrence ) * Added rules to allow the firewall to act as DHCP server on LAN (Uwe Dippel ) * Fixed various problems in the appendices (Bradley Dilger ) * Added usage for --set-ttl and --ttl-dec (Vegard Engen ) * Fixed missing nat modules in the modprobe sections (Clifford Kite ) * Fixed bad spelling in some variables in the scripts (Uwe Dippel ) * Swapped order of creation for user specified chains (Uwe Dippel ) * Added first part of a portuguese translation by (Alessandro Oliveira ) * Redone large parts of the makefiles. * Added a README with installation instructions etc. * More spelling and grammar fixes (Tony Earnshaw ) * Additional distrib target (Harald Welte) * Fixed bad example DNAT rule in "how a rule is built" (Nick Andrew ). * Fixed small spelling error (Stepan Kasal ) 1.1.11 (27 May 2002) * Fixed all tables in "how a rule is built" * Pictures for state explanation. * Added the state explanation chapter. * Fixed everything within the state machine explanation. * Fixed a longer DNAT explanation on how to use this properly, and routing considerations. * Added a few term descriptions. (steve hnizdur ) * Added a note admonition in the "The ICMP chain" section.(steve hnizdur ) * Added mirror at linux-sxs.org (Lonni ) * Added warning admonition image * Changed caution to warning admonition in rc_firewall.sgml. (Jelle Kalf ) * Added "how to read this document" section in the introduction. * Fixed statemachine.html explanation of sysctl variables etc. * Lots and lots of grammatical fixes (Tony Earnshaw , Valentina Barrios) 1.1.10 (12 April 2002) * Got rid of spaces which made the literallayout tags look weird. * Fixed allowed chain explanation. * Fixed tcp_packets chain explanation. * Fixed udpincoming_packets chain explanation. * Fixed icmp_packets chain explanation. * Fixed INPUT chain explanation. * Fixed FORWARD chain explanation. * Fixed OUTPUT chain explanation. * Fixed PREROUTING chain explanation. * Fixed a huge set of underscores in docbook identifiers. * Fixed accidental error where the html version is created twice in the same file. * Fixed bad indentation of the first line in all the scripts. * Resized caution.gif and note.gif since they where way to large. * Fixed the whole rc_firewall file explanation so it is up to date, finally. * Fixed unnecessary diff's between rc.firewall.txt and rc.DHCP.firewall.txt. * Fixed unnecessary diff's between rc.firewall.txt and rc.UTIN.firewall.txt. * Fixed unnecessary diff's between rc.firewall.txt and rc.DMZ.firewall.txt. * Fixed ttl-inc.txt script to work 100%. * Fixed TTL explanations * Fixed Owner match explanations. * Fixed limit match explanations. * Fixed ULOGD explanation. Still need link to ULOGD homepage. * Fixed explanation of --tcp-flags inversion. * Added link to conntrack explanation on kalamazoolinuxDOTorg. * Added brief explanation on how to get DHCP through an all blocking ruleset in common_problems.sgml * Added brief note in multiport match about mixing non-multi and multi matches. * Added brief retrieveip.txt script which grabs IP and BC of interfaces (Jelle Kalf ) * Added brief pointer to the retrieveip.txt from rc.DHCP.firewall.txt explanation. * Added debian package link (Theodore Alexandrov ) * Fixed --mac-source example, lacked -m mac (Paul Corbett ) * Updated mirror info on brazilian mirror (Rodrigo Rubira Branco ) * fixed * fixed ULOGD homepage * Added "mIRC DCC problems" in common_problems.sgml (Alistair Tonner ) * Added link to mIRC DCC problems in rc_firewall.sgml (Alistair Tonner ) * Added caution admonition to TOS target description and some text (Matthew G. Marsh ) * Added Problems loading modules section in common_problems.sgml (Uwe Dippel ) * Added caution admonition in "Initial loading of modules" section. (Uwe Dippel ) * Fixed all e-mail adresses to make them less "harvestable" by spammers. (Evan Nemerson ) * Fixed a huge set of minor bugs and errors (Marcel J.E. Mol ) * Swapped place on "how a rule is built" and "traversing of tables and chains" (Marcel J.E. Mol ) * Rewritten small pieces of the "how a rule is built" chapter. * Added modules required for rc.firewall.txt in the description. * Added modules required for rc.DMZ.firewall.txt in the description. * Added modules required for rc.DHCP.firewall.txt in the description. * Added modules required for rc.UTIN.firewall.txt in the description. 1.1.9 (21 March 2002) * Fixed rc.firewall.txt to follow the stylesheet in firewall.sgml * Fixed rc.DMZ.firewall.txt to follow the stylesheet in firewall.sgml * Fixed the Makefile to include the stylesheet-images dir in src package and site packaging * Fixed rc.DHCP.firewall.txt to follow the stylesheet in firewall.sgml (Vince Herried ) * Fixed rc.UTIN.firewall.txt to follow the stylesheet in firewall.sgml * Fixed ICMP types chapter (which is an error, what is a request) * Fixed all formatting in the rc_firewall example chapter. * Added link to LARTC.org. * Added RFC 793 and linked to it. * Added brief explanation of the Configuration optionsDOTsection of the rc.firewall.txt in rc_firewall.sgml. * Fixed all tables in the "Traversing of tables and chains" chapter. * Fixed the "tables" table of the "how a rule is built" chapter * Fixed the tables within the "ICMP types" appendix. * Fixed PDF & PS links in the "Other resources" chapter to local files. * Fixed html make target to reverse links in "Other resources" to the old style. * Fixed if statements in rc.DHCP.firewall.txt. * Fixed bad rules in rc.DHCP.firewall.txt (trying to use unavailable $INET_IP var. * Looked over all required modules for rc.DHCP.firewall.txt. * Looked over all required modules for rc.firewall.txt. * Looked over all required modules for rc.UTIN.firewall.txt. * Looked over all required modules for rc.DMZ.firewall.txt. * Created a stylesheet for the tutorial (finally got it working after some 15 hours=)) (Togan Muftuoglu ) * Created catalog file (not working yet). (Togan Muftuoglu ) * Fixed typo in the title (embarassing) * Fixed a minor set of typos all over the place. * Fixed broken links which did not work (due to linewrapping). (Galen Johnson ) * Better explanation of the --ttl match. * Added all RFC's referenced within the document to the local servers, and added the proper links to them. * Changed Rodrigos e-mail adress (Rodrigo Rubira Branco ) * Added brief section about automatically grabbing IP within the DHCP script explanation (Kelly Ashe ) * Added brief explanation that ip_forward should be turned on after iptables ruleset (Janne Johansson ) * Fixed bad > characters in the GPL appendix. (Thomas Smets ) * Fixed accidental error in the DSSSL style sheets. * Fixed the crashing page header and and textbody (Thomas Smets , Peter Horst ) * Fixed bad mistake in the --destination explanation (Mitch Landers ) * Fixed mirror list (contact info for Neil Jolly) (Neil Jolly ) * Fixed minor error in the --delete example entry in the Commands section (Jelle Kalf ) * Added tar -xjvf in Compiling the userland programs section (Jelle Kalf ) * Fixed typo (Source quelch to Source quench). (Jason Lam ) * Added usage for --ttl-inc (Evan Nemerson ) * Created explanation of variable settings in rc_firewall.sgml * Created new explanation of the module loading section in the rc_firewall.sgml script * Created new explanation of proc setting section in rc_firewall.sgml * Created new explanation of design goals for rc_firewall.sgml * Added explanation of structure used. * Erased para declaration in the customized stylesheet. * Minor markup fixes in rc_firewall.sgml 1.1.8 (5 March 2002) * Fixed bad links (made pre-release with changes added to it). * Added explanation of the ACCEPT target. * Added explanation of the DROP target. * Added explanation of the RETURN target. * Added explanation of the LOG target. * Fixed the MAC match table. * Fixed up the LOG target tables a bit. * Added explanation on the MARK target. * Added explanation of the REJECT target. * Added explanation of the TOS target. * Added explanation of the MIRROR target. * Added explanation of the SNAT target. * Added explanation of the DNAT target. * Added explanation of the MASQUERADE target. * Added explanation of the REDIRECT target. * Added explanation of the TTL target. * Added explanation of the ULOG target. * Finished the How a rule is written chapter. * Hopefully made a good & permanent solution for these html links which pointed in the wrong direction * Added formatting and rewritten parts of the example scripts chapter, and added some id tags, etc * Added formatting and rewritten parts of the "How a rule is built" chapter, and added some id tags, etc * Added formatting and rewritten parts of the introduction chapter, and added some id tags, etc * Added formatting and rewritten parts of the preparations chapter, and added some id tags, etc * Added formatting and rewritten parts of the Traversing of tables and chains chapter, and added some id tags, etc * Made 2 pictures, note.gif and caution.gif for notes and cautions. * Added formatting and rewritten parts of the acknowledgements appendix, and added some id tags, etc * Added formatting and rewritten parts of the Common problems appendix. * Added formatting and rewritten parts of the Detailed explanations appendix. * Added formatting and rewritten parts of the ICMP types appendix. * Added formatting and rewritten parts of the Other resources and links appendix. 1.1.7 (4 February 2002) * Fixed bad explanation of the --destination match. (Parimi Ravi ) * Fixed bad cut'n'paste from last version in the rc.firewall.txt file (Phil Schultz ) * Fixed bad explanation of ip_conntrack_* in "explanation of rc.firewall" chapter. (Steven McClintoc ) * Added explanation of ip_nat_* in "explanation of rc.firewall" chapter. (Phil Schultz and Steven McClintoc ) * Added explanation of ip_nat_* in "Passive FTP but no DCC" appendix. (Phil Schultz and Steven McClintoc ) * Clarified explanation of the MASQUERADE target in the "NAT table"DOTsection (Steven McClintoc ) * Added rule to accept DHCP requests in the rc.DHCP.firewall.txt script. (Bill Dossett ) * Rearranged the variables in the rc.DHCP.firewall.txt and added comments. (Bill Dossett ) * Added variables for DHCP servers. (Bill Dossett ) * Added PPPOE_PMTU option to the rc.DHCP.firewall.txt and comments as well as rewrote that rule. * Organized the rc.DHCP.firewall.txt script in a better fashion. * Organized the rc.firewall.txt script in the same fashion as rc.DHCP.firewall.txt. * SGML'ized the GPL document (Should be sent off to FSF for verification). * Inserted the SGML'ized GPL document instead of the ascii version. * Fixed the History section (update forgotten previous version). * Added new mirrors target to the Makefile. (Dave Wreski ) * Started restructuring the tutorial, breaking it down into chapters and appendices. * Finished the restructure after a christmas vacation. (2 january 2002) * Finished the --mac-source match explanation. * Fixed a better solution for mirroring (Dave Wreski ) * Added explanations to the mark match. * Added explanations to the limit match. * Fixed tcp_packets chains in all scripts (Erik Sjölund ) * Fixed all script links in the tutorial. * Fixed description of TTL target and MANGLE table in traversing_of_tables_and_chains. (???) * Fixed loaded modules a bit in rc.firewall.txt (Adam Mansbridge ) * Added new site to other resources (Vasoo Veerapen ) * Fixed non-working local DNS's, possibly others, with 2 new rules in all scripts (INPUT chain) ("Aladdin" ) * Added better explanation of passive and active FTP inDOTcommon problems and questionmarks * Fixed all scripts to do ip spoofing checks in bad_tcp_packets (Rusty Russell) * Checked through everything in the rc.firewall.txt so it runs smoothly at least. * Fixed a ton of error messages that came up in the process of completing this version of the tutorial. * Added Multiport match explanation in how a rule is built. * Added Owner match explanation in how a rule is built. * Added State match explanation in how a rule is built. * Fixed paragraphs in the how a rule is built chapter. * Added TOS match explanation in how a rule is built. * Finished the Explicit matches section for now. * Added generic explanation of targets/jumps section. * Fixed a set of bugs in the Makefile. * Fixed the change.sh script a bit, requires 3 variables to be known now. 1.1.6 (7 December 2001) * Erased bad ods.dyndns.org link from Other resources and links. * Written small explanations of each site in the Other resources and links section. * Added ip-sysctl.txt from kernel 2.4.14 to the site instead of doing file:// link * Added ip_dynaddr.txt from kernel 2.4.14 to the site. * Added iptables man page to the site and link from the Other resources and links section. * Added other/ directory to the Makefile .src.tgz construction. * Added other/ directory to the Makefile site construction. * Finished the Generic matches for now. * Added an example /etc/services file to the site (add it as an appendice?) * Finished the TCP matches for now. * Finished the UDP matches for now. * Finished the ICMP matches for now. * Moved the ICMP types table to a separate apendix * Rewritten a few titles * Found out which RFC explains ICMP types and numbering. * Added text describing someDOTcommon problems with the rc.DHCP.firewall.txt script * Added rule to allow $LAN_IP on $LO_IFACE in rc.firewall.txt (Jim Ramsey ) * Added rule to allow $INET_IP on $LO_IFACE in rc.firewall.txt (Phil Schultz ) * Commented out DNS and NTP rules in the udpiDOTcoming_chain of rc.firewall.txt (Göran Båge ) * Rewritten the ICMP rules section in the scripts (Göran Båge and Doug Monroe ) * Fixed bad table specification in rc.flust-iptables.txt (Jasper Aikema ) * Moved the NEW not SYN rules to a separate chain that is called tcp_packets.(Kurt Lieber ) * Renamed Contributors appendix to Acknowledgements * Added Dedications section. * Added brief History appendix. * Rewritten INPUT rules to accept on source adress instead of destination (Chris Tallon ) * Added section explaining NEW not SYN problems with scripts being up'ed and downed periodically (Chris Martin ) * Fixed RH7.1 installation instructions by adding paragraph about iptables-save and restore etc (Jonas Pasche ) * Fixed parts of theDOTsection PREROUTING chain of the nat table. (Jan Labanowski ) * Fixed mirrors.html to include name and e-mail of Rodrigo. (Rodrigo R. Branco ) * Added interans.com mirror with names etc to mirrors.html (Jacco van Koll ) * Moved all the scripts to GPL (GNU General Public LiceDOTse) licensing terms. * Moved the actual text to GFDL (GNU Free Documentation LiceDOTse) licensing terms. * Added a copy of the GFDL. * Added a copy of the GPL. * Fixed missing tables_traverse.jpg in html version of the document. (Dave Wreski ) * Fixed a few errors in the different scripts which made it impossible to compile the document. * Fixed a few bugs in the Makefile. 1.1.5 (14 November 2001) * made picture rc.firewall.gif * made picture rc.DHCP.firewall.gif * made picture rc.UTIN.firewall.gif * made tablesnchains-traveDOTse.gif * Deleted extra column in Commands table * Deleted erroneous table containing one of the Options * Added rc.firewall.jpg/eps to sgml code * Added rc.DHCP.firewall.jpg/eps to sgml code * Added rc.UTIN.firewall.jpg/eps to sgml code * Added introduction to the rc.firewall file chapter * Fixed rc.test-iptables.txt link from Example scripts chapter * Fixed parts of the UDP chain explanation * Started getting rid of some annoying emphasis and computeroutput tags * Got rid of /32 masks on IP's in all scripts since it is redundant and might break things (feedback from "Kurt Lieber" ) * Fixed INPUT chain in the rc.DHCP.firewall.txt script (feedback from "Merijn Schering" ) * Fixed OUTPUT chain in the rc.DHCP.firewall.txt script (feedback from "Merijn Schering" ) * Fixed Makefile to include images/templates directory in src.tgz * Tested to add --nochunks in %.pdf.gz target in the Makefile (will be tested at release)(didn't work) * Erased a lot of "echo off" (AT) signs in the Makefile for easier debugging. * Added new mirror site at unixcircle.org * Fixed bad tables that fucked up both pdf and ps files. * Added mail adresses to maintainers of different mirrors. * Added addons/ directory in the source (Fabrice MARIE ) * fabpdf and eps_to_png added by Fabrice MARIE, fixes bad image handling by jade (Fabrice MARIE ) * Added explanation of fabpdf and eps_to_png (Fabrice MARIE ) * Fixed Makefile to use fabpdf and eps_to_png (Fabrice MARIE ) * Fixed sgml image links (Fabrice MARIE ) 1.1.4 (6 November 2001) * Added 2 appendices forgotten before that contains rc.test-iptables.txt and rc.UTIN.firewall.txt * Switched names on a few sections. * Added explanations to deinstall the rpm based package in redhat installation instructions. * Started explaining how rules are built. * Fixed bad variable assignment in rc.DMZ.firewall.txt (Kurt Lieber ) * Removed two unnecessary/nonfunctional rules in rc.DMZ.firewall.txt (Chris Pluta ) * Fixed bad cutnpaste rules (SYN not NEW) in rc.DMZ.firewall.txt (Stig W. Jensen ) * Fixed inconsistency in the chain and table traversal chapter about the nat table (Steve Hnizdur ) * Fixed more typos in rc.DMZ.firewall.txt (Stig W. Jensen ) * Fixed bad netmasks on variables which bugged out DNAT and SNAT in rc.DMZ.firewall.txt (Stig W. Jensen ) * Added flushing and deleting of mangle table in rc.flush-iptables.txt (Stig W. Jensen ) * Redone the old pictures so they can have somewhat the same look as new ones. 1.1.3 (9 October 2001) * Added section about listing the chains in a table. * Added info about conntrack table and how to look at it in /proc/net/conntrack. * Added section about faulty microsoft TCP/IP behaviour. * Started to write the rc.UTIN.firewall.txt script, will come with this release of the tutorial. * Added a section about the new rc.UTIN.firewall.txt script under the Example * Added a chapter that will explain how rules are made. * Added a chapter that explains traversing over the built in tables and chains. * Fixed Makefile error which didn't gzip files properly. (Jelle Kalf ) * Fixed commands to ease up the installation of iptables on RedHat 7.1 ("N.Emile Akabi-Davis" ) * Fixed OUTPUT chain in rc.DMZ.firewall.txt. (Joni Chu ) * Added a script which is for testing purposes, rc.test-iptables.txt. * Added a section for the rc.test-iptables.txt script. 1.1.2 (29 September 2001) * Fixed undefined variable in the rc.firewall.txt * Renamed certain variables. * Fixed bad variable assignments in rc.DMZ.firewall.txt * Mirror up at http://www.security.eti.br/iptablesTutorial * Improved userland installation section. Added how to compile and make iptables and installation instructions for Red Hat 7.1. 1.1.1 (26 September 2001) * Changed Makefile quite a lot, now has a target to pretty much make the whole site, among other things * gzip'ed the different materials, and added it into the makefile to automatically do it in the future. * Some grammatical changes incorporated made by Dave Richardson * Added list of mirrors. * Fixed minor bug in rc.DHCP.firewall.txt script, undefined LO_IFACE variable. * Made an iptables-tutorial-cron.sh script which will automatically mirror this site and all the content. * Removed unused variables which confuses the user. also dereferenced it in the text of the tutorial. 1.1.0 (15 September 2001) * Added links to rc.DHCP.firewall.txt that was forgotten. * Rewritten parts of the Makefile. * Restructured the page quite a bit, adding a front page that will contain other, future documents etc. * Tried to make some point of goal for the whole project. 1.0.9 (9 September 2001) * Added rc.DHCP.firewall.txt script * Added explanations of all(?) netfilter options in the linux 2.4.9 kernel, vanilla. * Rewritten the kernel options needed. * Rewritten rc.firewall.txt to use SNAT instead of masquerading. * New mirror at http://www.linuxvoodoo.com/howto/iptables/ 1.0.8 (7 September 2001) * Restructured the whole tutorial, indented "the tcp allowed chain", ICMP chain, TCP chain and UDP chain sections under the INPUT chain section * Rewrote the flush-iptables.txt file a little, also renamed it to rc.flush-iptables.txt * Changed section titles, mainly shortened them off * Wrote short explanations for the rc.firewall.txt and rc.flush-iptables.txt and added a section for each under the example scripts section * Rewrote parts of introduction and made basic language updates * Fixed typo from 1.0.7 where I've written DROP" on certain rules rendering them unable to get added to the tables. 1.0.7 (23 August 2001) * Major bugfix to the scripts regarding the state NEW but SYN bit unset * Written description of state NEW but SYN bit unset problem * Minor fixes to the rc.firewall.txt script(readability mainly) * Updated text for the INPUT chain section * Added Fabrice Marie to the Contributors section. 1.0.6 * Added the rc.DMZ.firewall.txt file and descriptions for it. * Added text * Updates to the DocBook format 1.0.5 * Updates to the grammar * Small changes on the scripts * Updated to DocBook by Fabrice Marie scripts section.