[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    IP Filter 3.1.5
From:       Darren Reed <darrenr () cyber ! com ! au>
Date:       1997-01-13 10:18:58
[Download RAW message or body]


Hi folks, yes, another update (mainly for NAT users).

In earlier changes to using set_tcp_age() for setting the NAT timeouts,
something broke.  This release fixes that.  Also, as a part of fixing this,
record is kept of each `connection' required for NAT if IP address mapping
(only) is used.  For example, if you use a line such as:

map ppp0 10.1.1.1/32 -> 192.1.1.1/32

telnet out through ppp0 and the setup an ftp session, "ipnat -l" will list
entries for both of those with the IP#'s changed but the port numbers the
same all the way through.  (Hmmm, I should use fr_checkstate() with this
too, to increase the security of NAT setups).

Also, I discovered a problem with LKM's under FreeBSD (and maybe NetBSD
too) which would cause FreeBSD to refuse to "modload" ipfilter after a
number of successes.  This has now been fixed.

Cheers,
Darren

p.s. I'm going to look at putting patch files up for 3.1.2 -> 3.1.3,
     3.1.3 -> 3.1.4 and 3.1.4 -> 3.1.5 so look out for those when you
     goto grab the latest release.

[prev in list] [next in list] [prev in thread] [next in thread]