What's New? |
|
* = Changed + = Added - = Removed ! = Bug fix |
Important changes for version 2 include: |
- Removed old legacy plugin support that used the PLUGIN_PATH variable - Removed deprecated check_binary() function from environment + Added support for an optional plugin_restart() function in plugins using a new plugin template, while supporting previous plugins without a plugin_restart() function * The default INET->DMZ policy is now DROP. Common variables this change may effect are: INET_DMZ_HOST_OPEN_xxx and INET_DMZ_OPEN_xxx + Added support for Link-Local-Multicast ICMPv6 echo-request packets + Added LINK_LOCAL_DROP_LOG variable which controls logging of dropped IPv6 Link-Local addresses. + Added FORWARD_LINK_LOCAL variable which, by default (0), disables forwarding of IPv6 Link-Local addresses. + Added EXT_MULTICAST_CHAIN to handle external-inbound multicast traffic + Added DHCPv6 support for the EXT_IF_DHCP_IP variable. + Added a new variable FORWARD_DROP_LOG to disable logging dropped forwards when set to 0, defaults to 1. ! Fixed handling of destination host~port fields where only the host was specified. + Added a new set of variables INET_FORWARD_xxx to allow forwarding INET IPv6 and non-NAT'ed IPv4 packets to other interfaces. The format is similar to the IPv4 NAT_FORWARD_xxx without port mapping. + Added a new variable OPEN_ICMPV6 to allow independent control of INET ICMP for IPv4 and IPv6, enabled by default. ! Fixed handling of INET_DMZ_HOST_OPEN_xxx variables ! Fixed handling of INET_DMZ_HOST_DENY_xxx variables ! Fixed handling of INET_DMZ_DENY_TCP ! Fixed variable typo, INET_DMZ_HOST_DENY_TCP was not handled + Added IPv6 reserved network support, label logs by IPv4 and IPv6 ! Fixed RESERVED_NET_LOG is now independant from DROP_PRIVATE_ADDRESSES + Automatically disable IPV6_SUPPORT if IPv6 is not detected in the kernel |