What's New?

 

* = Changed + = Added - = Removed ! = Bug fix

Important changes for version 2 include:

- Removed old legacy plugin support that used the PLUGIN_PATH variable
- Removed deprecated check_binary() function from environment
+ Added support for an optional plugin_restart() function in plugins using a new plugin template,
while supporting previous plugins without a plugin_restart() function
* The default INET->DMZ policy is now DROP.  Common variables this change may effect are:
INET_DMZ_HOST_OPEN_xxx and INET_DMZ_OPEN_xxx
+ Added support for Link-Local-Multicast ICMPv6 echo-request packets
+ Added LINK_LOCAL_DROP_LOG variable which controls logging of dropped IPv6 Link-Local addresses.
+ Added FORWARD_LINK_LOCAL variable which, by default (0), disables forwarding of IPv6 Link-Local addresses.
+ Added EXT_MULTICAST_CHAIN to handle external-inbound multicast traffic
+ Added DHCPv6 support for the EXT_IF_DHCP_IP variable.
+ Added a new variable FORWARD_DROP_LOG to disable logging dropped forwards when set to 0, defaults to 1.
! Fixed handling of destination host~port fields where only the host was specified.
+ Added a new set of variables INET_FORWARD_xxx to allow forwarding INET IPv6 and non-NAT'ed IPv4 packets
to other interfaces.  The format is similar to the IPv4 NAT_FORWARD_xxx without port mapping.
+ Added a new variable OPEN_ICMPV6 to allow independent control of INET ICMP for IPv4 and IPv6, enabled by default.
! Fixed handling of INET_DMZ_HOST_OPEN_xxx variables
! Fixed handling of INET_DMZ_HOST_DENY_xxx variables
! Fixed handling of INET_DMZ_DENY_TCP
! Fixed variable typo, INET_DMZ_HOST_DENY_TCP was not handled
+ Added IPv6 reserved network support, label logs by IPv4 and IPv6
! Fixed RESERVED_NET_LOG is now independant from DROP_PRIVATE_ADDRESSES
+ Automatically disable IPV6_SUPPORT if IPv6 is not detected in the kernel