Component: firewall

6.34 Stable 2016-Jan-29 (10 years ago)

• added inversion support for "limit" option;
• added bit rate matching for "limit" option;
• improved performance for "limit" option;
• do not allow to add new rule before built-in (reverted);
• SIP helper update for newer Cisco phones;

6.32.3 Long-term 2015-Oct-19 (10 years ago)

• fixed connection-rate matcher;

6.32.1 Stable 2015-Sep-07 (10 years ago)

• do not lose firewall mangle rules on start-up;

6.32 Stable 2015-Aug-31 (10 years ago)

• fixed limit and dst-limit options.

6.30 Stable 2015-Jul-08 (10 years ago)

• sip helper improved, large packets no longer dropped;
• added ipsec-policy matcher to check wheather packet was/will be ipsec processed or not;

6.29 Stable 2015-May-27 (10 years ago)

• fixed sector writes rising starting since 6.28;

6.19 Stable 2014-Aug-26 (11 years ago)

• packet defragmenting will only happen with connection tracking enabled;
• optimized option matching order with-in a rule;
• rules that require CONNTRACK to work will now have Invalid flag when CONNTRACK is disabled;
• rules that require use-ip-firewall to work will now have invalid flag when use-ip-firewall is disabled;
• rules that have interface with "Slave" flag specified as in-/out-interface will now have Invalid flag;
• rules that have interface without "Slave" flag specified as in-/out-bridge-port will now have Invalid flag;
• rules with Invalid flags will now be auto-commented to explain why;

5.13 Stable 2012-Feb-14 (14 years ago)

• to-address can be specified as ip address with mask in addition to ip range;