- Honour Debian recommendations for systemd service file
- Enable xtables lock "wait" option found in iptables 1.4.20+, Issue #17
- Using NAT_STATIC_IP with multiple ext interfaces would fail in case not enough ext IPs were specified
- Don't hardcode IP4TABLES/IP6TABLES binary in the config file. Just autodetect it like the other binaries
- Misc. fixes for newer SuSE & Redhat systems concerning systemd & init
- Moved get host cache logic from traffic accounting plugin to environment to avoid (future) code duplication
- Fixed NAT_LOCAL_REDIRECT=1 packets from being logged as if they were dropped
- Added tcp_be_liberal option
- Allow rp_filter to be mode 2 (loose)
- Fixed functions get_ifs() and get_ips() with a '#', distinguish IPv4 from VLAN interfaces and check for
IPv6 addresses (thanks to Mike C. Fletcher)
- Improve y/n user handling
- Improve log handling for dyndns plugin
- Try to auto detect external net settings automatically on start
- Improve error handling especially for plugins
- Several plugin updates
External Link:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1f.tar.gz