- Added new BLOCK_NETSET_DIR variable which efficiently creates ipsets for blocklists using .netset files.
- Added expert DEFAULT_NETSET_WHITELIST and DEFAULT_NETSET_WHITELISTV6 variables when BLOCK_NETSET_DIR is defined.
- Added ipset support when IPTABLES_IPSET=1 and ipset is installed, disabled by default, Issues: #1, #24, #31
- Added LAN to DMZ forwarding policy, new optional LAN_DMZ_ALLOW_IF variable, Issue #30
- Added NAT_IF option to optionally specify external interfaces to be used for NAT
- Added LAN to LAN (Inter-LAN) filtering rules, LAN_LAN_HOST_OPEN_xxx, Issue #28
- Removed unused INT_FORWARD_IN_CHAIN and INT_FORWARD_OUT_CHAIN user chains, related to Issue #28
Note: Any custom rule or plugin should generally use the FORWARD_CHAIN or POST_FORWARD_CHAIN to access the FORWARD chain.
Additionally, the new LAN_LAN_HOST_OPEN_xxx rules natively handle Inter-LAN filtering.
- New support for ICMPv6 Multicast Listener Discovery, enable with OPEN_ICMPV6_MLD=1, disabled by default
- Keep external ICMPv6 packets appearing as annoying logs, common with native IPv6 ISP's. Thanks to David Kerr
- Added new PPTP VPN Passthrough plugin, suggested by Yuriy Cherniavsky, Issue #27
- Detect and remove stale lockfiles for plugin helpers
- Support kernel version check where "uname -r" doesn't contain a '-' character
- Leave the IPv6 sysctl accept_ra setting alone when forwarding=1, fixes WAN DHCPv6-client, Issue #21
External Link:
http://rocky.eld.leidenuniv.nl/arno-iptables-firewall/arno-iptables-firewall_2.0.1g.tar.gz