ChangeLog

2022-04-19 Mike Gabriel

        * release 1.99.0 (HEAD -> master, tag: 1.99.0)
        * uif.8: Update uif man page (esp. for nft support, but also convert
          from nroff to groff). (c52a64c)
        * uif.conf.5: Update uif.conf man page (esp. for nft support, but
          also convert from nroff to groff). (fa7ba69)
        * Makefile: Assure presence of new config dirs (for dropping
          snippets). (574181c)
        * uif.pl: With nft backend, fix port based rules. (4d74c0b)
        * Support file globbing and introcuce conf.d directories for dropping
          config snippets. (96ed4c7)
        * Update copyright/license information. (bd7fe84)
        * compare-v(4|6)-iptables+nft-results.sh: Add test scripts that
          compare iptables-nft and nft results. (f76c2a8)
        * uif.pl: With nft backend, resolve remaining FIXMEs. This complete
          the nft backend support. (222559a)
        * uif.pl: With nft backend, drop 'meta l4proto ipv6-icmp' prefix
          before type-wise ICMPv6 packet accepts. (945c6e0)
        * Revert "uif.pl: With nft backend, use proper counter expressions."
          (f52b023)

2022-04-18 Mike Gabriel

        * uif.pl: With nft backend, use pre-defined priority keywords instead
          of hard-coded priority numbers. (7100eb4)
        * uif.pl: With nft backend, use single ports only if ranges start and
          end with the same port. (ff27dfe)
        * uif.pl: Use camel-case key for 'FilterCommand' in $Sysconfig hash.
          (26b0453)
        * uif.pl: With nft backend, use proper counter expressions. (123c3c3)

2022-04-17 Mike Gabriel

        * uif.pl: Introduce line numbering in print mode, add cmdline option
          '-l'. (97f5523)

2022-04-16 Mike Gabriel

        * uif.pl: Convert another "-j" iptables option into "counter jump".
          (8b830a7)

2019-12-07 Mike Gabriel

        * uif.pl: Fix snat/dnat multiport rules in nft. (6fcfd7a)

2019-12-06 Mike Gabriel

        * uif.pl: Fix icmpv6 rules for nftables. (7874781)
        * uif.pl: Resolve one FIXME: snat/dnat rules for native nft command.
          (c3edde5)
        * uif.pl: Drop not required (and flawed) <FIXME> (8a85e2e)
        * mark TODOs with FIXME tags (aae4ab1)
        * Turn genRuleDump_NFT so that now generates a native nft command
          set. (a1b95d1)

2019-12-05 Mike Gabriel

        * uif.pl: Introduce FILTER_COMMAND environment parameter and support
          nft command sets as well as iptables* command sets.
          (d598df0)

2019-12-06 Mike Gabriel

        * Send "Skipping..." messages to STDERR. (98a57ec)

2019-12-05 Mike Gabriel

        * default: Parameter that shall be perceived by the uif Perl script
          need to be exported to the environment. (99d6e86)
        * uif.pl: white lines removed / added (8f2746e)
        * Prepend targets starting with ${id} by CHAIN_ (so that target names
          work in nftables, too). (d72d1d7)
        * The Linux firewall is shifting towards nftables, so let's prepare
          for that (by using the legacy iptables commands).
          (55ba357)

2018-08-20 Mike Gabriel

        * release 1.1.9 (a7ec235) (tag: 1.1.9)
        * Makefile: Fix flawed usage of DESTDIR and PREFIX. (1448fd3)

2017-01-16 Mike Gabriel

        * uif.spec: Date fix in changelog. (ee38674)

2017-01-15 Mike Gabriel

        * release 1.1.8 (1123e0c) (tag: 1.1.8)
        * validateData: Prevent from using networks with MAC addresses
          neither for outward bound nor for destination networks.
          (d913b96)
        * Better test and fix MAC address based source filtering. (477c55b)
        * release 1.1.7 (9d20e8e) (tag: 1.1.7)
        * MAC-source filtering, regression fix: Re-add push of $ip to
          @netobjects if network object contains a MAC address.
          (bd85804)
        * UIF: Allow MAC syntax in network items only with real IP addresses,
          not with DNS resolvable host names. (36d6d86)
        * release 1.1.6 (3435812) (tag: 1.1.6)
        * Makefile: Fix installation of uif.initscript. (0038831)
        * uif.conf.5: Add some hints and notes about IPv6 support. (9c01c91)
        * doc files: consistently use UIF in capital letters. (6d01761)
        * services file: Add some more services (kerberos5 et al., ldaps,
          swat, openvpn, mysql, munin, cfenging, xmpp-client,
          xmpp-server, icinga2, webmin and puppet). (868ac44)
        * COPYRIGHT: Update copyright date for Mike Gabriel. (cfee841)
        * ChangeLog: Convert to GNU ChangeLog style, generated from Git
          history. (577cc6b)
        * INSTALL.md: Typo fix in Perl module name. (d75e0ed)
        * Drop former uif initscript, replaced by new uif.initscript file.
          (8766e7b)
        * Revert "release 1.1.6" (26c5c19)
        * Rename README.IPv6 -> README.IPv6.md (465c6da)
        * release 1.1.6 (ed896f4)
        * Update most documentation files and convert to markdown syntax.
          (f2f7bf2)
        * init script: Adopting Debian's init script as an example into
          upstream code. (13adace)
        * Add VERSION file (with last released version number). (402d8f5)
        * Drop debian/ packaging folder, we are an upstream project.
          (6aae291)
        * IPv6 name resolution: Work around broken IPv6 name resolution in
          NetAddr::IP (see: CPAN issue #119858). (91d3907)

2017-01-13 Mike Gabriel

        * IPv6 support: More locations in the code spotted, where we need to
          differentiate between IPv4 and IPv6 mode. (2baab0e)

2016-04-18 Mike Gabriel

        * Merge branch 'ka7-spelling_fix' (91cb12b)

2016-04-16 klemens

        * spelling fix, as of lintian.debian.org (ae13340)

2015-03-11 Mike Gabriel

        * release 1.1.5 (01892a9) (tag: 1.1.5)
        * bump version and dates (45b9141)
        * Fix severe flaw in IPv4-only/IPv6-only rule setup. Don't open IPv4
          wholes when setting up IPv6-only rules and vice versa.
          (d8c8700)

2014-12-09 Mike Gabriel

        * Fix another typo in same error message. (3ffeb89)
        * Fix spelling of Debian in error message. (Closes: Debian bug
          #772496). (5cb7c81)

2014-07-01 Mike Gabriel

        * release 1.1.4 (2754565) (tag: 1.1.4)
        * debian/rules: Update from Debian package. (47e10a2)
        * debian/copyright: Update from Debian package. (da54e44)
        * Make sure that masq|snat|dnat|nat rules get ignored in IPv6 mode.
          (2a5b7ae)

2014-06-13 Mike Gabriel

        * release 1.1.3 (f6505c5) (tag: 1.1.3)

2014-06-03 Mike Gabriel

        * uif.conf: Drop the fw+ filter for ICMPv6 rules. (23707ba)
        * debian/uif.postinst: Provide a DebConf mediated workstation config
          that also protects from IPv6 attacks. (244cbdd)
        * IPv6: make neighbor-solicitation (packet type 135) a must for the
          incoming filter (f888b00)
        * examples: Provide an IPv4+6 config file example (d318892)

2014-05-20 Mike Gabriel

        * uif.conf: Allow packet type 136 (neighbor-advertisement). Allow
          forwarding _and_ inbound ICMP messages. (76474e5)
        * release 1.1.2 (a62ad68) (tag: 1.1.2)
        * uif.spec: Update version+release field. (01513a7)
        * debian/changelog: drop non-sense at EOF (d91cdce)
        * uif.conf: Enable inclusion of services file by default. (f68c9e4)
        * services: Use more appropriate icmp packet type names. (2fdbae3)
        * debian/changelog: Use revison -0 in package version. (4bf5f76)

2014-01-28 Mike Gabriel

        * Add services "rdp" and "vnc-support" to services file. (3c10099)
        * Provide new protocol: ipv6-icmp. Rework ICMP types in services
          file. (5debe50)

2014-01-22 Mike Gabriel

        * release 1.1.1 (e384b5b) (tag: 1.1.1)
        * Alioth-canonicalize Vcs-Git: field. (2084ea5)
        * Install lintian overrides. Override issue false-positive issue
          maintainer-script-should-not-use-service. (46b887e)
        * Make sure that hostnames resolve to IPv6 addresses when setting up
          the IPv6 filtering rules. (3872ce4)
        * Default log level for iptables: crit (not debug). (9bac303)
        * debian/uif.init: Leave reporting startup failures to
          init-functions. Beautify init script when failures occur.
          (f12a8bb)
        * Fix typos and mal-used minus signs in uif.conf.5 man page.
          (25cee2a)
        * Continue development... debian/rules: Add get-orig-source rule.
          (a3ce0ba)
        * release 1.1.0 (1a2ffc9) (tag: 1.1.0)
        * Calls of update-rc.d are now handled by debhelper. Add #DEBHELPER#
          macro after the new uif configuration has been created.
          (43a6cdc)
        * debian/uif.init: typo fix (cfc350b)
        * Bump Standards: to 3.9.5. No changes needed. (2afe691)
        * debian/rules: syntax fix (e99b29f)
        * debian/uif.init: Provide an LSB compliant init script for Debian.
          debian/uif.install: Don't install upstream's init script
          on Debian system. (44f01b3)
        * cosmetic removals of "/" before debian/ folder name (2e5c2f0)
        * debian/uif.postinst: Adapt Debianic configuration of workstation
          profile to IPv6 capabilities. Enable IPv6 by default, as
          well, on Debian systems. (dc52d1b)
        * add EOL at EOF (b7650fb)
        * Enable IPv6 support by default. (2ce5855)
        * remove Debian specific comment in upstream uif.conf, hint to
          IPv4-only / IPv6-only network names usage in uif.conf
          (faf5264)
        * Support filtering rules that apply to IPv4/IPv6 only. (fff07b9)
        * Add /me and Alex Owen as copyright holders. (3c31d9d)
        * uif.spec: update RPM build script (fdeef77)
        * service: fix author name (convert to UTF-8) (5638602)
        * README.IPv6: typo fix (96ad6d6)
        * Keep lines in README below 80 characters. (207e3cd)
        * Drop deb: rule vom Makefile. (a665b56)
        * Update upstream download source in INSTALL file. Mark Net::LDAP as
          optional dependency. (03b3a8f)
        * Update COPYRIGHT file. Add /me as copyright co-holder and update
          FSF address. (3645e5e)

2013-10-31 Mike Gabriel

        * Init script: be more explicit on whether init script actions are
          IPv4 or IPv6 actions. (2fbf3e6)
        * debian/rules: run dh_link during (4a7215c)

2013-08-07 Mike Gabriel

        * debian scripts: whitespace/tab fixes (16186ec)
        * /debian/uif.config: whitespace/tab fixes (0be6dd8)
        * Makefile: fix installation of doc files (c7acd0b)
        * Provide IPv4/IPv6 capable set of default configuration files.
          Rename example files to denote that they show IPv4-only
          examples. (019c78e)
        * fix encoding in copyright file (2b99d66)

2013-08-06 Mike Gabriel

        * /debian/control: Drop separate package uif-ldap again. Sync in
          packaging folder from Debian. (9f3554a)

2013-06-11 Mike Gabriel

        * /debian/rules: Run dh_link during install. (cd1fd5a)
        * version fix, encoding fix, whitespace fix in Makefile (7fbbaad)
        * /debian/*.docs: Install README* files into bin:packages. (61a192d)
        * whitespace cleanup (17225ff)
        * coherent spelling of IPv4 and IPv6 in man page (9e77348)
        * coherent spelling of IPv4 and IPv6 in init script (2336ea3)
        * propely tab'ify init script (9f7f2bb)
        * Create README.IPv6 as upstream file. (341e532)
        * /debian/rules: Leaving clean-up to dh_clean. (b51cf05)
        * Update README, mention issue trackers. (a4fd6bf)
        * update changelog (6b40a6e)

2013-06-11 Alex Owen

        * IPv6 patch (0ffa361)

2013-06-11 Mike Gabriel

        * import packaging from Debian package (a374f15)
        * now really fix umlaut in uif.pl (48c887d)
        * Continue development... (d0b9dbf)
        * release 1.0.8 (44a1201) (tag: 1.0.8)
        * update ChangeLog (e694cb0)
        * convert Umlaut to UTF-8, fix FSF address (2ee8df9)
        * fix hyphens and spelling errors in man pages (bc4d0f9)
        * import packaging files from Debian package (1cccc49)
        * Continue development... (1d3bc90)
        * add Description: keyword to LSB header (327a5ba)

2013-06-10 Mike Gabriel

        * release 1.0.7 (d1f04b6)
        * add myself to the list of upstream people (234f4f6)
        * /debian/control: Add uif-ldap to Suggests: field (f3f6a1a)
        * split uif into bin:packages uif and uif-ldap (15ef174)
        * Provide a default (nothing-in/all-out) uif.conf. (c1d0f4d)
        * ChangeLog: moving credits over to Alex Owen (c7606c1)
        * abusing /debian/changelog as upstream changelog (2573ad5)
        * Run dh_clean in clean stanza. (252c79a)
        * fix mailadress in changelog footer (d86b092)
        * remove build cruft from /debian folder (3ba49af)
        * remove stray templates files: templates.de (7775ed3)
        * upstream projects are easier to handle with source format 3.0
          (native) (7b14060)
        * Make LDAP dependency optional. (5907709)
        * use my NWT address for this upstream project, set changelog to
          UNRELEASED (1a74530)
        * rewrite /debian/changelog, use as upstream changelog from now on
          (16f44c2)
        * import all gains from the latest Debian package of uif
          (debian/1.0.6-3) (369914e)

2011-08-24 Cajus Pollmeier

        * Fixed mail (78811fa) (tag: 1.0.6)
        * Fixed encoding (f97ce59)
        * Initial checkin (d15aeda)