--0.6.0-- 11-29-2003:Fixed a bug in the loading of the ftp nat module 11-21-2003:Use of multiport match is now optional 10-19-2003:Changed shebang line to #!/bin/bash 10-12-2003:Added a test for tcp syncookies support --0.5.2 09-30-2003:Fixed a cosmetic bug in ALLOWED_UDP_IN --0.5.1-- 09-30-2003:Added FAILSAFE config option 09-28-2003:Added test for TTL support 09-27-2003:Smarter autoconfiguration of DISALLOW_PRIVATE 09-25-2003:Added pre- and post- scripts 09-23-2003:Added PATH variable to fix distros like Redhat 09-22-2003:Reduced output verbosity 09-22-2003:Removed string matching rules for now 09-22-2003:Don't log icmp in catch-all 09-20-2003:Added --failsafe option to prevent loss of remote access if ipkungfu fails 09-18-2003:Removed rule saving since we're not doing anything with it yet 09-16-2003:ipkungfu -c no longer takes forever to return results 09-16-2003:Replaced MASQ_LOCAL_NET and IP_FORWARD with GATEWAY in config. MASQ_LOCAL_NET and IP_FORWARD are still used internally 09-12-2003:Fixed vhost output to fit in a nonfb terminal window 09-12-2003:Fixed vhost output to deal with optionally blank ports 09-12-2003:Fixed ulog support detection 09-12-2003:Fixed a small bug in the port redirection code 09-12-2003:New init script by Bruno Torres (thanks!) should work for most distros 09-12-2003:Either Port or Protocol (but not both) can be omitted in vhosts.conf 09-12-2003:Got rid of PARALLEL_HTTP feature 09-02-2003:Added support for port ranges in ALLOWED_*_IN 09-01-2003:Removed FORWARD rules for ALLOWED_*_IN 09-01-2003:Updated icq example in vhosts.conf 08-28-2003:Updated comments and examples in redirect.conf 08-27-2003:Removed PING_FLOOD code - there doesn't seem to be a way to do this the way I want 08-26-2003:Fixed numerous ping issues 08-22-2003:All config options in ipkungfu.conf are now guessed, detected, or have reasonable defaults and are commented out by default 08-22-2003:Stopping ipkungfu now enables ping 08-22-2003:Added output for port redirection 08-22-2003:No longer aborts for lack of LOG target support if LOG_FACILITY=ulog 08-22-2003:Added RFC compliant list of IP ranges to reject from EXT_NET if DISALLOW_PRIVATE=1 08-22-2003:Added optional wait time for init to work around mysterious kernel panics 08-22-2003:Better way to modprobe irc and ftp conntrack modules 08-22-2003:Added --show-vars command line option --0.5.0-- 05-26-2003:Path to executable is a variable in the init script to make life easier for packagers 05-22-2003:Added 'RETURN' as a valid target for SUSPECT, KNOWN_BAD, and PORT_SCAN 05-13-2003:Added option to set TTL on outbound traffic 04-29-2003:Updated installer 04-29-2003:Fixed detection of some nmap portscans, courtesy of SiegeX 04-29-2003:Numerous small bugfixes, courtesy of SiegeX 04-29-2003:Added syncookie support 04-18-2003:Applied deny_hosts.conf to the FORWARD chain 04-15-2003:Added --flush option 04-14-2003:Added config option for modprobe path 04-11-2003:Added unclean match support 04-11-2003:Made it possible to have a server on a public IP inside the firewall and have another server on the same port on a private IP inside the firewall 04-11-2003:Added machanism to get external IP address 04-09-2003:Added connection tracking to the FORWARD chain 04-05-2003:Added forward.conf to manage the FORWARD chain 04-05-2003:Added support for networks with public IP addresses inside the firewall 04-05-2003:Added support for filtering outbound traffic from inside the firewall 03-25-2003:Rearranged rules for more effective port scan detection 01-21-2003:Fixed a bad sample rule in custom.conf 01-21-2003:Added additional configuration sanity checks 01-28-2003:Fixed the DONT_LOG options in log.conf --0.4.0-- 01-25-2003:Better (I hope) default settings in conf files 01-25-2003:Fixed installer to install the conf files (oops) 01-25-2003:Added "direction" support in redirect.conf 01-25-2003:Added some new options to log.conf 01-25-2003:Added support for the ULOG target in log.conf 01-24-2003:Added support for multiple internal devices 01-24-2003:Added support for multiple internal subnets --0.3.2-- 01-20-2003:Rewrote installer, which now just copies files and makes no attempt at configuration 01-20-2003:Several bugfixes, comments added 01-19-2003:Port forwarding no longer interferes with outgoing packets 01-12-2003:Fixed some permissions problems 01-12-2003:Fixed installer so custom.conf gets installed 01-12-2003:Fixed a bug that prevents users from opening one port per protocol --0.3.1-- 01-05-2003:Added option to negatively specify hosts in vhosts.conf with a ! --0.3.0-- 01-04-2003:Added support for port ranges in various config files 01-03-2003:Put syn-flood chain back in 12-14-2002:Eliminated syn-flood chain 12-14-2002:Used multiport match to open ports, to cut down on rules 12-14-2002:Removed rules that use external IP address 12-13-2002:Completely rewrote installer to be non-interactive 12-07-2002:Maybe took some hassle out of dcc, needs testing 12-06-2002:Added --quiet option 12-06-2002:Added init script 12-06-2002:Added uninstall script 12-06-2002:Fixed a bug with deny_hosts.conf --0.2.1-- 11-26-2002:Added --help (jahhan) 11-26-2002:Fixed multiple small bugs (jahhan) 11-25-2002:Updated installer 11-25-2002:Added preliminary support for dhcp servers 11-25-2002:Added --log-tcp-options to some relevant logs 11-25-2002:Put much of the code into functions 11-24-2002:Added "IPKF" string to all logs (more greppable) 11-24-2002:Added --panic (no one-letter easy-screwup version) 11-24-2002:Added --version, --list, --check, --disable and 1-letter versions thereof 11-20-2002:Fixed denyhosts bug (thanks martin!) 11-19-2002:Added code to autoload ip_conntrack_irc and ip_nat_irc 11-15-2002:Added option to REJECT identd instead of DROP 11-15-2002:Eliminated some redundant rules --0.2.0-- 11-13-2002:trelane found an installer bug for standalone boxen - fixed 11-12-2002:Removed catch-all rule for the FORWARD chain 11-12-2002:Changed default policy for the FORWARD chain to ACCEPT 11-12-2002:Added preliminary DMZ support 11-12-2002:Added the ability to specify hosts to allow access to vhosts 11-12-2002:Added localhost redirect support 11-12-2002:Added accept_hosts.conf and deny_hosts.conf 11-12-2002:Changed rule-saving to support non-chkconfig-compatible installs 11-12-2002:Changed default policies for OUTPUT and FORWARD to ACCEPT 11-12-2002:Added ToS mangling code 11-12-2002:Improved virtual host redirection support 11-12-2002:Added support for custom rules 11-12-2002:Log verbosity is now configurable 11-12-2002:Additional configuration sanity checks... more still needed 11-12-2002:Added some very nice features borrowed from Arno's iptables-script 11-12-2002:Added interactive installer 11-12-2002:Split into multiple files, executable and config --0.1.1-- 10-20-2002:Added support for multiple virtual hosts (thanks Wolf!) 10-19-2002:Added rule saving for non-chkconfig-friendly distros 10-17-2002:Fixed a rather unfriendly error message 10-10-2002:Fixed dcc bug 10-10-2002:Added --disable command line option 10-10-2002:Removed some redundant rules 10-10-2002:OK so we do need the external IP 09-19-2002:Added Slapper code 09-19-2002:Added changelog :) 09-19-2002:Removed the need to know the IP of the external interface