root/mirror/edenwall/nuface/trunk/Changelog

Version 2.0.15
    * Add media support to desc.xml
    * Fix Javascript: disable NAT protocol field for non-TCP/UDP protocols

Version 2.0.14 (2009-02-16)
    * Fix the LDAP backend in nupyf to include the UDP rules (instead of just
      the TCP rules)

Version 2.0.13 (2009-01-09)
    * Fix LDAP backend for an ACL with multiple groups (previously only
      one user group was stored in LDAP)
    * Fix nupyf to support authentication objected linked to another
      authentication object
    * Always show "Create new ..." button for objects (authentication,
      protocols, periods, etc.)

Version 2.0.12 (2008-11-03)
    * Fix HTML and CSS for Internet Explorer 7 for the ACL list
      and an highlighted an ACL group
    * Recompute all descsorts after a new ACL is created
    * Fix nupyf for the descsort of a FORWARD ACL when the source or
      destination is an broadcast address
    * Network description parser from nupyf module reads "enabled" attribute

Version 2.0.11 (2008-11-20)
    * Block layer7 object deletion if it's used by a protocol
    * Fix iptables generation for authentication rules in rescue mode:
      generate also the logging rules
    * Saving an ACL (forward, local IN or local OUT) closes the form and
      displays a message (ACL saved correctly)
    * /etc/init.d/init-firewall script remembers the previous mode (with NuFW
      or without NuFW): reuse the previous mode for start or reload actions
    * Remove value "--" for fields defaultaction and action of layer7 objects.
      When loading old rulesets, set defaultaction to "drop" and action to
      "accept" if the value is empty or not set

Version 2.0.10 (2008-10-15)
    * Don't use SNAT on IPSEC packets (use "-m policy --pol none --dir out")
    * NAT form: use a text area of 30x3 characters (instead of 30x1)
    * Fix iptables generation for NAT rules: sort the rules using the numeric
      value and not the string value (1, 2, ..., 10 instead of 1, 10, 2, ...)
    * NAT iptables rules: don't write -s 0.0.0.0/0 nor -d 0.0.0.0/0
      to get shorter rules

Version 2.0.9 (2008-10-13)
    * Fix the order of the IPSEC dispatch rules
    * Fix tunnel-src/tunnel-dst arguments of IPSEC dispatch rules
      (invert source and destination for the output rules)

Version 2.0.8 (2008-10-09)
    * Fix gendesc for a OpenVPN client: create a direct network of class C,
      eg. "Convert peer-to-peer address 10.8.0.66 to 10.8.0.0/24"
    * complete_resources_from_desc() replace the name on duplicate
      (eg. "INTERNET" becomes "INTERNET-2")
    * Support IP protocols "GRE" and "VRRP"
    * Disallow letters with diacritics for the ACL names
    * Fix "Internet Explorer" application in the ruleset template
      (use "*\explorer.exe" and "*\iexplore.exe" instead of "*\iexplorer.exe")
    * Use nuauth_command in init-firewall to reload nuauth cache and periods
    * Simplify generated nulayer7 rules: don't write
      "iptables -t mangle" prefix
    * Disallow to use the transparent proxy without NuFW authentication
      (revert the change made in 2.0.7)
    * Fix the CSS for Internet Explorer 6: don't set position to absolute
      for the completion list and fix some Javascript functions
    * Don't generate duplicate iptables rules (eg. ACL with multiple
      operating systems and applications)
    * Unit tests: write tests with authenticating ACLs,
      use --nufw and --same-iface options for nupyf, create a command
      to regenerate the unit tests

Version 2.0.7 (2008-09-18)
     * Create "override proxy" value for the transparent proxy
     * Allow to use the transparent proxy without NuFW authentication

Version 2.0.6 (2008-07-16)
    * Always show new ACL/NAT rule button (patch by afhide)
    * Improve rules propagation, now support multiples hosts (patch
      by afhide)
    * Fix iptables generation with ACLs using layer7 filtering
    * gendesc: create --ignore option to ignore some interfaces

Version 2.0.5 (2008-07-10)
    * Fix init-firewall script: replace non breaking spaces by simple space

Version 2.0.4 (2008-07-08)
    * Create transparent proxy option (default: disabled)
    * Fix nupyf to parse correctly ACL periodicity
    * gen_desc: accept link type other than loopback (eg. interface tun0)
    * Fix iptables rules generation: truncate log prefix if it's too long
    * Python 2.5: use builtin ElementTree library of Python 2.5 if available,
      replace old Set class by builtin set
    * Rename project Nuface to NuFace

Version 2.0.3 (2008-05-27)
    * Fix operating system and application filtering:
    * Create OSRelease field in operation system form
    * Fix nupyf (LDAP backend) to fill correctly the operation system
      fields (OsName, OsVersion and OsRelease)
    * Allow antislash in ApplicationPath and in sub-element name
    * Fix operation systems and applications in ruleset template (empty.xml)
    * Sort groups in authentication form
    * Fix nupyf (LDAP backend) for REJECT decision
    * Escape antislash in Javascript error message
    * Fix "make install" used without first "make" command call

Version 2.0.2 (2008-04-28)
    * Fix contextual help (i18n didn't work)
    * Fix Makefile: compile and install HTML documentation
    * Fix "Populate from DNS" button on resource page
    * Fix french translation
    * Add a message when acls.php is called with "acl=0"

Version 2.0.1 (2008-03-28)
    * Fix iptables rules generation (nupyf) for ACL using NuFW but with no
      protocol
    * Fix L7 rules creation
    * ACL description in LDAP: use same formant than ULOG prefix
    * Disallow authenticated FORWARD ACL with empty protocol
    * main.css: Applied the same font family as in NuLog (Verdana, Arial,
      Helvetica, sans-serif).

Version 2.0.0 (2008-03-21)
   * No longer copy empty ruleset to create a new ruleset, but use a dedicated button
   * New layout for statistic on the first page
   * New layout for acl edition
   * Allow to write user comment in log prefix
   * Write aclbase class to factorize acl and local classes code
   * ACL consistency check is more strict
   * Remove reference to /etc/network/firewall
   * Use new nuphp library (shared with NuConf project)
   * Nupyf now requires --nufw argument to enable authentication
     (use NFQUEUE target)
   * init-firewall: remove panic command, and "nonufw" and "standard" command
     enable IPv4 forward

Version 2.0rc4 (2007-02-06)
   * gendesc now takes care of routed networks
   * gendesc can uses command output
   * create option to log or not the packets
   * detect browser preferred language
   * optimize PHP and Javascript code
   * checkdesc doesn't check that identifiers are increasing
   * don't set PHP session name, keep default name
   * nupyf forces "same iface" option when only one network interface
     controler is available
   * nupyf simplify iptables output: it doesn't write "-d 0.0.0.0/0" nor
     duplicate "-d IP/mask" if it's already filtered by dispatch rules
   * bugfix: avoid creation of duplicate "INTERNET" resource
   * bugfix: fix minor CSS bugs

Version 2.0rc3 (2007-01-15)
   * gettext: Finish french translation
   * empty.xml: add more examples: periodicities, durations, operating
     systems and applications
   * Create favorite icon
   * Add XSS protection: remove "<" and ">" characters
   * Set default language to english
   * init-firewall supports fail2ban
   * Ruleset constructor checks "applied" attribute (used by NuConf)
   * Reorganize ACL form
   * elt class: check period consistency
   * nupyf: rename "--no-same-iface" option to "--same-iface" and fix same
     iface mode
   * nupyf: remove manage_input and manage_output (always enabled)
   * nupyf: write better timestamp to generate iptables scripts
   * Don't set modified state on "save a copy" action
   * Always set PHP error level to E_ALL to show fatal errors
   * nat class: constructor checks rule consistency
   * Fix ACL history for deleted rules
   * Rewrite "alphanum" regular expression, used for text validation
   * "make install" doesn't replace existing nupyf.conf configuration
   * Create configuration option: $apply_firewall_rules

Version 2.0rc2
   * Rules modelization evolution for better ergonomy, simplified model.
     This also means that NuFace 2.0 data model is NOT compatible
     with former versions.
   * Switch to GPLv3
   * PHP4 is no longer suported => use PHP5 with PHP exceptions
   * Check desc.xml version (1.3) and acl.xml (2.0)
   * Fix spelling mistakes, rename "ressource" to "resource"
     and "periodicitys" to "periodicities"
   * Rename "Subject" to "Source" and "Resource" to "Destination" in ACL form
   * Many ergonomy enhancements
   * Contextual help added
   * Added init script to block (drop) input and forward traffic
     until the real firewall rules are started.
   * Use checkdesc in NuFace: run it before loading a desc.xml
   * Change charset to utf8, instead of ISO-8859-1
   * Store ACL files in /var/lib/nuface/acls/
   * Use gettext for internationalization
   * NuFace always check object's consistency (duplicate ID, broken link, ...)
   * IP 127.0.0.0/8 is forbidden
   * Don't load firewall rules if propagation failed

1.2.0
   * Support for Layer7 (http://l7-filter.sourceforge.net/) filtering
   * Rules modelization evolution for more granular ACLs ordering.
   * Many ergonomy fixes
   * Generate iptables-restore formated rules for better loading performances