Hi folks!
I am happy to announce that SuSEfirewall2 is now ready for world-wide
realiable beta/gamma testing!
The code is much more secure than SuSEfirewall(1) because of the change in
code and possibilies, and now with the newest 2.4 kernel version the
firewall code seems finally to be reliable.
So everyone: now is the best time to change from SuSEfirwall to
SuSEfirewall2 for better security and faster rule chains.
btw if you sometimes change between SuSEfirewall(1) and 2 because you use
both, 2.2 and 2.4 kernels, just install SuSEfirewall-4.7 - and SuSEfirewall
will start only in 2.2 mode and if in 2.4 mode SuSEfirewall2 is not
configured to run.
For harden_suse users: download v3.4 for use with SuSE 7.2.
Changelog for SuSEfirewall2 1.0:
v1.0 10.06.01 GAMMA
-> believe it or not - v1.0 is ready to go and should work
perfectly for everyone! :-)
* Added the new ip-up script which supports
SuSE-personalfirewall, SuSEfirewall(1) and SuSEfirewall2
* Added a patch by , which fixes some
error checking - thanks!
* Added loading of a kernel module which is necessary for active ftp
(thanks to christian.ernst@informatik.fh-hamburg.de)
* Added support for devices with no broadcast address (e.g. ipsec stuff)
* Autoprotecting mode supports ipv6 global bindings (:::1) now
* Fixed a bug in the UDP autoprotecting mode support
* Removed TOS stuff for ICMP - resulted in no ping packets being
sent. Seems to be a kernel bug :-( netfilter still sucks ...
* Updated the documentation
* Added bootp config support for interfaces
* Added a small README and a converted EXAMPLES file
Changelog for SuSEfirewall 4.7:
v4.7 .06.01 (gamma release)
* added auto service detection for IPv6 services
* added support for ipsec and other devices without a broadcast address
* if running with a 2.4 kernel, the boot scripts check if SuSEfirewall2
is installed and won't run if detected. This provides you with
optimal security and transparent SuSEfirewall* support! :-)
Changelog for harden_suse:
v3.4 10.06.01 (gamma release)
* wont disable some special SuSE 7.2 stuff: CRYPTO_FILESYSTEMS
IDLED, POWERTWEAKD, PPTPD, IJB, IPPL, ARGUS, etc.
v3.3 06.05.01 (gamma release)
* wont disable SNORT, ADSL, NESSUSD and many many other things now
which either do not affect security or are security daemons
* added LICENCE file (required by SuSE policy)
* added special warning about tcp wrapper setup and it effects on sshd
v3.2 07.04.01 (gamma release)
* added MD5 passwords
* changed the undo script creation, after running undo, the log and
undo files are not deleted but renamed
Greets,
Marc
--
E@mail: marc@suse.de Function: Security Research and Advisory
PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security