2000-08-04  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Tag: FWCTL_0_28
	* fwctllog: Only warn (don't die) when encoutering an
	invalid syslog line.

2000-08-01  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* test.pl: Added test for ICA module.

	* Fwctl/Services/ica.pm: New ICA module.

	* README: Added requirements for Net::IPv4Addr 0.10.

	* NEWS: News for 0.28.

	* Fwctl.spec: Updated for version 0.28.
	Updated spec file to use new macros.

	* Fwctl.pm (VERSION): Changed version number to 0.28.
	Required Net::IPv4Addr 0.10.

	* Changed copyright to GPL only.
	* test-data/in/deny-snmp-INT_NET-nolog: Removed unessary 
	rules because of Net::IPv4Addr 0.10

	* test-data/in/deny-netbios-INT_NET-nolog: Removed unessary 
	rules because of Net::IPv4Addr 0.10

2000-06-20  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Copyright: put under GPL only for ipchains.

	* Fwctl/Services/ipsec.pm (accept_rules): Load module
	when portfw is turned on.

	* Fwctl/Services/pptp.pm (accept_rules): Load module
	when portfw is turned on.

2000-06-11  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_27

	* Fwctl/RuleSet.pm: 
	(all_masq_forward_ruleset) removed.
	(all_umasq_forward_ruleset) removed.
	(ip_forward_ruleset) Changed implementation for all service.
	(doc) Changed copyright.

	* Fwctl/Services/all.pm: Add rules to all chains:
	tcp, udp and icmp, to fix problem related to rules

2000-06-07  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.pm: 
	(routes) Return a destination based routing table.
	(find_interface) Handle case of two routes with one more
	specific than the other.
	(interfaces) Fixed a bug when setting the interfaces. 
	(doc) Copyright is all to iNsu.
	* test-data/etc/interfaces: Better interface definition
	  for an IP alias.

	* IPChains/PortFW.pm: Changed Copyright. Removed 
	  assignment to undef which requires perl 5.005.

2000-05-12  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctlreport: Removed page header and put report's date
	  under the title.

	* Fwctl/Report.pm 
	(report_iterator): Assumes that records are
	  already sorted by time stamp to reduce memory consumption.
	(remove_duplicates): Was transformed on is_duplicate which is
	called before adding each records, again to reduce memory usage.

2000-05-08  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.spec (Requires): Requires Net-IPv4Addr >= 0.09

	* Makefile.PL (PREREQ): Requires Net::IPv4Addr >= 0.09

	* TAG: FWCTL_0_26

	* Fwctl.spec (Version): Updated version number to 0.26.

	* Fwctl.pm (VERSION): Updated version number to 0.26

	* fwctllog (read_records): Throw exception when it is not
	  possible to parse a Packet log: line.

	* NEWS : Added user changes for 0.26.

	* TODO: Added list of requested enhancements.

2000-05-05  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctllog : Fixe parsing of chains with - in it. 
	(Thanks Bernd Eckenfels).

2000-02-17  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_25_1
	* fwctl.logrotate: Moved back weekly report to log rotation script.

	* fwctl.cron: Moved back weekly report to log rotation script.

2000-02-16  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_25
	* fwctl.logrotate: Moved weekly reports to fwctl.cron.

	* fwctl.cron: Added weekly reports from logrotate.d sample 

2000-02-11  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctl: Fixed problem with the way the new switches were 

	* fwctlreport.pm: Changed way to select subset of records with
	an expression rather than many switches.

	* Fwctl/Report.pm: Changed way to select subset of records with
	an expression rather than many switches.

	* Fwctl.spec: Updated for version 0.25.

	* Fwctl/Report.pm: When removing duplicates, we should compare
	src and dst ip using eq not ==.

2000-02-07  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctl.logrotate: Added service_host_sum to weekly report and
	drop src_host.

	* Fwctl/Services/name_service.pm: When using the server option,
	accepts UDP queries from any source port.

	* fwctl.logrotate: endpostrotate -> endscript.

2000-01-30  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctl: Added --nocopy, --nolog, --default and --mark options
	to override default policy.
	* Fwctl.pm: Possibility to override defaults policy for logging, 
	copy, deny policy and marking.

2000-01-26  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_24

	* fwctl.logrotate: Make sure that only one week of report is
	generated in the postrotate script.

	* Fwctl/Report.pm: (BEGIN) Conditional loading of Date::Manip
	wasn't working.

	* IPChains/PortFW.pm: (new) Added /sbin:/bin:/usr/sbin:/usr/bin to 

	* fwctlreport: Fix problem when there are no records, and 
	output NO RECORDS. Default details report wasn't working properly.

	* fwctlacctreport: Fix problem when there are no records, and 
	output NO RECORDS.

	* Fwctl.pm: Check for ipchains in PATH at startup. Use die and
	warn instead than croak and carp for user errors. Incremented
	version number.

2000-01-23  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_23

	* fwctl.cron: Transform to crontab format. Dumps accounting
	  counters every 15mins. Preprocess kernel logs every hour and
	  generates daily reports.

	* fwctl.logrotate: Added fwctl_log to rotation. Generates
	  weekly reports in the postrotate script.

	* Fwctl/AcctReport.pm: (read_records) Fix problem with opening STDIN.

	* Fwctl/Report.pm: (read_records) Fix problem with opening STDIN.
	* Fwctl.pm: (version) Updated version number to 0.23.

	* fwctlacctreport:  (pod) Added program documentation.
	* Fwctl/AcctReport.pm: (pod) Added module documentation.

2000-01-21  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl/AcctReport.pm: New module to generates report from
	accounting data.
	* fwctlacctreport: Added program to generates text report
	from accounting data.

2000-01-18  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* test.pl(test): Add tests for interfaces with same IPs and 
	aliases with interface specification.

	* Fwctl.pm (expand): Each elements of the expansions is now
	an array ref which contains ( host_or_network, interface ). 
	(find_host_alias): Normalize IP addresses (.001 -> .1). Removes
	interface specification. 
	(configure): Rewrite for new semantics of expand.
	(read_aliases): Permit interface specification in expansion by 
	giving the interface name in parentheses after the host or subnet.
	Tagged all default aliases with their proper interface.
	(read_rules): Rewrote for new expand semantics. This makes the
	function simpler, the only special cases being portfw.

2000-01-17  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* test.pl (test): Added test for masquerading of ftp service.

	* Fwctl/Services/ftp.pm (accept_rules): Problem with masquerading
	of the ftp port data connection fixed.
	(account_rules): Wasn't switching between src and dst ports in
	port forwarding condition. Problem with masquerading of the ftp
	port data connection fixed.

2000-01-14  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.pm (read_interfaces): Allow wildcard interface
	specification (ppp+).

2000-01-10  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl/Report.pm: Module to generate reports. This module
	is the report backend. fwctlreport is a frontend which displays
	the generated report in text.

	* fwctlreport: Packet filter report generation utility added.

	* fwctllog: Added possibility to generates record log for only
	a specific period of time.

	* TODO: Removed items about log report tool.

1999-12-22  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctllog (main): Fix for broken turn of year logic.
1999-12-21  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.pm (find_interface_by_dev): New method to find an interface
	by its associated device.
	(find_host_alias): New method to find the alias related to an
	(find_host_alias): When looking for subnets alias, we were
	skipping aliases with a /.
	* fwctllog: New program to preprocess kernel firewall logs for
	later analysis.

1999-12-20  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* test.pl: Added test for pptp with portfw option.
	* Fwctl/Services/ipsec.pm: Added support for portfw option.

	* Fwctl/Services/pptp.pm: Added support for portfw option.

	* Fwctl.pm(BEGIN): Even if ipmasqadm was not present, loading
	 IPChains::PortFW was considered sucessfully loaded and triggered
	 an error at configuration time.

	* Fwctl/RuleSet.pm(BEGIN): Use eval {} rather than eval "".
	(ip_forward_ruleset): Removed restrictions on tcp and udp for the
	portfw option.
	(ip_portfw_forward_ruleset): Generates rules suitable for generic
	IP forwarding.
f1999-12-17  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Tag: FWCTL_0_22

	* fwctl(flush): Flush with warning if there is a configuration
	file problem.
	* Fwctl.pm(flush_chains,really_flush_chains) Added a 
	really_flush_chains method that can be called without
	an object.

	* Several:	    Added port forwarding support.

1999-12-16  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* IPChains/PortFW.pm:	    New.

	* Fwctl/Services/ipsec.pm:	New service module.

	* Fwctl/Services/pptp.pm:	New service module.

	* Fwctl.pm(reset_fw):	Added oth-in, oth-out and oth-fwd
	chains. Protocol optimisation on the output chains wasn't
	working. (Packets passed through all the chain)

	* Fwctl/Services/icmp_pkt.pm:	New service module.

	* Fwctl/Services/udp_pkt.pm:	New service module.

	* Fwctl/Services/ip_pkt.pm:	New service module.

	* Fwctl/RuleSet.pm (constants and others): MASQ constants are 
	not a bit fields and added FWDMASQ and MASQNOHIGH values.
	(determine_base,accept_ip_ruleset): Masquerading isn't
	limited to icmp,udp and tcp protocol anymore.

1999-12-15  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.pm(read_aliases,pod): Added IF_REM_NETS alias
	that expands to all remote network attach to an interface.

	* test.pl: Print current test being run and strip
	whitespace before comparing regression tests results.

	* Fwctl/RuleSet.pm(accept_ip_ruleset): Handle case of 
	forwarding on the same interface when src and dst are on
	different network.

1999-11-22  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* fwctl.init(check):	Check was flushing the rules instead
	of doing a check.

1999-10-20  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* Fwctl.pm (read_aliases): <IF>_NETS aliases was defined
	as an array references which caused a bug in expand().

1999-10-19  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_21
	* Fwctl/Services/rsh.pm: Documentation fixes.
	* Fwctl/Services/redirect.pm: New service definition.
	* Fwctl/Services/lpd.pm: New service definition.

	* Fwctl/Services/pcanywhere.pm: New service definition.
	* Fwctl/Services/hylafax.pm: Properly inherits from ftp now.

	* Fwctl/Services/ping.pm (account_rules): Was calling
	accept_ip_ruleset instead of acct_ip_ruleset.

	* test.pl: Removed bytes and packets counters from regression test.
	Added new tests.
	* Several files:  Network::IPv4Addr got renamed to Net::IPv4Addr.

	* fwctl.logrotate: New file for logrotate.

	* fwctl (main): Added flush command which resets the firewall.

	* Fwctl.pm (flush_chains): Added flush_chains method which
	reset the packet filters to ACCEPT everything. 
	(Thanks to Bernd Eckenfels <ecki@lina.inka.de>)
	(global): Moved configuration under /etc rather than
	(read_rules): Services expect IPChains options in
	* debian/: Debian packaging b Bernd Eckenfels <ecki@lina.inka.de>.

1999-09-15  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_20

	* Fwctl.pm:		Fixes documentation.

	* README:		Add instructions for non RedHat users.

1999-09-03  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_18

	* Fwctl/Services/dhcp.pm    Added missing rules from client ip
				    to all broadcast address.

	* etc/rules		Fixed some small errors in the 
				example rules file.

1999-08-23  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_17

	* Fwctl.pm		    Forgot to increment version number.
1999-08-23  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_16

	* Fwctl.pm		    Fixed quote inserted before commit.
1999-08-23  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_15

	* Fwctl.pm(find_interface)  Check first for local IP. This caused
				    a problem when there multiple
				    interface aliases on the same subnet.

1999-08-19  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_14
	* etc/aliases		    Updated to give a more
	* etc/rules		    complete example setup.
	* etc/interfaces

	* Fwctl/Services/ftp.pm	    ctrl_port wasn't listed
				    as a valid option.

				    Added a data_port option.

	* Fwctl/Services/hylafax.pm Added HylaFAX module.

	* Fwctl/Services/syslog.pm  Added syslog module.

1999-07-13  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	* TAG: FWCTL_0_13

	* Fwctl/Services/ping.pm: Corrected masquerading error.

	* test.pl:		Added test for masqueraded
				ping to the Internet.

1999-07-09  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	* TAG: FWCTL_0_12.
	* Fwctl/Services/rsh.pm: Stderr is from dst to src.
	* fwctl.init:		Added restart and reload action.
				Fixed a typo.

	* Fwctl.pm (dump_acct): Add -n switch when dumping 
			        chains to preven DNS lockup.

1999-07-05  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	- Completed test suite.
	- TAG: FWCTL_0_11.
1999-05-29  Francis J. Lacoste  <francis.lacoste@iNsu.COM>
	- Internal release. Completed all features and documentation.
	- Begin testing.
	- Version 0.10
1999-05-15  Francis J. Lacoste  <francis.lacoste@iNsu.COM>

	- original version; created by h2xs 1.19