IPNetSentryX Release Notes
Oct 21, 2011 - IPNetSentryX 1.8c1
Apply all updates from IPNetRouterX.
Fixes for loading NKE and 64-bit structure aligment.
Rebuild NKE as 32/64-bit Universal.
Lion Compatible.
May 28, 2009 - IPNetSentryX 1.7
Restructure project files to use Subversion based revision control.
Fix Ethernet bridging to configure promiscous mode correctly.
Application launch - skip asking for upgrade if there is a valid upgrade key in the pasteboard.
Upgrade - ask user to authenticate to remove old key if necessary when upgrading, so upgrade will override any previous key even if not writable by the currently logged in user.
System Requirements are now 10.4 or later.
Release as version 1.7
Note this version may require a paid upgrade.
Mar 13, 2009 - IPNetSentryX 1.7c2
Fix checking for idle time to handle equal comparisons correctly.
Avoid repeated first run install alerts by not trying to install admin only tools when run from non-admin account.
Fix possible bug in updating Security Log save to disk interval.
Fix possible timing conflict when replacing and authorizing tools.
Reorganized demo startup to be more consistent and support paid upgrades.
System Requirements are now 10.4 or later.
Note this version may require a paid upgrade.
August 5, 2008 - IPNetSentryX 1.7c1
First Run Install: pause after copy phase to allow time for file system to stabilize.
First Run Install: changed to work the same for non-admin accounts.
Increase filter table size to 1000 entries.
ICMP: self repair ICMP server connection if it dies unexpectedly.
Fixed obscure memory leaks found using Apple's Clang tool.
June 10, 2008 - IPNetSentryX 1.6.5
Fixed bug in name of startup item that prevented updating NKE version.
June 6, 2008 - IPNetSentryX 1.6.4
Traffic Discovery: turn off TD explicitly if no previous setting was saved.
Preferences: added "Save to log interval" of 10 seconds.
Sentry Log: added timer to force periodic update at log interval.
Create symbolic link to daily security log named "security log today.txt"
Add "invalid" table under Trigger tab to remember source IP address of packets with short transport headers.
Rename "IPNetSentryX_startup.app" to "IPNetSentryX_startup" since it no longer contains an application, but rather a shell script.
Fixed problems with launching at startup or login time before interfaces have stabilized.
Fixed bug in checking code signature of admin only tools when run from non admin account.
If code signature is not verified and user chooses quit, re-install all tools on next launch to attempt repair.
Cleanup system.log messages when run from non admin account.
Lookup: add support for IPv6 and display any IPv6 addresses returned.
Lookup: added "Show DNS" button.
Tool history: keep 10 entries in addition to any suggested local configuration values.
April 3, 2008 - IPNetSentryX 1.6.3
Skip re-downloading interface parameters in response to KEV_DL_LINK_ON.
Fixed bug in restoring triggers from daemon when 2nd instance is launched from Finder.
Improved configuring HelperTools when newer versions are present.
Mar 26, 2008 - IPNetSentryX 1.6.2
Improve test for authorization succeeded.
Filter table: update rule count consistently when rules are added or deleted.
Skip downloading interfaces that report not available from the SCF.
Consolidate interface table download and attach NKE.
Update nib file to change "Break" to "Exit group".
Mar 18, 2008 - IPNetSentryX 1.6.1
IPNetSentryX_startup: fixed bug in creating startup item in HelperTools.
Demo Startup Dialog: center on screen.
Register: remember window position.
Check For Update: remember window position.
Preferences: fix display of Disable Command-Q setting.
Allow launch without displaying document window.
Load empty documents with currently active settings before saving.
Rename "Break" filter action to "Exit group".
Mar 13, 2008 - IPNetSentryX 1.6
Attach and download any modified interfaces during Apply.
Filter Table: Always allow editing parameter column.
Update license to cover "Software Upgrades" and "Educational Users" per new shopping cart on website.
Release as version 1.6
Jan 18, 2008 - IPNetSentryX 1.6c8
Relocate helper tools to "/Library/Application Support/IPNetSentryX/HelperTools".
Move other modifiable resources out of Application bundle.
Sign each helper tool using Leopard Code Signing.
Sign IPNetSentryX app.
Remove "Unauthorize Tools..." from application menu since app can be moved and copied freely.
Use standard help button from latest Interface Builder.
Help: search only the localized help book for the page requested.
Build with Xcode 3.0 under Leopard.
Catch NSInternalConsistencyError when threads terminate normally.
Check for interrupted system call on read().
Streamline attaching NKE to an interface.
Allow address ranges (a-b or x.x.x.x/prefixLen) in filter table.
Show number of filter rules and warn if limit of 600 is exceeded.
Oct 26, 2007 - IPNetRouterX 1.6c7
Fixed symbol collision in NKE to be compatible with most recent Leopard seed.
Email notification: use UNIX sendmail in place of Message.framework to be daemon safe.
Fixed "From:" header in Email notifications from trigger events.
Show active firewall settings when launched if firewall is already running.
Growl Support: don't initialize Growl when running as a Startup Item.
Trigger Table: fix possible overflow bug when importing large trigger list.
Fixed bug in restoring trigger duration.
Sep 10, 2007 - IPNetRouterX 1.6c6
Add trigger entry for "Short TCP Header" packets.
Maintain trigger duration more consistently.
Jul 6, 2007 - IPNetSentryX 1.6c5
Traffic Discovery: fixed bug in displaying network port information.
Trigger Import: allow both Mac "\r" and UNIX "\n" line endings.
Trigger import: ignore comment lines beginning with "#".
Open help files in Apple Help Viewer by default, or the users default web browser if the Option key is down when help is selected.
Jun 13, 2007 - IPNetSentryX 1.6c4
Display inactive BSD interfaces such as "tun" or "tap" that do not appear in SCF.
Don't check address family (AF_INET) when reading mask from routing socket since tap driver doesn't set this.
Allow Ethernet bridging to "tap" devices.
NKE: Fixed bug in checking if pullup needed.
May 10, 2007 - IPNetSentryX 1.6c3
Fix possible freeze on startup when application is launched from an account without admin privileges.
May 10, 2007 - IPNetSentryX 1.6c2
Filters: added "Block IPv6" option. Do not otherwise log IPv6 traffic.
Fix ipfw log format to be compatible with Open Door's "Who's There Firewall Advisor".
Save logs to disk at regular intervals for continuous update if selected in preferences.
Changed network stack order for bridging outbound packets to improve DMZ support.
Fixed possible authorization conflict when launching as a login item.
Fix possible crash when flipping between current and previous saved settings.
Fix bug introduced in terminating outstanding select on a socket.
Email notification: include sender mail address and name explicitly in message headers.
Added support for Growl notifications.
Mar 29, 2007 - IPNetSentryX 1.6c1
Removed "Automatic Failover" and "Source Aware Routing" since these features now depend on NAT in IPNetRouterX instead of modifying the BSD routing table which proved less reliable.
Fix "Route to" filter action to rewrite source MAC address.
Fix NKE incompatibility with 10.3.9 .
Fixed possible exception if PPP interface with no user name encountered.
Fixed bug in converting zero length Ethernet addresses.
Traffic Discovery: restructure for possible threading.
Traffic Discovery: release innactive data.
Preferences: add option to disable Command-Q as a shortcut for Quit.
Diagnostic: added diagnostic help text.
Trigger Import: change to use window sheet.
Fixed possible crash during UDP Listener abort.
Fixed leaking socket pair (stream pipe) during open raw socket.
Fixed Drop Connection response byte order bug on Intel.
Dec 28, 2006 - IPNetSentryX 1.5.1
Fixed to work on Leopard Preview (Mac OS X 10.5).
Traffic Discovery: save plist data in binary format for speed and reliability.
Add "Diagnostic" window under help menu to report NKE memory use.
Trigger Table: fix out of memory problem when importing large data sets (tag-import-delete; keep free list; detect memory exhaustion and try again later).
Restore NKE attach state when PPPoE interface reappears in SCF.
Interfaces: fix problem restoring parameter="last time".
Terminate threads explicity to avoid possible APE conflict.
Fix byte order bug on Intel in Filter Source or Dest Net.
Oct 31, 2006 - IPNetSentryX 1.5
Release as version 1.5 (Universal Binary).
Filters: change to use NSComboBoxCells for corresponding table columns.
Numerous documentation updates including: Group, Break, and Route to filter actions, matching internal and external interfaces.
Update tool tips.
Oct 25, 2006 - IPNetSentryX 1.5c4
Filters: allow matching "internal" or "external" interface.
Filters: separate parameter from stats.
Filters: update value combo box when cell is about to be displayed.
Interfaces: add automatic failover button.
Sept 21, 2006 - IPNetSentryX 1.5b3
Fix Ethernet Bridging on Intel.
Fix bug in Ethernet bridging when copying packets with external clusters.
Sept 8, 2006 - IPNetSentryX 1.5b2
Fix byte swapping bug in segment offset.
Fix Help menu.
Fix save and restore window position of Expert View.
Adjust out-of-range port numbers.
Trigger Table: include node number and name in Triggered By column.
Sept 1, 2006 - IPNetSentryX 1.5b1
Build Application and NKE as Universal Binary.
Numerous updates to support Intel architecture.
Consilidate packet injection and byte swapping code.
Fix possible bug when gateway is "not available".
TCP Flow: add support for tcpflow on Intel and repackage as part of the application bundle.
Trigger table: add import/export dialog to save trigger entries as Tab Seprated Values (plain text).
Trigger table: remove limit on trigger table size for entries imported through user interface.
Allow address ranges in Trigger Table.
Handle comments in "Triggered by" field consistently.
Fixed bug in logging IP addresses.
Remove 2nd copy of log file in ".plist" format, use Traffic Discovery instead.
May 11, 2006 - IPNetSentryX 1.4
Traffic Discovery: fix possible overflow when calculating percent.
Traffic Discovery: fix log rollover at end of interval.
Address Scan: resolve synchronization issue.
NKE: fix possible panic if mbuf_finalize_outbound() pulls up to a new mbuf.
Release as version 1.4
May 3, 2006 - IPNetSentryX 1.4c2
Traffic Discovery: Allow sort by data column with interval one second.
Traffic Discovery: View by Service - include protocol in service identifier.
Traffic Discovery: View by Netflow - include protocol in netflow identifier.
Traffic Discovery: track ICMP services by type and code.
Traffic Discovery: update network interface with each minute sample to accomodate changing interfaces.
Traffic Discovery: write out logs when Preferences update logs button is pressed.
Fix to recognize alternate kernel event notifications KEV_DL_LINK_ON and KEV_DL_LINK_OFF.
Apr 28, 2006 - IPNetSentryX 1.4c1
Added Traffic Discovery tool.
Incorporate all changes from IPNetMonitorX and IPNetRouterX for Intel transition.
Built against Mac OS X 10.4 Universal headers.
Fix bug in specifying alternate gateway for automatic failover.
Incorporate latest Tiger NKE fixes from IPNetRouterX.
Nov 29, 2005 - IPNetSentryX 1.3.1
Fix to save new documents to default location.
Nov 16, 2005 - IPNetSentryX 1.3
Release as version 1.3
Fix possible window server conflict when launched as a startup item.
Nov 10, 2005 - IPNetSentryX 1.3c9
Fix bug in matching data content.
Fix possible panic if connection table overflows.
Restructure Attach and Detach NKE to improve logging and consistency.
Improve locking model under Panther.
Changed "Filters/Interfaces" to "Expert View".
Restructure firewall document to support an alternative "Basic View".
Update IPNetSentryX Help to include Automatic Failover, Source Aware Routing, Bandwidth Allocation, and other recent changes.
Sep 14, 2005 - IPNetSentryX 1.3c8
User Interface: re-order tabs as Interfaces, Filters, Triggers.
Enable the Apply button when there are changed settings to apply.
Preferences: save preference settings to a common location regardless of user login.
Fix checksum conflict by calling mbuf_inbound_modified on outbound packets to work around bug in mbuf_outbound_finalize() KPI.
Save and restore source aware routing state consistently.
Address Scan: work around bug in NSScanner.
Aug 26, 2005 - IPNetSentryX 1.3c7
Add filter action "Route To" with parameter of next hop IP address for conditional routing.
Save and re-use complete frame headers in connection table entry.
Automatic failover: use split route as alternate default gateway.
Fixed bug in converting SourceNet and DestNet IP address ranges.
Fix to always disable alerts when launched as startup item.
Filters: fix order when pasting a list of rules as children.
Filters: add "authorize" rule to default firewall configuration.
Filters: add sample "rate limiting" rules for PPP to default firewall configuration.
Jul 29, 2005 - IPNetSentryX 1.3c6
Redesigned TCP Rate limiting for smooth control over a broad range. Use "filter action" RateLimitIn or RateLimitOut with a single parameter specifying the rate in bits per second. Can use K or M as in 100K or 1.5M bps.
Interfaces: added Dead Gateway detection with automatic failover to alternate gateway.
Add "Failover Locations" window to specify locations for automatic failover.
Track connections outside of IP filtering.
Enable "Source Aware Routing".
Allow History->Clear to clear log windows.
Jun 1, 2005 - IPNetSentryX 1.3c5
NKE: stream line rate limiting code when not needed.
Trigger Table: fix bug in displaying entries of different types with the same address.
Trigger Table: fix log message when deleting entries.
May 25, 2005 - IPNetSentryX 1.3c4
Add "Check for Updates..." item under application menu.
Add support for BSD interfaces not specified in the System Configuration Framework.
Fix to restore settings when launched as a Tiger login item.
May 9, 2005 - IPNetSentryX 1.3c3
Avoid recursive lock when starting TCP RST delay timer.
Release lock before injecting packets.
May 5, 2005 - IPNetSentryX 1.3c2
Remove seq list overflow messages from log.
Build using Tiger GM tools.
May 3, 2005 - IPNetSentryX 1.3c1
Rewrite NKE to support Mac OS X 10.4 (Tiger).
Redesign Rate Limiting feature to withhold and insert Acks. Separate actions for "rate limit in" and "rate limit out".
Fixed bug in unloading and reloading NKE consistently.
AirPort Configuration: added "Save and Restore" checkbox to select whether to restore these AirPort settings when the application is launched or a document opened.
Filter Table: fixed bug in matching long interface names.
Filter Table: fixed bug uploading TCP flags with both set and reset values.
Sentry Log: converted download and other text messages to ".plist" format.
January 18, 2004 - IPNetSentryX 1.2.05
Preferences: reorganize and include Email settings needed by message framework.
Ethernet Bridging: reduce MTU of bridged internal interface to match external interface if needed.
Jan 10, 2005 - IPNetSentryX 1.2.04
Trigger table: allow editing Triggered By column.
Trigger table: preserve last time information between application launches.
Trigger table: remember trigger table independently from saved settings in a separate file when program quits (/Library/Application Support/Sustainable Softworks/triggerTable).
Connection Table: age out fully closed connections sooner.
Dec 28, 2004 - IPNetSentryX 1.2.03
Fixed LoadNKE helper that was accidently broken.
NKE: fix possible crash when inserting TCP fragment entry.
NKE: fix possible leak if malloc fails during AVL insert.
Dec 18, 2004 - IPNetSentryX 1.2.02
NKE: fix possible crash if malloc fails during trigger event.
Refactor thread to controller updates for better performance and robustness.
Optimize check for abort in receive threads for better performance.
Refactor thread controller classes to isolate exceptions and simplify abort and re-initialize.
Configure NSConnections with explicit time out and queueing options.
Remove delegate retain loops.
Remember log drawer state.
Show Sentry on warning when no interfaces are selected.
Fix bug to save log text under corresponding date.
Write a single "sentry.log" file for "ipfw" log format.
Nov 30, 2004 - IPNetSentryX 1.2.01
Sentry Log file: use ASCII encoding when log format "ipfw" is selected.
Do not log URL Actions.
Fixed bug in filter action URL.
Fixed bug in "Add Trigger" from Alert dialog.
NKE: add OSBundleProductName and OSBundleSupportURL KEXT properties for Mac OS X Tiger.
Nov 18, 2004 - IPNetSentryX 1.2
Validate "Save" menu explicitly when there are unsaved changes.
Fixed bug in applying saved triggers.
Sentry Document: fix is document edited state.
NKE: do not bridge deleted packets.
Release as version 1.2
Nov 12, 2004 - IPNetSentryX 1.2c7
Trigger table: allow editing, save/restore, and apply/show to facilitate blocking a list of individual IPs.
Alert: add trigger button to block this IP address.
Incorpate NKE updates and fixes from IPNetRouterX.
SystemConfiguration - open a separate SCDynamicStoreRef for each request.
SystemConfiguration - combine static PPP services since actual service is defined dynamically.
Filter Action URL: borrow code from IPNetMonitorX Server Scan tool, don't open local tool windows.
Preferences: fixed bug in Email log selections.
Fix registration input, read key, and write key to handle international characters consistently.
Add History menu for recent targets in built-in tools.
Aug 3, 2004 - IPNetSentryX 1.2c6
Fix broken links in help files.
Allow Option-Apply to clear match count and byte count.
Show Active: report number of entries received and log any interface entries to verify configuration.
Connection Logging: write out log every 10 minutes
Connection Logging: update log when a connection entries time out.
Allow up to 500 filter rules.
July 14, 2004 - IPNetSentryX 1.2c5
Add support for Ethernet bridging.
Added back separate window for Sentry Log.
Address Scan: update select service popup to match target field when a scan is invoked.
Address Scan: changed to report "Sent/Received/Lost" more consistently for TCP and UDP scans.
Help Button and Disclosure Triangle: use 10.2.8 compatible controls.
Registration: look for registration data in clipboard so there's no need to paste.
Finish installation when first run is from root account.
Try to unload NKE on first run to make sure latest version will be used.
Improve finding PPP interfaces.
Jun 21, 2004 - IPNetSentryX 1.2c4
Added AirPort Configuration tool.
Try to unload NKE on first run to make sure latest version will be used.
Improve finding PPP interfaces.
Improved access to System Configuration Framework.
Add Help button to "First Run" dialog and more complete error reporting when authorization is cancelled.
History: load default targets for each tool.
Subnet Calculator: add history support.
NKE: fix error processing for additional rules after packet deleted.
Logging: fixed bug when UNIX System Log format selected.
Interfaces: add "Refresh List" button.
Update help information.
May 24, 2004 - IPNetSentryX 1.2c3
NKE: fix error recovery in AVL tree operations if malloc fails.
Track PPP interface changes in System Configuration Framework.
Preferences: select which logs to Email.
Document Window: add log drawer in place of log window.
Create /Library/StartupItems folder with correct permissions if needed.
Add Help button to "First Run" dialog and more complete error reporting when authorization is cancelled.
Mar 24, 2004 - IPNetSentryX 1.2c2
Fixed bug in saving documents.
Add "Interface ID" column under interfaces tab. Fix bug in matching system configuration changes to interface table. Allow interface name to be edited.
Mar 22, 2004 - IPNetSentryX 1.2c1
- Add "Configure As Startup Item" under application menu to save startupItemSettings.
- Configure startup item shell script and property list.
- Modified "Show Current" to load and display status from NKE previously configured by startup item.
- Restructure document state to support launching application as a startup item.
- Save Preferences in document so they can be accessed outside the context of a user login.
- Preferences: added checkbox to disable on-screen alerts.
- Save and restore trigger table as part of settings document.
- Show "status info" messages in Sentry Log window.
- Fixed bug in updating interfaces when the system configuration changes.
- Fixed bug that caused show current to not recognize duplicate entries.
- Save logs in /Library/Logs/IPNetSentryX/
- Write the Sentry log in ".plist" format as well as any user selected ".txt" form.
- Merge changes from IPNetRouterX.
Dec 9, 2003 - IPNetSentryX 1.1
- Preferences: added "Update Logs Now" and "Email Test" buttons.
- Changed Email notification to include explicit "Date" header.
- Scrolling Views: do not scroll for updates unless bottom of view is visible.
- Release as version 1.1 that supports Panther.
Nov 24, 2003 - IPNetSentryX 1.1c8
- Restored "Authorize" action which caused subsequent actions to display incorrectly.
- Fixed to remember window size and location between sessions.
- Renamed Log Viewer to Sentry Log.
Nov 11, 2003 - IPNetSentryX 1.1c7
- Fixed crash when closing document opened at launch time under Panther.
- Fixed bug that flushed first line of log text to disk.
- Restructure to correspond with IPNetRouterX.
- Converted to use Xcode tools under Panther.
Sept 4, 2003 - IPNetSentryX 1.1c6x
- Connection log: Include ICMP type and code info.
- Connection log: show protocol ports in numeric form.
Aug 29, 2003 - IPNetSentryX 1.1c6
- Decode common C language character constants \n \r \t \b \f \0 in data content rules.
- Default configuration: added rule 2.2.1.1.9 to block WebSTAR SSL attack.
- Include byteCount in security log entries.
Aug 20, 2003 - IPNetSentryX 1.1c5
- Added connection logging.
Aug 8, 2003 - IPNetSentryX 1.1c4
- Fixed crash when "Current Filters" or "Show Active" is selected repeatedly.
- Fixed to handle exception for users that do not belong to admin group.
- Fixed to work with Panther preview (Mac OS X 10.3).
- Changed default log file path to ~/library/logs/IPNetSentryX/ .
- Security log: write a new log file each day including date as part of file name.
- Bandwidth Accounting: append new data as part of same dictionary so Bandwidth log can be opened in Apple's Property List Editor.
- Bandwidth Accounting: add preference to update Bandwidth log file after each accounting interval.
July 30, 2003 - IPNetSentryX 1.1c3
- Improved security for privileged tools.
- Refactor NKE for NAT process in IPNetRouterX.
- Remember bandwidth accounting state between launches.
- Added "authorize" action and "include authorize" property to temporarily authorize selected hosts.
July 14, 2003 - IPNetSentryX 1.0.1
- Release as version 1.0.1 .
July 7, 2003 - IPNetSentryX 1.1c2
- Fixed "Sentry on failure" if Firewall Enabled before interfaces Applied.
- Allow independent rate limt for inbound versus outbound traffic.
- Added "keep address" action and "include address" property to detect repeated access attempts.
- Added "include state" property (connection table search) for Stateful Packet Inspection.
- Added "Parent match rate" property (number of matches/second).
- Added bandwidth accounting.
- Changed default directory for "security log" and "bandwidth log" files.
June 26, 2003 - IPNetSentryX 1.1c1
- Added TCP rate limiting (simple bandwidth management).
- Content matching: include matched text from packet in plist log record.
June 17, 2003 - IPNetSentryX 1.0
- Release as version 1.0 .
June 13, 2003 - IPNetSentryX 1.0c2
- Fixed initialization bug in connection state table that caused packets to be deleted.
- Remember trigger expiration when NKE is reloaded.
June 11, 2003 - IPNetSentryX 1.0c1
- Include QuickStart settings and QuickStart ReadMe.
- View help in default web browser.
- Added properties for "Date and time", "Idle seconds", and "MAC Address".
- Fixed offset bug in "Reject" action.
- Fixed display of local image for Drop Connection.
- Interfaces: update IP addresses when IPv4 configuration changes.
- Work around bug in PPP frame header info.
- Preserve matchCount and byteCount when settings are Applied.
- Preserve expandedState after "Show Active".
- Triggered tab view: show trigger expire time for each entry and reflect changes immediately.
- Optimize filter update process to ignore subnodes if parent hasn't changed.
- Optimize trigger update process to cache "leastRecent" and "mostRecent" entries.
- Skip tree search if no timeouts or updates based on cached values.
- Check for trigger updates each second.
- Drag & Drop: show dropped items as selected.
May
28, 2003 - IPNetSentryX 1.0b10
- Triggered Tab View: show rule # and match count.
- Triggered Tab View: added Lookup button.
- Triggered Address Table: fixed same time bug that prevented entries
from being deleted correctly.
- Log: show sub actions (Alert, Email,...) and don't log the same
event twice.
- Alert: change window level to "NSStatusWindow" to appear
in front of others.
- Log kernel event messages for PROTO_ATTAHCED and IF_DETACHED.
- Address Scan: re-use the same window.
- Update stats correctly after "Show Active".
May
22, 2003 - IPNetSentryX 1.0b9
- Added "Firewall Documents Window" help section.
- Add Triggered address tab view to examine and delete triggered
IP addresses.
- Make triggered address expiration time adjustable.
- Add Test button to launch web based firewall test URL.
- Include more information in Security Alert panel.
- Added "Show Log" button to Security Alert panel.
- Attempt to open other URL types as action parameters of firewall
rules.
- Removed WhoIs tool, launch IPNetMonitor tool instead.
- Enable and select newly created rules.
- Send multiple updates as separate UDP records.
- Show statistics with corresponding rule when interface list is
included as part of configuration.
- Correct delta statistics when counts are reset.
- Convert trigger table to use AVL tree, allow up to 2000 entries.
- Fix crashing bug when application is launched from a firewall
enabled document.
- Do not mark document as changed when edited fields keep their
previous value.
May
5, 2003 - IPNetSentryX 1.0b8
- Added tab view for selecting firewall interfaces.
- Update document change count to inform user when there are unsaved
changes.
- Added "Reject" filter action to explicitly refuse connection
requests (send RST).
- Update default configuration to Reject "AUTH" port 113
connection requests used by some mail servers.
- Add "Don't Log" action to allow making any leaf action
silent.
- Wait for KEV_DL_PROTO_ATTACHED to insert NKE when PPP connects.
- Remove any stale attachment before inserting NKE.
- Update AddressScan, Lookup, and TCPDump tools from latest IPNetMonitorX.
April 17, 2003 - IPNetSentryX 1.0b7
- Use 64-bit integers for matchCount and byteCount.
- Subtract frame header length from byteCount of outbound packets.
- Expand default configuration to include rules for protecting common
services.
- Use MoreSCF to enumerate available network devices and names.
- Monitor kernel events to insert NKE when a new interface appears
(PPP connects for example).
- Updated "Getting Started" documentation.
April 7, 2003 - IPNetSentryX 1.0b6
- Fixed setting firewall enabled state when a document is opened.
- Save and restore which rules are expanded in filter documents.
- Save and restore parameter popup state in filter documents.
April 2, 2003 - IPNetSentryX 1.0b5
- Fixed possible kernel panics:
Protect connect to NKE to avoid multiple outstanding requests.
Protect socket buffer calls, and inserting/removing NKE.
Use synchronous Distributed Object methods to setup NKE.
Use correct buffer size (MCLGET) for NKE to client messages.
- Use OSAddAtomic() for shared counters.
- Limit SentryOn to confirm client is listening to once every 2.5
seconds.
- Parameter column, do not allow editing rule statistics.
- Show change from last update for matchCount and byteCount.
March 17, 2003 - IPNetSentryX 1.0b4
- Protect dynamic tables in NKE from pre-emption to fix crashing
bug.
- Update node numbers consistently before downloading filter rules.
- Expand default configuration to include ICMP logging, ping flood
protection,
block source route, and block additional attack signatures.
- Add "Current Filters" tool to open a filter window and
upload the kernel filter table.
March 10, 2003 - IPNetSentryX 1.0b3
- Fix idle timer to skip disabled entries (so Address Scan tool
doesn't appear unless server monitoring is enabled).
- Hide disclosure triangle for entries with no children (not expandable).
- Add Sibling/Child button to toggle "New Sibling" versus
"New Child" for entries that do not have a disclosure
triangle. Pressing this button (keyboard shortcut <CR>) will
expand or collapse the selected entry if any. Can aslo use this
to control where data is pasted (as a sibling or child).
- Restore descriptive text of Property Value when showing active
configuration.
- Fixed parameter text when showing active configuration.
- Include description of ICMP type and code in text logging format.
- Extend public beta period.
February 17, 2003 - IPNetSentryX 1.0b2
- fixed "idleTimeOfParent" and URL notification.
- Address Scan: re-use the same window.
February 14, 2003 - IPNetSentryX 1.0b1
First publicly posted beta test version of IPNetSentryX.
This beta version demonstrates all of the core features of IPNetSentryX
but has not been widely tested by external users. As such, you should
view it with some caution. While it has proven stable in our own
testing, bugs in network kernel code can result in a kernel panic
forcing you to restart your machine.
Known Limitations:
Drag-and-drop between firewall rules is not fully debugged yet.
Use copy-and-paste instead.
Please send questions, comments, suggestions or bug reports to:
http://www.sustworks.com/site/sup.html
[End of Release Notes]
Top
|