  Changelog for DAXFi

  Changes in 1.1 (25 Apr 2007)
* applied every available patch; it should work with Python 2.3, 2.4 and 2.5.


  Changes in 1.0 (18 Dec 2002)

  daxfi package
* xml.sax is used instead of xml.dom to parse the XML data; pyXML
  is no more needed.
* support for user-defined chains (which can be dumped, now).
* new dumpRulesUDC('direction') method in the Firewall class, used
  to dump user-defined chains.
* introduced the get_policy('direction') function in the C modules and a
  getPolicy('direction') method in the Firewall class.
* dumping running rules with the new dumpRulesUDC('direction') method,
  the policy of the chain is considered.
* fixed a nasty bug in C function, managing the chain name.
* new __xor__(other) method in Rule and Ruledata classes, so that
  two rules can be "merged" with a simple: rule1 ^ rule2.
* new getBareXML() method in the Rule class, to return the bare XML
  representation of the rule, without the action and the rule number.
* new getTarget() method for Rule objects.
* reintroduced the list_chains() function in C modules and a listChains()
  method in the Firewall class to list, amongst 'in' and 'out' direction,
  also user-defined chains.
* fixed a bug managing ipchains target (thanks to Denis S. Otkidach).
* fixed (hopefully...) troubles with tcp-flags in iptables.
* performances greatly improved.
* tcp-flags is now considered FATAL for ipchains and ipfwadm.
* when a RemoveSectionError or CreateRulesError exception is raised,
  a cleaner message is written in the logs.

  daxfidump
* new "-s" switch, to dump the rules in a single file.
* rules in user-defined chains and chain policy are now taken in account.
* warnings for rules with 'return' target and for rules in 'forward' chain.

  misc
* new documentation file 'README.chains' about user-defined chains,
  the 'forward' chain and rules with the 'return' target.


  Changes in 0.9 (07 Sep 2002)

  daxfi package
* fixed __cmp__() method of RuleBase class: now rules from different 
  firewalls can be compared (really!).
* compiled the C modules for i386, Alpha, PPC and Sparc64 architectures.
* fixed a bug in the autodetection of the firewall.
* listAvailableFirewalls() function to list available firewalls.
* moved many functions from/to the _ruleutils module.
* more input checks in methods of the Firewall class.
* fixed a trouble with the 'rate' attribute.
* RuleBuilder class modified to support the new XML format.
* RuleBuilder and RuleBase class somewhat optimized (removed many
  cloneNode() calls).
* __getattr__() method for RuleBase class.
* 'action' and 'rule-number' are now managed separately from the
  DOM object.
* introduced 'default_remove' in the RuleBuilder class, used to
  remove default values.
* the __modified_rd in the RuleClass is created only when needed.
* removed the listChain() method.
* now the __repr__() method of the Firewall class report if the
  firewall is forced.
* a reset() method for Rule objects (renamed clean() to reset() in
  the RuleBuilder class).
* default transformations for 'to-port' and 'to-address' nat's attributes.
* internally, to store information about a rule, an instance of the
  RuleData class is used, instead of the DOM object.
* xml_commands renamed to xml_actions.
* the DOM doesn't use any more namespaces.

  dtd
* 'rule' tag introduced in place of the action tag, which was moved
  outside the rule definition.
* removed the 'set-policy' action: now your set of rules must provide
  a closing 'catch all' rule.
* removed the 'forward' direction.
* remove the 'state' tag; the 'state' attribute is now included in
  the 'protocol' tag.
* changed the 'chain' attribute to 'direction', which valid values are
  'in' for incoming packets and 'out' for outgoing packets.
* renamed 'log-priority' and 'log-facility' respectively as 'priority'
  and 'facility'.
* now the 'limit' is an empty element.
* the DTD is now more or less commented.

  misc
* a 'CREDITS.txt' file.
* man page for daxfi(3).


  Changes in 0.8 (18 Apr 2002)

  daxfi package
* full support for ipfilter.
* full support for NAT.
* support for Python C modules of different architecture/OS.
* unified DOM transformation methods.
* introduced default DOM transformation, so that Rule objects for different
  firewalls can be compared.
* removed the RuleConvert class.
* a much better function for rule split (for firewalls with separated
  logging rules).
* __nonzero__() method for Rule objects.
* common C functions moved in a separate file.
* ipfilter C modules compiled for FreeBSD and OpenBSD.
* better detection of a forced firewall.
* much improved performances.
* many bugs fixed.
* renamed many files.

  daxfid script
* minor changes.

  daxfixmlfile script
* now it can work with multiple files.
* can execute generated rules.

  dtd
* unused elements and attributes removed.
* much cleaner definition of tags and attributes.
* introduced support for NAT.

  misc
* renamed daxfi -> daxfid and daxfiscript -> daxfictl.
* small tutorial (How to write XML rules for DAXFi).
* many changes in the documentation.
* updated the testsuite with NAT and ipfilter.


  Changes in 0.7 (10 Feb 2002)

  daxfi package
* initial (alpha) support for ipfilter.  Read README.ipfilter .
* introduced icmp_map, list of icmp types and codes.

  dtd
* 'only-for' and 'not-for' now accept multiple values.
* minor changes in the dtd.

  misc
* my previous email address is no longer valid: use alberanid@libero.it


  Changes in 0.6c (06 Dec 2001)

  daxfi package
* reintroduced the forceFirewall() method.
* compiled '_iptables.c' with iptables libraries version 1.2.4
* Python code checked with rats.

  daxfi script
* minor changes to work with Python 2.2 and later.
* heavy changes to the code that manages the lock file.

  daxfiscript script
* -p switch to just print resulting rules.

  misc
* man pages for the scripts.
* tested with Python 2.0, 2.1 and 2.2b1.


  Changes in 0.6b (01 Nov 2001)

  daxfi package
* initializing the Firewall class, a firewall or a list of firewalls
  can be specified.  The one to use is selected amongst the list or,
  if only one is given, daxfi will use this one even if no kernel
  support is found (useful with the -p option of the daxfi program).
* remove the forceFirewall() method.
* listXMLRules() and listChains() methods modified to cope with the
  "firewall force" mode.
* some minor changes in the C modules for ipchains and ipfwadm.
* fixed a severe bug in the is_supported() function in the ipfwadm module.
* added 'out-interface' to ipfwadm.
* the Firewall class is no more a singleton.

  daxfi program
* -f option to select the firewall to use.
* now even a non-privileged user can run daxfi using the -p switch
  together with the -f option.
* removed some debug code left from 0.6a.

  misc
* added the "daxfixmlfile" script, to print the rules from a XML file.
* minor upgrades to the documentation.


  Changes in 0.6a (23 Oct 2001)

  daxfi package
* now _sl_print() writes also to stderr, if it's open.

  daxfi program
* enhanced design for the plug-ins queue (now less resources-intensive).

  RuleBuilder
* fixed a bug in the evaluation of processing instructions (now works
  even when the document element isn't <ruleset>).

  generic/misc
* minor changes in documentation.
* created daxfi.lsm and published in ibiblio.org (ex-metalab, ex-sunsite).
* the tar archive name follows the LSM/GNU rule.
* minor changes in the iptables code.


  Changes in 0.6 (01 Sept 2001)

    generic
* major design changes; now a program that wants to use the daxfi module
  only have to import and instantiate the daxfi.Firewall class.

    daxfilib
* removed and substituted with classes Rule and RuleBuilder.
* fixed bug handling unicode strings (introduced the StringTypes variable).
* removed 'log-level' attribute from the create() method in RuleBuilder and
  from firewalls/*/*.c

    daxfi program
* -L option to select runlevel from command line.
* -d option to specify if DAXFi have to run in background.
* check if there're plug-ins to run in background before the
  first run (go directly in daemon mode, if needed).

    xmlparsers.daxfifw
* removed and included the parser in the RuleBuilder class.
* introduced parseString() method.
* log a warning if the DTD in a file is not what expected.
* the substitution_dict is no more required and can be
  partially incomplete.

    test
* introduced a test suite based on pyUnit.

    misc
* minor changes in documentation.


  Changes in 0.5 (13 Aug 2001)

    dtd
* DTD version 0.3; add "masq" target and other minor bugfixes.

    daxfilib
* ipfwadm support.
* new function to compare two DOM objects.
* major changes in Rule and RuleBuilder classes.
* better transf_ip() function.
* self-initialized.
* fixed bugs with syn-only and iptables.

    xmlparsers.daxfifw
* fixed bug with processing instructions.

    firewalls
* minor bugfixes in ipchains.c and iptables.c

    daxfi program
* -p option: only print firewall commands, without executions.
* minor enhancements.

    daxfiscript program
* new 'delrule' command.

    iplib
* now works with Python 2.0 and unicode.

    misc
* renamed some files.
* improved documentation.


  Changes in 0.4 - developmental release (16 Jun 2001)

* internally the rules are (almost) completely represented with
  XML object, managed with DOM API.
* added the "daxfiscript" command, a small utility written upon daxfilib.
* added the "daxfidump" command, so that you can automatically
  translate to XML your current firewall configuration.
* removed any SAX API; make use of DOM, instead.
* minor bugfixes in ipchains.c and iptables.c


  Changes in 0.3a (10 Jun 2001)

* removed a bug in transf_ip()
* small temporary fixes for IpchainsRule defaults problems.


  Changes in 0.3 (02 Jun 2001)

* an almost complete revision of the daxfilib library.
* some changes to the XML DTD that describes the rules.
* C modules for iptables/ipchains specific functions (removed RulesList).
* check if other instances of DAXFi are running (via file lock).
* the log code and how the rules are created are changed.
* autodetection for iptables/ipchains kernel support.
* better debug code.
* closed some file descriptor entering the daemon mode.
* dropped xmlutils parser support and modified the xmllib parser.
* introduced the iplib modules.
* many bugs fixed (many more introduced?)


  Changes in 0.2 (25 Apr 2001)

* works with ipchains.
* works with xmllib standard module; xmlutils is no more needed, but is
  still used if present.
* fixed a bug in the restricted environment for the plug-ins.


  Changes in DAXFi 0.1 (07 Apr 2001)

* first public release.
  

