netscript-2.4 (5.1.0) unstable; urgency=low

  * Added initial support for laptops and whereami.  

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 29 Oct 2004 08:38:27 +1300

netscript-2.4 (5.0.14) unstable; urgency=medium

  * Merge in work down for NMU.
  * Get rid of startup and shutdown init calls in maintainer scripts. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed, 13 Oct 2004 08:40:55 +1300

netscript-2.4 (5.0.13-0.1) unstable; urgency=high

  * Non-maintainer upload.
  * High-urgency upload for (trivial,) sarge-targetted RC bugfix
  * Replace zebra with quagga in Recommends:, since the former is no
    longer available (closes: #273043).

 -- Steve Langasek <vorlon@debian.org>  Sat,  2 Oct 2004 03:07:00 -0700

netscript-2.4 (5.0.13) unstable; urgency=low
 
  * Added fix proposed by Bart Samwel <bart@samwel.tk>, fixing problem with
    saving of filters with  'netscript ipfilter save'  Local vars MANGLE and 
    FILTER were not initialised to zero in ipv4filter_check(). Also fixed
    ipv6filter_check(). (Closes: #267151)

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sat, 28 Aug 2004 19:12:06 +1200

netscript-2.4 (5.0.12) unstable; urgency=low

  * Fix  prerm script by editing out #DEBHELPER# This fixes problem
    where netscript closes down all interfaces on package remove or purge.
    Leaving proper clean up for a month to allow people to get rid of the
    bad prerm package maintainer scripts - will go to telling debhelper
    to only install /etc/rc.d startup/shutdown symlinks. (Closes: #241989)

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed,  9 Jun 2004 12:07:49 +1200

netscript-2.4 (5.0.11) unstable; urgency=low

  * Add support for iptables policy match module to close new ipsec
    packet injection hole.
  * Changed ipfilter-defs(5) man page for new IPSEC interface name
    directives.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 23 Apr 2004 14:28:40 +1200

netscript-2.4 (5.0.10) unstable; urgency=low

  * Initial work to  netscript to work with the 2.6 kernel.
  * Removed configuration samples for deprecated Free S/WAN support. Free
    S/WAN KLIPS is a real mess in terms of interfaces, routing and confg
    scripts!
  * Added mentions of 2.6 kernel in most places needed.  Man pages may need
    it.
  * Removed suggestion for vrrpd - this was a failed experiment.
  * Upgraded standards version to 3.6.1. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 26 Mar 2004 08:03:43 +1200

netscript-2.4 (5.0.9) unstable; urgency=low

  * Fix default case in init script. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 23 Dec 2003 15:48:23 +1300

netscript-2.4 (5.0.8) unstable; urgency=low

  * Basically a clean up to get ready to go into unstable.
  * Changed 'net' command to 'netscript' to stop a clash with samba-comon
    in sarge and sid.
  * Changed 'net-compile' to 'netscript-compile to match above.
  * Adjusted config files and other files to match above.
  * Removed conffile as this results in duplicate config file lintian
    warnings.
  * Fixed lintian warning about 'Upstream Author(s)'.
  * Updated Debian Standards version to 3.5.7 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 15 Dec 2003 22:05:30 +0000

netscript-2.4 (5.0.7) unstable; urgency=low

  * Added work around for kernel crash bug with psd and limit modules. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sun,  8 Jun 2003 00:12:04 +1200

netscript-2.4 (5.0.6) unstable; urgency=low

  * Added support for adjusting portscan chain psd module parameters
    to deal with high traffic situations.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Thu,  5 Jun 2003 16:12:25 +1200

netscript-2.4 (5.0.5) unstable; urgency=low

  * Previous change lost chaings in 5.0.3 with ipfilter-defs.conf.  Fixed. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue,  3 Jun 2003 15:45:20 +1200

netscript-2.4 (5.0.4) unstable; urgency=low

  * Fixed problem with startup getting order of chains in iplcl and ipfwd 
    in correct.  This was due to 2 ways of adding chains into these, a simple
    add on start up, and then indexing for manual incremental add ins.  Gone
    to indexing mode for all additions, and made function that returns index
    into iplcl and ipfwd a lot faster (O(n) instead of O(n2).). The change
    is only in /etc/netscript/ipfilter-defs.conf, has been tested carefully, 
    and does nto affect the rest of the netscript system.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue,  3 Jun 2003 14:16:41 +1200

netscript-2.4 (5.0.3) unstable; urgency=low

  * Fixed problem with REJECT_UDP_NET - '-m STATE' should be '-m state'.
  * Added new alternative FreeS/WAN start up code for multiple interfaces.
    network.conf needs a cleanup for next release that is backwards
    compatible.
  * Fixed --pkt-type argmuents in ipfilter-defs.conf.  Fixes dropping
    of BROADCAST packets for INPUT and FORWARD chains.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Thu, 29 May 2003 09:47:28 +1200

netscript-2.4 (5.0.2) unstable; urgency=low

  * Updated ipfilter-defs.5 manpage for new compile rules below. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed, 23 Apr 2003 07:58:08 +1200

netscript-2.4 (5.0.1) unstable; urgency=low

  * Added support for more logging targets, for each type of new coonnection,
    so that strings can be prepended to log messages.  New compile targets
    are LOG_BROADCAST, LOG_PROTO, LOG_UDP, LOG_TCP, LOG_UDP_NET, LOG_TCP_NET,
    LOG_NET, LOG_IFACE, LOG. The new LOG_MSG and LOG_MSG_RESET are used to 
    set the log text.
  * Added support for network addresses for UDP, and TCP.  Targets are 
    ACCEPT_TCP_NET, ACCEPT_UDP_NET, REJECT_TCP_NET, REJECT_UDP_NET,
    DROP_TCP_NET, and DROP_UDP_NET, as well as above log targets.
  * Fixed spelling bug with the net-compile run messages.
  * Fixed net-compile bug where script would compile then give up with and
    error exit, and not complete compiling when there where no rules
    defined in ipfilter-defs files.
  * Manpages left to next minor release as this one has to get out the door...

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 15 Apr 2003 11:30:46 +1200

netscript-2.4 (5.0.0) unstable; urgency=low

  * Changed netscript so that it can support compiling and configuring 
    from ipfilter-defs on start up.
  * Added type checking as much as practical to the net-compile command.
  * Updated manpages for existing commands.
  * Created manpages for ipfilter-defs.
  * Moved net-compile to /sbin from /usr/sbin.
  * Set permissions on install to 700 for ipfilter-defs directory as it
    contains security information.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 24 Mar 2003 15:09:50 +1200

netscript-2.4 (4.23) unstable; urgency=low

  * Added MARTIAN_BYPASS to ipf4_martians so that some source addresses
    can be by passed in martians check.
  * Fixed some of the examples in ipfilter-defs configuration.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed, 26 Feb 2003 15:36:08 +1300

netscript-2.4 (4.22) unstable; urgency=low

  * Made some corrections for missing files etc.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 25 Feb 2003 14:08:57 +1300

netscript-2.4 (4.21) unstable; urgency=low

  * Initial packaging of net compile functionality for IPv4.
    Documentation will be in next one, this is a trial build an run package.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 25 Feb 2003 13:38:46 +1300

netscript-2.4 (4.20) unstable; urgency=low

  * Fix bug with interface type stop functions not execuiting due to 
    missing 'type' keyword.
  * Made /sbin/net work with non modular kernels, in the case where lsmod
    is not installed, and where it is.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sat,  1 Feb 2003 17:03:45 +1300

netscript-2.4 (4.19) unstable; urgency=low

  * Install missing changelog... 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Thu, 16 Jan 2003 11:43:13 +1300

netscript-2.4 (4.18) unstable; urgency=low

  * Removed Debian sub versioning as the debian package is maintained in 
    parallel to the source.
  * Removed vrrpd code as the daemon is unstable.  Included example of how
    to get package going with heartbeat.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Thu, 16 Jan 2003 10:53:45 +1300

netscript-2.4 (4.17-1) unstable; urgency=low

  * Fixed bug with /32 and /128 netmasks not being given in ethx_IPADDR.
  * Made VRRPD code work properly... - stopped new address code removing 
    VRRPD IP addresses.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed,  8 Jan 2003 10:13:03 +1300

netscript-2.4 (4.16-1) unstable; urgency=low

  * Adjusted module loading for ipt_helper module in 2.4.20
  * Fixed bug with deleting extraneous bridges where interfaces
    on running bridges were assumed to be disused bridges.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri,  3 Jan 2003 12:10:38 +1300

netscript-2.4 (4.15-1) unstable; urgency=low

  * Add support for vrrpd daemon.
  * Revamp the handling of the forwarding switch, and add commands to help 
    handle it.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 30 Dec 2002 15:38:56 +1300

netscript-2.4 (4.14-1) unstable; urgency=low

  * Add ingress check rule and portscan chan for psd module to ipfilter.conf
  * Make ipfilter.conf test for and load /etc/netscript/ipfilter-local.conf
    if present.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 26 Nov 2002 13:12:19 +1300

netscript-2.4 (4.13-1) unstable; urgency=low

  * Fix ipsec modules not unloading on 'net stop'.  Function
    call was missing in stop_mod().

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 18 Nov 2002 15:00:34 +1300

netscript-2.4 (4.12-1) unstable; urgency=low

  * Fixed ipsec startup to deal with Free S/WAN .pid files if the machine
    went off because of power failure - ipsec0 was not starting
  * Fixed problem with source blocking in the IPv4 inbrdr chain creation
    - inbound source blocking was setting the destination instead of the 
    source address.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sun, 10 Nov 2002 10:03:49 +1300

netscript-2.4 (4.11-1) unstable; urgency=low

  * Added support to load and unload Free S/WAN ipsec module, and extension
    modules as found in Debian Woody, and used in the Debian Router Project.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 29 Oct 2002 22:57:36 +1300

netscript-2.4 (4.10-2) unstable; urgency=low

  * Fixed some of the comments in the network.conf file to make things 
    clearer.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 29 Oct 2002 06:55:51 +1300

netscript-2.4 (4.10-1) unstable; urgency=low

  * New Upstream Version
  * Fix problem with mangling set up preventing Free S/WAN from working 
    properly - packet mangling was causing rerouting of ESP packets back
    into ipsec0 tunnel device...
  * Added support for adding static routes/static ARPs on interface 
    start/reload.
  * Added support for subordinate interfaces (for controlling
    tunnels etc).

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 28 Oct 2002 23:22:56 +1300

netscript-2.4 (4.04-2) unstable; urgency=low

  * Fix up Free S/WAN start up so that rp_filter can be used...

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 18 Oct 2002 10:24:24 +1300

netscript-2.4 (4.04-1) unstable; urgency=low

  * Fix IPv4 icmp chain creation barfing because of conflict with protocol 
    name... go figure.
  * Add support for Free S/WAN ipsec on one interface.
  * Add support for interface shutdown to chain shutdown of tunnel interfaces
    with manual manipulation...

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed, 16 Oct 2002 11:28:30 +1300

netscript-2.4 (4.03-1) unstable; urgency=low

  * New upstream release with fix for dynamic interfaces that don't exist 
    at boot, otherwise you cannot manually start them.
  * Fix minor problem with hlp output and long interface lists.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri,  4 Oct 2002 11:26:08 +1200

netscript-2.4 (4.02-1) unstable; urgency=low

  * New upstream release with tweaks and support for new 2.4.18-ac3 router
    kernels.
  * Added support for having iptables base modules compiled into the kernel
    by putting test into /sbin/net load_module() to test if base module
    is on the file system.
  * Added support for the following iptables 1.2.6a modules which have special
    dependencies:
    ipt_conntrack, ipt_NETMAP, ipt_SAME, ipt_POOL, ip_pool, and ipt_pool.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Tue, 26 Mar 2002 12:17:56 +1200

netscript-2.4 (4.01-1) unstable; urgency=low

  * Added corrected ppp interface stuff to network.conf
  * Corrected some documentation in network.conf about QoS

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 28 Dec 2001 14:25:27 +1300

netscript-2.4 (4.0-4) unstable; urgency=low

  * Changed permissions of /etc/netscript/network.conf and ipfilter.conf 
    to 0644 from 0600  as they do not contain information that is that 
    sensitive anymore.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Mon, 10 Dec 2001 20:52:24 +1300

netscript-2.4 (4.0-3) unstable; urgency=low

  * Fixed problems with build depends by switching to 'Build-Depends-Indep'. 

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sat,  8 Dec 2001 11:26:46 +1300

netscript-2.4 (4.0-2) unstable; urgency=low

  * Fixed problem with Build-Depends being in binary section of control file,
    and not being in the Source section as required.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Wed,  5 Dec 2001 15:05:02 +1300

netscript-2.4 (4.0-1) unstable; urgency=low

  * New version 4.0 with the following major changes
  * Converted to kernel 2.4.x, and iptables
  * Added IPv6 support, ip6tables and IPv6 interface configuration.
  * Removed filter and masquerade listing support as people should be using 
    the iptables commands
  * All the old ipchains filtering scripts have been removed and
    replaced with shell script fragments via the ipfilter exec command.
  * Configuration is now saved to disk using the iptables-restore 
    and iptables save commands (IPv4 and IPv6).
  * Converted output messages to Debian format
  * Added code to load/unload iptables and QoS modules on start
    and stop.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sat,  1 Dec 2001 14:33:21 +1300

netscript-2.2 (3.03-0potato1) unstable; urgency=low

  * Added ability to set/override multicast fflag and mtu of interface
  * Added IP source IP/network specification to DMZ_OPEN_DEST and 
    DMZ_CLOSED_DEST lists for DMZ network access control filters

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sun, 21 Jan 2001 22:54:16 +1300

netscript-2.2 (3.02-0potato1) unstable; urgency=low

  * Fixed problem with OSPF multicasts being blocked by the external 
    interface filtering.  The obstruction could cause problems with 
    Zebra ospfd and other OSPF daemons in general.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Thu,  7 Dec 2000 08:35:49 +1300

netscript-2.2 (3.01-0potato1) unstable; urgency=low

  * Removed unused INTERN_IF variable from network.conf
  * Fixed QoS reload for PPP interfaces
  * Reworked QoS loading for PP interfaces to make it nicer

 -- Matthew Grant <grantma@anathoth.gen.nz>  Sun,  3 Dec 2000 17:41:22 +1300

netscript-2.2 (3.0-0.9) unstable; urgency=low

  * Initial Release.
  * first release in a tar ball format.  This basically a
    rehash of what is in LRP Eiger.
  * More chains used to reduce CPU load on router filtering
    operations,
  * QoS made usable b y adding reload commands and providing
    facility to set aside lumps of bandwidth
  * More options provided to net command to make it more
    intiuitive to use
  * Added ability to list individual chains
  * Adapted for Debian and overhauled it to increase effeciency.
  * As this package will change rapidly, man pages are not available but
    will be written when stabilised.

 -- Matthew Grant <grantma@anathoth.gen.nz>  Fri, 24 Nov 2000 17:07:15 +1300

Local variables:
mode: debian-changelog
End:
