Changes since 1.3.5:
- Fixed bug: ipa incorrectly worked when some IPFW/IP6FW/IPF/PF
rule overflowed and this rule is not the first by order in the
corresponding parameter (in "ipa -t" output), it calculated more
bytes than actually should be calculated
- Fixed two bugs: ipa sometime incorrectly did accounting for limits
if statistics was subtracted in some rule
- Fixed bug: limit's start_time could be yyyy.mm.dd/24:00:00
in the database, mktime(3) on tested systems understands such
local time and transforms it to next_day/00:00:00, now start_time
can't be 24:00:00 any more and always is next_day/00:00:00.
- Fixed bug: if new_local_time - old_local_time > one_day (for
example as the result of date of ntpdate commands usage), then
ipa thought that a new day came, now it tries to find out if
local time is changed too quickly
1.3.5 08/07/2003 released
- Now ipa(8) removes created PID-file when exits
- Not it is possible to use OpenBSD PF on not OpenBSD (see the INSTALL file)
- Added a new parameter "debug_worktime"
- Some fixes for code that runs commands
Addresses PR pkg/21719 by Andrey Simonenko (MAINTAINER).
Changes:
- don't include bsd.pkg.install.mk if USE_PKGINSTALL is already set
- restrict to *BSD
- install /var/ipa directory
- fix paths in manual pages
- better rc scripts, NetBSD native and generic one
- DESCR has 80 columns
1.3.4:
======
- Added support for PF from OpenBSD 3.3
- Minor changes
From Andrey Simonenko in PR#21224.
Changes since 1.3.2:
- Fixed two bugs in ipa(8), which caused core dumps: if there were one or
some `\t' characters after the "rule" or "limit" keyword in ipa.conf(5),
then ipa(8) wasn't able to parse such configuration file
- File /var/ipa/## lock ## was renamed to /var/ipa/lock db, because
BSD daily script deletes files with `#' characters. All should remove
the /var/ipa/## lock ## file
- Minor improvements and changes
- Some bugs in IP Filter support code were found and fixed, whole code,
which works with IP Filter, was rewritten and now has a new design,
which is much simpler for supporting and faster than previous one
- Fixed bug with the global "shutdown" section: when ipa(8) receives
the HUP signal, it destroyed information about commands in the global
"shutdown" section
- Some bugs with memory usage were fixed: ipa(8) and ipastat(8) could
free(3) not allocated chunks of memory
- Fixed several minor bugs in IPv4/v6 Firewall and Packet Filter
support code
Changes in ipa-1.3.1 (from the ipa-1.3.1/HISTORY file):
1. Some improvements for ipa(8) were implemented, as a result
ipa(8) now uses less CPU time when works with many rules and
with many limits.
2. Fixed incorrectly rounded Kbytes, Mbytes, Gbytes and Tbytes in
output of ipastat(8).
3. Fixed some minor bugs in ipa(8).
Package changes:
1. Two MASTER_SITES were removed.
2. MAINTAINER email was changed.
3. ALL_TARGET was "disabled", let original Makefile finds
right target.
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
- Now the "worktime" parameter is completely supported
- Now IPA can be downloaded from http://ipa-system.sourceforge.net/
- Some bugs with "limit" sections were fixed
- One bug and memory leak with the "db_dir" parameter were fixed
Patch provided by Andrey Simonenko (maintainer) in PR pkg/19755.
- Fixed support for 32-bits IP Filter v3.4.x rule group numbers (previous
incorrect implementation was introduced in IPA-1.1.3)
- Now it is possible to remove not needed accounting systems support
with the help of -DWITHOUT_{IPFW|IP6FW|IPFIL|PF} options
- Now FreeBSD IPFW2 is supported
- "getsockopt(IPV6_FW_GET): Invalid argument" IPv6 Firewall bug was fixed
- Minor improvements for IPv4/v6 Firewall support
Changes:
- Locale names have been renamed ru_SU* -> ru_RU*, ru_SU* now are symlinks
- Fixed some minor bugs
- Now a new record is added to each accounting file after reconfiguration
- Now ipa(8) and ipastat(8) do not use database locking feature by default
- All manual pages were updated to reflect changes in IPA
- The -u switch was removed from and the -L switch was added to ipastat(8)
- All code of ipa(8) was revised, now ipa(8) tests directories and
files in the database more carefully
- Several bugs and memory leak with the "db_dir" parameter were fixed
- Added new parameter "db_group"
- Parameters "acl", "db_owner", "db_perm" have been removed
Package changes:
- added some HTTP and FTP mirrors;
- removed installation of ${DSTEXAMPLEDIR} directory, because it is
installed from the port's Makefile;
- updated DESCR to reflect current state of IPA.
- Honor PKG_SYSCONFDIR and use bsd.pkg.install.mk to handle config files
and rc.d scripts.
- Memory access fixes.
- Now '{', '}', '#' and ';' characters are not allowed for naming
rules and limits.
*** SECURITY UPDATE ***
Removed SUID bit from ipastat(8) due to security problems (and don't
even try to set it back). Admins who use the "db_owner" parameter
*and* use some safe user/group, *and* didn't forget to set the same
safe user/group for the ipastat(8) program, as it was said in the
SECURITY NOTE on the ipastat(8) manual page, should not worry a lot.
Admins who ignored that SECURITY NOTE should double check the security
of their systems and change all passwords, secrets keys, etc. if you
think that somebody cracked your systems by ipastat(8).
* added NO_PACKAGE as this must be built for each host
Changes since 1.1.6:
- Added new switch to ipastat(8): -x, treat rule names as POSIX
regular expressions
- Added new switch to ipastat(8): -p <time-back>
- Added new switch to ipastat(8): -k, assume that 1k is equal to 1000 bytes
- Now it is possible to use abbreviated month names in -i and -I options
in ipastat(8)
- Now it is possible to run from the ipa(8)'s command line commands from
"reach" and "expire" sections
- Added new section "include" and new parameter "debug_include" to
the configuration file, also two switches "-tt" for ipa(8) have new sense
- bug fixes
Andrey Simonenko in PR/14281.
IPA allows to make IP accounting (network accounting) based on
IP Filter accounting rules on NetBSD, OpenBSD and FreeBSD.
It supports limits for accounting rules and limits events as
"limit is reached", "reached limit is expired", etc. It understands
time intervals like "end of day", "end of week", "end of month", etc.
There is a special viewer for accounting database and access control
lists which allow or disallow one to view accounting information
for rules.