-
Notifications
You must be signed in to change notification settings - Fork 263
/
ChangeLog
115 lines (96 loc) · 4.45 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
Changes Log
==========================================================================
Version 1.3 - Date 21/11/2018
* Implemented bandwidth rate control.
* Traffic shaping works on both directions: ingress/outgress.
* Introduced usage of ifb kernel module to redirect ingress
and be able to filter it.
* Added iftop as new dependency.
* Added tc as new dependency needed for traffic shaping.
Version 1.2 - Date 17/11/2018
* Implemented banning rules per incoming port.
* Print remaining time on bans list.
* Renamed PORT_MAX_CONNECTIONS to PORT_CONNECTIONS
* Updated man page.
* Updated ddos.conf file.
* Restored bsd support by using netstat if ss is unavailable.
* Use ipfw to block ipv6 addresses on bsd.
Version 1.1 - Date 11/11/2018
* Fixed syntax error introduced in 1.0 thanks to @MarcelFox
* Fixed issue #36 (cron file created incorrectly).
* Added cron job deprecation warning, daemon mode should be used instead.
* Fixed many issues reported by shellcheck.
* Added IPv6 support
* Use ss instead of netstat.
* started some drafting to add blocking by port support.
* Improved ban_incoming_only
* Eliminate some command steps to improve performance.
* Removed HOST_IP since it is no longer necessary.
* Fixed improper call to grepcidr.
* Minor man page changes.
* Added ip6tables to dependencies list and removed netstat.
Version 1.0 - Date 06/11/2018
* Support for ip ranges (CIDR) on the ignore.ip.list thanks to
safly (https://github.com/safly)
* grepcidr install requirement introduced with the support for CIDR
* New syntax supported on ignore.ip.list
a.b.c.d/xy (CIDR format)
a.b.c.d-e.f.g.h (IP range)
For more details read the grepcidr man page.
* Fixed bug $CONF not found thanks to
WoozyMasta (https://github.com/WoozyMasta)
* Added unban flag -u --unban
* Added logrotate configuration file to uninstall script.
* Prioritize systemd detection on install script.
Version 0.9 - Date 05/03/2017
* Support for freebsd and many other improvements thanks to
Marc S. Brook (https://github.com/nuxy)
* Added option to only block incoming connections thanks to
Fathardie (https://github.com/Fathardie)
* Optional automatic installation of dependencies on the install script
thanks to gloomy-ghost (https://github.com/gloomy-ghost)
* Some other fixes and improvements thanks to
mean-cj (https://github.com/mean-cj)
Version 0.8 - Date 25/09/2015
* Use a separate bans list file instead of reusing the ignore
whitelisted file which is more secure on case of unexpected
system reboot.
* Added default settings to ddos script.
* Added --bans-list|-b option to view currently banned ip's.
* Added check for missing dependencies on installer script.
* Unban ip's on the daemon loop instead of creating new unban processes.
* Added hostname to email notification.
* Execute tcpkill when ip is banned for 60 seconds and kill it.
Version 0.7 - Date 26/06/2015
* Moved configuration files to /etc/ddos/
* Whitelist hostnames, via /etc/ddos/ignore.host.list.
* The script can run as a daemon with monitoring frequency in seconds
defined by DAEMON_FREQ
* Auto-detection of available firewall for use.
* Added support for CSF file.
* Added man page.
* Added init.d script.
* Added systemd service support.
* Added support for DESTDIR and a Makefile for easier packaging.
* Added command option to list whitelisted addresses.
* Added --view|-v option.
* Added logging.
* Improved installer and uninstaller.
* Installer does not overrides configuration files.
* New configuration option FIREWALL (see man ddos).
* New configuration option CONN_STATES (see man ddos).
* Check ip of local interfaces and whitelist them to prevent self bans.
* Improved netstat command to support ipv6 (experimental).
* Removed .cron extension of generated cron file because it seems
to cause issues.
* Removed KILL from conf (use -v|--view instead).
Version 0.6 - Date 01/01/2005
* Original work by Zaf <[email protected]> from which this work is based.
* It is possible to whitelist IP addresses, via
/usr/local/ddos/ignore.ip.list.
* Simple configuration file: /usr/local/ddos/ddos.conf
* IP addresses are automatically unblocked after a preconfigured time
limit (default: 600 seconds)
* The script can run at a chosen frequency in cron via the
configuration file (default: 1 minute)
* You can receive email alerts when IP addresses are blocked.