8Signs Firewall v3.03 (Released October 29, 2007)

Bug Fixes:

* Fix to bug that was preventing manual additions to MAC address groups

* Fix to bug with trusted MAC addresses

* Fix to bug that was preventing the importing of entries to a MAC address group

* Fix to bug that caused "uknown message code" entries to be written to the log file

* Fix to bug in the Port Scan Exceptions code

* Fix to bug that could cause corruption to Groups (IP/Port/MAC) when administering the firewall through the Remote Admin Tool



8Signs Firewall v3.02 (released August 23, 2007) 

Bug Fix:

* Fixed bug that could cause the firewall to crash if the user attempted to sort an IP Address Group



8Signs Firewall v3.01 (released August 1, 2007) 

Improvements: 

* DNS Names - rules can now be based on DNS names in place of IP addresses. For example, you can now create a rule allowing RDP access _only_ from a particular host machine (i.e. your laptop running a dyndns client) 

* Added a Port Scan exceptions list. You can now designate IP addresses that are exempt from the Port Scan setting "Ban the IP address of the scanner". This is useful for people who want to ban (unknown) port scanners, but need to allow a monitoring application to scan their system. 

* Added a registry value for ICMP stateful inspection timeout. By default, the stateful inspection timeout for ICMP is 120 seconds.  If you need to change this, add the following registry DWord key and set it to the timeout value (in seconds) that you would like:

HKEY_LOCAL_MACHINE\SOFTWARE\8Signs\8Signs Firewall\ICMP Stateful Inspection Timeout [s]


* Added the ability to modify IP Groups from the command line. Following is the command set that is available:

dfw.exe -ipgroup update -name {name of group} -file {filename} 
dfw.exe -ipgroup add {address, address1-address2, address/mask} -name {name of group}
dfw.exe -ipgroup delete {address, address1-address2, address/mask} -name {name of group}

These commands will allow you to add/delete/modify IP Address Groups. For example, let's say you have a rule that is allowing access to your SQL Server on port 1433. The Remote Addresses that this rule will apply to are in an IP Group that you've created called SQLAllow. If you want to add IP address 209.103.14.89 to this group (meaning that this IP could then connect to the SQL Server), the command line would be: 
dfw.exe -ipgroup add 209.103.14.89 -name SQLAllow

Command functions:
update - will replace the entries in the group with those in the filename you have specified
add - will add IP's to the group (can use single addresses, ranges, or address/mask combintations)
delete - will remove IP's from the group

* Added an external log viewer application that allows you to create filtered views of your firewall log entries. This application requires Microsoft's .Net 2.0. 

Bug Fixes: 
Fix to Ports display not working on all 2003 Servers 
Fix to Remote Admin Tool not displaying IP Groups correctly after making a change to the group. 
Fix to Remote Admin Tool not displaying log entries. 
Fix to default values for NTP client and server rules. 
Fix to certain log entries being displayed twice.