- Port range (xxx:yyy) support
- Multiport services are now solving conflicts on their own
- Multiple fixes
- NIDS ( scan detection ) is on and running
- Add IPtables rule mutliport support (use {PORTS} template)
- Logging is moved out of befw core
- Consul KV errors doesn't affect ipset content anymore
- debug log is now hidden in production
- new config options & timeouts
- befw watcher optimisations
- befw-sync refactoring
- go mod 2.0
- befw now has timeouts for consul connections
- befw now uses stale to get updates faster
- new paths:
$ipset$ for ipsets and$service$ for services
- befw now checks if its rules is consistent
- befw now can recover firewall access if consul is dead with a hard-coded ( TOTO: configured ) networks
- fix 0.0.0.0/0 centos7 ipset bug
- befw-sync now wipes old records
- documentation fixes
- befw-sync timeouts & races fixed
- Uses short hostnames instead of FQDN
- Additional sleep(s) if errors repeat
- Fix ipset refresh
- Fix static ipset aliases
- a huge documentation update
- befw-firewalld now supports configuration file
- All hard-coded settings gone to the past
- Multiple ports support for services via tags
- Performance optimisation
- befw-sync added
- logging improvements
- ipset name length quickfix
- befw-cli - new functions
- befw-cli program added
- now befw-firewalld watches for kv & services changes
- befw-firewalld now supports data collection via NFLOG:402
- befw-firewalld now watches for configuration changes
- Empty ( collect all/block all ) ipset support
- Alias (befw/$alias$/*) support
- Initial version