Hi, This version fixes two different memory leaks. The first one is the patch from David and the second is a problem, now fixed, with state sessions created by proxies. The state session one can be measured by comparing the output of "ipfstat -sl" with the number of active states reported in "ipfstat -s".
The other significant change is I believe NAT should now work on Linux now that IPFilter correctly alters the outbound IP header checksum. I'd appreciate feedback from people that this is important to. For now I've put off fixing the PPTP proxy for RDR and the patches made available recently are not included. Unfortunately I can't pgp sign things, yet but I'll work on it. http://coombs.anu.edu.au/~avalon/ip_fil4.1.6.tar.gz http://coombs.anu.edu.au/~avalon/patch-4.1.6.gz Darren 4.1.5 - Released 19 February 2005 add a new timeout number to NAT (fr_defnatipage) that is used for all non-TCP/UDP/ICMP protocols - default 60 seconds. buffer leak with bad nat - David Gueluy fix memory leak with state entries created by proxies eliminate copying too much data into a scan buffer allow a trailing protocol name for map rules as well as rdr ones fix bug in parsing of <= and > for NAT rules (two were crossed over) FreeBSD's iplwrite hasn't kept pace with iplread's prototype expand documention on the karma of using "auto" in ipnat map rules add matching on IP protocol to ipnat map rules allow ippool definitions to contain no addresses to start with Linux NAT needs to modify the IP header checksum as it gets called after it has been computed by IP. UDP was missing a pullup for packet header information before examining the header 4.1.5 - Released 9 January 2005
