v0.5.6

This release focuses on reliability improvements.

Main changes:

• When automatic backup is enabled, perform backup before upgrade or reinstallation
• Improved error messages when the firewall utility (nftables/iptables+ipset) is not detected
• Improved error messages in certain cases when fetch or application of ip lists fails
• Improved handling of missing or corrupted config
• Improved logic for recovery from fault conditions
• Connection check: increase timeout from 7s to 10s
• Simpler logic for detecting OpenWrt and loading the required library

Full Changelog: v0.5.5...v0.5.6

v0.5.5

This is mainly a bugfix release.

Bugs fixed:

• fetch: fix parsing of json files from RIPE where one of the ip families has no subnets
• fetch: fail gracefully when no applicable ip list id's found
• manage: fail gracefully when no applicable ip list id's found
• manage: fix ip lists restore from config and from backup when requested changes fail
• fix handling country codes which only have subnets in one ip family (exclusions can now be specified in the iplist-exclusions.conf file)
• fix handling of ip lists which only have 1 element

Full Changelog: v0.5.4...v0.5.5

v0.5.4

This release focuses on bug fixes and on reliability and usability improvements.

Main changes:

• reimplemented connectivity check which now relies on the same utility as used for normal ip lists download (curl/wget/uclient-fetch)
• improved console and error messages
• improved handling of missing or corrupted config files when uninstalling
• downloaded ip lists directory changed from /tmp to /tmp/geoip-shell

Bug fixes:

• fix connectivity check failing when the nslookup utility is missing or on systems which only allow specific DNS servers
• fix certain potential errors in the -apply script not handled correctly on OpenWrt
• fix geoip-shell data directory unnecessarily deleted and then recreated during initial setup
• fix duplicate warning messages when fetch fails
• fix incorrect units for packets and bytes count reported by geoip-shell status -V on nftables-based systems

Full Changelog: v0.5.3...v0.5.4

v0.5.3

Main changes in this version:

• iptables and nftables counters are now preserved when updating ip lists, after geoip-shell version upgrade and after reboot (only preserved after reboot if the nobackup option is disabled)
• minor logic improvements in the -manage script
• more efficient backup of ip lists on iptables-based systems
• improved some console messages
• updated documentation

Full Changelog: v0.5.2...v0.5.3

v0.5.2

Main changes in this release:

• bug fixed: when changing the update cron schedule, old cron job does not get removed

• bug fixed: in some edge cases, the update cron job may not be created

• bug fixed: incorrect mask bits used when creating a rule allowing for link-local connections (/8 instead of /10)

• bug fixed: fetch: fix running without root permissions after installation

• improvement for the nftables version: attach the base chain to the prerouting netfilter hook with priority -141 (rather than -150) to make rules processing deterministic when other rules exist which have priority 'mangle' (-150), thus making it easier to create custom rules which will be processed before geoip-shell rules

• the status report now includes information on currently used firewall backend utility (nftables or iptables)

• the 'geoip-shell configure' command now avoids re-fetching the ip lists when it's unnecessary

• the default update schedule's minute is now randomized between 10 and 20 (previously was always 15)

• the updates are now performed at a randomized second (between 0 and 59)

• the above 2 changes are intended to avoid putting unnecessary stress on the ip list source servers

• improved console messages and cosmetic improvements to the status report

• updated and improved documentation

• prep-owrt-package: improved documentation specific to OpenWrt package

• mk-owrt-package: now support 3 modes of operation: local build (default), build from remote known version, pulled from the openwrt-releases repo (use options '-r' and '-v ') and build from local source with upload to the openwrt-releases repo (only useful for myself).

P.s. geoip-shell has been recently merged into the OpenWrt packages development branch and the ipk's should be avaliable via the built-in opkg package management system in the next stable release. Currently the merged version is v0.5, I hope to merge the latest updates soon. For now, I'm continuing to provide the ipk's here as well.

Full Changelog: v0.5.1...v0.5.2

v0.5.1

Main changes in this release:

• Fixed a regression which caused the geoip-shell on command to error out on iptables-based systems
• Changes to prep-owrt-package.sh, mk-owrt-package.sh (now mk-owrt-package.sh supports options to either build from local source or from the geoip-shell-openwrt repo on github)
• Updated documentation

Full Changelog: v0.5...v0.5.1

v0.5

Main changes in this release:

• Consolidated a few library scripts to simplify the project a bit
• From this version on, when updating to newer versions of geoip-shell, previous config will be preserved and (except on OpenWrt when installed via ipk) the -install script will ask the user if they want to keep the previous config.
• The -install script no longer parses the configuration. This is now delegated to the -manage script which also simplifies the logic.
• The -n (for NoPersistence) and -N (for NoBlock) options in the -install script now require an argument: <true|false>
• Improved console messages and dialogs.
• Updated documentation.

Full Changelog: v0.4.9.2...v0.5

v0.4.9.2

This release fixes a minor bug where geoip-shell complains about missing dependencies when run without root permissions.

Full Changelog: v0.4.9.1...v0.4.9.2

v0.4.9.1

This is a minor bugfix release. Bugs fixed:

• Backup is performed twice when installing or under some conditions when running geoip-shell configure.
• Fixed a typo in the README.md file

Full Changelog: v0.4.9...v0.4.9.1

v0.4.9

This release focuses on security and reliability aspects.

Main changes:

• Set correct permissions for the status file and the datadir used by geoip-shell on OpenWrt
• Improved validation for strings which geoip-shell does not control, such as user input and data read from the filesystem
• Improved handling of unsafe strings
• Additional checks of critical variables in multiple scripts
• Improved trap signal handling (a trap means reacting to external signals, such as when the script gets closed by Ctrl+C etc - in these conditions it needs to clean up before exiting)
• Improved handling of weird network interface names in the command passed to nftables
• Fixed a bug with manually specifying multiple network interfaces
• The status report now reports some additional possible (but unlikely) issues, such as missing certain config entries
• Minor efficiency improvements in the way geoip-shell reads certain files in the filesystem

And some additional changes:

• Now the status report includes information about nftables sets optimization policy (memory or performance).
• The mk-owrt-package.sh script has been split into prep-owrt-package.sh and mk-owrt-package.sh, per user request. The prep- script prepares geoip-shell files for creating a package but doesn't build the package itself.
• Updated documentation.

Full Changelog: v0.4.8...v0.4.9