Releases: friendly-bits/geoip-shell
v0.5.6
This release focuses on reliability improvements.
Main changes:
- When automatic backup is enabled, perform backup before upgrade or reinstallation
- Improved error messages when the firewall utility (nftables/iptables+ipset) is not detected
- Improved error messages in certain cases when fetch or application of ip lists fails
- Improved handling of missing or corrupted config
- Improved logic for recovery from fault conditions
- Connection check: increase timeout from 7s to 10s
- Simpler logic for detecting OpenWrt and loading the required library
Full Changelog: v0.5.5...v0.5.6
v0.5.5
This is mainly a bugfix release.
Bugs fixed:
- fetch: fix parsing of json files from RIPE where one of the ip families has no subnets
- fetch: fail gracefully when no applicable ip list id's found
- manage: fail gracefully when no applicable ip list id's found
- manage: fix ip lists restore from config and from backup when requested changes fail
- fix handling country codes which only have subnets in one ip family (exclusions can now be specified in the
iplist-exclusions.conf
file) - fix handling of ip lists which only have 1 element
Full Changelog: v0.5.4...v0.5.5
v0.5.4
This release focuses on bug fixes and on reliability and usability improvements.
Main changes:
- reimplemented connectivity check which now relies on the same utility as used for normal ip lists download (curl/wget/uclient-fetch)
- improved console and error messages
- improved handling of missing or corrupted config files when uninstalling
- downloaded ip lists directory changed from /tmp to /tmp/geoip-shell
Bug fixes:
- fix connectivity check failing when the nslookup utility is missing or on systems which only allow specific DNS servers
- fix certain potential errors in the -apply script not handled correctly on OpenWrt
- fix geoip-shell data directory unnecessarily deleted and then recreated during initial setup
- fix duplicate warning messages when fetch fails
- fix incorrect units for packets and bytes count reported by
geoip-shell status -V
on nftables-based systems
Full Changelog: v0.5.3...v0.5.4
v0.5.3
Main changes in this version:
- iptables and nftables counters are now preserved when updating ip lists, after geoip-shell version upgrade and after reboot (only preserved after reboot if the nobackup option is disabled)
- minor logic improvements in the -manage script
- more efficient backup of ip lists on iptables-based systems
- improved some console messages
- updated documentation
Full Changelog: v0.5.2...v0.5.3
v0.5.2
Main changes in this release:
-
bug fixed: when changing the update cron schedule, old cron job does not get removed
-
bug fixed: in some edge cases, the update cron job may not be created
-
bug fixed: incorrect mask bits used when creating a rule allowing for link-local connections (/8 instead of /10)
-
bug fixed: fetch: fix running without root permissions after installation
-
improvement for the nftables version: attach the base chain to the prerouting netfilter hook with priority -141 (rather than -150) to make rules processing deterministic when other rules exist which have priority 'mangle' (-150), thus making it easier to create custom rules which will be processed before geoip-shell rules
-
the status report now includes information on currently used firewall backend utility (nftables or iptables)
-
the 'geoip-shell configure' command now avoids re-fetching the ip lists when it's unnecessary
-
the default update schedule's minute is now randomized between 10 and 20 (previously was always 15)
-
the updates are now performed at a randomized second (between 0 and 59)
-
the above 2 changes are intended to avoid putting unnecessary stress on the ip list source servers
-
improved console messages and cosmetic improvements to the status report
-
updated and improved documentation
-
prep-owrt-package: improved documentation specific to OpenWrt package
-
mk-owrt-package: now support 3 modes of operation: local build (default), build from remote known version, pulled from the openwrt-releases repo (use options '-r' and '-v ') and build from local source with upload to the openwrt-releases repo (only useful for myself).
P.s. geoip-shell has been recently merged into the OpenWrt packages development branch and the ipk's should be avaliable via the built-in opkg package management system in the next stable release. Currently the merged version is v0.5, I hope to merge the latest updates soon. For now, I'm continuing to provide the ipk's here as well.
Full Changelog: v0.5.1...v0.5.2
v0.5.1
Main changes in this release:
- Fixed a regression which caused the
geoip-shell on
command to error out on iptables-based systems - Changes to prep-owrt-package.sh, mk-owrt-package.sh (now mk-owrt-package.sh supports options to either build from local source or from the geoip-shell-openwrt repo on github)
- Updated documentation
Full Changelog: v0.5...v0.5.1
v0.5
Main changes in this release:
- Consolidated a few library scripts to simplify the project a bit
- From this version on, when updating to newer versions of geoip-shell, previous config will be preserved and (except on OpenWrt when installed via ipk) the -install script will ask the user if they want to keep the previous config.
- The -install script no longer parses the configuration. This is now delegated to the -manage script which also simplifies the logic.
- The
-n
(for NoPersistence) and-N
(for NoBlock) options in the -install script now require an argument:<true|false>
- Improved console messages and dialogs.
- Updated documentation.
Full Changelog: v0.4.9.2...v0.5
v0.4.9.2
This release fixes a minor bug where geoip-shell complains about missing dependencies when run without root permissions.
Full Changelog: v0.4.9.1...v0.4.9.2
v0.4.9.1
This is a minor bugfix release. Bugs fixed:
- Backup is performed twice when installing or under some conditions when running
geoip-shell configure
. - Fixed a typo in the README.md file
Full Changelog: v0.4.9...v0.4.9.1
v0.4.9
This release focuses on security and reliability aspects.
Main changes:
- Set correct permissions for the status file and the datadir used by geoip-shell on OpenWrt
- Improved validation for strings which geoip-shell does not control, such as user input and data read from the filesystem
- Improved handling of unsafe strings
- Additional checks of critical variables in multiple scripts
- Improved trap signal handling (a trap means reacting to external signals, such as when the script gets closed by Ctrl+C etc - in these conditions it needs to clean up before exiting)
- Improved handling of weird network interface names in the command passed to nftables
- Fixed a bug with manually specifying multiple network interfaces
- The status report now reports some additional possible (but unlikely) issues, such as missing certain config entries
- Minor efficiency improvements in the way geoip-shell reads certain files in the filesystem
And some additional changes:
- Now the status report includes information about nftables sets optimization policy (memory or performance).
- The mk-owrt-package.sh script has been split into prep-owrt-package.sh and mk-owrt-package.sh, per user request. The prep- script prepares geoip-shell files for creating a package but doesn't build the package itself.
- Updated documentation.
Full Changelog: v0.4.8...v0.4.9