BOT - Changelog

BlockOutTraffic for IPCop 1.4.18 and newer

11 April 2008
Version 3.0.0 - Build 3

  • Make RED interface selectable as source interface when BOT advanced mode is disabled. RED interface is still only allowed when the rule action is drop/reject.
  • Display inverted interface with black text instead of red text when interface is RED.


5 February 2008
Version 3.0.0 - Build 2

  • Fix validation of source port
  • Fix detection of Ipsec VPN on red
  • Remove protocol 'ALL' from list of protocols on the custom service page. If someone want to allow 'all' protocols, just leave the "use service" option unchecked, there will be no restriction by service/protocol.


12 Januar 2008
Version 3.0.0 - Build 1

  • BOT controlles (e.g. block) Ipsec and OpenVPN/Zerina (v0.9.5b or newer) VPN connections traffic too. You have to create BOT rules to allow VPN traffic flow.
  • In advanced BOT mode you can select a destination interface color. BOT creates a iptables rule for each destination interface which matches the selected color or is less secure (e.g. select 'blue' and BOT creates rules for blue, orange and red destination interfaces).
  • Allow portranges in source port of BOT rules (advanced BOT mode).
  • Option (in BOT settings) to show interfaces colors in rule overview.
  • If BOT adv. mode is disabled and you create a rule with source interface in less secure network than destination address (e.g. from Blue -> Green Network) there is an info/error message now. Those rules are not possible as the destination interface is preset automatically in non-advanced mode to don't allow traffic in more secure networks. In previous BOT releases this was don't automatically already but without message, so some users create those rules and wonder why it is not working.
    As BOT only knows the colors of the default addresses the message is only shows when select destination address is one of those. When an other address (custom, textual address input etc.) is selected, there is no message but BOT does naturally still block traffic to more secure networks.
  • Rename protocol 50 (used for ipsec VPN) from 'ipv6-crypt' to 'esp'. If you used this protocol in the custom services, the custom service is changed automatically too.
  • Added portuguese translation.
  • Bug: Fix sorting of custom services.


23 Juli 2007
Version 2.3.2 - Build 3

  • Added russish language support.
  • Allow + at the end of an custom interface definition (e.g. ipsec+).


27 February 2007
Version 2.3.2 - Build 2

  • Added turkish language support.


24 January 2007
Version 2.3.2 - Build 1

  • Bugfix: Invert of destination addresses was not working correctly.
  • Add online check for new BlockOutTraffic version (disabled by default).


14 August 2006
Version 2.3.1 - Build 2

  • Fix timeframe rules: the timeframe rules were not always deactivated at endtime.


19 Juli 2006
Version 2.3.1 - Build 1

  • The iptables rules are only re-created when there is a change and not every 5 minutes like in previous BOT versions.
  • Hide IPCop addresses in BOT rule creator as it make no sense to use them in a rule. Many people did use them accidentally when they want "Green Network" and select "Green Address".
    Your old config will _not_ be changed automaticaly!


12 April 2006
Version 2.3 - Build 4

  • Bugfix: the characters ' " & > < are not allowed anymore in advanced BOT Config names (groups, addresses and services), the characters will be removed automaticaly.
  • Suppress error message in default deny rule when using orange and red is not up.
  • Minor cosmetical GUI re-arrangements


03 March 2006
Version 2.3 - Build 3

  • Bugfix: The config of older BOT version than 2.2.2 was not restored correctly on install. This fix of the restore routine is the only change to build 2.


13 Februar 2006
Version 2.3 - Build 2

  • Bugfix: The "Used Count" of address groups was not set correctly when using an address Group as destination

When you are using an address group as destination in your BOT rules and want to correct the "Used Count", remove all BOT rules with address group (in source or destination) first and then re-create them after you have installed the new BOT release.


07 Februar 2006
Version 2.3 - Build 1

  • Grouping of IP hosts/nets and MAC addresses. There is a new section in "Advanced BOT Config"
  • Custom MAC addresse
  • Internal changes
  • You can select single weekdays for the timeframe restrictions
  • Drop "native" rules feature.
    If you have entered "native" rules in an older BOT version, you should put those rules
    in the IPCop file for own iptabeles rules:
    Use the standard chains CUSTOM* for your rules.
  • Added german readme
  • Standalone installation of BOT without Addons Server is possible now (BOT can still be installed via Addons Server)
  • New Homepage for BlockOutTraffic:


15 July 2005
Version 2.2.2 - Build 1

  • Grouping of services. There is a new section in "Advanced BOT Config"
    page for grouping of services.


31 May 2005
Version 2.2.1 - Build 1

  • BOT uses his own iptables chains (BOT_INPUT and BOT_FORWARD).
    So it is possible to define own CUSTOM* rules in rc.firewall.local or use other
    MODs (like TrafficControlAndReport) which use iptables rules too.


09 May 2005
Version 2.2 - Build 2

  • The rule wizard is removed, all rule settings on one page again
  • You can copy a rule as template for a new rule
  • Some bugfixes to v2.2 build 1


11 April 2005
Version 2.2 - Build 1

  • Only one mode:
      Block Traffic from internal -> Outside AND internal -> IPCop
  • Much more flexible rule creator
  • Support for BLUE interface
  • You can specify a timeframe when the rule is activ
  • OrangeAsGreen Support is not longer available. In IPCop 1.4 you can use " BLUE" instead of "Orange".
    Blue can use Proxy and is allowed (with restrictions) to access IPCop.


20 October 2004
Update 02

  • Restores old config files of previous installed 2.1 BOT if available
  • Alter uninstall script to save config files on BOT uninstall to /var/tmp/bot_conf/2.1


16 June 2004
Update 01

  • Layout changes
  • Fixes DHCP-issue
  • Fixes menuentry (1.4.0)
  • Orange-rules compatible to 1.4.0(beta) Orange-rules


06 February 2004
Version 2.1 - Build 1

  • Format of config file has changed
  • Layout changes
  • Rule creator:
    • Select rule action ( accept/deny [+logging] )
    • Address, destination ip & port can be negated '!'
    • Define proto & port for IPCop access
    • IPCop access and outside rules separated
    • Move current rules up/down in sequence
  • Settings:
    • Admin access only to https port
    • Select deny action (DROP/REJECT)
    • Allow related, established connections (optional)
    • Log default deny rules (optional)
  • Advanced mode


15 December 2003
Version 2.0 - Build 1

  • Advanced rule creator:
    • Specify source net (Green or Orange).
    • Source can be a Net-adress:
        You can specify destination IP- or Net-adress.
    • Optional protocol & destination port(-range)s.
  • Addon works in three modi:
    • Block Traffic Green/Orange -> Outside
    • Block Traffic Green/Orange -> Outside & Green -> IPCop Green
    • Block Traffic Green -> IPCop Green
  • Rule support for OrangeAsGreen Addon


21 November 2003
Version 1.0 - Build 1

  • Authorize PC´s by MAC- or IP-address.
  • Written and packaged for use with the Addon Server 2.1.

IPCop - The Bad Packets Stop Here

BlockOutTraffic - The Firewall WebGUI Addon for IPCop

  Created 2006 by dotzball | Design by wintermute