New in version 3.0.0

January 20th, 2014
  • Web Security:
  • HTTPS filtering
  • E-mail Security:
  • SMTP Proxy: Domain Management
  • SMTP Delivery Status Notification configuration
  • Virtual Private Networking:
  • IPsec
  • Encryption: Null, 3DES, CAST-128, AES 128/192/256-bit,
  • Blowfish 128/192/256-bit, Twofish 128/192/256-bit,
  • Serpent 128/192/256-bit, Camellia 128/192/256-bit
  • Hash algorithms: MD5, SHA1, SHA2 256/384/512-bit, AESXCBC
  • IKEv2
  • OpenVPN
  • Support for TUN mode
  • Connections page for VPN users
  • User Management & Authentication:
  • User management for OpenVPN
  • Integrated certificate authority
  • External certificate authority support
  • User password and certificate management (two-factor authentication)
  • Logging and Reporting:
  • Live network traffic monitoring (powered by ntopng)
  • System status graphs are not lost at every reboot
  • Images for SMTP mail statistics graphs
  • Miscellaneous fixing and improvements:
  • Serial port speed is now always set to 115200bps
  • Fixed password changing from the console menu
  • Sanitized logs

New in version 3.0.0 Beta 2 (November 20th, 2013)

  • Web Security:
  • HTTPS filtering
  • E-mail Security:
  • SMTP Proxy: Domain Management
  • SMTP Delivery Status Notification configuration
  • Virtual Private Networking:
  • IPsec
  • Encryption: Null, 3DES, CAST-128, AES 128/192/256-bit,
  • Blowfish 128/192/256-bit, Twofish 128/192/256-bit,
  • Serpent 128/192/256-bit, Camellia 128/192/256-bit
  • Hash algorithms: MD5, SHA1, SHA2 256/384/512-bit, AESXCBC
  • IKEv2
  • OpenVPN
  • Support for TUN mode
  • Connections page for VPN users
  • User Management & Authentication:
  • User management for OpenVPN
  • Integrated certificate authority
  • External certificate authority support
  • User password and certificate management (two-factor authentication)
  • Logging and Reporting:
  • Live network traffic monitoring (powered by ntopng)
  • System status graphs are not lost at every reboot
  • Images for SMTP mail statistics graphs
  • Miscellaneous fixing and improvements:
  • Serial port speed is now always set to 115200bps
  • Fixed password changing from the console menu
  • Sanitized logs

New in version 2.5.2 (August 24th, 2013)

  • New Features:
  • [UTM-250] - PhishTank as anti-phishing protection
  • [CORE-82] - Show signatures update time in the dashboard
  • [CORE-477] - Intel drivers for the newest Intel network interface cards
  • [CORE-222] - Support for USB Huawei E173 USB UMTS modem
  • Improvements:
  • [UTM-68] - ClamAV engine update to version 0.97.8
  • [CORE-184] - The collectd netlink plugin stores information that is never used
  • [CORE-89] - EMI does not load sqlite anymore
  • [CORE-259] - EMI storage is not read/write-safe
  • [CORE-63] - In Port forwarding / DNAT the default mode should be simple instead of advanced
  • [UTM-250] - PhishTank lists replace lists from malwaredomains
  • [CORE-285] - Packaged signatures tarball with new PhishTank signatures instead of those from malwaredomains
  • [CORE-105] - Monit method needs an additional attribute monitor=False which prevents monitor/unmonitor command from getting sent to monit
  • [CORE-189] - Store collectd RRD files in /tmp and periodically synchronize to /var
  • [CORE-164] - Delete archived log files when free space is needed
  • [CORE-231] - Use collectd graphs instead of squid-graph
  • [CORE-206] - Replace makegraphs.pl with collectd graphs
  • [UTM-110] - Remove collectd's ntp RRD files
  • [UTM-80] - New version of ntop
  • [CORE-240] - Ethernet bonding support
  • [UTM-40] - DansGuardian custom *regexp file is not handled correctly
  • Bugs:
  • [UTM-115] - ClamAV blocks .exe files due to issues in its DetectBrokenExecutables check
  • [UTM-86] - HAVP does not run after an upgrade to 2.5
  • [UTM-65] - “Block encrypted archives” flag was doing exactly the opposite of what had been configured
  • [UTM-63] - Wrong status message in ClamAV page before the first signature update
  • [CORE-132] - The Authentication layer does not start due to an UTF-8 problem
  • [CORE-125] - Authentication job is not started after finishing the initial wizard
  • [CORE-367] - Old backups cannot be downloaded after migrating to 2.5
  • [CORE-288] - USB stick not detected correctly by efw-backupusb
  • [CORE-278] - When cleaning the system USB backups are not considered
  • [CORE-148] - Instead of keeping 3 USB backups when rotating only 2 are kept
  • [CORE-113] - Error creating the cron link for scheduled automatic backups
  • [CORE-220] - More backups than configured are stored
  • [CORE-427] - Deadlock during the reading/writing of SettingFiles
  • [CORE-264] - Logout button does not work for all browsers
  • [CORE-236] - After an update efw-shell does not display correctly the new/updated commands"
  • [CORE-122] - In policy routing rules only CS0 Type of Service can be selected
  • [CORE-107] - Dnsmasq sometimes fails to restart which causes monit to use a huge amount of resources
  • [CORE-88] - Backup uplinks do not work if they are Ethernet uplinks
  • [CORE-497] - Collectd does not start on boot with new version of monit
  • [CORE-211] - Dependency to efw-httpd is missing
  • [COMMUNITY-15] - RPM triggers interrupt update process
  • [CORE-451] - GUI port is hardcoded for redirection
  • [CORE-268] - Reboot required not shown after kernel upgrade
  • [CORE-482] - emicommand hangs because of curl blocking
  • [CORE-137] - YAML storage raises an exception when trying to load a valid YAML file that contains a list instead of a dictionary
  • [CORE-369] - Interzone firewall rules are not created after migration to 2.5
  • [CORE-119] - When switching from advanced to simple mode editing destination NAT rules the filter policy is changed to ALLOW
  • [CORE-118] - Target port of Destination NAT is not disabled when the incoming protocol is "Any"
  • [CORE-115] - Incoming Service/Port field of Port forwarding/ Destination NAT is editable, even if Service and Protocol are both set to "Any"
  • [CORE-106] - The bridges job status is wrong, "restart" instead of "start"
  • [CORE-335] - jobcontrol hangs when sync restarting jobs
  • [CORE-326] - Jobengine exception during update
  • [CORE-257] - Jobs are unnecessarily restarted multiple times
  • [CORE-248] - Jobsengine memory leak when OpenVPN client connects
  • [CORE-131] - The efw-shell command "job" does not work due to a syntax error
  • [CORE-124] - AnaCronJob uses Job.start which sets force=True even if not needed
  • [CORE-123] - DownloadJob uses Job.start which sets force=True even if not needed
  • [CORE-120] - Timestamping signatures are recreated although force is not set to true in CrawlerJob
  • [CORE-321] - After migration from 2.4 to 2.5 RAID controller mptsas is not working anymore
  • [CORE-303] - Intel Network driver igb not supported for Quad Intel 82580 Gigabit Network
  • [CORE-190] - Enable FUSION_SAS driver
  • [CORE-332] - twistd.log are not compressed and rotated in /
  • [CORE-247] - Logrotate not run under various circumstances
  • [CORE-87] - ntop UI is not accessible
  • [CORE-251] - Logrotate configuration file is removed when logrotate package is upgraded after efw-syslog
  • [CORE-203] - purge-log-archives script fails under special circumstances
  • [UTM-414] - ntop segfault in libc-2.3.4.so/libntop-4.1.0.so
  • [UTM-244] - ntop crashes if it is asked to monitor a interface that is down
  • [CORE-343] - VLAN configuration problem
  • [CORE-174] - Local routes are missing in ip rule so user defined rules always overrule local routes
  • [CORE-86] - Policy Routing rules are not applied
  • [CORE-80] - Upgrade of stripped RPM packages destroys configuration files
  • [UTM-378] - Double efw-dnsmasq packages after upgrade
  • [UTM-338] - When updating efw-dnsmasq the httpd configuration file is removed
  • [UTM-322] - Anti-spyware signatures last update date is inconsistent
  • [UTM-320] - DNS black- and whitelists are ignored until the cron job runs
  • [UTM-317] - DNS anti-spyware blacklist is not working
  • [UTM-316] - Black- and whitelisted domains are not erased after saving settings
  • [UTM-88] - Unable to download malwaredomains information
  • [UTM-181] - Proxy PAC is not applied
  • [UTM-93] - Denial of service triggered by access to the proxy port
  • [UTM-90] - DansGuardian blacklists and phraselists are missing after an upgrade to 2.5
  • [UTM-87] - DansGuardian blacklists and phraselists cannot be downloaded
  • [UTM-55] - Clamd is not started before HAVP
  • [UTM-194] - HTTP proxy configuration ignores rules under certain circumstances
  • [UTM-81] - IMAP authentication fails if username contains a @domain part.
  • [CORE-219] - TOS/DSCP option breaks Quality of Service
  • [UTM-119] - Snort is restarted twice during boot time
  • [CORE-138] - System uptime is shown incorrectly
  • [CORE-396] - Migration not called after upgrade to 2.5 due to collectd
  • [CORE-159] - Certain migration scripts are not executed
  • [CORE-129] - Migration framework causes tracebacks if an RPM package has an epoch set and a migration script for it exists
  • [UTM-108] - OpenVPN client calls missing "remove_rules" method which is not controlled by jobengine and uses a deprecated function
  • [UTM-95] - Selecting GREEN in IPsec GUI corrupts IPsec configuration file
  • [UTM-230] - OpenVPN job fails to create user configuration files if the push orange or push blue options are enabled
  • [UTM-97] - OpenVPN process cannot remove temporary files because of wrong file owner
  • [CORE-221] - OpenVPN client TUN device configuration is broken
  • [UTM-200] - Route to subnet behind OpenVPN gateway-to- gateway user is set with wrong gateway IP address if the user has a static IP assigned

New in version 2.5.1 (January 31st, 2012)

  • Connectivity – Support for most modern UMTS/3G USB dongles
  • By adding new drivers Endian Firewall 2.5 now supports most modern UMTS/3G dongles. Once plugged in the appear as serial devices and can be configured by choosing Analog/UMTS modem as uplink type. You will find the newly created serial devices in the Serial/USB Port dropdown.
  • System – Performance improvements
  • The whole system startup procedure has been rewritten. Endian’s new jobsengine decreases the startup by 50 percent. Additionally major improvements have been made in memory usage. A fully configured system’s memory footprint has been reduced by more than 200 megabytes.
  • Contentfilter – Configurable update intervals
  • The contentfilter blacklists are now updatable through the GUI like for any other service and updates do not rely on the release of new packages anymore. The interval can be chosen from hourly, daily, weekly and monthly.
  • Dashboard – Customizable through configurable widgets
  • The new dashboard is now fully customizable through the use of configurable widgets. The update interval for all widgets can be set individually now, widgets can be placed by drag and drop and it is possible to deactivate widgets completely..
  • Logging – Trusted timestamping
  • Endian Firewall now supports trusted timestamping using OpenTSA. This feature allows you to make sure your log files have not been modified after they have been archived.
  • Routing – Additional gateway options
  • The policy based routing and static routing modules have been extended. It is now possible to use static gateways for routes as well as to route traffic through OpenVPN connections.
  • Bugfixes
  • Huge efforts have been made to create a very stable release. On the road to Endian Firewall Community 2.5.1 many small improvements have been made and hundreds of bugs have been fixed.

New in version 2.4.0 (May 27th, 2010)

  • This release introduces new features and lots of bugfixes that make EFW 2.4 a significant improvement in the development of the Endian product family.
  • Switch to Enterprise:
  • If you are using EFW 2.4 and you wish to switch to Endian UTM 2.4, you can now do so by simply pushing a button. The process is completely managed by EFW, ensuring you a safe and effective upgrade.
  • Updates to 2.4:
  • Updating your EFW 2.3 does not require to install a new system from scratch anymore. Instead, you can update single packages using our dedicated repository.
  • New Kernel:
  • With the new version of the kernel the number of supported hardware devices - most of all network interface cards - increases significantly. The new kernel also allowed us to fix some known issues.
  • Improved IPsec:
  • Thanks to the new kernel, IPsec is now more stable and efficient, avoiding malfunctioning that may happen in specific cases.
  • New GUI for the Destination NAT/Port Forwarding module:
  • A more intuitive and flexible GUI has been developed in order to offer easy configuration for most part of port forwarding options. If you want to define specific rules, the advanced mode lets you control the module in detail.
  • Bugfixes:
  • Endian Engineers worked hard on fixing bugs of EFW 2.3.

New in version 2.3 RC1 (September 18th, 2009)

  • Backups:
  • Backups can now be stored to and recovered from attached USB mass storage devices. It is also possible to schedule automatic backups and to send encrypted backups via email.
  • Dashboard:
  • The main page has been replaced by a dashboard with statistics about the system and its services as well as live-graphs for incoming and outgoing traffic.
  • Email notifications:
  • Emails can be sent automatically for predefined events.
  • HTTP proxy time based access control:
  • With the new interface it is possible to add time based access control lists for the HTTP proxy.
  • HTTP proxy with user- and group-based content filtering:
  • The HTTP proxy now has a new and polished web interface that adds the possibility to create group based content filters.
  • Intrusion Prevention:
  • Snort rules can now be configured. It is possible to drop packets as well as to log intrusion attempts.
  • Policy routing:
  • Routing rules can be created based on the interface, MAC address, protocol or port of a packet.
  • Port forwarding rewrite:
  • In version 2.3 it is possible to add port-forwards from any zone (only from the RED zone previously). Port forwarding without NAT is now also supported.
  • Quality of Service:
  • Traffic Shaping has been replaced by a fully configurable Quality of Service module. QoS devices, classes and rules can be defined.
  • SNMP support:
  • Basic SNMP support has been added.
  • SMTP proxy web interface rewrite:
  • The web interface of the SMTP proxy has been rewritten with focus on usability.
  • VLAN support (IEEE 802.1Q trunking):
  • It is now possible to create VLANs on every interface. The VLAN interfaces can be used to distinguish connections in the same zone.

New in version 2.2 (May 29th, 2009)

  • While this new release includes mostly bugfixes and software updates, it also contains one major new feature.
  • It is the first release of Endian Firewall Community that can be updated by running one simple command once new packages have been released.
  • To be able to do this it is necessary to create an account at http://www.endian.org/register