Softpedia >Linux >Linux Distributions >SmoothWall Express >  Changelog

SmoothWall Express Changelog

What's new in SmoothWall Express 3.1 SP4

Apr 24, 2018
  • Package version updates:
  • at: 3.1.20
  • c_icap: 0.5.2
  • c_icap_modules: 0.4.5
  • clamav: 0.99.4
  • dhcpcd: 7.0.3
  • dnsmasq: 2.78
  • httpd: 2.2.34
  • iproute2: 3.19.0
  • ipset: 6.34
  • libosip2: 5.0.0
  • libreswan: 3.23
  • linux: 3.16.56
  • linux-firmware: 20171009
  • mdadm: 4.0
  • nspr: 4.17
  • nss: 3.33
  • openssh: 7.7p1
  • openssl: 1.0.2n
  • siproxd: 0.8.2
  • snort 2.9.11.1
  • squid: 3.5.27
  • suricata: 4.0.4
  • wget: 1.19.2
  • wireless_tools: 29
  • TZDATA: 2018c
  • Drivers updated in kernel-drivers:
  • IGB: 5.3.5.15
  • IXGBE: 5.3.6
  • E1000E: 3.4.0.2
  • IXGBEVF: 4.3.4
  • R8168: 8.045.08
  • ASIX_88179_178A: 1.19.0
  • New packages added:
  • curl: 7.58.0
  • libnl: 3.4.0
  • libreswan: 3.23
  • wpa_supplicant: 2.6
  • Retired packages:
  • openswan
  • 40Gb NIC drivers in package kernel-drivers because they don't build. The stock i40* drivers in linux remain available.
  • Update8 Packages Re-released:
  • Update8 was built using Linux 3.16 headers; alas, these programs aren't necessarily compatible with older kernels and there were occasional problems. We decided to re-release all of the unbumped Update8 packages in Update9 using kernel headers for Linux 3.4.104; these programs will work with newer kernels. These are the re-released packages.
  • apcupsd 3.14.14
  • bc 1.06.95
  • eudev 3.2
  • file 5.24
  • find-utils 4.6.0
  • fping 3.13
  • gawk 4.1.4
  • git 2.9.3
  • grep 2.21
  • iptables 1.6.0
  • klibc 2.0.4
  • kmod 22
  • libmnl 1.0.3
  • libnetfilterqueue 1.0.2
  • libnfnetlink 1.0.1
  • make 4.2.1
  • patch 2.7.5
  • pcmciautils 018
  • squidclamav 6.16
  • strace 4.10
  • sysklogd 1.5.1
  • texinfo 6.0
  • util-linux 2.28
  • xtables-addons 2.10
  • Other package notes:
  • openssl: eliminate SSLv3 and TLSv1
  • httpd: enforce cipher order; refuse weaker ciphers
  • bc, bison: tweak config params to improve toolchain build
  • Also install ip6batch to enable IPv6 experimentation and development.
  • kernel-headers: prepare 3.4.104 headers for GLIBC (and other packages that may use kernel headers directly) to provide a consistent linux API for that and newer kernels
  • Version 3.0.4 of lm_sensors doesn't build; stick with previous version.
  • In the sysupdown smoothd module, add admin feedback msg.
  • Build system:
  • build/Makefile: remove annoying wget-log* droppings through filesytem via 'make clean'.
  • Makefile.versions: expand TCL_VER bits, add kernel headers version and URL.
  • media: make /etc/ipsec.{conf,secrets} sylminks to SWE files
  • media/installroot/etc/exec-install.rc.src: look for initrd*gz (not initrd*)
  • updates/Makefile.update: ensure distrib/boot exists
  • Toolcrib:
  • dlverify: shorten wget's output; reduce the wget-log* files it like to, mmm, drop everywhere.
  • get-snort-ver.sh: shorten wget's output; use https now since some sites drop http completely.
  • host_check.sh: fix sudo check, add check for XML::Simple.
  • host_debian_inst: add XML_Simple.
  • make_final: rearrange build order as needed; add curl, libreswan, wpa_supplicant; remove openswan, cnxadsl; now build iptables with SMP.
  • make_update: improve error detection/reporting
  • Improve the operation of 'monauto' to auto-monitor build and assembly operations.
  • General system:
  • Adjust prompt to support color non-color output in /etc/bashrc.
  • Add domain-needed and bogus-priv to etc/dnsmasq.conf.
  • Handle EXPIRE and RELEASE with STOP/STOPPED in rc.updatered.
  • In rrdtool.pl, fix parameter wrongly hardcoded as 'eth0'.
  • In trafficloader.pl, refactor the code a little, and indent a code block missed in earlier release to improve debugging efforts.
  • Udpate current copyright year, handle $infomessage display, adjust hostname validation, and add concrete 'frame' around header and footer boxes in header.pm.
  • Add a way to 'test' updates by creating a 'flag' file in update.pm.
  • Add label for snort log box and add feedback messages for urlfilter in en.pl.
  • In usr/lib/smoothwall/smoothtype.pm: 'undef' is wrong; change them to 'undefined'.
  • User interface:
  • Add $infomessage to improve admin feedback to all CGI scripts. Success and failure now have different appearances.
  • Remove 'or die' clauses from several CGI scripts; they now dsplay failure messages in those cases.
  • Prevent the use of addresses in wrong subnets in dhcp.cgi.
  • Append to $errormessage and $infomessage in order to report more than one message when needed.
  • Improve error detection and reporting in several CGI scripts.
  • In ids.cgi, improve version manipulation to improve rule fetching, and put debug output inside a scrollable box.
  • In log.dat, change HTML special chars to their &…; equivalents.
  • Make minor visual adjustments in style.css.
  • Use new 'checkmark' and 'X' icons when reporting info and errors, respectively.
  • Bugs closed:
  • We resolved bugs 15, 185, 187, 189, 190, 191, 194, 195, 197, 198, 200, 201, and 202.

New in SmoothWall Express 3.1 (Oct 12, 2014)

  • Build:
  • The build system is vastly improved. It is now re-entrant (a build will continue where it left off when an error is encountered and fixed), and compiles will use all CPU cores present). It should produce correct i586 or x86_64 code for all packages.
  • Grub Legacy is now used to boot all drives: ISO images, flash installers, and the installed target.
  • SMP is standard for 32- and 64-bit installations. Smoothwall Express will now use those extra CPU cores.
  • Installation on KVM, Xen, VMWare, Hyper-V and other virtual systems is supported. Operation on KVM was used extensively during development; operation on other hypervisor systems is known to work but hasn't been tested as thoroughly. Virtio disk and network devices are supported; they work well with KVM.
  • The kernel now provides /dev entries for all devices it knows about; udev handles the rest.
  • The latest firmware blob from kernel.org has been included to make more hardware usable with Smoothwall Express.
  • The collection of manufacturer drivers for NICs and NADs has been moved into a separate package to make it easier to provide updates.
  • Distribution:
  • There are now three ISO images for each architecture: standard install, developer's edition that contains the development and documentation packages, and a 30MiB 'off-road' edition to be used to verify general hardware compatibility with v3.1. The developer's edition can be used to install a live firewall or a development system; installing the development and documentation packages is optional; they can only be installed using the Advanced Installer or by hand after installation.
  • The distribution ISO image includes several new features. They include:
  • an option to make a bootable install flash drive; it is now possible to install from a flash drive when there is no CD/DVD drive available
  • options to install and/or boot using a serial console
  • the basic (traditional) installer--to be used when the system contains one hard drive, one CD/DVD drive, and standard VESA display with keyboard
  • a new advanced installer--to be used with all other install options
  • choose the target hard drive
  • choose the installation source drive (ISO, flash, or other)
  • use a serial (EIA-232) console
  • install and upgrade with a restore of 'variable' data from a previous archive
  • completely restore a 'total' archive
  • use EXT4 or Reiser file system
  • optionally install the development and/or documentation packages
  • a script, gpt2mbr, to convert the partition table scheme from GUI (GPT) to MBR (MS-DOS)
  • This is a workaround for UEFI BIOSen that don't properly handle GPT-partitioned drives. Some BIOSen seem to assume that GPT means UEFI boot methods must be used.
  • Features: new and improved:
  • The Timed Access feature was reworked to use netfilter's '-m time' feature. It now acts instantly when crossing from reject to allow and vice-versa.
  • The interfaces admin page and setup program now rewrite certain configuration files that contain IP and LAN addresses related to the firewall and the LANs it protects. The related features now work properly after the admin changes any of the firewall's IP addresses.
  • The bandwidthbars presentation was reworked and improved.
  • The interfaces page has a new subsection for the RED NIC that allows the admin to ignore the MTU setting ISPs send in their DHCP packets and allows the admin to override the ISP's DNS servers. The MTU override is required for Comcast and one or two other ISPs.
  • The browser's preferred language can now control the language presented in the user interface. Please note that these translations are quite old and are incomplete.
  • There is a new Plug-n-Play backup system: hot-plug a configured drive and the system will be automatically archived onto it with both a 'var' archive (all the 'variable' data on the system) that is useful when upgrading, and a 'total' archive that is useful when a system fails or is moved to new hardware. USB and eSATA drives are known to work. Be aware that archives can be larger than 2GiB which is the maximum file size on VFAT filesystems. If your archive exceed the size limit, you will need to format the backup drive using EXT4, Reiserfs or UDF.
  • The QoS feature has been thoroughly reworked and provides much smoother traffic shaping.
  • Nanouk's Smoothinfo mod has been improved and integrated into the admin interface.
  • Marco's URL Filter mod from Express 3.0 has been fully integrated into 3.1.
  • Stan's port of hype8912's DHCP Lease Table mod has been fully integrated into 3.1.
  • Many elements of Steve McNeill's SmoothInstall work have been integrated; this will make properly organized mods much more resilient when official updates are applied.
  • INVALID packets (such as TCP RESET) received when there is no corresponding connection tracking data in netfilter are dropped very early. There is an option on the advanced networking admin page to log them. Such packets were typically called 'spurious' in earlier versions of Smoothwall Express.
  • Most, if not all, packet log entries identify the chain or feature that triggered the entry. This should make it easier to determine why packets are dropped or rejected.
  • Syslogd no longer waits until its log entries have been written to disk before returning to get the next entry. This effectively eliminates the bottleneck associated with packet logging and with programs (such as snort) that dump tremendous amounts of data into syslog.
  • Smoothwall Express 3.1 is not vulnerable to DoS while it starts up or shuts down. Ingress police barricades are erected during system start up until the firewall is fully ready to process packets and during system shutdown after the firewall has been disabled. Smoothwall Express 3.0's startup and shutdown could be almost infinitely extended with as little at 56kb/s of loggable traffic.
  • Some software has been included to support future features and mods. The smartmontools and lm-sensors packages have been included in the distribution to support hardware health monitoring and problem notification. Apcupsd has been included to support proper shutdown of systems on battery backup; direct connections to UPSes and client and server network connections to other daemons are supported. Ntop has been included to support more diverse network traffic statistics. Suricata v1.4 is available for those who wish to explore an alternative intrusion detection system. Ipset is available for those who want to develop ways to handle thousands of IP addresses in netfilter.

New in SmoothWall Express 3.1 RC5 (Apr 22, 2014)

  • RC5 corrects a number of issues found since we released the fourth RC, settles on i586 and x86_64 as the architectures that will cause the fewest problems when upgrading from v3.0, contains a well-refreshed QoS feature, and has Marco's URL Filter mod and the DHCP Lease Table mod fully integrated.
  • This release is a refresh of v3.0's foundation and a culmination of five years of effort that began with the Roadster Test Vehicle. The build system has been thoroughly worked over, and the user interface has been freshened with several presentation improvements.
  • The vast majority of the work was done 'under the hood'. Here are just a few of the software upgrades: Linux 3.4, glibc 2.18, gcc 4.7, perl 5.14, squid 3.3, httpd 2.2.26, iptables 1.4.14, and openswan 2.6.41. Some of these updates are ready to enable new features such as HTTPS proxying in squid. In addition to these updates, numerous bugs present in v3.0 that caused hard-to-reproduce problems or minor errors in the user interface were squashed.
  • If the firewall admin notices little difference between it and the v3.0 she has been using, Smoothwall Express 3.1 will have achieved its goal.

New in SmoothWall Express 3.1 RC4 (Dec 12, 2013)

  • The build system is vastly improved; it is now re-entrant (a build will continue where it left off when an error is encountered and fixed), and compiles will use all CPU cores present).
  • There are now three ISO images: standard install, developer's edition that contains the development and documentation packages, and a 27MiB 'off-road' edition to be used to verify general hardware compatibility with v3.1.
  • Grub Legacy is now used to boot all drives: ISO images, flash installers, and the installed target.
  • SMP is now standard for 32- and 64-bit installations. Smoothwall Express will now use those extra CPU cores.
  • Installation on KVM, VMWare and Hyper-V virtual systems is supported. KVM works well; the other two are known to work but haven't been tested very well.
  • The distribution ISO image includes several new features.
  • an option to make a bootable install flash drive; it is now possible to install from a flash drive when there is no CD/DVD drive available.
  • options to install and/or boot using a serial console.
  • the basic (traditional) installer to be used when the system contains one hard drive, one CD/DVD drive, and standard VESA display with keyboard.
  • a new advanced installer to be used with all other install options
  • choose the target hard drive
  • choose the installation source drive (ISO, flash, or other)
  • use a serial (EIA-232) console
  • install and upgrade with a restore of 'variable' data from a previous archive
  • completely restore a 'total' archive
  • use ext4 or reiserfs
  • optionally install the development and/or documentation packages
  • The kernel now provides /dev entries for all devices it knows about; udev handles the rest.
  • Those who find the vi text editor hard to use may find the newly added nano editor more to their liking.
  • The bandwidthbars presentation was reworked and improved.
  • The interfaces page has a new subsection for the RED NIC that allows the admin to ignore the MTU setting the ISP sends in their DHCP packets and allows the admin to override the ISP's DNS servers.
  • The Smoothinfo mod has been integrated into the user interface.
  • The browser's preferred language can now control the language presented in the user interface.
  • There is a new Plug-n-Play backup system: hot-plug a configured drive and the system will be automatically archived onto it in both a 'var' archive (all the 'variable' data on the system)--useful when upgrading--and a 'total' archive--useful when a system fails or is moved to new hardware. USB thumb drives and eSATA drives are known to work.
  • Marco's URL Filter mod from v3.0 has been fully integrated.
  • The QoS feature is significantly improved.

New in SmoothWall Express 3.1 RC3 (Sep 16, 2013)

  • The build system is vastly improved; it is now re-entrant (a build will continue where it left off when an error is encountered and fixed), and compiles will use all CPU cores present).
  • There are now three ISO images: standard install, developer's edition that contains the development and documentation packages, and a 32MiB 'off-road' edition to be used to verify general hardware compatibility with v3.1.
  • Grub Legacy is now used to boot all drives: ISO images, flash installers, and the installed target.
  • SMP is now standard for 32- and 64-bit installations. Smoothwall Express will now use those extra CPU cores.
  • Installation on KVM, VMWare and Hyper-V virtual systems is supported. KVM works well; the other two are known to work but haven't been tested very well.
  • The distribution ISO image includes several new features.
  • an option to make a bootable install flash drive; it is now possible to install from a flash drive when there is no CD/DVD drive available.
  • options to install and or boot using a serial console.
  • the basic (traditional) installer to be used when the system contains one hard drive, one CD/DVD drive, and standard VESA display with keyboard.
  • a new advanced installer to be used with all other install options
  • choose the target hard drive
  • choose the installation source drive (ISO, flash, or other)
  • use a serial (EIA-232) console
  • install and upgrade with a restore of 'variable' data from a previous archive
  • completely restore a 'total' archive
  • use ext4 or reiserfs
  • optionally install the development and/or documentation packages
  • The kernel now provides /dev entries for all devices it knows about; udev handles the rest.
  • Those who find the vi text editor hard to use may find the newly added nano editor more to their liking.
  • The bandwidthbars presentation was reworked and improved.
  • The interfaces page has a new subsection for the RED NIC that allows the admin to ignore the MTU setting the ISP sends in their DHCP packets and allows the admin to override the ISP's DNS servers.
  • The Smoothinfo mod has been integrated into the user interface.
  • The browser's preferred language can now control the language presented in the user interface.
  • There is a new Plug-n-Play backup system: hot-plug a configured drive and the system will be automatically archived onto it in both a 'var' archive (all the 'variable' data on the system)--useful when upgrading--and a 'total' archive--useful when a system fails or is moved to new hardware. USB thumb drives and eSATA drives are known to work.

New in SmoothWall Express 3.0 SP1 (Jan 9, 2009)

  • This release includes the enhancements and bug fixes from updates 1 to 4.
  • If you have an existing SmoothWall Express 3.0 there is no need to download this release. Use the Update tool from within SmoothWall to download and install these updates.