Softpedia >Linux >Linux Distributions >Sphirewall >  Changelog

Sphirewall Changelog

What's new in Sphirewall 0.9.9.78

Nov 27, 2014
  • Version 0.9.9.78 comes with a couple of new features that we believe are rather cool. Along with the usual bug fixes, optimisations and web interface improvements, this month we have released IPSec L2TP Vpn support and a Mdns/Bonjour Gateway.
  • IPSec L2TP Vpn Support:
  • Vpns can be the most complicated security tool to install, maintain and manage in a secure fashion. We have designed our L2TP Gateway with this in mind and the result is a very easy to configure and manage vpn gateway. One of the key features is built in support for Sphirewall user accounts, which means you can easily maintain vpn access on a group level, and it can be easily backed onto directory providers like Active Directory for seamless SSO. We have tested the gateway on a wide range of platforms and devices, and it supports the default L2TP client that comes with OSX, Windows, Andriod and most Linux distributions out of the box.
  • Mdns and Bonjour Gateway;
  • With the rise in mobile devices and BYOD becoming more and more prevalent in the workplace and school environment, networks are seeing rising levels of broadcast and multicast traffic. Effectively managing this traffic is vital, as it can create significant congestion and put strain on network services. The normal solution to this problem is an increased use of VLANS, but this has a negative impact on clients and devices using autodiscovery to identify shared printers, media centers and file services.
  • With the Sphirewall Mdns/Bonjour Gateway, you can create virtual multicast bridges for MDNS and Bonjour traffic. This allows you to segment your network, but still allow your users to benefit from the use of autodiscovered shared resources. You can create multiple bridges for very refined control and it is possible to use the bridges on Vpn links, between subnets and, of course, between VLANS.

New in Sphirewall 0.9.9.10 (Dec 21, 2013)

  • Another minor sphirewall release has gone out today. Features and improvements in this release include content type and user agent http filtering, some critical bugfixes and extensions and enhancements to various other subsystems.

New in Sphirewall 0.9.9.7 (Oct 7, 2013)

  • Native Debian 7.1 support
  • 3.2 Linux Kernel support
  • Significant improvements to the web filtering system
  • Performance and stability improvements
  • Improvements to the web management interface
  • Network bridge support, transparent filtering ability.
  • Release of the S3 Network Firewall Appliance!

New in Sphirewall 0.9.9.6 (Aug 1, 2013)

  • This release was dedicated to performance, reliability and stability. Lots of changes have been made in the core and wmi to create a more stable user experience and a more performant system when under high network load with a smaller hardware base.
  • New Features:
  • added syslog reader to the wmi
  • added google internet connectivity watchdog
  • added tooltips for various non-intuitive fields in the wmi
  • Improvements:
  • moved part of the nat processing into kernelspace to boost nat performance
  • re-added status indicators for a few of the daemons sphirewall-wmi controls
  • re-added validation on all fields in the wmi
  • added driver field to the hostapd configuration
  • changed presentation of the message field in the event system
  • added feedback mechanisms
  • qos can be enabled and disabled
  • users are notified about unpublished network changes
  • moved dhcp management
  • hide irrelevant options in the "add rule" pages
  • store selected date in the reporting sections in a cookie to enable seamless navigation
  • formatted openvpn client configuration
  • Bugs:
  • fixed openvpn client disconnect
  • fixed issue with memory performance graph
  • fixed issue with daemon not shutting down correctly
  • fixed memory leak in the configuration manager

New in Sphirewall 0.9.9.5 (Jul 6, 2013)

  • New Features:
  • freedns support
  • priority qos
  • multiple dhcp server instance support
  • whitelist webfiltering
  • redirect webfiltering
  • rpc support
  • global bandwidth quotas
  • http rewrite event handler
  • reporting and statistics by device mac address
  • basic hostapd wireless ap support
  • https web filtering
  • https website reporting
  • Improvements:
  • capture portal authentication can now for user login
  • rebuilt the wmi using python flask
  • introduced automated testing system for the command line interface
  • performance enhancements in a single cpu core environment
  • http filter event notifications
  • interface and api improvements to the quota system
  • Bugs:
  • fixed issues with the command line interface

New in Sphirewall 0.9.9.4 (Jun 6, 2013)

  • New Features:
  • Filtering on port ranges
  • Users can add tags/comments to rules
  • Users can export events
  • Dynamic dns
  • Openvpn client
  • Users can export sphirewall.conf file from wmi
  • Users can specify reporting metric, mbytes/kbytes etc
  • Added delete user event action
  • Timeframe based acl rules
  • Users can configure the retension period of the ana data
  • Users can configure the event smtp server
  • Http authentication handler
  • Improvements:
  • SCLI displays string loglevels rather than integer
  • Password hashing is optional
  • Improved snort support
  • Added deny list for event handlers
  • Improved event system
  • Split packages out
  • Improved wmi
  • Bugs:
  • Fixed an integer overflow issue in the ana system
  • Fixed issue with connections being missed in listConnections() call
  • This is not an absolute list, there are many changes not listed here. Contact the team for details.

New in Sphirewall 0.9.9.3 (Apr 8, 2013)

  • New features:
  • SNAT rules can be based on interface or static ip address
  • Main configuration file is always located in /etc/
  • Ssl support for the api
  • Openvpn support for static keys
  • Openvpn support for multiple server instances
  • Dhcp network interface support
  • Improvements:
  • Dhcp configuration does not require the network address, gets this from the interface
  • Graphs in the wmi are filled
  • Removed build dependency on gtest and unit tests
  • Added formatting to the core configuration file sphirewall.conf
  • Added active/inactive flags for the external daemons, this ensures state is maintained between restarts
  • Moved the default sphirewall configuration file to /etc/sphirewall.conf
  • Users can define hostname from the clients list when configuring a static dhcp lease
  • Changing interface details is now done using the /etc/network/interfaces file, monitoring device state is done using the kernel
  • Routes are persisted and restored when device state changes result in them being removed
  • Modified kernel module to be more resilant during client failures
  • Added backtrace information to crash logs for both the core module and the analytics engine
  • Masquerading can be managed by device
  • Bugs:
  • Fixed memory leak in QOS system
  • Fixed SIGSEGV in QOS system

New in Sphirewall 0.9.9.2 (Mar 9, 2013)

  • New features:
  • Version number stored in configuration file to enable migration
  • Improvements:
  • Added enabled/disabled status indicator for users
  • Theme and usability improvements to the mui
  • Created proper init scripts
  • Bugs:
  • Fixed several issues with firefox and the wmi

New in Sphirewall 0.9.9.1 (Mar 5, 2013)

  • New features:
  • Layer 7 web url filter
  • Aliases can be loaded from a remote list or file
  • Openvpn server support
  • Introduced Audit events for the core management service. When configuration is changed, it is logged as an AUDIT event
  • Update notifier in the management interface
  • Log packet action for acl rules
  • GeoIP based aliases
  • Improvements:
  • Merged blocklists and the user acls
  • Selected tab is now shown in the management interface in all cases
  • Default ruleset has been changed so it will block everything apart from ssh and management traffic
  • Adding acl rules is more streamlined with collapsed sections
  • Removal of legacy blocklist system, replaced with smarter aliases
  • Refactored the datatables and reporting system to use js/ajax rather than php for markup generation
  • Colored status indicators for the dhcp and openvpn service
  • Added loading indicator for all ajax events
  • Modified the layout of all input fields to provide a more streamlined use experience
  • Added sorting and searching to several datatables
  • Bugs:
  • Fixed issues with modifying aliases
  • Fixed bug in the reporting service with wrong aggregation