Sphirewall Changelog

New in version 0.9.9.10

December 21st, 2013
  • Another minor sphirewall release has gone out today. Features and improvements in this release include content type and user agent http filtering, some critical bugfixes and extensions and enhancements to various other subsystems.

New in version 0.9.9.7 (October 7th, 2013)

  • Native Debian 7.1 support
  • 3.2 Linux Kernel support
  • Significant improvements to the web filtering system
  • Performance and stability improvements
  • Improvements to the web management interface
  • Network bridge support, transparent filtering ability.
  • Release of the S3 Network Firewall Appliance!

New in version 0.9.9.6 (August 1st, 2013)

  • This release was dedicated to performance, reliability and stability. Lots of changes have been made in the core and wmi to create a more stable user experience and a more performant system when under high network load with a smaller hardware base.
  • New Features:
  • added syslog reader to the wmi
  • added google internet connectivity watchdog
  • added tooltips for various non-intuitive fields in the wmi
  • Improvements:
  • moved part of the nat processing into kernelspace to boost nat performance
  • re-added status indicators for a few of the daemons sphirewall-wmi controls
  • re-added validation on all fields in the wmi
  • added driver field to the hostapd configuration
  • changed presentation of the message field in the event system
  • added feedback mechanisms
  • qos can be enabled and disabled
  • users are notified about unpublished network changes
  • moved dhcp management
  • hide irrelevant options in the "add rule" pages
  • store selected date in the reporting sections in a cookie to enable seamless navigation
  • formatted openvpn client configuration
  • Bugs:
  • fixed openvpn client disconnect
  • fixed issue with memory performance graph
  • fixed issue with daemon not shutting down correctly
  • fixed memory leak in the configuration manager

New in version 0.9.9.5 (July 6th, 2013)

  • New Features:
  • freedns support
  • priority qos
  • multiple dhcp server instance support
  • whitelist webfiltering
  • redirect webfiltering
  • rpc support
  • global bandwidth quotas
  • http rewrite event handler
  • reporting and statistics by device mac address
  • basic hostapd wireless ap support
  • https web filtering
  • https website reporting
  • Improvements:
  • capture portal authentication can now for user login
  • rebuilt the wmi using python flask
  • introduced automated testing system for the command line interface
  • performance enhancements in a single cpu core environment
  • http filter event notifications
  • interface and api improvements to the quota system
  • Bugs:
  • fixed issues with the command line interface

New in version 0.9.9.4 (June 6th, 2013)

  • New Features:
  • Filtering on port ranges
  • Users can add tags/comments to rules
  • Users can export events
  • Dynamic dns
  • Openvpn client
  • Users can export sphirewall.conf file from wmi
  • Users can specify reporting metric, mbytes/kbytes etc
  • Added delete user event action
  • Timeframe based acl rules
  • Users can configure the retension period of the ana data
  • Users can configure the event smtp server
  • Http authentication handler
  • Improvements:
  • SCLI displays string loglevels rather than integer
  • Password hashing is optional
  • Improved snort support
  • Added deny list for event handlers
  • Improved event system
  • Split packages out
  • Improved wmi
  • Bugs:
  • Fixed an integer overflow issue in the ana system
  • Fixed issue with connections being missed in listConnections() call
  • This is not an absolute list, there are many changes not listed here. Contact the team for details.

New in version 0.9.9.3 (April 8th, 2013)

  • New features:
  • SNAT rules can be based on interface or static ip address
  • Main configuration file is always located in /etc/
  • Ssl support for the api
  • Openvpn support for static keys
  • Openvpn support for multiple server instances
  • Dhcp network interface support
  • Improvements:
  • Dhcp configuration does not require the network address, gets this from the interface
  • Graphs in the wmi are filled
  • Removed build dependency on gtest and unit tests
  • Added formatting to the core configuration file sphirewall.conf
  • Added active/inactive flags for the external daemons, this ensures state is maintained between restarts
  • Moved the default sphirewall configuration file to /etc/sphirewall.conf
  • Users can define hostname from the clients list when configuring a static dhcp lease
  • Changing interface details is now done using the /etc/network/interfaces file, monitoring device state is done using the kernel
  • Routes are persisted and restored when device state changes result in them being removed
  • Modified kernel module to be more resilant during client failures
  • Added backtrace information to crash logs for both the core module and the analytics engine
  • Masquerading can be managed by device
  • Bugs:
  • Fixed memory leak in QOS system
  • Fixed SIGSEGV in QOS system

New in version 0.9.9.2 (March 9th, 2013)

  • New features:
  • Version number stored in configuration file to enable migration
  • Improvements:
  • Added enabled/disabled status indicator for users
  • Theme and usability improvements to the mui
  • Created proper init scripts
  • Bugs:
  • Fixed several issues with firefox and the wmi

New in version 0.9.9.1 (March 5th, 2013)

  • New features:
  • Layer 7 web url filter
  • Aliases can be loaded from a remote list or file
  • Openvpn server support
  • Introduced Audit events for the core management service. When configuration is changed, it is logged as an AUDIT event
  • Update notifier in the management interface
  • Log packet action for acl rules
  • GeoIP based aliases
  • Improvements:
  • Merged blocklists and the user acls
  • Selected tab is now shown in the management interface in all cases
  • Default ruleset has been changed so it will block everything apart from ssh and management traffic
  • Adding acl rules is more streamlined with collapsed sections
  • Removal of legacy blocklist system, replaced with smarter aliases
  • Refactored the datatables and reporting system to use js/ajax rather than php for markup generation
  • Colored status indicators for the dhcp and openvpn service
  • Added loading indicator for all ajax events
  • Modified the layout of all input fields to provide a more streamlined use experience
  • Added sorting and searching to several datatables
  • Bugs:
  • Fixed issues with modifying aliases
  • Fixed bug in the reporting service with wrong aggregation