[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall dash announce at lists dot m0n0 dot ch, m0n0wall at lists dot m0n0 dot ch
 Subject:  pb26 released
 Date:  Sat, 24 Jan 2004 19:00:38 +0100
This release adds a few new features and fixes some bugs with IPsec and 
the traffic shaper. I want to remind everyone that even though it may 
not seems so at times, we're still in the "public beta" stage, so 
especially new features may be broken because I do only a limited amount 
of testing on them. The rest is left to the beta testers - you all. :)

As always, everybody is advised to upgrade because of the bugfixes - 
keep your config backup and previous image around just in case.

Last but not least, in case you'd like a T-shirt with the m0n0wall logo, 
Marcin Gryszkalis is selling them for about $9 at 


- new feature: "server NAT"; makes it possible to map ports on multiple 
WAN IP addresses to different servers (instead of just 1:1)

- the parsed XML configuration file is now cached in PHP's native binary 
serialized form to reduce webGUI page load times on slow platforms 
(486-based in particular) where parsing the XML configuration is 
relatively expensive

- added "Disable console menu" option to advanced setup page

- firmware upload now uses HTTP instead of FTP; the FTP server has been 
removed (uploading files for diagnostic purposes may be done via exec.php)

- the firmware upload page now checks for new versions of m0n0wall 
online (and displays the results, if available, on the firmware upload 
page). Timeout is 3 seconds, and the following information is sent to 
the server: platform and m0n0wall version

- added interface menu to IPsec tunnel edit page (local endpoint does no 
longer have to be the WAN interface)

- "reject" type filter rules are now supported (returns TCP RST or ICMP 
port unreachable for UDP) - contributed by Peter Allgeyer

- added file up- and download via HTTP to exec.php

- renamed "Log blocked packets by default" option on System logs: 
Settings page to "Log packets blocked by the default rule" and changed 
its behavior: it only controls whether packets that got blocked by an 
automatically generated rule (usually the default-to-block rule in 
absence of a matching pass rule) are logged. Logging of packets that are 
blocked by user-defined block rules is now no longer affected and only 
controlled by the per-rule log option. Logging for pass rules remains 

- changed policy level for IPsec VPN tunnels to "unique" (was "require") 
to solve a problem with multiple tunnels to the same endpoint

- fixed FQDN "my identifier" for IPsec mobile clients

- kernel patch for problem with traffic shaper rules for inbound packets 
on WAN (FreeBSD kernel bug, see FreeBSD PR kern/61685)

- various IPsec GUI fixes