[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  m0n0wall dash announce at lists dot m0n0 dot ch
 Subject:  pb19 released - lots of changes!
 Date:  Sat, 1 Nov 2003 22:03:07 +0100
After working on m0n0wall for about 10 hours today, I'm happy to 
announce that m0n0wall pb19r535 is now available for downloading. Among 
many other small changes, three contributed patches have been 
integrated (listed in the order they were submitted in):

- Petr Verner's "more-advanced advanced outbound NAT patch"

- Bruce A. Mah's filtering bridge patch

- Jim McBeath's filter rule patch

Guys - thank you for contributing!

All these patches have been modified a little to suit my tastes - I 
especially found my fulfillment in tweaking the last one to make it as 
self-explaining, simple, consistent and beautiful as possible. ;) It 
was really about time that m0n0wall supported "block" rules, so kudos 
to Jim. Thanks also to Bruce for figuring out why bridge(4) wouldn't 
behave as expected (because it needed to be compiled into the kernel - 
the module doesn't work properly).

OK, so here's the change log:

- block rules are now supported, the rule order can be changed, logging 
may be enabled per rule and rules may
be disabled individually

- filtering bridge support (see Diagnostics: Advanced page)

- destination for advanced outbound NAT is now configurable

- removed ng_bridge code, always use bridge(4)

- fixed ping/syslog to hosts on optional interfaces

- fixed interface status display when 1:1 NAT mappings are defined 
(subnet mask)

- static routes are no longer lost when modifying 1:1 NAT entries

- print a warning on the console if a newer configuration file version 
is found than the current m0n0wall version was designed for

- upgraded system to FreeBSD 4.9

- upgraded MPD to 3.14

- some cosmetic HTML fixes

As this is quite a huge amount of changes for just one version step, 
there may be some bugs left (as always)... I'm sure the user community 
will notice and report (and fix?) them as they show up. :)

Note that bridging behavior is now slightly different than before - 
even when the filtering bridge is not enabled. You now need to add a 
filter rule on bridged interfaces if you want to access the webGUI (or 
other services on m0n0wall itself, for that matter). e.g. if you have 
your wireless interface bridged to LAN, you must add a rule to pass 
traffic on WLAN to m0n0wall's LAN IP address in order to access the 
webGUI from WLAN.

Since it is now possible to specify block rules, the rule order has 
become relevant. Rules are no longer auto-sorted by port and other 
various criteria anymore. You can use the up/down arrows to reorder the 
rules, as well as the "+" button provided next to each rule to insert a 
new rule right after the one in question. If you want to painlessly add 
a rule at the top of an interfaces' rule list, use the "+" button at 
the very bottom (the one that has always been there). Of course, if you 
only use pass rules (as in earlier versions), you obviously don't have 
to worry about rule order.

Well, this will have to do for a while - I can't afford to spend a 
whole day working on m0n0wall every week. ;)

- Manuel