[ previous ] [ next ] [ threads ]
 From:  Brian Z <mono at ricerage dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] pb26 released
 Date:  Sat, 24 Jan 2004 13:15:44 -0500
Aw. I was hoping the "disable individual IPSEC tunnel" option was going
to get rolled into this. </whining>

I'll go away now, I promise. :) 

On Sat, 2004-01-24 at 13:00, Manuel Kasper wrote:
> This release adds a few new features and fixes some bugs with IPsec and 
> the traffic shaper. I want to remind everyone that even though it may 
> not seems so at times, we're still in the "public beta" stage, so 
> especially new features may be broken because I do only a limited amount 
> of testing on them. The rest is left to the beta testers - you all. :)
> As always, everybody is advised to upgrade because of the bugfixes - 
> keep your config backup and previous image around just in case.
> Last but not least, in case you'd like a T-shirt with the m0n0wall logo, 
> Marcin Gryszkalis is selling them for about $9 at 
> http://butik.pl/forkpl?l=en
> Changes:
> - new feature: "server NAT"; makes it possible to map ports on multiple 
> WAN IP addresses to different servers (instead of just 1:1)
> - the parsed XML configuration file is now cached in PHP's native binary 
> serialized form to reduce webGUI page load times on slow platforms 
> (486-based in particular) where parsing the XML configuration is 
> relatively expensive
> - added "Disable console menu" option to advanced setup page
> - firmware upload now uses HTTP instead of FTP; the FTP server has been 
> removed (uploading files for diagnostic purposes may be done via exec.php)
> - the firmware upload page now checks for new versions of m0n0wall 
> online (and displays the results, if available, on the firmware upload 
> page). Timeout is 3 seconds, and the following information is sent to 
> the server: platform and m0n0wall version
> - added interface menu to IPsec tunnel edit page (local endpoint does no 
> longer have to be the WAN interface)
> - "reject" type filter rules are now supported (returns TCP RST or ICMP 
> port unreachable for UDP) - contributed by Peter Allgeyer
> - added file up- and download via HTTP to exec.php
> - renamed "Log blocked packets by default" option on System logs: 
> Settings page to "Log packets blocked by the default rule" and changed 
> its behavior: it only controls whether packets that got blocked by an 
> automatically generated rule (usually the default-to-block rule in 
> absence of a matching pass rule) are logged. Logging of packets that are 
> blocked by user-defined block rules is now no longer affected and only 
> controlled by the per-rule log option. Logging for pass rules remains 
> unchanged.
> - changed policy level for IPsec VPN tunnels to "unique" (was "require") 
> to solve a problem with multiple tunnels to the same endpoint
> - fixed FQDN "my identifier" for IPsec mobile clients
> - kernel patch for problem with traffic shaper rules for inbound packets 
> on WAN (FreeBSD kernel bug, see FreeBSD PR kern/61685)
> - various IPsec GUI fixes
> Regards,
> Manuel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch