Enkele dagen geleden is IPCop voorzien van een update naar versie 1.4.8. IPCop is een Linux-firewalldistributie die zich voornamelijk op thuisgebruikers en de SoHo-omgeving richt. Voor de installatie kan men gebruikmaken van een update die over elke 1.4.x-release heen geïnstalleerd kan worden of men kan met een ISO-bestand aan de gang voor een complete installatie. Na de update zal de connectie moeten worden herstart om de nieuwe dnsmasq in werking te laten treden. De volledige release notes zijn op deze pagina te vinden, dit zijn de veranderingen in deze release:
InstallerChanges in update
- Fix ata_piix SATA support by adding EXPORT_SYMBOL_GPL capability at busybox-0.60.5
- Fix pcmcia installation and netcard detection with floppy boot.
- On floppy boot install, shift search of scscidrv-
.img to images/scscidrv- .img to allow usage of mounted loop iso. With real files, place it in an images directory. Upgraded packages
- Fix etc/modules.conf is more recent than ...modules.dep
- Fix support with smp new kernel and scsi driver
- Complete the menu options for the old kernel like for the most recent kernel
- Workaround for flash disk with limited /boot size. Previous smp files are suppressed on /boot Set mkflash to use 8 MB /boot size to support old smp kernel
- Fix '/ is busy' with scsi disk once after new kernel installation
- Create an addon-lang directory to allow add-ons to retrieve specific lang phrases after update
- To untar the update, try to use /var/log partition to avoid space problem on /root. If it fail, use /root partition.
New packages
- arping from 2.03 to 2.05
- bzip2 from 1.02 to 1.0.3 plus patch against CAN-2005-1260
- Compress-Zlib from 1.3.4 to 1.35
- dhcpcd-1.3.22-pl4_corrupt-packet.patch CAN-2005-1896
- eagle-usb from 2.1.1 to 2.3.2
- eciadsl from 0.10 to 0.11beta1
- gnupg from 1.2.5 to 1.4.2
- logwatch from 5.2.1 to 6.1.2
- openswan-1.0.10rc2 (support restart option)
- pcmcia-cs from 3.2.7 to 3.2.8
- procps from 3.2.1 to 3.2.5
- pulsardsl from 4.018 to 4.0.19
- squid from STABLE9 to 2.5.STABLE10
- tcpdump patch against CAN-2005-1267
- zlib-1.2.3 CAN-2005-2096
Others changes
- ethtool This is helpfull for those who want to let IPCop sleep when not used. ethtool is used to configure the network card /usr/sbin/ethtool -s eth0 wol g This could be added in rc.local. You could wake up the IPCop machine by sending the magic-packet to the MAC address. This could only work with some limit on IPCop side :
- you can't use dhcp on green since the PC sending the magic-packet already has an IP
- you can't have an orange interface
- iptstate command line utility RFE 1167726
- libwww-perl for HTTP downloads from CGIs This should resolve the issues some users are having with IDS rule updates. Also should fix the inability to download update lists when an upstream proxy requires user/pass (bug 1205470)
- SSLeay support to Perl (for https)
- vlan.1.8 and corresponding kernel module
[break]
- config.dat
- Add option to choose number of lines per page of log (viewsize)
- dhcp.cgi
- Allows bootp protocol (per interface) into DHCP server and corrects displaying of unlimited lease.
- Modify regexp to allow options with digits in advoptions-list to be displayed.
- Permits entering duplicate IP in fixed lease. close bug 1197940
- ddns.cgi
- Fix rfe1093108: updates to dyndns service are done only if gethostbyname returns different address.
- An optional cron call once/month force updates (-f -m options) to avoid loosing account on particular stable lines. This has to be enabled in GUI.
- Add dtDns support (rfe 1202972)
- Add new provider dynserv.ca (org|net|com)
- graphs.cgi
- fixe bug 1118124 :Change maximum on traffic graph RRDs to support 100 MBit links
- ids.cgi
- Add a 'no' update option to not trigger a warning on save when no oinkcode is set
- Use libwww-perl for HTTP downloads from CGIs, this should resolve the issues some users are having with IDS rule updates. Also should fix the inability to download update lists when an upstream proxy requires user/pass (bug 1205470)
- ipsec
- Added some 'seed' to certs generation with '-rand option'. Each cert is numbered
- Fix a stack based buffer overflow in ipsecctrl (blue interface)
- makegraphs
- change maximum on traffic graph RRDs to support 100 MBit links, fixes bug 1118124
- new optionfw.cgi option page add options in the GUI to:
- disable ping
- dropt a optional list of ports to reduce logs on RED
- rc.netaddress.up
- If "rc.red start" fails, no dnsmasq server is running. So start it even if it will be killed some lines later in normal operation!
- setup
- fix domainname missing in hostname after hostname change
- setportfw
- change SNAT behaviour for port forwards to only apply when required it also expands the SNAT to work for orange to orange connections (before it only applied to blue and green)
- wireless.cgi
- modify page to list DHCP leases on Blue Network. RFE 1048379. Includes inline editing
/i/1216804294.png?f=thumbmedium)
:strip_icc():strip_exif()/u/5944/ICON.jpg?f=community){kind=icon}
:strip_icc():strip_exif()/u/52878/crop5ba0cf47e6a2d_cropped.jpeg?f=community){kind=small}
:strip_icc():strip_exif()/u/27863/325159.jpg?f=community){kind=small}
