[FireBrick-Announce] 1.48.101 Avarelli

Adrian Kennard a at k.gg
Sat Jun 23 06:32:10 BST 2018

Sorry it has taken so long, but the ACME release is finally issued.

Release notes from Factory release 1.47.100 to Factory release 1.48.101


Install root certificates for use with Let's Encrypt and ACME
Better error logging
Full ACME system to work with Let's Encrypt

Updates BGP refresh options including sending refresh request
Additional BGP shutdown subcodes added
Some additional debug for BGP

Config top level attributes now include username and ip of last update
Config top level attributes now include serial number and version, but
normal edit screen no longer has xmlns and xsi
IP groups can now reference subnets by name (including DHCP client subnets)

New key generation logic in place for ACME and related functions
Avoid crash soon after startup following auto key generation

Fix crash on packet reception when collecting entropy

Added a block/prefix mapping feature to firewall logic

Self signed certificates as fallback for initial set up via https

Increase pending ARP cache and drop if overloaded rather than sending
spurious ICMP errors

Change some logic to reduce use of 2002:: 6over4 address usage as source
addresses where possible

Tweaks to expected timeouts on RADIUS (e.g. for L2TP or session
steering) and change default to min timeout 2 seconds total
More control of RADIUS timeouts for ad-hoc RADIUS from RADIUS response
for L2TP session steering
Improve outgoing L2TP handling where target is hostname

Change to outgoing email timeout (spam scans and the like can take a
while) RFC5321
Colour on web log not always correct

LED faults (open/short-circuit) are now reported in UI/CLI monitoring
section and logged to flash

Fix occasional lockup/crash during stream processing

Send NAK asking for MD5 on receipt of non MD5 CHAP request

RADIUS client allowing fixed source-ip, and for ad-hoc L2TP steering
uses L2TP source IP if set
Fix L2TP relay steering RADIUS min/max timeouts (5/20 not 20/5)

Additional stats for entropy collection
UI monitoring

Fix incorrect display of negative temperature

Fix nc to 1 as we don't store/re-use nonce values. Some systems don't
just look for duplicates but actually expect a 1
Not picking up media started until something that is not perfect silence
is sent as some systems do that!
Better handling of overlapping INVITE replies where server is very slow
or over long latency links

Config check for duplicate VRRP MAC in use on different interfaces
Web control pages

Change layout of rule-set
Changed logic for self signed certificates, and made more transient in
certificate store
Limit number of self signed certificates to reduce clutter, and avoid
possible "make millions of certificates" attacks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.firebrick.co.uk/archive/lists.firebrick.co.uk/firebrick-announce/attachments/20180623/63580a15/attachment.sig>

More information about the FireBrick-Announce mailing list