m0n0wall 1.33 released

There are ready-made binary images for embedded computers from
Soekris Engineering and
PC Engines, a CF/IDE HD image for most standard PCs (other embedded
ones may work, too) with either keyboard/monitor or serial console, a CD-ROM (ISO) image for standard PCs, a VMware image, as well as
a tarball of the root filesystem. Refer to the installation instructions for information on how to install these files on the various platforms.

Known issues:

  • WARNING: this version (any platform) no longer fits on 8 MB CF cards! (= 16 MB required)
  • When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image.
    Other platforms are not affected.

Changes in this release:

  • a new image type “generic-pc-serial” has been added; the only difference to generic-pc is that it always uses the serial console (on COM1 at whatever speed the BIOS set it to)
  • added Realtek customized network chip driver to support additional chipsets
  • updated ipfilter to 4.1.33
  • inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall’s WAN IP address
  • IPv6 improvements by Andrew White:
    • support for LAN IPv6 prefix assignment using DHCP-PD
    • added MTU option for RA
    • added AICCU to interface status page
    • added IPv6 support for syslog destination
    • added IPv6 support for Diagnostics: Firewall States
    • added error handling to interface status page for AICCU being down
    • fixed DHCPv6 server setup when target interface is configured in 6to4 mode (reported by Brian Lloyd)
  • modified “disable port mapping” option so that it will actually avoid port
    mapping whenever possible, but fall back to port mapping if another mapping
    for the same port already exists
    (inspired by a patch submitted by Adam Swift)
  • added support for user-customizable captive portal logout and status page, as well as a password change option for local CP users (contributed by Stephane Billiart)
  • added ‘Bind to LAN’ option for syslog, so you can syslog over a VPN tunnel
  • fixed dnswatch to deal with changed resolv.conf (for IPsec tunnels to dynamic endpoints)
  • fixed various XSS vulnerabilities in webGUI
  • added option on advanced setup page to defend against DNS rebinding attacks
  • fixed extra slash in captive portal redirect
  • added support for (manually updated) CRLs for IPsec VPN (contributed by Sebastian Lemke)
  • prevent /ext directory from being listed through webGUI (reported by Bernd Strehhuber)
  • fixed typo in system_do_extensions() that broke extensions support (reported by Bernd Strehhuber)
  • added check for DHCP reservation entries for the same MAC address
  • changed EDNS to 4096 from default of 1280 for dnsmasq, should help with DNSSEC
  • don’t let missing DNS server information keep DHCPD from starting

Version: 1.33
Release date: 03/16/2011

Article source: http://m0n0.ch/wall/downloads.php

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
This entry was posted in Usefully Found Stuff and tagged , , , , . Bookmark the permalink.

Comments are closed.