Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (2) →
Nick Howitt
Nick Howitt
Offline

Packages being updated to the Community tonight (11/08/2020)

Resolved
0 votes
Tonight (11/08/20-12/08/20) the following updated packages are being released:

  • app-file-scan - Stop it killing the webconfig on a large quarantine index. Also fix delete of quarantined items. The upgrade script then makes a good attempt to get the quarantine list back into sync with the files in the quarantine.

* by the package name = the package is also being released to Business at the same time.

Packages available for testing

  • app-qos - Allow the full range of port selections allowed by the multiport rule. Stop a firewall panic if both multiple source and multiple destination ports are used at the same time. Note I have noticed a bug which allows you to specify port 0 which puts the firewall into a panic. I don't yet have a fix for it. This is a bug in the existing code so if you upgrade to the beta you are no worse off.
  • app-dnsthingy - This is the same update as app-gateway-management but also includes a rebranding from DNSThingy to AdamOne. Update with:
    yum update app-dnsthingy adamone --enablerepo=clearos-*-testing

  • app-gateway-management - update with:
    yum update app-gateway-management* adamone --enablerepo=clearos-*-testing

  • adamone - this is the underlying package for the above beta versions of app-gateway-management/app-dnsthingy. If you have either of the above beta's installed, you can update with:
    yum update adamone --enablerepo=clearos-contribs-testing
    Please restart GM afterwards.
  • app-network - code merge complete. Seems to work for everything except external VLANs and a few quirks.

    • Now allows you to set up Wireless and Cellular interfaces. You will also need app-wireless to configure a NIC as an access point. Otherwise manual configuration is then needed for WiFi and Cellular devices.
    • I've tweaked it for kernel mode PPPoE (much faster and lower resources). For the moment we are not forcibly converting PPPoE interfaces over, but if you edit an interface it will switch to kernel mode.
    • Hides irrelevant interfaces from app-network-report such as docker0, veth* and ifb*.
    • Numerous other changes since last 2.6.0
    • Do not use the the update if you use VLAN's on external interfaces.


Unless detailed otherwise, packages available for testing can be installed with:
yum update --enablerepo=clearos-updates-testing {package-name}

Packages being worked on:

  • basics for app-sia v2. This will slow down app release.
  • app-firewall - see if I can do some more bug fixes.
  • app-attack-detector to add a button beside each banned IP to you can unban it. This was being worked on by an external contributor.
  • app-network - Two more bugs to go. Team Canada are working on it.


Previous updates notice
In Software Updates
Tuesday, August 11 2020, 08:59 PM
Subscribe via email
Share this post:
Responses (2)

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Monday, August 17 2020, 02:15 PM - #Permalink
    Resolved
    0 votes
    There is now an updated version of app-multiwan available. The original intention was to allow the Source/Destination ports to have the full range of ports available from multiport module. This would allow upto 15 ports to be specified separated by a "," or a ":". Individual ports should be separated by a "," and port ranges by a ":". Every port specified counts as one of your ports, so "80,443" counts as 2 ports as does "9981:9903".

    Doing that was relatively easy, but it threw up a whole host of other bugs with the UI:

    • a port or IP address of 0 was treated by PHP as empty so would not be passed to the validator it and would lead to a bad rule as it is never valid.
    • If you added a source port and a single destination port (you should almost never need this), it would work, but if you added a single source port and multiple destination ports (or the other way round), the firewall would panic.
    • Multiport rules were only checked to see if the ports were numeric and not between 1 and 65535.
    • If you got a validation error on your rule, you had to cancel and re-edit. You couldn't just correct your error

    These should now be fixed.
    I also took the opportunity to fix an old issue to rename the Source/Destination Address fields to Source/Destination Address/Subnet.
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Friday, August 14 2020, 09:48 AM - #Permalink
    Resolved
    0 votes
    There is now an update to app-ibvpn (the ibVPN app) which fixes the expired certificate issue:
    yum update app-ibvpn --enablerepo=clearos-contribs-testing
    After installation, please do a:
    systemctl daemon-reload
    
systemctl restart ibvpn
    The reply is currently minimized Show
Your Reply