Software update: m0n0wall 1.21

The package m0n0wall is a ready-made firewall solution with an extensive feature set. It basically uses the FreeBSD operating system and is fully configurable via a web-based interface. It has onboard support for wireless setups, 802.1Q VLAN, NAT/PAT, IPsec VPN tunnels and PPTP VPN, among others. In addition, it can also apply packet filtering and has a traffic shaper. The developers have spoiled us with a new version in the new year with 1.21 as the version number. The list of changes looks like this:

Version 1.21:

• the captive portal has been modified to always issue a redirect to m0n0wall’s own IP address first (even in HTTP mode). This means that all login forms MUST contain the “redirurl” hidden field now, otherwise they won’t work anymore!
• mini_httpd has been improved to increase stability of the captive portal and webGUI
  • when the maximum number of connections has been reached, it no longer attempts to send a 503 message to the client, as that itself could have caused the parent process to block (and, due to a bug in SIGALRM handling, even exit) if the client fails to acknowledge the data. Instead, the connection is simply closed.
  • new feature: the number of connections per client IP address can now be limited to prevent one misbehaved user from tying up the server. The default limit for the captive portal is now 4 connections per client, and 16 in total (can be adjusted on captive portal setup page)
• captive portal file manager (If you already have element files from inofficial builds, it isn’t enough to simply delete all the files that were uploaded to the system. Before upgrading, you manually have to delete the whole “… ” part in your config and restore that changed config.)
• imported Jonathan de Graeve’s captive portal RADIUS improvements
  • improved RADIUS authentication using PHP’s built-in PECL RADIUS support
  • secondary RADIUS server support
  • RADIUS MAC authentication
  • RADIUS URL redirection attribute support
  • RADIUS Session Timeout support
  • disable concurrent user login option
  • RADIUS idle timeout support
  • RADIUS Acct-Terminate-Cause support
  • WISPr RADIUS attributes are now supported as well as Nomadix attributes (Redirection-URL, Session-Terminate-Time)
  • on idle timeout, the time of last activity is used in calculating the Session-Time
• notes field on index page
• new option for SNMP agent: bind to LAN interface only (avoids problem with VPN tunnel to LAN subnet terminated on WAN; see http://doc.m0n0.ch/handbook/faq-snmpovervpn.html)
• fixed CPU and traffic graph SVG for Firefox 1.5
• captive portal RADIUS accounting stop packets are now sent before rebooting after a firmware upgrade
• when restoring config.xml via the webGUI, XML validation is done on the file before it is installed
• updated base system to FreeBSD 4.11-RELEASE-p13
• updated PHP to 4.4.1
• updated Dnsmasq to 2.23
• updated racoon to the ipsec-tools 0.6.4 version
• added device nodes for /dev/ad4-7
• fixed stopping/restarting racoon
• fixed typo in services_captiveportal.php
• increased CF partition size to 7 MB

Version 1.2:

• fixed HD standby to use minutes, not seconds
• fixed DNS forwarder domain override feature
• Diagnostics: ARP page now allows entries to be deleted
• made Ping/Traceroute pages tabbed
• captive portal RADIUS accounting now sends Gigawords
• fixed PPPoE dial-on-demand to not use 10.0.0.1/10.0.0.2 internally
• removed OpenVPN. If you’ve been using OpenVPN in earlier 1.2b versions, make very sure after upgrading that all your rules still point to the right interfaces (the OpenVPN pseudo-interfaces will be removed). Better yet, restore the configuration backup you made before you enabled OpenVPN (as per the suggestion in the webGUI) prior to upgrading.
• RFC 1918 block rule is now listed on the Firewall: Rules page for WAN as an uneditable rule (gray background)