Manual Kasper has announced the release of m0n0wall 1.31. This is a quick summary of the changes since 1.3:

• various IPv6 improvements (in DNS forwarder, DHCPv6, AYIYA, etc.)
• bridge “disable spoof check” option (for non-m0n0wall DHCP and multicast)
• fans/temperature monitoring on status page for supported platforms (unfortunately Soekris/PC Engines not included
• fix for OpenSSL session renegotiation vulnerability (-> HTTPS webGUI)
• patch to DHCP server daemon to reduce lease file growth

Downloads and Changelog | m0n0wall website

Manuel Kasper has announced m0n0wall 1.3.

“After almost three years in beta, I have decided that m0n0wall 1.3 is now good enough for production. It’s basically a re-release of 1.3b18, with two fixes thrown in. No major bugs have been reported anymore, but as always, upgrade on your own risk .

Major changes in this release (since 1.23):

• switched base operating system to FreeBSD 6.4
• consolidated net45xx, net48xx and wrap images into a single ”embedded” image
• switched bridge implementation to if_bridge: bridge member  interfaces will now always be filtered (the filtering bridge option has been removed)
• IPv6 support (enable on advanced setup page)
• firewall support for IPsec traffic
• IPsec NAT-T, DPD and dynamic tunnels
• countless bugfixes and other improvements

If you’re upgrading a 1.2 generic-pc installation, you need to install 1.3b7 before you install 1.3 (because the image is too big to fit in the MFS that 1.2 allocates for the firmware upgrade).

If you’re upgrading a 1.2 net45xx/net48xx/wrap installation, you need to rename the embedded image to reflect your platform before you upload it (this is a one time thing only).”

Links:

• M0n0wall
• Downloads
• Full change log

M0nowall version 1.236 was released last week in order to address a security issue in the ISC DHCP client. If you don’t use the DHCP client on WAN or if you trust the DHCP server(s), there’s no need to upgrade.

1.236 also includes a few captive portal fixes imported from the 1.3b branch, so if you use the captive portal, that would be another reason to upgrade.

Links:

Website | Downloads | Changelog

The m0n0wall team release beta 18 last week. The beta page has been updated to make it easier for you to decide what version is most suitable for you/your system: http://m0n0.ch/wall/beta.php

Manual Kasper has released another m0n0wall beta release bringing the project closer to the release of the final m0n0wall 1.3. According to the announcement:

The move to FreeBSD 6.4 has been completed, and legacy BRIDGE has been replaced by if_bridge (thanks to Chris Buechler), so if you’re using the bridging features, you may want to test especially carefully whether everything works as desired after the upgrade.

Also, the filtering bridge is now always on (this is by design), so you may have to add firewall rules to permit traffic on your bridged interfaces if you have not already done so.

Various bugs have of course also been fixed (for the SIP inbound NAT problem, advanced outbound NAT slowness when using destination matching, DHCPv6 range check, etc.)

For more info, the changelog and downloads visit the beta page

It’s been exactly 6 months since the last release (1.3b15), but m0nowall is not dead: beta 1.3b16 is now available.

The developers have been busy with a kernel security bugfix (arc4random),  support for Broadcom BCM5722 NICs, and IPv6  (DHCPv6, IPv6 webGUI access).

Detailed change log and downloads can be found at m0n0.ch/wall/beta.php

Regarding future development, 1.3 is planned to be released anytime soon, but the developers are looking for some help with the following. If you can help them out, just contact them:

• replacing the legacy BRIDGE with if_bridge
• improving captive portal reliability and performance (e.g. by introducing SQLite to replace the various flat text files and corresponding lockfiles)
• adding support for address/network groups in firewall rules (via ipfilter’s ippool feature)