release of a compact distribution kit for creating firewalls and network gateways . The distribution is based on the FreeBSD code base with the m0n0wall project and active use of pf and ALTQ. For loading several images for the amd64 architecture, ranging in size from 300 to 360 MB, including a LiveCD and an image for installation on USB Flash.
The distribution kit is managed via the web interface. Captive Portal, NAT, VPN (IPsec, OpenVPN) and PPPoE can be used to organize the exit of users in a wired and wireless network. Supports a wide range of options for limiting bandwidth, limiting the number of simultaneous connections, filtering traffic and creating fault-tolerant configurations based on CARP. Work statistics are displayed in the form of graphs or in tabular form. Authorization is supported by the local user database, as well as via RADIUS and LDAP.
Key :
- Base system components updated to FreeBSD 11-STABLE;
- On some pages of the web interface, including the certificate manager, the list of DHCP bindings and the ARP / NDP tables, sorting and searching support has appeared;
- Unbound-based DNS resolver added to Python scripting integration tools;
- For IPsec DH (Diffie-Hellman) and PFS (Perfect Forward Secrecy) added 25, 26, 27 and 31;
- In the UFS file system settings for new systems, the noatime mode is enabled by default to minimize unnecessary write operations;
- The "autocomplete=new-password" attribute has been added to the authentication forms to disable autocompletion of fields with sensitive data;
- Added new providers of dynamic DNS records - Linode and Gandi;
- Several vulnerabilities have been fixed, including an issue in the web interface that could allow an authenticated user with access to the image upload widget to execute any PHP code and gain access to privileged pages of the admin interface.
In addition, the possibility of cross-site scripting (XSS) has been eliminated in the web interface.
Source: opennet.ru