NethSecurity project milestone 8.3

We are excited to announce the release of NethSecurity project milestone 8.3 with image version 8-23.05.5-ns.1.3.0. This release focuses on new features for subscriptions and improved user experience.

:fire: Release highlights

NethSecurity 8.3 brings several new features and improvements!

Centralized unit update management

From the controller, it is now possible to update the unit seamlessly (packages and/or image).

Real-time monitoring page

A comprehensive dashboard for NethSecurity monitoring has been created.

Historical monitoring

Historical monitoring allows the user to see how the firewall is behaving from the NethSecurity Controller.
Please note that a subscription is required for this feature.

Improved Threat Shield UI

Local block list, logging and brute force protection settings are now exposed in the Threat Shield page.
Added protection against brute force attacks on the web interface.

NAT helpers UI

A new NAT helper configuration page has been added.

Enhanced object support on port forwarding

Support for multiple object types in the “restrict access from” field.

Update to OpenWrt 23.05.5

NethSecurity has been updated to the latest OpenWrt 23.05.5 version. See the upstream changelog.

:white_check_mark: Other Features and Improvements

  • Support for virtual machine tools: Optional packages for KVM and VMware tools.
  • Advanced usage statistics: Collect anonymous system usage statistics.
  • Remote support: Access netdata UI from remote support sessions.
  • NAT rules: Added “0.0.0.0/0 any address” option.
  • Zone logging policies: Set logging policies for each zone.
  • DNS and DHCP page: Case-insensitive search.
  • OpenVPN Road Warrior: Download all certificates with a single button.
  • UI improvements: Better usability, navigation, and visual elements.
  • Migration log: Log file created after migration, available at /root/migration.log.
  • MultiWAN improvements: Better default configuration to restore connectivity after all WANs lose connection.

:arrow_up: Updating NethSecurity

Since this release includes an upstream update, the only valid update method is the full image upgrade.

Full image upgrade

  1. Go to the “System” section in the UI.
  2. Use the image-based upgrade procedure.
  3. Select the new NethSecurity 8.3 image.

This method updates the entire system image and will show the new version number in the dashboard.

:bug: Bug Fixes

Over 30 bug fixes are included in this release, addressing issues with certificates, DHCP, reverse proxies, Conntrack, MultiWAN, and more. The detailed changelog can be found here.

:question: What is NethSecurity?

NethSecurity is a powerful, open-source Linux firewall designed to simplify network security deployment. It offers full-featured protection and an easy-to-use interface.

Choose your preferred Subscription Plan

A NethSecurity subscription ensures that your deployment is backed by top-tier technical expertise and the support necessary to maintain your organization’s security infrastructure.

Subscribing also grants exclusive access to the Enterprise repository, which includes Automatic Updates, advanced DPI Applications/protocol detection, and VPN integration with LDAP/AD user databases.

:point_right: Get it now

:rocket: Help shape NethSecurity’s future

Your feedback is invaluable as we continue to refine and enhance NethSecurity. Please share your thoughts, report issues, and suggest features by opening a new topic in the NethSecurity category, using tags like Feature, Bug, or Support.

:point_right: Download and use it! :point_left:

7 Likes

Looks very good.
When will it be available for the stable releases?

If for stable you mean “subscription”, the new version will come after one week from the release as usual.

1 Like

3 posts were split to a new topic: NethSecurity UI language not found after update

3 Likes

I’m a little disappointed at the historical data part. Why is that behind a paywall? Can’t we just spin up our own grafana + prom/fluxdb server?

Man, the paywall is needed. How can we make the project sustainable? :slight_smile:
Most of it is free and 100% Open Source.

Behind the commercial reasons, this is also due to the fact that giving support on this part it’s not so simple.

Yes, it’s what the controller does.

It’s 100% Open Source, it does not mean that alle features are enabled by default.
Beniamin, if you want to push all to the Controller even if you do not have a subscription, you must hack the ns-plug script.

4 Likes

Good to know. Thanks guys :slight_smile: