We’re already at the end of November and the last months have been very busy since we have shipped NethServer 6.7 but a lot of new stuff are released over the following days and in this period we have closed 36 issues.
So it is time to go and catch up to our development report!
The biggest items during this period include the new built-in filter for SquidGuard, antispam improvement, also as well as visible changes the new multi-WAN implementation and the web interface for policy routing.
New Multi-Wan implementation##
It’s really interesting how this feature is born because it’s the result of a great discussion on community that has produced a new configuration for the multi-wan monitoring along with a new interface.
The basic change is that now the “ping IP” (AKA check IP) is global and you don’t need to input one IP for every connection. This also permits to delete the code that tries to auto-detect the right IP and we can also delete the static routes too.
Thanks to @filippo_carletti @giacomo for the implementation and to @adam - @nas for their contributions.
We’re currently debating about how to improve the MultiWan more.
Web interface for policy routing
We are releasing a new interface module for managing policy routing rules. Using the actual firewall UI, the user is able to:
- Create/edit a rule
- Select source and destination using object picker
- Select service using object picker
- Re-order the rule list
Also, in a multi-ISP scenario is a common need to route certain traffic using a specific provider, the firewall was yet able to manage rules now it’s possible to make it directly from the UI
There have been many changes throughout the antispam module, for example the amavisd log_level was increased to 2 to see in the log spam rules that fired. Above all @filippo_carletti has worked hard on using DNSBL to fight spam because DNS block list can be used to block spam as SpamAssassin rules, in addition some DNSBLs limit the maximum number of queries coming from the same IP address so yo overcome this limitation we needed a recursive non-forwarding resolver: unbound was the best candidate.
Proxy and Content Filter
Now it’s permitted to exclude an entire subnet an IP ranges using the feature “sites without proxy”, previously was possible only for hosts and host groups (thanks to @matteo_contoli for the suggestion). Also it was implemented into nethserver-squidguard a set of filtering rules (regexp on url to block porn) that can be enabled on a Filter object. Great work by @davidep and @davide_marini
As always, there have been several changes with a focus on performance. This includes an optimized ntopng since it heavily used redis to save temporary data about host network traffic. In a scenario where there are many hosts involved, ntopng will highly increase redis memory usage. @giacomo worked on using a separated instance of redis only for ntopng, removing the dependency from nethserver-redis, limiting Redis memory usage and avoid useless db dumps on disk.
There have been other many changes throughout NethServer, here are some highlights:
- Added a remote field in OpenVPN interface to cover some scenarios where the OpenVPN client can’t find the server by searching for its host name - by @davidep and @davide_marini.
- New release of WebTop with support for Active Directory, data import from SOGo, and many other updates (@lucag and @giacomo)
- Upgrading to Owncloud 7.0.11 by @alep
- Updated language pack
- Multiple fixes for: PPPoE, sNAT, IP/MAC binding, squid, RoundCube, DHCP, pulledpork, adagios, vsftpd, pop3 scan, group email addresses creation.
QA and testing Team
If you have any input on the report, let me know replying below, I hope you enjoyed the read!