IPFire 2.15 Core 80 發布
IPFire是一份Linux發行,它注重輕松的裝備、方便的操作和高級別的安全。它通過一份直觀的基于網頁的界面來進行操作管理,該界面為新手級及老練 的系統管理員提供很多直觀的配置選項。IPFire由一群關注安全及經常更新該產品以保持其安全的開發者來維護。IPFire帶有一份定制的叫做 Pakfire的包管理器,系統也可以通過各種附件來進行擴展。
IPFire 2.15 - Core Update 80 released
</div>This is the official release announcement for IPFire 2.15 – Core Update 80. It comes with lots of new features, some bugfixes and some minor security fixes.
DNSSEC
There has been a crowdfunding on the IPFire wishlist which raised money for implementing a DNSSEC validating DNS proxy. The DNS proxy service that is running inside of IPFire has been forked and some features that were dropped in the upstream version have been backported.
IPFire now validates every DNS response of zones that are signed. If the DNSSEC signatures do not validate a DNS error is raised and therefore spoofing attacks are not longer possible. However, it is not sufficient for the internal DNS proxy to have DNSSEC enabled. Client systems should validate DNSSEC records, too, but we think that these changes block most spoofing attacks from the Internet and only DNS spoofing attacks from the local network are possible. The cache pool size has been increased so that dnsmasq is able to cache many DNS keys and signatures and that the verification does not harm the user experience.
It is required that the DNS servers from the Internet service providers validate DNSSEC as well. If not, you may change to one of those public DNS servers in this list. There is more information about DNS and IPFire on our wiki.
New dynamic DNS updater
A new tool to update dynamic DNS records has been written. It replaces the old, faulty and hard to maintain perl script setddns.pl.
The new client is written in Python and portable to other distributions
as well. It is easily extensible and avoids duplicating code. The
sources can be found on our own git server or on GitHub and we are happy to receive improvements and patches that add support for new providers.
The user interface has been simplified and obsolete and deprecated features like wildcard support have been dropped.
There is support for all DNS providers that have been formerly supported. Providers that don’t exist any more have been removed and some new ones have been added: all-inkl.com, dhs.org, dns.lightningwirelabs.com, dnspark.com, dtdns.com, dyndns.org, dynu.com, easydns.com, enom.com, entrydns.net, freedns.afraid.org, namecheap.com, no-ip.com, nsupdate.info, opendns.com ovh.com, regfish.com, selfhost.de, spdns.org, strato.com, twodns.de, udmedia.de, variomedia.de, zoneedit.com.
Misc
- The lzo libary has been updated to version 2.08 because of a potential, but very unlikely security issue filed under CVE-2014-4607.
- wpa_supplicant has been updated to version 2.2.
- strongswan has been updated to version 5.2.0
- Ersan Yildirim submitted updates for the Turkish translation.
- The
dhcrelaybinary and an initscript are shipped. - The bind tools have been updated to version 9.9.5 to support DNSSEC, too.
- rng-tools have been updated to version 5 to support Intel processors that come with the RDRAND instruction, but without AES-NI.
- squid web proxy: The minimum and maximum object size of objects that are put into the cache is no longer ignored.
- Firewall hits by country: Fix chart for dial-up connections.
- Static routes cannot be added twice into the configuration and must not be a part of any of the local networks. </ul>
- ownCloud – The private cloud – Documentation
- clamav 0.98.4
- hostapd 2.2
- sane 1.0.24
- tor 0.2.4.22
- transmission 2.84 </ul>