Release-Notes fli4l Version 2.1.8 =================== There have been several changes since 2.1.7, including more obvious ones like changes in variable names. Others are located under the hood, which means external developers should have a look at them. Kernel-Version (2.4.26) and library (uClibc 0.9.26) did not change since 2.1.7. Nevertheless parts of the grsecurity-patches have been applied to the kernel (basically randomisation features for the network-stack). Therefore, external developers must recompile their kernel modules. Binaries are not affected. Additionally, external OPTs have to undergo some changes to e.g. reflect changes in ip-up/down-scripts' naming (details below). ----------------------------------------------------------------------- Following is a detailed list of changes: base: ===== - removed: IP_DEFAULT_GW The function has been included IP_ROUTE_x. - removed: ETH_DRV_N ETH_DRV_x ETH_DRV_x_OPTION replaced by: NET_DRV_N NET_DRV_x NET_DRV_x_OPTION - removed: IP_ETH_N IP_ETH_x_NAME IP_ETH_x_IPADDR IP_EHT_x_NETWORK IP_ETH_x_NETMASK replaced by: IP_NET_N IP_NET_x IP_NET_x_DEV IP_NET_x_DEV replaces the old IP_ETH_x_NAME. The device must be always specified as of now! IP_NET_x is a new variable that replaces IP_ETH_x_IPADDR, NETWORK and NETMASK! Note: Networks are specified only in shortened notion! Instead of: IP/255.255.255.0 => write: IP/24 Examples: 192.168.6.0/255.255.255.0 => 192.168.6.0/24 192.168.0.0/255.255.0.0 => 192.168.0.0/16 In the context of IP_NET_x, the value 192.168.6.1/24 represents: IP of router: 192.168.6.1 Network: 192.168.6.0 Netmask: 255.255.255.0 Broadcast: 192.168.6.255 - changed: PASSWORD is written to rc.cfg in a crypt'ed format. - new: BOOT_TYPE The boot-scripts have been altered to support the different boot- mediums more flexibly. That means e.g. that you will be able to boot from CD, network, two floppies, ... now. - new: CONSOLE_BLANK_TIME -> Screensaver - changed: SER_CONSOLE -> Output to monitor and serial console is now possible at the same time. - changed: OPT_INITTAB, a custom inittab can now be transfered to the router. - new: POWEROFF_ON_HALT REAL_MODE_POWEROFF => APM-support - DNS-server ens has been removed. Use dnsmasq. - new: DNS_BOGUS_PRIV -> enables local reverse-dns-lookups. - changes in packet-filter configuration: The configuration formerly known as "new" or "extended" is now active per default. The old configuration can still be used but has to be seperately enabled. Note: The old configuration is deprecated. It will be removed in a future version! The packet-filte configuration is done using 4 lists: implementiert. * INPUT_LIST - Access to router processes * FORWARD_LIST - Forwarding to LAN, WLAN, Internet ... * PREROUTING_LIST - Portforwarding = Rerouting to LAN * POSTROUTING_LIST - Masquerading = enables internet access for the LAN. MASQUERADE_LIST has been split into PRE- und POSTROUTING_LIST. This enables even more flexible Portforwarding configuration (DNAT). The configuration of the packet forwarding via PORTFW_N is still possible. Extended packet filter configuration: Instead of IPs, references can be used -> - IP_NET_x (IP_NET_x, IP_NET_x_IPADDR, IP_NET_x_DEV) - Hosts specified in HOSTS_x Packets can alter the packet-filter configuration is an easier way. Have a look at opt/files/usr/local/bin/setup-portfw-new.sh or the vpn-packet, opt/files/usr/local/bin/openvpn_fwrules-helper). You can now define templates. For example PREROUTING_LIST_1='tmpl:xbl DNAT:192.168.192.1' does everything needed for Xbox Live support. Custom templates can be defined. Developer Notes: - tools updated - iptables - busybox - portfw changed, so can be reconfigured on-the-fly (didn't work in ealier version, as some of the rules were defined on boot). - mkfli4l extended: - samenet, subnet for checks regarding routing or similar - =~ stores the matching sub-expressions in array match_% - support for modifications of the rootgs via rootfs:-Prefix - fgrep command will search in files using regular expression - rc-scripts have to be calles rc[0-9][0-9][0-9].* (rc, then 3 numbers then .name) - ip-up/ip-down have to be called ip-up[0-9][0-9][0-9].*. - PATH is exported to the subshells of ip-up/down. - iptables can use all matches and targets, but only those modules/ extensions are copied to the opt-archive that fli4l normally uses. Every else has to be explicitely specified in opt/package.txt (see opt/base.txt for examples). ----------------------------------------------------------------------- chrony: ======= New fli4l-package! chrony enables fli4l with the Network Time Protocol (NTP). chrony serves as server and as client. Note: chrony can not be used in conjunction with opt_time! chrony exspects the BIOS-clock to be running in UTC timezone! Also, the clock should be set pretty accurate by hand. Else, chrony will take a long time to adjust the time. Chrony does not change the clock at once but slowes it down or speeds it up until it is synchronized. By default, chrony uses time-server of the pool pool.ntp.org. ----------------------------------------------------------------------- dsl: ==== - new: Support for Fritz!Card DSL USB - new: PPPOE_MTU PPPOE_MRU FRITZDSL_MTU FRITZDSL_MUR Note: These variables are optional and therefore not listed in /dsl.txt. They have to be inserted manually. - Upgrade to pppd 2.4.2; PPPOE_TYPE 'in_kernel' won't loose the default route anymore. It is, because it uses less CPU, the recommended mode. - pptp-client has been updated to Version 1.5 (xdsl) ----------------------------------------------------------------------- easycron: ========= Developer Notes: - easycron will now start up earlier, startscript has been renamed to rc100.easycron - Using add_crontab_entry() all subsequent startscripts can add entries to the crontab. That way, users don't have to manually change the file /easycron.txt. ----------------------------------------------------------------------- hd: === - There have been several changes due to the new bootconcept. For example the 'setup' only prepares the harddiscs for fli4l. Right after that a remote-update has to be done! It is recommended to create 2 configuration folders. I.e. instead of only the folder 'config' the folders - fd.config - hd.config The folder 'fd.config' is used to create the installation disk and the folder 'hd.config' contains the actual runtime-configuration. - Opt- and Data-Partitions are formatted using ext3 file system. - Installation type C has been removed. An existing installation can be updated using the remote-update feature. ----------------------------------------------------------------------- isdn: ===== - new Cards: Fritz!Card DSL USB Fritz!X USB Fritz!Card USB - removed: IPX Support - removed: ISDN_CRIC_x_ROUTE replaced by: ISDN_CIRC_x_ROUTE_N ISDN_CIRC_x_ROUTE_x - new: MS-DNS support - on DIAL-In, the calling client is informed if the DNS-server of the router. - changed: ISDN_CIRC_x_MTU ISDN_CIRC_x_MRU Note: Those variables are optional and therefore are not listed in /dsl.txt. Insert them as needed. ----------------------------------------------------------------------- lcd: ==== - new: LCD_DSL_SPEED_IN LCD_DSL_SPEED_OUT ----------------------------------------------------------------------- sshd: ===== - Update of dropbear to version 0.43 ----------------------------------------------------------------------- tools: ====== - new Tools: top md5sum ----------------------------------------------------------------------- usb: ==== - AT-AR215 renamed to eagle-usb, as it supports more than the AT-AR215 modem (see base.txt and documentation) - Renamed driver name 'CDCEther' to 'cdcether' (lower case!) ----------------------------------------------------------------------- vpn: ==== - new: OPENVPN_x_SHAPER limits outgoing traffic OPENVPN_x_ACTIV deactivates the current VPN OPENVPN_x_CHECK_CONFIG deactivates the configuration check OPENVPN_x_MSSFIX, OPENVPN_x_FRAGMENT and OPENVPN_x_LINK_MTU can be used to optimize the VPN connection The OpenVPN checkscript now identifies much more errors and outputs respective warnings. Every VPN connection can have their own packet filter rules. That's what OPENVPN_x_INPUT_LIST_x and OPENVPN_x_FORWARD_LIST_x are for. - Update to OpenVPN Version 1.6 ----------------------------------------------------------------------- wlan: ===== - changed: WLAN_x_ENC_MODE is now optional. - Driver hostap_* updated to version 0.2.4. - Prepared for WPA - looking for a volunteer to implement it ----------------------------------------------------------------------- [translated from german by felix@fli4l.de]