Kaladix Professional Firewall ChangeLog

Version 0.7.14 (Rampant Ragnarok), 2007/06/21
 - KERNEL: Changed Kernel options to allow booting on newer CPUs
 - USERLAND: Minor update to postsetup fixing hotsanic issue
 - USERLAND*: Less error reporting for survey and smokeping
 - USERLAND: Updated packages to latest versions on 2007/06/01
 - USERLAND: timestamp support in genconfig
 - PF: Updated PF to 0.8.1
     - Redone routing table generation, fixing a minor routing bug 
     - IFB is now stable
     - IMQ is deprecated and will likely be removed soon

Version 0.7.13 (Balder), 2007/03/27
 - KERNEL: Added hardened-sources-2.6.18-r6 based Kernel (kaladix-r2)
 - KERNEL: Naming changed from 2.6.x.x-kaladix-rx to 2.6.x-kaladix-rx
 - KERNEL: Using TCP Westwood+ with SACK for better overall performance
 - KERNEL: Changed from SEGMEXEC to PAGEEXEC and added kernel protection
 - KERNEL: Added software and hardware watchdog support
 - KERNEL: KLIPS has now NAT-T support
 - KERNEL: EDAC support
 - USERLAND: Virus Scanning on Samba shares added (ClamAV)
 - USERLAND: Added S.M.A.R.T monitoring for S-ATA drives
 - USERLAND: Added auto email alerting on network and hard drive problems
 - USERLAND: Added PXE server environment (DHCPD + TFTPD)
 - USERLAND: Added ACL security to Samba shares
 - USERLAND: Added qmail running on 127.0.0.1 for local mail delivery
 - USERLAND: Updated packages to latest versions on 2007/03/23
 - USERLAND: Updated from PHP 4 to suhoshin PHP 5
 - USERLAND: Updated network latency graphing tool and configuration
     - Multiple external lines can be monitored in parallel
 - USERLAND: Using UTF-8 / Unicode by default
 - USERLAND: Fixed ntp-client bug, was not in runlevel anymore
 - USERLAND: Fixed SSH DSA key generation
 - USERLAND: Fixed logrotate bug not rotating logs
 - USERLAND: Fixed hotsanic bug not indexing ipsec0
 - USERLAND: Migrated from ip-up.local to a daemon process (PPPMon)
 - USERLAND: core.conf Version updated to 3.8
 - USERLAND: The userland is now conform to Hardened Gentoo
 - USERLAND: Bugfixes and new features added to cleansmb.sh
 - USERLAND: Added RSync and Torrent features*
 - USERLAND: Lots of other bugfixes
 - USERLAND: Added optional virus scanning to Proxy (ClamAV)
 - USERLAND: Added optional content filtering to Proxy
 - USERLAND: Moved networking initialization to boot runlevel
 - USERLAND: Crontabs updated
 - USERLAND: Updated system logger configuration
 - USERLAND: CPU frequency scaling is now configurable 
 - USERLAND: Added N-Top network monitoring
 - USERLAND: Added software watchdog daemon
 - USERLAND: Added NFS Server support
 - USERLAND*: Added auto-update functionality
 - USERLAND*: Added self-check (system health) functionality
 - USERLAND*: Added periodic self-repair functionality
 - USERLAND*: Added Surfstation support
 - USERLAND*: Added Rsync Server support
 - PF: Updated pf to 0.8
     - Fixed MSS issue with RELATED connections
     - Added Smokeping related UDP echo service routing*
     - Bittorrent is no longer under P2P but P2P_EXP
     - Ability to handle Smokeping and IPSec restarts
     - Local running Bittorrent support
     - Added any protocol match support
     - More sysctl option tuning
     - NFS Server support
     - IMQ and IFB support with RED queue for TCP (experimental)
 - WI: Added 2006 and 2007 to copyrighted years
 - WI: Added mii-tool output to networking.php
 - WI: Most outputs include STDERR information
 - WI: Integrated N-top

Version 0.7.12 (Odin), 2006/05/12
 - KERNEL: Reincluded SMP support
 - KERNEL: Updated to linux-2.6.16.12-kaladix-r1
 - USERLAND: Fixed segfault when running depmod
 - USERLAND: Updated packages to latest versions on 2006/05/05
 - USERLAND: Hotsanic graph refreshes every 30 minutes now
 - USERLAND: Database backend speedups
 - USERLAND: Changes to lilo and ipsec configuration
 - USERLAND: Cosmetic changes to /etc/issue
 - USERLAND: Fix for IPSec key overwrite
 - PF: Updates for P2P protocol matching and clear command
     - New version is 0.7.3

Version 0.7.11 (Tyrfing), 2006/03/06
 - USERLAND: Updated to Gentoo Profile 2006.0
 - USERLAND*: Updates for cleansmb.sh
 - USERLAND: Updated packages to latest versions on 2006/02/28
 - USERLAND: Fixes for adsl-stop script
 - PF: Updated pf to 0.7.1 fixing a major bug introduced in 0.7

Version 0.7.10 (Sleipnir), 2006/02/10
 - KERNEL: Updated to linux-2.6.14.5-kaladix-r1
 - KERNEL: Temporarily removed SMP support until either
     - Netfilter updates IPSec support so we can use KAME for IPSec
     - OpenS/WAN fixes bug ID #218 so we can use KLIPS for IPSec
 - USERLAND*: sendip-ng now in /etc/conf.d/local.start
 - USERLAND: Updated packages to latest versions on 2006/02/06
 - USERLAND: Minor cleanups and fixes

Version 0.7.9 (Gungnir), 2006/01/17
 - USERLAND: Updated software packages to most recent versions
 - USERLAND: Added experimental RAID 1 support
 - USERLAND: Updated smokeconf helper
 - USERLAND: New core.conf format 3.7
 - USERLAND: Setup handles more functions now 
 - USERLAND: New upgrade methods through fetchconfig and putconfig
 - USERLAND: Added dsniff package
 - USERLAND*: miniDROP backend created, but not included by default
 - USERLAND: Fully migrated to GCC 3.4.x
 - KERNEL: Updated to linux-2.6.11-kaladix-r2
 - WI*: miniDROP frontend created, but not included by default
 - WI: netstat-nat pointed to the wrong path, fixed
 - PF: Updated pf to 0.7
 - PF: Selective MTU and MSS-clamping
 - PF: Small bugfixes and enhancments
 - PF: Support for KAME based IPSec

Version 0.7.8 (Mjolnir), 2005/10/12
 - KERNEL: Automatic CPU frequency scaling support added
 - PF: Fixed a small typo in NO_ACCESS section
 - PF: Better upstream / downstream shaping support
 - USERLAND: New core.conf format 3.5
 - USERLAND: Updated all packages to their latest versions
 - USERLAND: Changed compiler options to -mcpu=pentium4
 - USERLAND: All daemons recompiled to run faster on Pentium 4
 - USERLAND*: New Samba share "Backup"
 - USERLAND: Switched to 2005.1 profile
 - USERLAND: Changed Apache log rotation to weekly
 - USERLAND: Altered gawk ebuild to work with OpenS/WAN.
 - USERLAND: Temporarily switched back to ntpdate
 - USERLAND*: Atime is now stored for files on /mnt/smb
 - USERLAND*: Files older than 2 months on /mnt/smb/ will be deletd now
 - USERLAND: Changed path to ntpdate in /etc/crontab
 - WI: Updated networking.php

Version 0.7.7 (Heimdall), 2005/09/05
 - KERNEL: Added VFAT for USB stick support
 - USERLAND: Fixed "mouse bug"
 - USERLAND: Longer "sleep" between DSL connection startups
 - USERLAND: Fixed minor /etc/resolv.conf problem
 - USERLAND: Updated all packages
 - USERLAND: Using ntpd instead of ntpclient now
 - USERLAND: Added S.M.A.R.T hard-drive monitoring
 - PF: Fixed minor error in pf and added support for ppp_ in PS
 - PF: Port 123 UDP added to externally available ports
 - WI: Fixed minor error on WI: Hostname wasn't displayed anymore
 - WI: htmlspecialchars() function now used to parse all output
 - WI: Display of codename from /etc/codename added
 - WI: Fixed minor "ipsec eroute" display problem on networking page

Version 0.7.6 (Enki), 2005/08/27
 - KERNEL: Added dummy.c patch
 - KERNEL: Turned out that D-LINK DFE-580TX wasn't supported - fixed
 - KERNEL: Much better hardware support
 - USERLAND: New core.conf format (PBR and TC became one)
 - USERLAND: RRLB became an EXPERIMENTAL feature
 - USERLAND: Minor fixes to RForce and others
 - USERLAND: Minor updates to sendip-ng
 - USERLAND: Gentoo/Knoppix hardware detection added!
 - USERLAND: Mouse support added
 - PF: Selection of schedulers HFSC, HTB and TBF added
 - PF: Selection between normal shaping and IMQ based shaping added
       Though IMQ is partially broken at the moment
 - PF: Can classify on Layer 7
 - PF: Classification is now done in Netfilter :-)
 - PF: ACK and TOS are taken into respect for default classification

Version 0.7.5, 2005/07/08
 - KERNEL: Updated to Kernel 2.6
 - KERNEL: Now using GRSecurity and PAX to enhance security
 - KERNEL: Now using OpenS/WAN 2 with "old" KLIPS instead of KAME
 - USERLAND: GLIBC is now NPTL enabled
 - USERLAND: Binaries will be NPTL compiled from now on
 - USERLAND: Compiler options changed to -march=i686
 - USERLAND: Setup now handles OpenS/WAN 2
 - USERLAND: Migrated from devfs to udev
 - USERLAND: Now using sysfs on /sys
 - USERLAND: Many more IPTables features
 - USERLAND: Now using HFSC instead of HTB to minimize delay
 - USERLAND: What was once HIGHEST in core.conf is now LOWEST
	      and vice versa. Value now describes delay, nor prio

Version 0.7.4, 2005/06/14
 - USERLAND: Better RForce integration into Kaladix
		- Updated RForce init script
		- Updated RForce daemon
		- RForce is now optional
 - USERLAND: New core.conf format version 3.3
 - USERLAND: Added interface specification as mandatory for core.conf
 - USERLAND: Updated DHCPWatch tool 
 - USERLAND: Recompiled all packages with new options
 		- Compiler options changed: -O2 and -i586 by default
		- GCC profile changed: hardened GCC profile by default
		- World profile changed to hardened
 - USERLAND: Fixed minor bug in sendip-ng
 - USERLAND: Added tools for VLAN managment and trunking/bonding
 - USERLAND: Updated Hotsanic to CVS snapshot
 - USERLAND: Heavily modified Hotsanic to suit our needs :-)
 - USERLAND: Apache runs with lower priority now
 - USERLAND: Apache runs with less memory consumption
 - USERLAND: Updated to the latest packages
 - USERLAND: Updated smokeping to 2.0-rc4 and modified it
 - USERLAND: Installed logsentry and AIDE
 - USERLAND: Squid uses default policy now to optimize cache hit count
 - USERLAND: Less cron stuff is run
 - USERLAND: Fixed minor bug in dbread
 - USERLAND: Correctly using packages.provided now
 - USERLAND: Migrated to new and optimized base layout
 - PF: Toggling of linespeed is handled better now
       80% of linespeed if linespeed <= 3Mbit
       linespeed - 800kbit if linespeed > 3Mbit
 - PF: Lagging eliminated when calling pf
 - PF: Heavily optimized traffic shaping
 - PF: Runs with lower priority now
 - PF: Added "clear" statement
 - PF: Lots of other fixes through upgrade to version 0.6.13.2
 - KERNEL: Left out preemption and low latency, turned out to be better
 - KERNEL: SATA and software RAID support
 - KERNEL: Updated Layer7 Filter to version 1.4
 - WI: Show Config in Webinterface
 - WI: Updated WI to support new Hotsanic version
 - WI: Modified latency page a bit
 - WI: Updated RForce Webinterface

Version 0.7.3, 2005/04/25
 - Webinterface authentication updated
 - Updated software packages to most recent versions
 - New Samba share "Images" on /mnt/smb/images
 - New partition layout
 - Support for multiple IPSec Networks over one endpoint
 - Updated Disk-Usage graphs on the Webinterface
 - Updated sendip hostnames
 - New graphs on Webinterface
 
 Version 0.7.2, 2005/03/25
 - Apache runs on port 80 with different home
 - A bug was fixed with IPSec handling in pf which would cause the
   IPSec service to stop
 - IPSec is now restarted on demand via /etc/ppp/ip-up.local
 - Updated software packages to most recent versions
 - Changed copyright information
 
 Version 0.7.1, 2005/03/19
 - Fixed a bug in DSL scripts
 - Various minor improvements
 - Updated software packages to most recent versions
 - Added bash-completion support

Version 0.7 and prior
 - Lots and lots of changes :-)

 * = Login Lanstation specific changes