Router & Proxys

IPCOP

Documentationen (via www.ipcop.org)

IPCop Schnellstartanleitung (v1.x)

Installation Manual (v1.x)

Administration Manual (v1.x)

Netzwerkskizzen

Addon

URL-Filter (via urlfilter.net)

Advanced Proxy (via advproxy.net)

Net-Traffic (via blockouttraffic.de)

Installation von Addons

  • Nach dem Herunterladen des Addons muss es auf den IPCop kopiert werden
  • Kopieren Sie die Datei " Addon_VERSION.tar.gz " auf Ihren IPCop (mit Hilfe von SCP oder WinSCP bzw. FileZilla) nach " /tmp/ "
  • Entpacken des Archivs mit " tar zxvf Addon_VERSION.tar.gz "
  • Wechseln in den Ordner: " cd Addon_VERSION "
  • Installieren mit "./install" bzw. "./setup. (Readme lesen)
  • Nach erfolgreicher Installation kann der Ordner wieder gelöscht werden

IPCop Konfiguration in der internetLOUNGE

Hardware
Fujitsu Siemens
Pentium III
933 MHz
Software
IPCop Version: 1.4.21
Advanced Proxy
URL Filter
Net-Traffic

sonstige

IPCop Hardware Compatibility List (via rkaehler.de)

IPFIRE

IPFire 2.19 - Core Update 119 released

This is the release announcement for IPFire 2.19 – Core Update 119. It updates the toolchain of the distribution and fixes a number of smaller bug and security issues. Therefore this update is another one of a series of general housekeeping updates to make IPFire better, faster and of course more secure!

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyone’s work with your donation!

Toolchain Updates

The toolchain is a collection of programs that is used to build the distribution. One of the most important one is the compiler GCC which has been updated to version 7.3.0 which mainly adds support for retpoline. This is needed to build protection against Spectre into newer kernels.

The main C library, glibc, has been updated to version 2.27 and brings various stability fixes, performance improvents and bug fixes.

Other toolchain packages that have been updated: binutils 2.30, ccache 3.4.1, diffutils 3.1.6, swig 3.0.12

Security-Relevant Changes

  • On the OpenVPN configuration page, ciphers that are considered weak are now marked as such and we do not recommend using any of these.
  • strongswan’s certificate parser had a vulnerability (CVE-2018-6459)
  • Programs that use the C++ standard library are being recompiled to perform extra out-of-bounds checks that are cheap, but add some extra security.
  • dma, the Dragonfly Mail Agent, was hardcoded to only use TLSv1.0 which has been patched to always use the best available protocol version of TLS that is available.
  • The Apache server signature is now fully hidden

Misc

  • Reverse lookup zones did not work and have been fixed
  • IPsec subnets for tunnels that route multiple networks are now shown correctly on the start page
  • Updated packages: hostname 3.20, iproute2 4.14.1, pam 1.30.0
  • Support for ISDN was removed
  • Userspace tools for I2C busses have been added

Add-Ons

The following packages have been updated: asterisk 13.18.5, bacula 9.0.6, bwm-ng 0.6.1-f54b3fa, flac 1.3.2, haproxy 1.8.0, nginx 1.13.7, nut 2.7.4, openvmtools 10.2.0, postfix 3.2.4, powertop 2.9, sarg 2.3.11, stunnel 5.44

These packages have been dropped and will be removed with this Core Update: lcr, mysql which was very outdated and is not needed by any add-ons.


IPFire 2.19 - Core Update 118 released

Hello community,

this is the official release announcement for IPFire 2.19 – Core Update 118. It comes with a number of security and bug fixes as well as some new features. Please note the that we are dropping support for some add-ons.

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyone’s work with your donation!

Spring Clean

It is the time of the year where we reviewed large parts of the distribution and decided to drop support for various packages and add-ons that cannot be maintained any more:

Most importantly, this Core Update drops support for PHP and therefore various add-ons that rely on it. We have taken that decision some while ago without any objections and first dropped all add-ons that are not supported and updated by their respective authors and maintainers. That left us with only one package that needed PHP but also be installed anywhere else.

PHP is a huge problem to maintain and does not really have a place on a firewall in 2018. Our web user interface is entirely independent and since we value security more than anything else, we have decided to drop support for PHP with this Core Update.

If you have anything installed manually that requires PHP, please move it to another web server before installing this Core Update.

Add-ons that have also been dropped: cacti, openmailadmin, phpSANE, nagios because icinga is available, nagiosql, mediatomb, owncloud

Meltdown/Spectre

This Core Update originally contained the microcode updates that Intel has now pulled from public release. Since they make the system very unstable and cause random reboots and reportedly can render some systems unbootable, we decided to remove them from the update again.

So far due to the hardening Meltdown exploits do not work on IPFire although this still is a hardware bug and software can only be modified to mitigate this massive problem. Over the coming days and weeks we will continue to work on providing a solution that mitigates all problems, but so far we are not in a position to have patches for Linux that fix them all and are at the same time complete and stable enough to be released.

Security Improvements

  • The list of Certificate Authorities has been updated and various CAs have been removed
  • Users are now warned that 3DES and 1024 bit long RSA keys are considered “weak” cryptography
  • Content Security Policy headers have been added to the web user interface and Captive portal pages so that browsers are prevented to load any resources from external sites

Update Accelerator Improvements

Justin Luth has contributed fixes and improvements for the Update Accelerator which has sometimes re-downloaded files with special characters in the URL (#10504).

He has also improved caching of Microsoft updates which is now based on a checksum of the update file (#11558).

Misc

  • squid, the web proxy, has been patched against a security vulnerability in its HTTP parser (SA 2018:2)
  • GeoIP information has been added to some pages on the web user interface
  • Updated packages: bind 9.11.2-P1, dmidecode 3.1, glib2 2.54.3, gzip 1.9, hdparm 9.53, openssh 7.6p1, sed 4.4, snort 2.9.11.1, unbound 1.6.8, wget 1.9.4
  • fireinfo is now submitting all profiles over HTTPS
  • The LZ4 compression library is now shipped

Add-Ons

New Add-ons
  • mdns-repeater is now being packages which is a tool that relays mDNS messages from one network segment to another one. That helps devices like printers and other IoT devices to be auto-discovered from the GREEN network when they are connected to the BLUE one and vice-versa.
Updates
  • tor 0.3.2.9
  • nano 2.9.2
  • clamav 0.99.3 which fixes various severe security vulnerabilities
  • libvirt has been updated to version 4.0
  • qemu 2.11
  • Smaller packages updated for qemu & libvirt: opus 1.2.1, spice 0.14

FLI4L

Release der stabilen fli4l Version 3.10.13

Nach gut drei Monaten Entwicklung stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.12

Nach etwas mehr als drei Monaten Entwicklungsphase stellt das fli4l-Team das nächste stabile...

Aktualisierung des wöchentlichen Tarballs verfügbar

Nachdem nun die neue Entwicklungsserver installiert und konfiguriert sind, nochmals vielen Dank an...

Release der stabilen fli4l Version 3.10.11

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.10

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Build von fli4l-Archiven bricht unter Windows 10 (1703) mit Fehler ab

Bei Tests mit dem ab dem 11. April durch Microsoft ausgerollten Update für Windows 10 auf die...

Release der stabilen fli4l Version 3.10.9

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächstestabile Release der...

Release der stabilen fli4l Version 3.10.8

Nach knapp dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release der...

Release der stabilen fli4l Version 3.10.7

Nach rund dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release...

Release der stabilen fli4l Version 3.10.6

Nach rund dreimonatiger Entwicklungsphase stellt das fli4l-Team das nächste stabile Release...

LEG LOS! Anlaufstelle für Jugendmedienarbeit Berlin-Lichtenberg 2006-2017