Release notes from version 2.01.101 to 2.02.007

ACME

• Allow letsencrypt without specifying an email address (assuming agreed elsewhere)

ARP

• Make queued packets be more likely to be recent (and thus useful)
• Clear out stale entries more efficiently

BGP

• Don't wait for shutdown time if sessions are not established
• Fix rare crash on ignored BGP updates

CQM

• Slightly faster bulk ping loading
• Don't keep updating layout whilst loading many graphs

DHCP

• Fix crash when repeatedly exercising certain paths through DHCPv6

Ethernet

• Turn off ports that aren't in any port group
• Extra 10GB port diagnostics for debug users

Firewall

• Add options for using TTL as part of firewalling decisions
• Fix errors around session timer rollover
• Bugfix for display of PCP sessions

HTTP

• Support chunked transfer encoding in client

IP

• Don't report incorrect source address when sending ICMP messages

IPsec

• Fix rare crash on disconnection

Internal

• Improved checking when freeing internal memory

LACP

• Disable LACP on ports not in a portgroup
• Don't use LACP for solitary ports unless LACP trunk is set in config
• Improve layout of LACP diagnostic

Logging

• Prevent syslog-email holding up config changes under certain circumstances

MQTT

• Clean up after closures in a more timely manner
• Fix session counting issue when TCP fails to accept
• Support for large packets

NTP

• Respect table default source IP

OS

• Improve diagnostics for certain classes of deadlock
• Delay automatic upgrades until at least 10 mins after boot
• Don't clear image penalties on successful shutdown
• Fix rare watchdog
• Force hard reboot when booting block 0 (bootloader)

OSPF

• Try to remove some potential races

PPPoE

• Show MAC address for server and client
• Correctly remember our own PPPoE IP when configured from RADIUS

Ping

• Only accept correct ping replies as valid responses to a ping

Profile

• Initialise state when profile becomes (or ceases being) a control switch
• HomeAssistant auto config for switch and binary sensor
• Fix potential race when saving profile switch state
• Add option to allow any reply (not just ping response) to count for ping profiles

Routing

• Fix rare crash when changing routes for subnets
• Improve layout for routing diagnostic tool

SIP

• Improve response handling

Strack

• Fix total active sessions count

TCP

• Improvements
• Avoid rare deadlock in internal TCP code

TLS

• ECDSA support
• Fix incorrect object identifier for SHA224

Telnet

• Fix crash in telnet

VoIP

• Improve preauth opt out settings
• Improve handling of NATted signalling
• Improved diagnostics and potential fixes for watchdog

Web UI

• Add tab completion to XML editor
• Show larger traffic graphs on ports page
• More reliable HTTP POST handling in some error circumstances
• Report last port up/down time
• Fix IPv6 peer address in BGP compare
• Add filtering to firewall
• Allow eye diagram styling to match colour choices
• Show free buffer count in buffer statistics report
• Improve display of bonded routes
• Fix display of bootloader upgrades
• Fix uploading of small images (e.g. 9000 AUX builds)
• Improve wording and display of reboot delay time and countdowns
• Improve error reporting when config upload fails in editor
• Fix QR display when creating OTP
• Add LACP status for debug users
• Filtering on L2TP sessions page
• Update FireBrick website link
• Avoid truncating long routing diagnostic output

Release notes from version 2.00.100 to 2.01.101

• Avoid rare CPU hangs (must be upgraded with bootloader and power-cycled, contact support for info)

ARP

• Better handling when sending many messages to non-existant locally connected targets

BGP

• Shutdown more cleanly on profile disabling
• Log which AS we are rejecting if it doesn't match
• Fix incorrectly reported exports with multiple tables in play
• Remove inaccurate/confusing status text
• Fix potential crash with flappy routes and multiple peers
• Avoid some potential crashes with repeated config updates

CLI

• Add filtering by table to "show bgp peer/summary" and "show route nexthop"

CQM

• Increase number of pings that can be bulk loaded
• Treat graph names consistently case sensitively
• Allow automatic ping graphs to be configured for DHCP entries
• Correct UDP checksum for shared shapers and add status page

Config

• Disable legacy time server (port 37) by default
• Make it easier to find banner background option
• Some improvements to demo mode

DHCP

• Improve handling of locked entries
• Fix crash when serving certain requests
• Add support for the "rebinding" state in client
• Send server ID when in "selecting" state
• Allow DHCP6 client to be configured directly (not via RA)

DNS

• Fix race that could (very rarely) result in mangled packets whilst relaying

Diagnostics

• Add config option to dump some of the stack on certain classes of crash
• Improve reporting for certain kinds of hang
• Improve mutex acquisition timeout diagnostic
• Report contextual panics from additional CPUs in some instances

Ethernet

• Fix rare 10G port initialisation state issue
• Don't report spurious SFP diagnostic values
• Support more copper SFP+ modules

FB105

• Improve speed of obfuscation
• Fix rare crash

Firewall

• Improve efficiency of firewall timeouts
• Add obfuscation options
• Fix crash due to code optimisation
• Fix race on one sided session reuse

HA

• Fix for handling special packets and other tunnels within HA L2TP tunnels

IPv6

• Fix issue with duff broadcast address in some RAs

L2TP

• Add speed settings to L2TP local authentication
• Config option for L2TP IPv6 tunnels without a checksum
• Avoid rare crash fetching status
• Add option to send Operator-Name on a per basis
• Support specifying the source IP for payload traffic

LACP

• Hot standby mode selection for wider switch compatibility

LEDs

• Fix knightrider on boot

Logging

• Log L2TP RADIUS errors to the RADIUS debug log (instead of the system one)
• Add a log for a user's events (currently logins)
• Report hardware watchdogs to support
• Log slow config load functions to sys debug
• Log bootloader upgrades
• Improve detail in some logs
• Shorten TCP connection timeout for email logs
• Change VRRP not found to debug

MQTT

• Fix retained message handling timeouts
• Fix a couple of rare crashes
• Drop oversize QOS0 messages
• Global option to send retain flag to clients (default on).
• Correct sending retain to clients only for old retained messages not new ones after subscription established
• Fix where subscriptions could get overwritten in some cases
• Fix CPU spikes that can grow with uptime

Manual

• Explain the 2 types of defaulting in the XSD
• Improve layout slightly
• Corrections to 'Getting Started' chapter
• Remove some out of date screenshots
• Improve LACP standby explanation

NTP

• Use MD5 hash for reference ID of IPv6 time sources

OS

• Eliminate very rare crash under high load when out of buffers
• Improve resiliance to traffic directed at the FireBrick
• Tweak setup of 10GB hardware
• Use cached memory in more situations
• Fix rare race in flash
• Handle devices that don't respond to unicast ARP (Starlink) more gracefully
• Additional type of watchdog for catching rogue high priority threads

PPPoE

• Add an additional profile to prevent responding to PADI messages
• Allow omitting of automatic caller-id end
• Show the acname correctly in status
• Report PPPoE info more reliably on L2TP sessions page

Ping

• Don't crash when we cannot create ping from config (because too many have already been bulk loaded)

Profiles

• Allow control switches to be set from the menu (and allow them to be locked for sensitive ones)

RADIUS

• Drop legacy AOR AVP number
• Fix issue with RX shapers and CoA
• Make status mechanism more in line with other services

Routing

• Fix loop detection in source IP determination
• Add debug user command for dumping internal state of routing
• Fix bug that could cause routes to transiently appear as NULL in the forwarding table

SNMP

• Fixes for L2TP SNMP
• Fix bug which can occur when encoding zero values

Sampling

• Fix rare crash when changing interface config as a sample is taken

Software upgrade

• Add button for downloading latest software without rebooting

TCP

• Add option for TCP stealth mode for the FireBrick itself (without using the firewall)

Telnet

• Fix rare crash when quickly creating multiple telnet sessions
• Add task stat clear command

VOIP

• Improve logging

VRRP

• Show time in a given state

Watchdog

• Fix issue with monitoring of CPU cores that could result in a lack of debug info
• Additional context for rare watchdog

Web UI

• Add DNS cache state status (for debug users)
• Make the status page clearer during reboots
• Modify UI layout to avoid a couple of strange looking edge cases
• Allow an additional level of submenus
• Allow menus to be expanded and collapsed interactively
• Scroll tables horizontally if they don't fit in the page
• Reorganise the menu entries
• Add button for clearing flash penalties (debug user)
• CSS hinting tweaks
• Add a page for unit info
• Put intro text in page header
• Ensure profile switches show up to date status over config change
• Fix issue where test/save buttons could appear twice after repeated config test edits
• Reword software upgrade page
• Optionally group control switches in menu
• Accept connections from "trusted" (but not "allowed") hosts during ACME renewal
• Group profile buttons on home page
• Fix issue that could cause live logging to use CPU excessively
• UI tweaks

Firewall

• Increase priority of firewall event processing task

Release notes from version 1.61.010 to 2.00.100

• Internal code changes to slightly improve performance
• Remove temporary test code

ARP

• Recover faster from certain subnet changes
• Slightly improve ARP queue timeout handling for entries that do not resolve but are in constant use.

Aux

• Enable upgrading of AUX firmware
• Aux 1.0

BGP

• Shutdown timeout - be tolerant of negative NTP adjustments
• Add profile to peer list in config editor
• Check that peers define unique connections
• Improvements to graceful restart
• Improve connection handling
• Fix issue with GET method for new SNMP OIDs
• Additional states for shutdown and preshutdown in new OIDs
• Add prefix limit info to SNMP
• Include held routes in the count of imported prefixes
• Improvements and bugfixes
• Intersperse connection handling better

CQM

• Calculate times for XML output the same way as for images
• Handle extremely low ping latencies better

Config

• Added auto-backup-url to config to POST changed config
• Improve config patch mechanism
• Fix "*" parsing for port ranges

DNS

• Prevent forwarding of other types for overridden DNS entries

Ethernet

• Allow assignment of specific MAC addresses to subnets and interfaces

Firewall

• Only ARP targets in overlapping subnets if we would allow traffic to them
• Improve source IP selection when NAT is targetting overlapping subnets
• Add more detail to firewall diagnostic

IPsec

• Remove path by which eap-user restrictions could be evaded by some clients

IPv6

• Advertise a /64 for PD SLAAC (even if the delegated prefix is larger)
• Introduce a list of ra-subnet-template on interfaces to allow setting of options for RA generated subnets (replaces ra-client)
• Prevent prefix delegation on linked interfaces (including by implicit defaults)
• Fix issue with RA and ignore_dns that can cause subnets to be recreated

Internal

• Mitigation for rare watchdog
• Improve resource utilisation of streams

L2TP

• Add calling/called station IDs to L2TP session status
• Fix crash with packets claiming different lengths in different ways
• Allow IPv6 DNS to be overridden via RADIUS
• Don't kill tunnels immediately when profiling off incoming
• Report the correct number of packets for TX and RX

LACP

• Advertise additional links as standby when it makes sense to do so
• Put secondary links in hot standby when speed limited by hardware
• Handle badly behaved link partner better

Logging

• Increase internal logging capacity

MQTT

• Reconnect faster on "external" config changes and improve status
• Add MQTT support (FB9000)
• Fix issue where tx is available late

Manual

• Add more commands to the manual
• Improve MIB appendix

OSPF

• Fix crash when config changed repeatedly very rapidly

PPPoE

• Fix typo on PPP status page
• Don't accept PPPoE inbound connections if the matching incoming is profiled off
• Log sending the PADR

Pcap

• Make labels on pcap form slightly better
• Support multiple IPs and ranges in the filtering

Profiles

• Add uptime test to allow staggered starting of services
• Evaluate conditions when adding (to avoid flapping without careful choice of initial)

Routing

• Remove 6to4 (2002:) IP mapping
• Add tunnel IDs to routing diagnostic summary
• Avoid sending packets with potentially inappropriate source IPs (applies to overlapping subnets mainly)
• Force immediate reconsideration routes when related gateways have expired

SNMP

• Add system memory utilisation to SNMP
• Make buffer statistics reflect new reality (that most buffers are in a global pool)

Serial

• Fix rare crash on boot

TCP

• Improve preempting of TCP connections in the timewait state
• Limit accept queues more consistently
• Reduce resource usage when in TIME-WAIT

TLS

• Add connection count to 1 second stats

VRRP

• Take notice of the profile on the parent interface

VoIP

• Improve how VOIP logging reads

Web UI

• Improve profile switch behaviour when clicked fast repeatedly
• Config option to change colours of user interface
• Add buttons to config editor for reordering items in ordered lists
• Darker background for select multiple selections
• Avoid underflow when showing number of seconds remaining for config test (cosmetic)
• Added warning that config save is recommended
• Tidy up config edit page
• Improve layout of BGP buttons
• Show reboot now option when shutting down
• Wrap lines in XML editor on first load
• Buttons to delete flash blocks as a DEBUG user
• Click on headings to sort status tables
• Provide load indicator on Status page
• Suppress iphone phone number autodetection (so it doesn't pick up the serial number)
• Add arrows (ascending and descending) to sorting
• Record txnodesc more like other ethernet stats
• Add ability to view old configurations and boot alternative images to flash contents (as DEBUG)
• Reorder ping form
• Tweak upload styling
• Show route diagnostic in prefix order

Config

• Small improvements to the auto backup feature to make it nicer