Release notes from Factory release 1.18.008 to Factory release 1.18.009

Slight change for delayed packets (error packets/responses) affected normal traffic

Release notes from Factory release 1.18.007 to Factory release 1.18.008

Speed lanes were not re-allocated when time profiles changed unless "re-route" also ticked on profile. Fixed

Release notes from Factory release 1.18.005 to Factory release 1.18.007

Slight change in TCP stack for RST responses

Release notes from Factory release 1.18.003 to Factory release 1.18.005

Corrected winter time / summer time change to be 01:00 UTC not 01:00 BST

Release notes from Factory release 1.18.002 to Factory release 1.18.003

Subtle internal error in tunnel handling fixed - could drop some tunnel packets incorrectly.

Release notes from Factory release 1.18.001 to Factory release 1.18.002

Changed URL for manuals and software on FireBrick website.

Release notes from Factory release 1.18.000 to Factory release 1.18.001

Internal changes for factory build - no other changes

Release notes from Factory release 1.16.047 to Factory release 1.18.000

Added bootp server name (sname) and filename (file) options to subnets.
Changed behaviour of DHCP Restrict option - now means that if a name matches any resticted subnet then it can only have IPs from that subnet. Still means names that do not match cannot have IPs from restricted subnets, as before.
Fixed log of refused DHCP request to show IP requested not one being offer instead
Fixed DHCP removal existing IP if out of range IP requested (e.g. laptop moving between sites)
DHCP server now only fields requested in options in request. If no options requested then everything possible is sent.
DHCP server bootp options now server IP and file, not server name.
DHCP server sends lease time even if not in list of requested options as linux does not ask for it then assumes 0, duh!!
DHCP restrict only applies if restricted subnet is in enabled profile
Further tidy of DHCP server to avoid messy duplicate MACs in allocation in some obscure circumstances where previous entry is now invalid.
Added some extra debug logging to DHCP server for when IP allocations change.
Made DHCP server debug messages a bit more consistent.
DHCP status page now allows manual naming of clients which do not send a name - type name and press return.
Added low level interrupt load control for rare cases of stupidly high volume LAN/LAN traffic
Added Fast TOS to speed lanes - making packets with TOS 0x10 (low latency) are not delayed by that speed lane.
Changed tunnel code to preserve TOS of contained packet allowing Fast TOS to be used on tunnelled VoIP traffic.
Changed login slightly to avoid showing username/password in location bar on some broswers.
Fixed bug where LAN and WAN are both DHCP client, but no server on WAN, took ages for LAN to get address.
DHCP server will send SMTP server address if requested by client
TCP SYN+FIN or SYN+RST will now be put through default filter/logging
Slight change to "Fast/TOS" mode. TOS with it 4 or 7 are treated as "priority"
Summer/winter time control only applies if time is actualy set - was creating otherwise spurious log entries.
Changed default TTL from 64 to 100 as some people run tunnels over very strange internet links.
Changed source port for time setting to 1024 not 2 as low source ports caused problems on some firewalls, leased lines and even current linux releases.
Changed default time servers (for factory default)
Incorrect tunnel name for source tunnel traffic on session table, fixed
COrrect time zone on "last login" on users list, was UTC
New bonded uplink feature designed for ADSL line use. See manual for details.
No longer treating the "network" address as a broadcast on the LAN. Ideal as pseudo gateway for bonded uplink feature.
Slight change for ATE operation.
Interface swap option to setup screen so LAN on left and WAN on 4 port hub
Factory reset changed, using port 2 sets DHCP client/server and LAN/WAN reverse, port 3 sets non DHCP and LAN/WAN reverse.
Changed web log output to cater for <, >, and & in the log, e.g. from login attempts (shows as -)
Changes to live sessions talking to/from the FireBrick are dropped if the IP in use changes (for tunnels and DHCP)
Changes of IP on subnets now cause the FireBrick to send a self ARP query to help detect duplicate IPs
Changed email from FireBrick to include text of first email log line at end of subject (also included in body as before) - ideal for SMS'd subjects
Some tunnel and dhcp logging made "events" not "debug", and "debug" entries removed.
Basic SNMP (read only) operation, compatible with mrtg, allowing monitoring of WAN, LAN and speed lanes. Please advise any incompatibility issues.
Profiles can now be set to be dependant on another profile (or not a profile) being active. Ideal for multiple fallback routing.
Profiles can now be dependant on another profile (AND/OR)
Adjusted default master speed lane to 1250KB/s limit
Complete rewrite of SNMP. Now includes responses with correct types for all of the "interfaces" group. snmpwalk is happy. cfgmaker is happy. Please test and advise any problems.
Minor changes to improve speed of software upload on LAN
SNMP now reports interface speed for a speed lane as the highest of the rate *or* cap on a speed lane, as rate alone could be too low and so ignored by mrtg.
Changes to internal operation of user interface - please advise if any problems
Profiles were not being set in some options (e.g. subnet) in SoHo, fixed
Full protocol selection (e.g. GRE, IPSec) now available in SoHo
Bonded uplink now available on SoHo (but not ping scanning or fallback)
Load balanced routing now available in SoHo, but cannot put after subnets like the Plus
Bounce mode for filters now available on SoHo
Filter timeout control now available on SoHo
SYN, bypass and end-log filter options now available on SoHo
Changed UI to non frames, and stylesheets - now works from a P800 - please let me have comments
Added some colour selection to the UI settings allowing the main background to be selected (per user)
Changed so that re-route on profiles clears and FB initiated UDP sessions such as tunnels.
Changed portmap so that if there is a port, but no protocol specific, then the packet has to be TCP or UDP. Previously another protocol other than UDP or TCP would ignore the port and hence match the portmap.
Added second pseudo address to allow bonded uplink as well as load balanced NATing downlink. If using bonded uplink already, set the pseudo address the same as your gateway.
Reversed In/Out for speed lanes on SNMP to be a bit more logical overall.
Minor corrections to user interface - do not use Agatha
Fixed "Clear alert" on Setup.
Changed to link from login as this affected customers using other ports than port 80
Added tunnel source IP address option (useful when using multiple backup routes)
Default IMAP filter changed for IMAP4 (port 143)
It appears that moving filters, or routes, etc, left the firebrick in a state where a reboot would lose the config.
As 1.17.283 (Estelle)

Release notes from Factory release 1.16.039 to Factory release 1.16.047

Minor change to DHCP client for cable modems.

Release notes from Factory release 1.16.000 to Factory release 1.16.039

Minor change so that tunnels within tunnels operate correctly.
Additional tunnel features - tunnel keep alives
Time profiles made more sensitive - now work on a 10 second cycle not 23 seconds
Diagnostics / Counters section now advises WAN and LAN inteface MAC address
Status - sessions screen shows which tunnel traffic is coming from / going to
On main status page, green right hand LED over WAN port was showing LAN port 4's link status not the WAN link status! Fixed

Release notes from Factory release 1.14.011 to Factory release 1.16.000

Security fix to ensure logs only accessable from authorised users
Changed logic for ends to range being detected as masks - allows range to end 255.255.255.255
Various optimisation and minor improvements to internal operation
Significant improvement to speed of tunnel traffic when shared secret is used.
More subnets and speed lanes
Updates for new "reroute" option on profiles used with "same IP" fallback routes
Fixed a side effect of re-routing traffic where it would end up in the wrong speed lane and not tracking re-routed sessions correctly
Changed protocol 41 to name Encap/SIP
Added DHCP DNS addresses to subnet
DHCP allocation was not always re-allocating the oldest unused IP when there was no more space, fixed
Slight change to DHCP protocol messages - tidy up - should have no functional impact.
Adjusted DHCP client renewal slightly - no request IP now in renewal messages where IP is in packet header instead.
Tidied up DHCP debug log messages.
Removed "Broadcast renewal" option from DHCP settings as it was not helpful.
To clarify - DHCP client is now working the same as windows 2000 machines.
Further DHCP change to ensure correct subnet when re-allocating oldest used address
Changed so can edit time profiles times when clock not set
Users shows logged in users
New page in UI, dump?DHCP=1, which produces CSV format DHCP allocation report
End log has extra entry which shows internal flags for session - to be documented.
As 1.15.049 Dolores beta release.

Release notes from Factory release 1.14.000 to Factory release 1.14.011

Various optimisations and minor changes

Release notes from Factory release 1.12.000 to Factory release 1.14.000

Increased number of web sessions handled for admin pages.
Change to the way tunneling works not compatible with older versions.
Route source list did no show "Any" when all interfaces selected, fixed.
Changed tunnel segment reassembly timeout to 2 seconds.
Changed wording for "Force" to "don't segment" on tunnels.
Changed tunnel default outgoing MTU to 576.
Ensured DF bit set on outgoong tunnel packets.
Added source MAC to filter logging.
Added more infor to fragment tunnel error message.
Removed tunnel reassembly timeout log message as this is normal for TCP communications (speeds up until dropping packets).
Fixed input for MTU on tunnel so does not include comma if comma formatted, duh.
Profiles not saving on routes in SoHo, fixed.
Very subtle change such that TCP packets are allowed with FIN and/or RST when filter mode "bypass" is selected. Note filter mode "syn" still requires SYN and not ACK even if filter mode "bypass" also selected. Very specific application so don't worry if this makes no sense to you.
Switched profiles were not showing on quick set up screen if also controlling alert LED, fixed
Obscure error would rest firebrick if handling response for a "Bounce" when session table full
Increase number of port maps to 40 on the Plus.
Internal factory support changes.
DHCP reallocation of oldest unused IP when no space was faulty. Fixed.
Further chnage to handling of DHCP when no allocations left. Previous beta could incorrectly re-use restricted allocation if it was the oldest.
New factory issue, see beta releases 1.13.xxx for details of all changes since last factory release.
Factory reset using hub ports 1, 2 and 3 sometimes did not reset. Port 4 (right) always worked. Fixed
Updated internal operation for additional ATE testing.
All Stealth disable option was not stopping local/subnet broadcasts as well. Fixed

Release notes from Factory release 1.10.000 to Factory release 1.12.000

Changed time profiles so that there is always an option for the profile being off, and hence have removed the "OFF" time profile which is now "Not 24/7" and also removed "ping failure" option as it is "Not" the pinged option (expect for existing configurations still using this)
Made switched profile appear in quick setup screen.
Route list now shows the default gateway as the last routing entry, to make routing order easier to understand
Route list (on plus) now includes an entry marking where the subnets are processed, default at the end before the gateway - but this can now be moved.
Note, downgrading to older configs could cause loss of some config data (reverting to factory defaults). Thsi is fixed, so downdraginge for later versions to this one should not have the same problem.
Changed wording on profile screen to differenciate time controlled and switched profiles
New speed lane feature to allow TCP ACK packets to queue jump speed controls, intended for ADSL uplink speed controls to avoid slowing downlink traffic by delayed ACKs
CHANGE IN OPERATION OF SPEED LANES: The first speed lane is now a master speed lane which is applied after any other speed lane is applied. Most installations will not be affected by this change in operation, but please check your speed lanes carefully after upgrading
Filter profile selection corrected
"Fast" option added to speed lanes allowing them to queue jump the master speed lane (e.g. for VoIP, telnet, etc)
Not showing last month, etc, on counters if clock not set as meaningless
Summer time now set automatically without the firebrick having to be on when the clocks change. To set manually, adjust times for change or set to "Never".
Added debug to show if tunnel packets fragmented
Changed summer time adjust to happen at 1am local winter time. Was happening at 1am UTC, which is fine if you are in the UK
Updated handling of fragments in speed lane to better handle nfs in speed controlled environment
"Knight Rider" effect was not syncing up for multiple firebrick demo, fixed
Profiles can now be set to activate ALERT LED (permanently on) when active or inactive - ideal for ISDN fallback warning
Made default settings not have any "Flash" settings to activate flashing LED as its annoying and not that useful
A recent beta release had broken the profile selection in filters - was always coking up 24/7 although changes took effect.
On SoHo filter profile selection was not being shown even though profiles are now available on SoHo. Fixed.
Internal change for factory Labeling station.
Minor bug in Boris - truncating the firebick name in interface selection
Removed "serial" interface setting as not used.
Fixed bug in Boris truncating serial numbers, sorry.
New Factory release of Douglas.

Release notes from Factory release 1.08.000 to Factory release 1.10.000

General tidy up after changing interrupt handlers
Important security note - the config load and save will now transfer the whole of the configuration regardless of permissions of the user loading and saving. This means that "upload" rights are more significant and should be carefully considered. The config save option is now only available to users with view rights for the upload security level.
Special functions reboot, manufacture, and factory init now added to emergency UI (i.e. when no UI file has been loaded).
IP Protocol 55 was showing as garbage name rather than just 55, fixed
Updated user guide with changes to upload/download security
Three pre-defined time profiles added, 9-5 M-F, 2am Sun, and OFF
Time profile selection added to SoHo model, allowing use of predefined time profiles only
SoHo loading config would lose the tunnel setting, fixed
Slight change of behavior when bombarded with bogus web requests (like some worms do) so TCP sessions cleared more quickly.
Slight change to some debug messages.
Further minor change to TCP timeouts
Minor internal changes for factory setup
Minor change to TCP stack to ensure stupidly low MSS options cannot cause problems (min accepted is 64)
Changed TCP bounce to also set MSS=0 option to "upset" far end stack on some systems (already sends window=0)
New factory release incorporating all 1.9 beta changes. Filter timeouts failed if they were over 999 and formatting with , selected. Fixed
Removed ping scan log option from SoHo as not used.

Release notes from Factory release 1.00.115 to Factory release 1.08.000

Minor change to ethernet drivers
Changed DHCP debug messages to quote netmasks in bitcount format as used on subnet screen
Yet another change on ethernet drivers, very slightly worse performance - anyone who has had problems with FireBricks resetting please try this version and let us know (support@firebrick.co.uk) how it goes, thanks.
Once again we have changed interrupt handling - we have changed the interrupt handling several times to try and resolve an issue. A couple of customers have seen the FireBrick reset unexpectedly, and in some rare cases lose user interface or config. This has been extremely rare, but we finally reproduced it and we believe we have now solved it. The solution that appears to work is a change to interrupt handling which suggests that there may have been a hardware bug in one of the devices when used in a certain mode. Our previous changes have made these resets less likely, but this latest change appears to have stopped the problem completely.
Anyone with a resetting problem, please try this code. If your FireBrick resets at all unexpectedly or behaves strangely with this version, please email support@firebrick.co.uk and let us know. Thank you for your patience.
New factory release correcting interrupt handling issue. See beta releases for more details.

Release notes from Factory release 1.06.053 to Factory release 1.06.056

DHCP requests now correctly include OPTIONS parameter in REQEUEST after DISCOVER - ensuring correct gateway setting on cable modems.
If the DHCP reply does not include a gateway then one is no longer assumed (was assumed as server address)

Release notes from Factory release 1.06.044 to Factory release 1.06.053

Further minor changes to ethernet rx and tx interrupt handling
Fixed portmap display for mapped to IP range when no target IP specified
If we had not ARP data for a packet, it was deferred until we did, and bypassed stats. Fixed.
DHCP renewals were sent to broadcast MAC even when sent to server IP, corrected to use ARP.

Release notes from Factory release 1.06.041 to Factory release 1.06.044

Changed DHCP client to send host name with null termination like windows machines.
Further internal change to ethernet tx handling
Slight layout change on routing screen

Release notes from Factory release 1.06.038 to Factory release 1.06.041

Added TTL to ping scanning
Added percentage based diverse routing