DynFi Firewall Releases

DynFi Firewall Releases

DynFi Firewall v.3.00.000

DynFi Firewall v.2.00.000

DynFi Firewall v.1.00.000

DynFi Firewall v.0.99.000 (Pre-release)

DynFi Firewall Version v.3.00.000

Release Date FreeBSD Version
March 2023 FreeBSD v.13.1

Download Serial and VGA versions:

What’s new in version 3.00.000

The 3.00 release of DynFi Firewall is a release that focuses on stability and integration of new packages as well as binary updates.

The release becomes larger in size and includes most of the essential packages for a professional firewall. Some of these packages have a graphical interface within the firewall (such as Wireguard and FreeRadius) while others do not yet have a graphical interface. This will be added as we develop them further.

Many bugs have been fixed and the stability has been reinforced, thanks to a thorough work of debug of our teams as well as an efficient and qualitative upstream of OPNsense. We are moving to version 22.7.11 of OPNsense Core, the package that synthesizes the developments of OPNsense at this level. At this time, we have reviewed our testing methodologies and implemented new internal development tools to improve the efficiency of testing for most firewall features.

We have also followed up and improved our developments on the DNS Unbound RPZ filtering part by deepening the integration of the 68 filtering thematics pre-integrated in the DynFi Firewall.

Finally we have strengthened our integration of ntop by fixing a problem that appears in the latest version of the package which has also been updated.

  • System level changes:**
    • Updated FreeBSD version to 13.1-Stable
    • Added Wireguard as a FreeBSD kernel module
    • Added translation in the following languages:
      • English
      • Bulgarian
      • Czech
      • Chinese (simplified)
      • French
      • German
      • Greek
      • Indonesian
      • Italian
      • Japanese
      • Korean
      • Norwegian
      • Polish
      • Portuguese (Brazilian)
      • Portuguese (Portugal)
      • Russian
      • Spanish
      • Swedish
      • Turkish
      • Ukrainian

Package Information:

The DynFi firewall has 285 packages. All packages are in the latest version.

New packages are offered with a full interface:

  • OpenRadius
  • Wireguard (kernel module + GUI)
  • Unbound DNS with :
    • a unique RPZ filtering mode
    • dynamic status graphs on RPZ
    • pre-defined lists with more than 65 filtering themes covering more than 14 million sites
  • ntopng and nprobe updates
  • Validation of the operational character of all the packages present on the system
  • Update from OPNsense v.21.10.1 to 22.7.11 and application of several thousand patches upstream.

A number of packages have a GUI available in the DynFi Firewall, while others do not have a GUI yet, but are already present in the system. In the next release we will change the default mode of operation of the packages and make all interfaces available for all installed packages.

However, it is already possible to use all installed packages from the console in CLI mode.

Changes to the graphical interface:

The graphical interface has been extensively debugged, including the following points:

  • Validation of logs writing on the firewall for all processes
  • Tests and debug of Wireguard in Kernel mode
  • Continuation of the integration of Unbound and RPZ filtering lists with :
    • creation of an information mechanism when downloading the lists
    • information on the size of the different RPZ zones to simplify the selection of the zones
    • improvement of the quality of the graphics and the associated display
  • Validation of startup and shutdown scripts for all packages
  • Correction of display problem on VLAN type interfaces
  • Correction of NAT outbound problem on some interfaces
  • Stabilization of routing
  • PHP update to v.8.1
  • Update of Phalcon v.5.1.4

How to upgrade:

Upgrading to version 3.00.000 can be done from version 1.00.000 or verion 2.00.000, either in console mode or from the GUI.

Upgrading from the Console

  1. Access your firewall console
  2. Make sure the firewall has a working name resolution
  3. Select the “12 » Update from Console” choice
  4. Let the procedure run
  5. Reboot at the end of the first installation phase
  6. Re-login to the Console for the second phase of the update
  7. Select again the choice “12 » Update from Console”.
  8. Reboot again at the end of the process

N.B. It is also possible to perform these steps from SSH with “pkg update” / “pkg upgrade”.

Upgrade from GUI:

  1. Access your firewall from its GUI
  2. Login to the “System » Firmware » Status” page
  3. Click on “Check For Update”
  4. The interface will show you the list of packages to update
  5. Run the update and Reboots at the end of this first phase.
  6. Reconnect to your firewall
  7. Login to the “System » Firmware » Status” page
  8. Click on “Check For Update”.
  9. Run the update again and wait for the end of this phase (the GUI being updated you may be briefly disconnected)
  10. Reboot one last time at the end of the procedure.

The update is finished and your firewall is now up to date with the latest version.

DynFi Firewall Version v.2.00.000

Serial and VGA versions download:.

Release Date FreeBSD Version
December 2022 FreeBSD v.13-STABLE

New in version 2.00.000

  • Integration of a complete DNS Firewall module based on RPZ filtering operated from Unbound
    • Provision of pre-integrated filtering lists with tens of millions of URLs (RPZ filtering zones)
    • Integration of RPZ lists within our interface in the Services » Unbound DNS » Filtering Lists section
    • Synchronization and downloading of lists from the graphical interface
    • Modification of Unbound to take into account these new parameters when registering the filtering lists
    • Connecting filtering to an interface
    • Connecting filtering to alias
    • Management of the generation of automatic RPZ configurations
    • Creation of RPZ graphs allowing a complete display of RPZ filtering requests by theme
    • Creation of a dynamic table for downloading lists of the most filtered URLs
    • Ability to export filtering data in CSV format
    • Improved whitelist handling in Unbound
    • Customizable blacklist of a new type

* Note that some filtering lists contain more than 5 million URLs and require a minimum of 8GB of RAM to be loaded comfortably into memory.
** : The aliases connected to the filtering system cannot contain “IP ranges”, they must necessarily contain unitary IP addresses or subnets.

System level changes:

- DFConAg: fixed PHP "deprecated" error
	- Changes on the unbound compilation settings
- Generation of Unbound configuration files for RPZ
- Upgrade to PHP 7.4
- Upgrade to Zabbix 5

Packages upgrades & changes:

- Switch to Q4 ports branch
- Switch to 2022Q2 ports branch
- Fixed Squid package and upstream on FreeBSD 
- Added the following packages available in the base system:
	- outline-ss-server 
	- n2disk
	- ddclient
	- unbound-1.17
	- dynfi-rpz
- The following packages are available via "pkg add" on the DynFi repo: 
	- dns/ddns
	- emulators/qemu-guest-agent
	- emulators/virtualbox-ose-additions-nox11
	- emulators/open-vm-tools@nox11
	- net-mgmt/nrpe3
	- net/freeradius3
	- net/siproxd
	- benchmarks/iperf3
	- dns/bind916
	- dns/ddns
	- emulators/qemu-guest-agent
	- emulators/virtualbox-ose-additions-nox11
	- emulators/open-vm-tools@nox11
	- mail/rspamd
	- net-mgmt/net-snmp
	- net-mgmt/nrpe3
	- net-mgmt/zabbix5-agent
	- net/freeradius3
	- net/frr7
	- net/haproxy23
	- net/siproxd
	- net/wireguard
	- sysutils/lcdproc

Changes to the graphical interface:

- Improved French translations
- Fix log display for :
	- ntopng
	- nprobe
	- clamav
	- c-icap
- Fix Diagnostics/PfInfo pages
- Ajout de l'ensemble des pages consacré à RPZ

Work on the installer:

- Improved verbosity of the progress bar in the installer

Screencast on v.2.00:.

  • A screencast about how to upgrade DynFi Firewall from v.1.00 to v.2.00

  • A screencast about how to install DynFi Firewall on a Proxmox VE

  • A screencast about how to use RPN filtering / DNS firewall on DynFi Firewall

DynFi Firewall Version v.1.00.000

Release Date FreeBSD Version
April 2021 FreeBSD v.13-STABLE

Installer level work:

- New DynFi installer logo
- ZFS activation option  

System modifications:

- Migration from python37 to python3.8
- Migration from 2021Q3 ports branch to 2022Q1
- Follow FreeBSD stable/13
- Add a development branch:  
	- From now on users can switch between following the "Production" branch or "Development" branch.  
	- Development branch will be updated more often but it may came with some regressions.  
- Upgrade opensense-core to v21.10
- Build a crash report server
	- Thanks to that users can send us crash reports directly from their firewall.
- Improve a version reporting:  
	- Previously we manually stored a version of the system.  
    - Currently its generated automatically.  
	- For more details refer to commit: 1f54400c56880eeb0a8a80a780eb3bd06eec479b  
- Add intel-ix-kmod to default installation  
- Drop support for sshlockout_pf  


- Added [nprobe](https://www.ntop.org/products/netflow/nprobe/) and [ntop](https://www.ntop.org/) to a default installation (including embedded menu):  
	- You need to first enable Redis to deploy ntop nprobe  
- We detected errors with frr7 so we downgraded the used version to mitigate problems with current version
- Introduce a meta package dynfi:
	- This makes easier to manage dependencies for default installation  
	- If you are using older version of DynFi it is recommended to install dynfi package after upgrade:  
	- ```# pkg install dynfi```  
- Update ports that are maintained in dynfi-overlay:  
	- Drop suricata from overlay and use a version 6.0.4 from the 2022Q1 branch  
	- Upgrade radvd  
	- Upgrade ifinfo  
	- Upgrade dhcp6c to version v20200512  
	- Upgrade phpseclib to version 2.0.35  
- Add the ldns to default installation  

  • Modification of the graphical interface:
    • Improve French translations
    • Fix DNS resolving in GUI:
      • For more details refer to commit: d39715da82a6f239659f143b1ada54f12c2946e4
    • Reorganize main menu:
      • Merge DynFi menu into one unique menu
      • Globally improve menu structure
      • Enhance log access through top menu
    • Bring back Intrusion Detection Menu
    • Reset “Top-talkers” which was dead :w

DynFi Firewall v.0.99.000 (Pre-release)

Release Date FreeBSD Version
December 2020 FreeBSD v.13-CURRENT

Installer level work:

- General definition of the installer's terms and conditions
- Creation of a UEFI installer
- Production of two images only to cover all the needs: 
	- Creation of an image with a VGA boot 
	- Creation of an image with a Serial boot
- Temporary suspension of the ZFS installer   

Resume OPNsense® source code:

- Switch the project to [poudriere](https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/testing-poudriere.html)
- Creation of a FreeBSD kernel replacing the HardenedBSD kernel
- Remove the OPNsense® update system
- Instantiation of OPNsense® as a system package
- Take over and partially port the OPNsense® code from version 19.7 to 20.1 and 21.7 
- Integration of system packages 
- Modification of configd in order to get the status of the services
- Correction of NetFlow log collection problem 
- Correction of functional problems related to Suricata
- Fixed too high system load related to log filtering from the GUI
- Integration of Squid, C-Icap, Clamav, SMART, Redis packages to the base system:
	- Change of the menu structure  
- General validation of the operational character  

System modifications:

- Debugging of problem in Squid
- Removal of clog and modification of the log system 
- Generalized the use of [newsyslog](https://www.freebsd.org/cgi/man.cgi?newsyslog) 
- Debugging of bugs in FreeBSD 13 on the operation of PPPoE
- Debugging the network drivers of the AMD C-3000 embedded chipset   

Modification of the graphical interface:

- Adaptation of the DynFi theme to the interface
- Change of the menu structure 
	- More logical 
	- Revision of pictograms 
	- Moving some menus 
- Revision of the access modalities to the logs in the whole interface
	- Access from the title bar on the top right 
	- Repositioning of all logs menus from this menu
	- Simplification of access to the configuration sections  

Integration and tests git:

- Choice of a new source manager compatible with the objectives of the project 
- Testing of gitlab 
- Testing of other tools