From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Core Update 164 (testing) report Date: Wed, 23 Feb 2022 20:43:08 +0000 Message-ID: <31401956-2d4f-a4b6-ee91-dbc62bc93d14@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5019734919709588280==" List-Id: --===============5019734919709588280== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello development folks, Core Update 164 (testing; see: https://blog.ipfire.org/post/ipfire-2-27-core-= update-164-is-available-for-testing) is running here for about three days by now without any major issues known so= far. While the updated kernel should fix XHCI issues affecting a relatively small = fraction of our userbase pretty badly (see #12750), I was unable to confirm it does, a= s I do not have physical access to the only board affected in my environment. Also, = I am not aware of any community feedback on this, too. Let's hope we'll hear about thi= s soon... Although not mentioned in the testing announcement due to ${reasons}, this up= date contains the "multiple IPS ruleset providers" by Stefan, also working fine. T= hanks for that, too! While the DROP_HOSTILE stuff works well and I have not yet read any complaint= about it, there is a decent amount of apparently legitimate packets being logged (and s= ubsequently) dropped as conntrack INVALIDs. Other users notice this as well. I do not really see this as an issue: We now _know_ conntrack is dropping sub= stantially more packets than we expected it to do, and can investigate on why it does th= is. Yay. Tested IPFire functionalities in detail: - PPPoE dial-up via a DSL connection - IPsec (N2N connections only) - Squid (authentication enabled, using an upstream proxy) - OpenVPN (RW connections only) - IPS/Suricata (with Emerging Threats community ruleset enabled) - Guardian - Quality of Service - DNS (using DNS over TLS and strict QNAME minimisation) - Dynamic DNS - Tor (relay mode) I am looking forward to the release of Core Update 164. Thanks, and best regards, Peter M=C3=BCller --===============5019734919709588280==--