Re: IPFire 2.21 test report

["Peter Müller" <peter.mueller@link38.eu>]

[-- Attachment #1: Type: text/plain, Size: 2594 bytes --]

Hello,

while testing some firewall stuff, I stumbled across bug #11777
(https://bugzilla.ipfire.org/show_bug.cgi?id=11777): In some cases,
GeoIP country data in firewall rules and WebUI seem to differ. :-(

Since this makes debugging extremely hard and unreliable, could
someone have a look at this please? Sorry for the noise, but this
is a nasty one...

Thanks and best regards,
Peter Müller


> Hello,
> 
> just installed IPFire 2.21 - Core Update 122 on a testing machine.
> 
> Issues noticed during update:
> (a) Update to 122 was not installed automatically, but needs user
> interaction.
> (b) Machine rebooted properly and came up again without manual action
> required.
> (c) WebUI shortly displays "local recursor" for DNS status at
> the main page - DNSSEC status of nameservers, however, is green.
> These were displayed correctly again after ~ 2 minutes.
> (d) NRPE addon required reinstallation (probably due to some
> configuration changes). The service did not appear in the list at
> the WebUI; this needs some bugfixing.
> (e) charon displays connection errors "could not write to socket:
> operation not permitted" which disappeared after ~ 2 minutes and
> everything was properly established.
> 
> Summary:
> Reboot, basic functions			WORKS
> Squid web proxy + URL filter		WORKS
> IDS					WORKS
> OpenVPN (N2N only)			WORKS
> IPsec (N2N only)			WORKS
> SSH					WORKS
> QoS					WORKS
> NRPE					WORKS (after reinstallation, some bugs left)
> 
> CPU load (especially when it comes to HW interrupts) is a bit
> (but not significant) lower than it was while running C120.
> RAM consumption stays at the same level. Entropy is ~ 400 bits
> higher. Kernel reports two interesting log lines on boot:
> 
> 19:02:35 kernel:  alg: No test for seqiv(rfc4106(gcm(aes))) (seqiv(rfc4106-gcm-aesni))
> 
> 18:57:49 kernel:  xt_geoip: loading out-of-tree module taints kernel.
> 
> Just for the records. :-)
> 
> Systems seems to be safe against Spectre/Meltdown:
> 
> /sys/devices/system/cpu/vulnerabilities/meltdown:
> Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:
> Not affected
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:
> Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:
> Mitigation: Full generic retpoline
> 
> In case any issues occur within the next time, I'll let you know.
> Excellent work so far!
> 
> Thanks, and best regards,
> Peter Müller
> 

-- 
"We don't care.  We don't have to.  We're the Phone Company."


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]