Hello,
I would like to break the wintery silence on this list and give you a little update on the upcoming Core Updates:
We consider Core Update 127 ready for release after rebuilding it a couple of times and fixing some bugs that unfortunately made it into the image. We are going to release it next Wednesday.
On the same day (or preferably earlier), I would like to close Core Update 128 and upload it into testing. It does not have any new features, but brings a new kernel and OpenSSL 1.1.1. For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right? As soon as that is in, the update is ready to be closed from my point of view. Please let me know if you have any further patches.
Then, Core Update 129 will be open for patches. I have a branch that adds support for GRE/VTI routed IPsec tunnels. This is probably a little bit of a niche feature and only relevant for some people who use dynamic routing on IPFire, but it will be a headline feature nevertheless. This is also working very nicely on IPFire 3 for some time :)
Suricata is now tentatively scheduled for Core Update 130. I would have liked to have it in 129, but we still are not done testing. Feedback is a little bit slow and hopefully, we will see a fresh image this week to kick things off again. I have tested a little bit and it works a lot better than snort. It blocks more precisely, it makes good use of the hardware and therefore is a lot faster than snort and that is all in all a really nice thing. Please keep an eye open for this and help us testing. We also need to work on documentation together and make some benchmarks on various hardware to get a good feeling about the performance impact it has.
Best, -Michael