Agenda
- Out of tree patches? This is becoming a pain
Core Update 127
Suricata
We still need testers?BenchmarksDocumentation
TLS 1.3 - What is the status?- Spring Cleaning?
Banish Addon (https://lists.ipfire.org/pipermail/development/2019-January/005165.html)IPsec GRE/VTI changes- IPFire 3.x - Status Update
- kernel configuration update
- -O2 for glibc
- ...
Maxmind GeoIPDNS over TLS
Attendees
- Erik
- Michael
- Arne
- Peter
- Stefan
- Daniel
Log
Core Update 127
- Loads of small changes
- squid update - must check if configuration suits
- Remove Windows NT 4.0 domain support
- Remove identd
- DNS Forwarding: Allow to disable DNSSEC
Suricata
- Not scheduled for Core Update 128
- Test Images available
- Test feedback coming in from a couple of people
- Stefan's TODO
- Fix user experience
- Daniel & Stevee will perform benchmarks
- Documentation
- Michael's TODO
- Outreach to suricata project, etc.
Maxmind
- The database format that we use is no longer available
- Must migrate to GeoIP2
- Stefan will take care of this https://bugzilla.ipfire.org/show_bug.cgi?id=11959
TLS 1.3 / DNS over TLS
- Erik compiled OpenSSL 1.1.1
- DNS over TLS works in lab
- Wrote a CGI for configuration
- OpenSSL 1.1.1 issues
- RANDFILE: https://bugzilla.ipfire.org/show_bug.cgi?id=11943
- Scheduled for Core Update 128
- Erik says it feels faster than normal DNS
Banish
- Nice to have contributions
- Needs to be integrated into firewall
- Needs to use ipset