Skip to content

v7.0.0

Compare
Choose a tag to compare
@NHAS NHAS released this 11 Jun 09:37
· 309 commits to main since this release

A large wrap up release which contains heaps of new features, removes an unused feature and bug fixes.

Most notable:

  • Each rule can now have up to 128 port restrictions (e.g 8080/tcp 8081/udp)
  • MFA routes no longer take precedence over Public routes, preference is now based on route specificity. E.g if you define a /32 route, it will be selected over a /24.

Breaking Changes:

  • Removed upgrade option and associated API as I suspect no-one is using live updating as Im not due to the XDP kernel code changing a large mount

Features:

  • Add kernel version check
  • Add docker image

v6.2.0-pre-release

Features:

  • Change the way rules are composed, if a route is defined multiple times the port restrictions are added to one another rather than the final rule being applied (max of 128 port restrictions per route)
  • MFA and Public/Allow rules can exist for the same route

v6.1.2-pre-release

Bug Fixes:

  • Fixed rules exhibiting different behavior depending on rule order #43 e.g 1.1.1.1 8081/tcp icmp was different to 1.1.1.1 icmp 8081/tcp

v6.1.1-pre-release

Features:

  • Add MFATemplatesDirectory option to allow administrators to define their own templates for MFA pages per request in #36

Changes:

  • Removed duplicate rule detection due to poor design

v6.0.1-pre-release

Breaking Changes:

  • Wag now uses the most specific route to determine if a route is restricted behind MFA or Public. For example:
"Policies": {
    "*": {
        "Mfa": [
             "10.0.1.0/24"
        ],
        "Allow": [
            "10.0.1.2/32"
        ]
    }

While this policy has a blanket restriction to force everything under /24 to require MFA, the single route 10.0.1.2/32 is available to any user without authorisation, as it is more specific.

Features:

  • The wag management UI will now check for updates from github and give a notification if a new version of wag is available. This can be enabled/disabled with CheckUpdates in the config.json, defaultly off.