v7.0.0
A large wrap up release which contains heaps of new features, removes an unused feature and bug fixes.
Most notable:
- Each rule can now have up to 128 port restrictions (e.g
8080/tcp 8081/udp
) - MFA routes no longer take precedence over Public routes, preference is now based on route specificity. E.g if you define a
/32
route, it will be selected over a/24
.
Breaking Changes:
- Removed
upgrade
option and associated API as I suspect no-one is using live updating as Im not due to the XDP kernel code changing a large mount
Features:
- Add kernel version check
- Add docker image
v6.2.0-pre-release
Features:
- Change the way rules are composed, if a route is defined multiple times the port restrictions are added to one another rather than the final rule being applied (max of 128 port restrictions per route)
- MFA and Public/Allow rules can exist for the same route
v6.1.2-pre-release
Bug Fixes:
- Fixed rules exhibiting different behavior depending on rule order #43 e.g
1.1.1.1 8081/tcp icmp
was different to1.1.1.1 icmp 8081/tcp
v6.1.1-pre-release
Features:
- Add MFATemplatesDirectory option to allow administrators to define their own templates for MFA pages per request in #36
Changes:
- Removed duplicate rule detection due to poor design
v6.0.1-pre-release
Breaking Changes:
- Wag now uses the most specific route to determine if a route is restricted behind MFA or Public. For example:
"Policies": {
"*": {
"Mfa": [
"10.0.1.0/24"
],
"Allow": [
"10.0.1.2/32"
]
}
While this policy has a blanket restriction to force everything under /24 to require MFA, the single route 10.0.1.2/32 is available to any user without authorisation, as it is more specific.
Features:
- The wag management UI will now check for updates from github and give a notification if a new version of wag is available. This can be enabled/disabled with
CheckUpdates
in theconfig.json
, defaultly off.