Vuurmuur 0.8.2 release; development update

I’ve just pushed out a minor update to Vuurmuur. Basically a single important bug fix, and lots of minor cleanups.

Both in Github Actions and my local CI I’ve updated the build tests and the scanners like cppcheck.

There are quite a few debs for Ubuntu and Debian. On the rpm side, just Fedora. Since libnetfilter_log is still missing from EPEL, creating CentOS rpms isn’t feasible right now.

For the release, see: https://vuurmuur.org/posts/release-082/

Overall development remains slow. I have 2 main partial dev efforts:

1. nftables support – this allows building a ruleset using nftables. It involves cleaning up the rule generation.

   In the back of my mind here is an idea to support Suricata as a rule engine as well. Suricata is supporting more and more interesting firewall features, where the most interesting things happen on layer 7. But basic L2/L3/L4 support is there as well, minus things like NAT.

2. vuurmuur_conf resize support – something I wish I had done from the start, but alas here we are… Will probably do this step by step as there are so many parts that need updating.

Other than time constrains a thing that I’m consistently struggling with in Vuurmuur is that almost every part of the code I update is something I’d like to do general cleanups for as well. When I started this project over 20 years ago I hardly knew any C, so it’s not surprising there is a lot to be cleaned up…

Another thing I would like to improve is testing, and in general testability. Right now testing is mostly a manual process. In Suricata we have a great regression testing framework to run tests, express expected outcomes, etc. I think Vuurmuur would be greatly helped by something like this as well, esp the rule generation. If anyone has thoughts on this, please let me know.