Turris OS 7.1.3 is out now!

Dear Turris users,

we just released Turris OS 7.1.3! It is a fix-up release, so you can expect it within three days. There are some small changes to reForis interface, but mainly it is about dynamic firewall and its integration into nftables. There were some conditions where it wouldn’t start properly. But we also extended the integration to allow you to add ip addresses to a whitelist to never get blocked by Dynamic firewall. You can do so by adding the section similar to the following one into /etc/config/sentinel:

config dynfw 'dynfw'
        option enabled '1'
        list whitelist '217.31.192.84'
        list whitelist '2001:1488:ac15:ff80::/64'

As always, if you encounter any issues, please let us know.

5 Likes

My Omnia running as an AP got it already so far so good. Main Omnia router scheduled for 48h more to wait.

1 Like

TO 2016, HBS branch, 2 GB, 2x WiFi, HaaS, RIPE Atlas, Sentinel, lxc, SSD (logs etc), simple config, all seems OK.

1 Like

The following happened on my Turris 1.x router. Is it okay?
2:20am
:pushpin: Updates
• reForis: Update to version 3.2.1
:rocket: New Features
• dynfw: Add option to whitelist IP addresses
:bug: Bug Fixes
• updater-fixes: Automatically change manually installed iptables based packages to nftables based variant

3:30am
:pushpin: Updates
• reForis: Update to version 3.2.0
:bug: Bug Fixes
• miniupnpd: Fix dependencies on firewall
• uboot-tools: More robust handling of U-Boot during update
• user-notify: Adjust notification to to make them less likely to end up in spam

3:30am
Změny provedené updaterem v 2025-01-08T02:29:31+00:00
• Balíček resolver-conf byl ponížen z verze 0.0.5-50 na verzi 0.0.5-49
• Přeinstalován balíček base-files z verze 1517-7.1.3-r20343+130-4e1d1b7df0 na verzi 1517-7.1.2-r20343+130-4e1d1b7df0
• Balíček fix-updater-v65.0-alternatives-update byl ponížen z verze 1-64 na verzi 1-63
• Balíček turris-version byl ponížen z verze 7.1.3 na verzi 7.1.2
• Nainstalován balíček libip6tc verze 1.8.7-7
• Nainstalován balíček libip4tc verze 1.8.7-7
• Nainstalován balíček xtables-legacy verze 1.8.7-7
• Nainstalován balíček iptables-zz-legacy verze 1.8.7-7
• Přeinstalován balíček reforis z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Nainstalován balíček kmod-nf-ipt6 verze 5.15.148-1-10c74a3fc1b7f960ec7b51f92267b9ed
• Nainstalován balíček kmod-ip6tables verze 5.15.148-1-10c74a3fc1b7f960ec7b51f92267b9ed
• Nainstalován balíček ip6tables-zz-legacy verze 1.8.7-7
• Balíček sentinel-firewall-nftables byl ponížen z verze 0.1.5-34 na verzi 0.1.4-32
• Balíček sentinel-dynfw-cert byl ponížen z verze 0.1.5-34 na verzi 0.1.4-32
• Balíček libdynfw byl ponížen z verze 1.3.1-1 na verzi 1.3.0-10
• Balíček sentinel-dynfw-c-client-nftables byl ponížen z verze 1.3.1-1 na verzi 1.3.0-10
• Přeinstalován balíček reforis-l10n-cs z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Přeinstalován balíček reforis-l10n-de z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Odstraněn balíček iptables-nft verze 1.8.7-7
• Odstraněn balíček fix-iptables-to-nftables-packages verze 1-64

1 Like

So my second Omnia running as Router got an update it deleted nicely iptables-zz-legacy and kept iptables-nft I no longer get warnings that legacy iptables detected in mwan3 service. I guess the script fix-iptables-to-nftables-packages did that. Thanks

I think the update broke some things. I think I lost natpmpc and libnatpmp as well as some port forwards. Is this normal? If not I should raise a issue on gitlab, right?
Thanks for reading my noob questions

1 Like