🚀 QhtLink Firewall v0.3.7 — The "Iron Phoenix" Release

QhtLink Firewall: Advanced Linux Security provides robust, customizable protection for your Linux systems. Discuss features, configurations, and best practices for securing your network with our cutting-edge firewall solutions. Enhance your digital defense and safeguard your data effectively.
Post Reply
daniel
Site Admin
Posts: 29
Joined: Wed May 28, 2025 6:57 pm

🚀 QhtLink Firewall v0.3.7 — The "Iron Phoenix" Release

Post by daniel »

🚀 QhtLink Firewall 0.3.7 “Iron Phoenix” — A Major Leap Forward

We’re proud to announce the release of QhtLink Firewall 0.3.7, codenamed Iron Phoenix.
This update isn’t just another incremental patch — it represents a fundamental evolution of the platform, combining modern nftables support with critical security hardening to deliver a firewall that’s faster, safer, and future‑ready with Quantum Resistance.

🔒 Security First
A full security audit uncovered and remediated several critical issues. Highlights include:
  • Command Injection Prevention — hardened subprocess calls against shell metacharacter exploits.
  • Port Validation — strict numeric checks across all inbound/outbound directives.
  • Privilege Escalation Fix — regex validation for MESSENGER_USER prevents abuse of file ownership.
  • Log Injection Defense — sanitization of control characters ensures clean, trustworthy logs.
  • Resource Leak Fix — corrected filehandle management for stability under high load.
⚡ Native nftables Backend
For modern Linux distributions (CloudLinux 9/10, RHEL9+, Debian 11+, Ubuntu 22.04+), QhtLink Firewall now runs natively on nftables:
  • Atomic ruleset updates — no traffic interruption during changes.
  • Efficient IP blocklists — O(1) lookups with native sets/maps.
  • Built‑in timeouts — temporary blocks without external cron jobs.
  • Unified IPv4/IPv6 handling — simplified, modern netfilter integration.
Legacy systems remain fully supported via iptables, with seamless auto‑detection.

🛠️ Smarter Configuration & Diagnostics
  • Auto‑detect backend: “auto” mode selects nftables when available, falls back to iptables otherwise.
  • Enhanced installer: verifies nft support and recommends optimal backend.
  • Expanded test suite: comprehensive nftables diagnostics, including NAT, conntrack, rate limiting, and logging compatibility.
📑 Upgrade Notes
  1. Backup first: safeguard /etc/qhtlfirewall/.
  2. Automatic migration: existing installs continue with iptables unless nftables is available.
  3. Enable nftables: set FIREWALL_BACKEND = "nftables" in config, restart firewall.
  4. Verify: run qhtlfirewalltest.pl to confirm nftables support.
  5. Rollback: force iptables backend if needed.
🌍 Compatibility Matrix
CloudLinux 9/10 — nftables (native)
RHEL/AlmaLinux 9 — nftables (native)
Debian 11/12 — nftables (native)
Ubuntu 22.04/24.04 — nftables (native)
Legacy RHEL7/CL7 — iptables only
⚠️ Known Issues
  • Third‑party tools that manipulate iptables directly may conflict with nftables backend.
  • Disable firewalld when using QhtLink Firewall with nftables to avoid rule collisions.
✨ Summary
QhtLink Firewall 0.3.7 Iron Phoenix is a major milestone:
  • Hardened against critical security threats.
  • Modernized with nftables for speed, efficiency, and reliability.
  • Backward compatible with legacy environments.
This release positions QhtLink Firewall as a robust, future‑proof security layer for Linux servers, ready to meet the demands of next‑generation hosting and enterprise environments.
Top
Post Reply

Return to “QhtLink Firewall - Advanced Linux Security”