Release Notes
version 2.5.0 (2022-11-07)
- DiscrimiNAT now supports load balancing, high availability and auto scaling with AWS' Gateway Load Balancer (GWLB).
- With the GWLB, the RTO for DiscrimiNAT is reduced from ~120 seconds to 10 seconds!
- New
-gwlbTerraform module published at the registry to deploy a load balancing, highly available and an auto scaling set of DiscrimiNAT Firewalls.
Breaking Changes
- CloudWatch log group name changed from
discrimiNATtoDiscrimiNAT. The first letter of the word DiscrimiNAT is, and going-fowards will be, in upper-case. - IAM Policy has been updated to reflect the upper-case letter D.
- AMI name has seen the same change.
- A new patch version, 2.4.1, of the ENI Terraform module has been released that constrains it to DiscrimiNAT version 2.4.x AMIs only. The ENI Terraform module will be updated in due course to support DiscrimiNAT version 2.5.x and onwards.
version 2.4.2 (2022-10-11)
- improved connection handling for very short lived TLS connections with specific server-side implementations (such as Envoy Proxy)
version 2.4.1 (2022-05-11)
- fixed a sporadic connection reset issue, that emitted
unexpected responsein the logs, and which only occurred in thesee-thrumonitoring mode while connecting to a destination at very high latency
version 2.4.0 (2022-03-01)
- new warning message in config logs when a connection test to an FQDN, carried out by discrimiNAT itself, in any allowlist fails
- added support for self-attaching an allocated Elastic IP
- discrimiNAT's own instance ID added to every log line under the key
instance, indicating which instance the log line was emitted from - updated TLS ECH draft extension identifiers
version 2.2.0 (2021-09-06)
- see-thru mode introduced; build allowlists super-quick by putting a Security Group in monitor mode first
- serverless support introduced; Lambdas etc. with an interface in the VPC will have their outbound traffic filtered
- full bypass hook added; please reach out to support for instructions on this
version 2.1.0 (2021-08-19)
- improved handling for a large number of FQDNs in the allowlists
- updated TLS ECH draft extension identifiers
version 2.0.5 (2021-05-11)
- restricted firewall rule scanning to the same VPC as discrimiNAT firewall was deployed in
version 2.0.4 (2021-04-07)
- updated TLS ECH draft extension identifiers
version 2.0.3 (2020-11-10)
- v2 launch
- completely new architecture addressing the potential for mismatch of IPs addresses as looked up by a protected workload from the VPC resolver and as looked up by the discrimiNAT firewall
- rewritten in Rust
version 20200524 (2020-05-27)
available on request; v1 is now deprecated; please upgrade to v2
version 20200516 (2020-05-20)
available on request; v1 is now deprecated; please upgrade to v2
version 20191207 (2019-12-10)
available on request; v1 is now deprecated; please upgrade to v2
version 20191108 (2019-11-12)
available on request; v1 is now deprecated; please upgrade to v2
version 20190911 (2019-09-13)
- v1 launch