A round of fixes and polish for v1.10.0's new features. See v1.10.0 release notes for what's new in v1.10.0+.
Threat Intelligence
- Direct navigation to drilldowns works correctly - Refreshing or bookmarking a drilldown URL now loads CTI reputation, applies the right filters, shows events for private IPs, and skips the first-collection spinner. Previously several pieces of state were missing when you bypassed the overview tab.
- Source IP geo fixed in port/protocol drilldowns - Private source IPs no longer incorrectly show the destination's country flag and ASN.
- Clickable individual ports in port ranges - Port ranges in the IP drilldown now break out each port as a clickable link.
- Country flags on IP drilldown headers - Direct GeoIP lookup on the drilldown IP so the flag always shows.
- CTI lookup button hides after "unknown" - No point showing a button that won't return anything useful.
Alerts & Scheduling
- Early-stage attack chain alerts - New
threats.attack_chain_attemptevent fires when a source IP reaches 2+ kill chain stages without hitting an end state (e.g., Recon to Attempted Exploitation). The seeded rule is Info-level and disabled by default, for users who want visibility into blocked progressions. - Digest schedule in local time - The schedule editor now shows your server's local timezone instead of raw UTC. Converts to UTC on save.
- "Channels" renamed to "Notification Channels" - Clearer tab label.
Security Audit
- VLAN 1 isolation recommendation fixed - No longer suggests "Enable Isolate Network" for VLAN 1, which isn't possible in UniFi. Added a hint about changing the network's Purpose if the recommendation doesn't apply.
Adaptive SQM
- Blank page when no WAN interfaces detected - Previously showed the deployment status card and nothing else. Now shows an actionable message explaining whether the Console isn't connected or no WANs were found.
- UDMs adopted as APs no longer block WAN detection - A UDM in AP-only mode (e.g., UX7) reports type "udm" but has no active WANs. Previously we'd stop after seeing it. Now continues checking remaining devices.
- Supports up to 6 WAN interfaces - UDMs allow any port to be configured as WAN, so bumped from 4.
- Better WAN detection logging - Full enumeration and filtering pipeline now logged at Info level for easier troubleshooting.
- Terminology updated - "UniFi controller" changed to "UniFi Console" on the SQM page.
Navigation & UI
- Browser back/forward button support - Tab switches on Threats, Wi-Fi Optimizer, and Alerts pages now push URL state so the back button navigates between tabs instead of leaving the page. Threat drilldowns are URL-addressable (
?tab=drilldown&ip=X.X.X.X). - Back button on direct drilldown navigation - Pressing back from a bookmarked/refreshed drilldown URL goes to the overview tab instead of leaving the app.
- Client links use consistent URL routing - Links from Audit, SpeedTest details, and IssuesList all use
?tab=client&client=MACformat.
Proxmox
- OpenSpeedTest port fixed in LXC installs - Was listening on 3000 instead of the configured 3005 due to host networking bypassing port mapping. Switched to bridge networking with proper port mapping.
Installation
Windows: Download the MSI installer below
Docker:
docker compose pull && docker compose up -dmacOS (native, recommended for accurate speed tests vs Docker Desktop):
git clone https://github.com/Ozark-Connect/NetworkOptimizer.git && cd NetworkOptimizer && ./scripts/install-macos-native.sh
# or if you already have it cloned
cd NetworkOptimizer && git pull && ./scripts/install-macos-native.shProxmox:
bash -c "$(curl -fsSL https://raw.githubusercontent.com/Ozark-Connect/NetworkOptimizer/main/scripts/proxmox/install.sh)"For other platforms (Synology, QNAP, Unraid, native Linux), see the Deployment Guide.