Software-update: OPNsense 23.1.6
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.6 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:
OPNsense 23.1.6 releasedTwo major improvements being shipped today are standalone core DNS support for Bind and Dnscrypt-Proxy plugins as well as OpenVPN group firewall alias type. The latter makes it easier to manage distinct policies for connected VPN users. For more details please refer to the documentation listed below.
The other honorable mention is the netmap work we have been doing with Zenarmor and Klara on the FreeBSD kernel side which brings bridge device support as well as a considerable improvement to the emulated mode where several packet stalls and mbuf leaks have been identified and subsequently fixed. This should have an operational impact on Suricata (IPS mode) and Zenarmor. The state is much better now but please do not hesitate to contact us about issues that you might still be having with netmap-based packet flows as the topic is a rather complex one.
Orange FR users be aware that your ISP now requires strict VLAN PCP on all DHCPv4 requests so please do set 'Use VLAN priority' interface setting for both DHCPv4 and DHCPv6. The 'Option Modifiers' override for "vlan-pcp" in DHCPv4 can be removed and the documentation was updated accordingly.
Here are the full patch notes:system: register DNS service ports for unified use across core and pluginssystem: serialize deferred requests for web GUI restartsystem: relocate API messages to backend log target as they currently end up in captive portal logssystem: remove /31 subnet restriction in wizardsystem: use data attribute to find existing rows in service widget to avoid special character issues (contributed by Alexander O'Mara)system: allow non-system group delete after faulty PHP 8 warning fix (contributed by kulikov-a)system: handle empty DNS server gateway (contributed by Nicolas Thumann)reporting: translate invalid interface name characters for NetFlow/Netgraph usereporting: sort interfaces by description in health graphsinterfaces: ping diagnostic tool was rewritten using MVC/APIinterfaces: allow to set PCP value on IPv4 DHCP traffic to address recent Orange FR changesfirewall: allow to create aliases for logged-in OpenVPN usersfirewall: leave out fractional seconds from timestamps in aliasesfirewall: fix progress bar default value (contributed by Nicolas Thumann)dhcp: fix too many addresses issue in radvd RDNSS settingdhcp: add missing double quotes in hostname handlingfirmware: remove flavouring support from update toolsipsec: pull data for dashboard widget exclusively from backendipsec: move XAuth out of "IKE Extensions" blockipsec: add connection child as option for manual SPDsipsec: another small GUI fix for basic log option in advanced settingsopenvpn: fix dashboard widget and add missing byte data to status callplugins: os-bind 1.26plugins: os-crowdsec 1.0.4plugins: os-ddclient 1.12plugins: os-dnscrypt-proxy 1.13plugins: os-nginx 1.32plugins: os-upnp now allows subnet mask 0 in rules (contributed by Reiko Asakura)src: bridge: add support for emulated netmap modesrc: epair: also remove vlan metadata from mbufssrc: ifconfig: fix configuring if_bridge with additional operating parameterssrc: netmap: fix queue stalls with generic interfacessrc: netmap: assorted upstream stable patchessrc: sched_ule: assorted fixes to address issues on newer AMD platformsports: curl 8.0.1ports: ifinfo now also prints interface index (contributed by Nicolas Thumann)ports: php 8.1.17
system: register DNS service ports for unified use across core and pluginssystem: serialize deferred requests for web GUI restartsystem: relocate API messages to backend log target as they currently end up in captive portal logssystem: remove /31 subnet restriction in wizardsystem: use data attribute to find existing rows in service widget to avoid special character issues (contributed by Alexander O'Mara)system: allow non-system group delete after faulty PHP 8 warning fix (contributed by kulikov-a)system: handle empty DNS server gateway (contributed by Nicolas Thumann)reporting: translate invalid interface name characters for NetFlow/Netgraph usereporting: sort interfaces by description in health graphsinterfaces: ping diagnostic tool was rewritten using MVC/APIinterfaces: allow to set PCP value on IPv4 DHCP traffic to address recent Orange FR changesfirewall: allow to create aliases for logged-in OpenVPN usersfirewall: leave out fractional seconds from timestamps in aliasesfirewall: fix progress bar default value (contributed by Nicolas Thumann)dhcp: fix too many addresses issue in radvd RDNSS settingdhcp: add missing double quotes in hostname handlingfirmware: remove flavouring support from update toolsipsec: pull data for dashboard widget exclusively from backendipsec: move XAuth out of "IKE Extensions" blockipsec: add connection child as option for manual SPDsipsec: another small GUI fix for basic log option in advanced settingsopenvpn: fix dashboard widget and add missing byte data to status callplugins: os-bind 1.26plugins: os-crowdsec 1.0.4plugins: os-ddclient 1.12plugins: os-dnscrypt-proxy 1.13plugins: os-nginx 1.32plugins: os-upnp now allows subnet mask 0 in rules (contributed by Reiko Asakura)src: bridge: add support for emulated netmap modesrc: epair: also remove vlan metadata from mbufssrc: ifconfig: fix configuring if_bridge with additional operating parameterssrc: netmap: fix queue stalls with generic interfacessrc: netmap: assorted upstream stable patchessrc: sched_ule: assorted fixes to address issues on newer AMD platformsports: curl 8.0.1ports: ifinfo now also prints interface index (contributed by Nicolas Thumann)ports: php 8.1.17
Source:
Tweakers.net