Home

Software-update: OPNsense 23.1.8

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.8 uitgebracht en de releasenotes voor die uitgave kunnen hieronderworden gevonden.

OPNsense 23.1.8 released

This update improves IPv6 connectivity, extends module support for the axgbe network driver and fixes a panic with IPv6 refragmentation over policy-based routes amongst others. We are currently testing FreeBSD 13.2 for the upcoming OPNsense 23.7 and it looks promising. Watch out for roadmap updates over the next few weeks as more MVC page conversions are being carried out.

Here are the full patch notes:
  • system: calling return_down_gateways() depends on default gateway switch setting
  • system: open new session if missing to prevent spurious CRSF errors in static pages
  • system: add device hint to empty interface address message in case of mismatch during default route attempt
  • system: add kernel messages to the general system log
  • system: make sure routing log messages all use "ROUTING:" prefix
  • system: print warning for duplicated gateway name
  • system: prefix API key filename with FQDN of this host
  • interfaces: deal with "prefixv6" as an array
  • interfaces: improve address cleanup when handling VIP modifications
  • interfaces: explicitly report current IP address during renewal avoidance
  • interfaces: patch in appropriate rebind/renew DHCPv6 handling
  • interfaces: for static "Use IPv4 connectivity" on PPPoE bring up IPv6 routes as well
  • interfaces: ifctl: fix typo causing content to be printed while adding it
  • interfaces: ifctl: avoid null route on fragile /64 prefix delegation
  • interfaces: ifctl: do not flush name server routes
  • firewall: add "set debug" and "set keepcounters" options to advanced options
  • dhcp: provide run task "static_mapping" to avoid polluting unrelated plugins
  • dnsmasq: use new run task "static_mapping" to collect static mappings from DHCP
  • firmware: show support tiers in plugin list
  • firmware: now that we have a full data model do not overdo cleanup during plugin registration
  • intrusion detection: minor performance improvements when parsing metadata from rules
  • openvpn: fix a warning by passing a desirable empty input containing a slash
  • unbound: fix migration edge case in model version 1.0.3
  • unbound: remove DNS blocklist start syshook causing an unnecessary download during bootup
  • unbound: when called via GET during override creation encode using URLSearchParams()
  • wizard: do not end up duplicating WAN_GW entry
  • mvc: add CIDRToMask() to utilities
  • mvc: prevent config restore when writer has flushed or partly written the file
  • mvc: format BaseModel logger to avoid duplicate timestamps
  • plugins: os-crowdsec 1.0.5
  • plugins: os-acme-client 3.17
  • src: axgbe: fix link issues for gigabit external SFP PHYs and 100/1000 fiber modules
  • src: axgbe: apply RRC to miibus attached PHYs and add support for variable bitrate 25G SFP+ DACs
  • src: axgbe: properly release resource in error case
  • src: ifconfig: improve VLAN identifier parsing
  • src: pfsync: hold b_mtx for callout_stop(pd_tmo)
  • src: pf: remove pd_refs from pfsync
  • src: pf: deal with KPI change bug on stable/13 by redirecting otherwise crashing traffic through ip6_output()
  • ports: curl 8.1.0
  • ports: dhcp6c 20230523
  • ports: lighttpd 1.4.70
  • ports: nss 3.89.1
  • ports: openvpn 2.6.4
  • ports: php 8.1.19
  • ports: suricata 6.0.12

    • Source: Tweakers.net

    Previous

    Next