Software-update: OPNsense 23.7.2
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.7.2 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 23.7.2 releasedAssorted improvements are being shipped with this release. Of special note is the proper monitoring of down gateways which allows the new gateway watcher to see the gateway come back online when plugging a cable. A Wazuh agent plugin was added and the ddclient plugin received new protocol support including AWS Route53 amongst others.
Here are the full patch notes:system: improve monitoring of down gatewayssystem: clear all /var/run directories on bootupsystem: put lock()/unlock() back for legacy plugin compatibilityinterfaces: fix special device name chars used in shell variablesinterfaces: prevent IPv6 mismatches when using compressed format in VIPinterfaces: remove descriptive name from newwanip logginginterfaces: typo in MRU handling for PPPinterfaces: improve PPPoE MTU handlinginterfaces: switch rtsold to -A modefirewall: missing interface group registration on group creationdhcp: improve UX of the new MVC lease pagesfirmware: remove defunct mirror "Dept. of CSE, Yuan Ze University"intrusion detection: fix events originating from "int^" due to IPS mode useipsec: add colon to supported character list for pre-shared key IDsipsec: reqid should not stick when copying a phase 1monit: fix empty timeout value (contributed by Michael Muenz)openvpn: properly map user groups for authenticationopenvpn: bring instances into server fieldopenvpn: fix separator for redirect-gateway attribute in instances and CSOunbound: fixed configuration when custom blocks are used (contributed by Evgeny Grin)plugins: os-ddclient 1.15plugins: os-iperf adds rubygem-rexml dependency (contributed by Hannah Kiekens)plugins: os-relayd 2.7 now supports newer upstream release of relaydplugins: os-wazuh-agent 1.0src: remove if_wg from kernel modules to unbreak current wireguard-go usesrc: axgbe: LED control for A30 platformsrc: gif: revert in{,6}_gif_output() misalignment handlingsrc: igc: sync srrctl buffer sizing with e1000src: ip_output: ensure that mbufs are mapped if ipsec is enabledsrc: ixgbe: warn once for unsupported SFPssrc: ixgbe: add support for 82599 LSsrc: ixl: add link state pollingsrc: ixl: port ice's atomic API to ixlsrc: rss: set pin_default_swi to 0 by defaultsrc: rtsol: introduce an 'always' scriptports: krb5 1.21.2ports: openldap 2.6.6ports: openvpn 2.6.6ports: php 8.2.9ports: phalcon 5.3.0ports: phpseclib 3.0.21ports: py-dnspython 2.4.2
system: improve monitoring of down gatewayssystem: clear all /var/run directories on bootupsystem: put lock()/unlock() back for legacy plugin compatibilityinterfaces: fix special device name chars used in shell variablesinterfaces: prevent IPv6 mismatches when using compressed format in VIPinterfaces: remove descriptive name from newwanip logginginterfaces: typo in MRU handling for PPPinterfaces: improve PPPoE MTU handlinginterfaces: switch rtsold to -A modefirewall: missing interface group registration on group creationdhcp: improve UX of the new MVC lease pagesfirmware: remove defunct mirror "Dept. of CSE, Yuan Ze University"intrusion detection: fix events originating from "int^" due to IPS mode useipsec: add colon to supported character list for pre-shared key IDsipsec: reqid should not stick when copying a phase 1monit: fix empty timeout value (contributed by Michael Muenz)openvpn: properly map user groups for authenticationopenvpn: bring instances into server fieldopenvpn: fix separator for redirect-gateway attribute in instances and CSOunbound: fixed configuration when custom blocks are used (contributed by Evgeny Grin)plugins: os-ddclient 1.15plugins: os-iperf adds rubygem-rexml dependency (contributed by Hannah Kiekens)plugins: os-relayd 2.7 now supports newer upstream release of relaydplugins: os-wazuh-agent 1.0src: remove if_wg from kernel modules to unbreak current wireguard-go usesrc: axgbe: LED control for A30 platformsrc: gif: revert in{,6}_gif_output() misalignment handlingsrc: igc: sync srrctl buffer sizing with e1000src: ip_output: ensure that mbufs are mapped if ipsec is enabledsrc: ixgbe: warn once for unsupported SFPssrc: ixgbe: add support for 82599 LSsrc: ixl: add link state pollingsrc: ixl: port ice's atomic API to ixlsrc: rss: set pin_default_swi to 0 by defaultsrc: rtsol: introduce an 'always' scriptports: krb5 1.21.2ports: openldap 2.6.6ports: openvpn 2.6.6ports: php 8.2.9ports: phalcon 5.3.0ports: phpseclib 3.0.21ports: py-dnspython 2.4.2
Source:
Tweakers.net