Software-update: OPNsense 23.7.3
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.7.3 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 23.7.3 releasedRecently we improved the workflow for bringing language updates to the release so here we are with an updated translation package including added support for Korean. Thanks a lot to all contributors for keeping this going strong! If you would like to help with translations you can sign up via this link.
Of note is also the largely rewritten backend for the WireGuard kernel module plugin which offers separate services for each instance much like OpenVPN offers it. The requirement of the wireguard-tools and bash packages were removed. This also means the plugin will be moved to the core for 24.1 along with Wireguard go plugin being removed completely since on FreeBSD 13.2 no external package is needed to enjoy WireGuard and the permanent existence of a kernel module renders the Go fallback defunct through wireguard-tools/wg-quick implementation quirks.
Here are the full patch notes:system: fix missing config save when RRD data is supplied during backup importsystem: defer config reload to SIGHUP in gateway watchersystem: handle "force_down" state correctly in gateway watchersystem: make Gateways class argument optionalinterfaces: tweak UX of interface settings pageinterfaces: further improve PPP MTU handlinginterfaces: remove workaround to re-reload the routing during bootup for edge case that no longer existfirewall: fix group priority handling regressionfirewall: improve filter functionality to combine multiple network clauses in states pagedhcp: map interfaces to interface names instead of devicesdhcp: fix iaid_duid parsing in IPv6 lease pageintrusion detection: support "bypass" keyword in user-defined rules (contributed by Monviech)openvpn: fix mismatch issue when pinning a CSO to a specific instanceopenvpn: add advanced option for optional CA selectionunbound: fix concurrent session closing the handle while still writing data in Python moduleweb proxy: remove long deprecated "dns_v4_first" setting from GUImvc: extend PortField to optionally allow port type aliaseslang: update all languages and add Koreanplugins: os-firewall 1.4 adds port alias supportplugins: os-frr 1.35plugins: os-wireguard 2.0ports: filterlog fix to prevent crash on default rule number -1
system: fix missing config save when RRD data is supplied during backup importsystem: defer config reload to SIGHUP in gateway watchersystem: handle "force_down" state correctly in gateway watchersystem: make Gateways class argument optionalinterfaces: tweak UX of interface settings pageinterfaces: further improve PPP MTU handlinginterfaces: remove workaround to re-reload the routing during bootup for edge case that no longer existfirewall: fix group priority handling regressionfirewall: improve filter functionality to combine multiple network clauses in states pagedhcp: map interfaces to interface names instead of devicesdhcp: fix iaid_duid parsing in IPv6 lease pageintrusion detection: support "bypass" keyword in user-defined rules (contributed by Monviech)openvpn: fix mismatch issue when pinning a CSO to a specific instanceopenvpn: add advanced option for optional CA selectionunbound: fix concurrent session closing the handle while still writing data in Python moduleweb proxy: remove long deprecated "dns_v4_first" setting from GUImvc: extend PortField to optionally allow port type aliaseslang: update all languages and add Koreanplugins: os-firewall 1.4 adds port alias supportplugins: os-frr 1.35plugins: os-wireguard 2.0ports: filterlog fix to prevent crash on default rule number -1
Source:
Tweakers.net