Software-update: OPNsense 24.1.8
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.1.8 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 24.1.8 releasedThe endless loop packet read in the new dhcrelay daemon has been fixed. A new kernel is included in this release bringing the latest stable/13 state in the relevant networking areas. A number of small changes have also been made. Thanks for all the reports and support!
To spread the news... 24.7 will be based on FreeBSD 14.1. Stay tuned.
Here are the full patch notes:system: fix regression in gateways migration causing far gateway option to be set incorrectlysystem: work around fatal password_hash() change in PHP 8.2.18system: move net.inet.icmp.drop_redirect sysctl to automatic modesystem: add Google Drive configuration as an XMLRPC sync targetinterfaces: detect and ignore "detached" state for IPv6interfaces: remove unused imports from sockstat listfirewall: use the new $.replaceInputWithSelector() for source/destination networks in MVC filter pagesfirewall: fix empty rule label rendered as "null" on sessions pageipsec: fix faulty "-" usage in URIsisc-dhcp: take into account that multple ia-pd can be delegatedkea-dhcp: simplified the controller codeunbound: change blocklist processing in _blocklist_reader()unbound: allow RFC 2181 compatible names in query forwardingmvc: silence spurious validation message when explicitly asked to ignore themui: prevent vertical modal overflows and instead present a scrollbarui: add $.replaceInputWithSelector() actionui: handle static page CSRF without Phalconplugins: os-caddy 1.5.6src: pfsync: fix use of invalidated stack variablesrc: pfsync: cope with multiple pending plus messagessrc: ipfw: skip to the start of the loop when following a keep-state rulesrc: bridge: use IF_MINMTUsrc: bridge: change MTU for new memberssrc: ethernet: support ARP for 802 networkssrc: ethernet: fix logging of frame lengthsrc: debugnet: fix logging of frame lengthsrc: wg: use ENETUNREACH when transmitting to a non-existent peersrc: fib_algo: lower level of algorithm switching messages to LOG_INFOsrc: libpfctl: fix incorrect pcounters array sizesrc: pf: always mark states as unlinked before detaching themsrc: vxlan: add checking for loops and nesting of tunnelssrc: igc: increase default per-queue interrupt rate to 20000ports: dhcrelay 0.5 fixes endless loop on packet readports: hyperscan 5.4.2ports: libxml 2.11.8ports: ntp 4.2.8p18ports: openssl fix for CVE-2024-4603ports: phalcon 5.7.0ports: py-duckdb 0.10.3
system: fix regression in gateways migration causing far gateway option to be set incorrectlysystem: work around fatal password_hash() change in PHP 8.2.18system: move net.inet.icmp.drop_redirect sysctl to automatic modesystem: add Google Drive configuration as an XMLRPC sync targetinterfaces: detect and ignore "detached" state for IPv6interfaces: remove unused imports from sockstat listfirewall: use the new $.replaceInputWithSelector() for source/destination networks in MVC filter pagesfirewall: fix empty rule label rendered as "null" on sessions pageipsec: fix faulty "-" usage in URIsisc-dhcp: take into account that multple ia-pd can be delegatedkea-dhcp: simplified the controller codeunbound: change blocklist processing in _blocklist_reader()unbound: allow RFC 2181 compatible names in query forwardingmvc: silence spurious validation message when explicitly asked to ignore themui: prevent vertical modal overflows and instead present a scrollbarui: add $.replaceInputWithSelector() actionui: handle static page CSRF without Phalconplugins: os-caddy 1.5.6src: pfsync: fix use of invalidated stack variablesrc: pfsync: cope with multiple pending plus messagessrc: ipfw: skip to the start of the loop when following a keep-state rulesrc: bridge: use IF_MINMTUsrc: bridge: change MTU for new memberssrc: ethernet: support ARP for 802 networkssrc: ethernet: fix logging of frame lengthsrc: debugnet: fix logging of frame lengthsrc: wg: use ENETUNREACH when transmitting to a non-existent peersrc: fib_algo: lower level of algorithm switching messages to LOG_INFOsrc: libpfctl: fix incorrect pcounters array sizesrc: pf: always mark states as unlinked before detaching themsrc: vxlan: add checking for loops and nesting of tunnelssrc: igc: increase default per-queue interrupt rate to 20000ports: dhcrelay 0.5 fixes endless loop on packet readports: hyperscan 5.4.2ports: libxml 2.11.8ports: ntp 4.2.8p18ports: openssl fix for CVE-2024-4603ports: phalcon 5.7.0ports: py-duckdb 0.10.3
Source:
Tweakers.net