Software-update: OPNsense 24.7.7
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.7.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 24.7.7 releasedA small update to keep things moving forward while things are quietening down a little bit. Still working on improving the trust store integration and already tackling new MVC/API conversions on the development end. Here are the full patch notes:
system: add OpenSSH "RekeyLimit" with a limited set of choicessystem: fix certificate condition in setCRL() (contributed by richierg)system: untrusted directory changed in FreeBSD 14system: remove obsolete banners from static pagessystem: address CRL/cert subject hash mismatch during trust store rehashreporting: refactor existing RRD backend codefirewall: throttle live logging on dashboard widgetinterfaces: fix VXLAN interface being busy when vxlanlocal or vxlanremote is changedinterfaces: 6RD/6to4 route creation should be limited to IPv6firmware: remove escaped slashes workaround on mirror/flavour writefirmware: CRL checking for business update mirrorfirmware: introduce config.sh and use it in launcher.sh and connection.shfirmware: restart cron on updatesintrusion detection: reorganise settings page with headersintrusion detection: support configuration of eve-log for HTTP and TLS (contributed by Toby Chen)ipsec: fix advanced option "max_ikev1_exchanges"backend: cache file cleanup when TTL is reachedbackend: correct template helper exists() return type (contributed by kumy)mvc: fix config.xml file open mode in overwrite()mvc: add missing request->hasQuery()mvc: add missing request->getScheme()mvc: add missing request->getURI()mvc: extend sanity checks in isIPInCIDR()ui: fix tree view style targeting elements outside this viewplugins: enforce defaults on devicesplugins: os-caddy 1.7.3plugins: os-ddclient 1.25plugins: os-freeradius 1.9.26plugins: os-frr 1.42plugins: os-lldpd 1.2plugins: os-net-snmp 1.6plugins: os-upnp 1.7plugins: os-wazuh-agent 1.1ports: monit 5.34.2ports: nss 3.105ports: openssh 9.9.p1ports: pkg fix for for embedded libfetch when doing CRL verificationports: py-duckdb 1.1.2ports: syslog-ng 4.8.1ports: unbound 1.22.0
system: add OpenSSH "RekeyLimit" with a limited set of choicessystem: fix certificate condition in setCRL() (contributed by richierg)system: untrusted directory changed in FreeBSD 14system: remove obsolete banners from static pagessystem: address CRL/cert subject hash mismatch during trust store rehashreporting: refactor existing RRD backend codefirewall: throttle live logging on dashboard widgetinterfaces: fix VXLAN interface being busy when vxlanlocal or vxlanremote is changedinterfaces: 6RD/6to4 route creation should be limited to IPv6firmware: remove escaped slashes workaround on mirror/flavour writefirmware: CRL checking for business update mirrorfirmware: introduce config.sh and use it in launcher.sh and connection.shfirmware: restart cron on updatesintrusion detection: reorganise settings page with headersintrusion detection: support configuration of eve-log for HTTP and TLS (contributed by Toby Chen)ipsec: fix advanced option "max_ikev1_exchanges"backend: cache file cleanup when TTL is reachedbackend: correct template helper exists() return type (contributed by kumy)mvc: fix config.xml file open mode in overwrite()mvc: add missing request->hasQuery()mvc: add missing request->getScheme()mvc: add missing request->getURI()mvc: extend sanity checks in isIPInCIDR()ui: fix tree view style targeting elements outside this viewplugins: enforce defaults on devicesplugins: os-caddy 1.7.3plugins: os-ddclient 1.25plugins: os-freeradius 1.9.26plugins: os-frr 1.42plugins: os-lldpd 1.2plugins: os-net-snmp 1.6plugins: os-upnp 1.7plugins: os-wazuh-agent 1.1ports: monit 5.34.2ports: nss 3.105ports: openssh 9.9.p1ports: pkg fix for for embedded libfetch when doing CRL verificationports: py-duckdb 1.1.2ports: syslog-ng 4.8.1ports: unbound 1.22.0
Source:
Tweakers.net