Software-update: OPNsense 24.7.9
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 24.7.9 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 24.7.9 releasedThis is a minor update that further tweaks the trust store integration and firmware updates tying into it although in practice it does not change the current behaviour from a user perspective. If something is not behaving as usual afterwards please let us know.
A new plugin has been added to finally allow proxying ND messages for those people stuck on a single /64 prefix delegation. Otherwise it has been pretty quiet as you can see. But we will be back soon. ;)
Here are the full patch notes:system: revert CRLs in bundles as the default bundles will be removed in 25.1system: migrate authoritative bundle location to /usr/local/etc/ssl/cert.pemsystem: flush the global OpenSSL configuration to /etc/ssl/openssl.cnf as wellsystem: ignore gateway monitor status on boot when setting up routessystem: fix IP address validation not being displayed in the gateway formsystem: add a "time-loop" around authentication for failed attemptsreporting: ISO dates and logical ranges in health graphs (contributed by Roy Orbitson)interfaces: kill defunct route-to states with the stale gateway IPfirewall: make loopback traffic stateful again to fix its use with syncookie optionfirewall: add 'Action' property to list of retrieved rulesfirewall: use UUIDs as rule labels to ease trackingfirmware: refactor for generic config.sh use and related code auditfirmware: move the bogons update script to the firmware scripts, improve logging messages and use config.shfirmware: opnsense-version: restored pre-2019 default output format (contributed by TotalGriffLock)openvpn: add Require Client Provisioning option for instancesbackend: add 'configd environment' debug actionmvc: always do stop/start on forced restartmvc: remove obsolete sessionClose() use in Base, Firmware, Unbound and WireGuard controllersplugins: os-debug 1.6plugins: os-ndproxy 1.0 adds an IPv6 Neighbour Discovery proxyplugins: os-wazuh-agent 1.2ports: py-duckdb 1.1.3
system: revert CRLs in bundles as the default bundles will be removed in 25.1system: migrate authoritative bundle location to /usr/local/etc/ssl/cert.pemsystem: flush the global OpenSSL configuration to /etc/ssl/openssl.cnf as wellsystem: ignore gateway monitor status on boot when setting up routessystem: fix IP address validation not being displayed in the gateway formsystem: add a "time-loop" around authentication for failed attemptsreporting: ISO dates and logical ranges in health graphs (contributed by Roy Orbitson)interfaces: kill defunct route-to states with the stale gateway IPfirewall: make loopback traffic stateful again to fix its use with syncookie optionfirewall: add 'Action' property to list of retrieved rulesfirewall: use UUIDs as rule labels to ease trackingfirmware: refactor for generic config.sh use and related code auditfirmware: move the bogons update script to the firmware scripts, improve logging messages and use config.shfirmware: opnsense-version: restored pre-2019 default output format (contributed by TotalGriffLock)openvpn: add Require Client Provisioning option for instancesbackend: add 'configd environment' debug actionmvc: always do stop/start on forced restartmvc: remove obsolete sessionClose() use in Base, Firmware, Unbound and WireGuard controllersplugins: os-debug 1.6plugins: os-ndproxy 1.0 adds an IPv6 Neighbour Discovery proxyplugins: os-wazuh-agent 1.2ports: py-duckdb 1.1.3
Source:
Tweakers.net