Software-update: OPNsense 25.1.7
Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de zevende update voor versie 25.1 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 25.1.7 releasedDnsmasq DHCP is here and now it is going to be even better with multiple fixes thanks to the swift feedback we received. We are aware of the complex topic of DHCP in the recent years so keep in mind we added Dnsmasq to fill a specific need for smaller installations that other services cannot offer. There are still areas where Kea shines so having both options is the best way forward.
Here are the full patch notes:system: safeguard local_group_set() since users may not exist for valid reasonsinterfaces: emulate device name return in ifconfig edge case for legacy_interface_create()interfaces: cleanup spurious functions regarding VIP accessinterfaces: interfaces: improve private and bogon network filters (contributed by Maurice Walker)interfaces: consider tracked interfaces linked devices on reloadfirewall: add ability to specify IPv6 pipe and queue masking using the src-ip6/dst-ipv6 specifiers (contributed by Daniel Tang)firewall: use shared base_bootgrid_table and base_apply_button in shapercaptive portal: restore the logging of drop reasonscaptive portal: fix last_accessed being cached from previous entries if N/Acaptive portal: mark alias as type external for use in rulesdnsmasq: offer all DHCP options via IANA specificationdnsmasq: allow "static" setting on IPv6 rangesdnsmasq: do not create entries in dnsmasq-hosts file for dhcp-host entriesdnsmasq: prefix length is required when a lease-time is set due to the parsing orderdnsmasq: split up "hwaddr" and "iaid" for DHCPv6 leases and expose them in the leases overviewdnsmasq: add missing dhcp-boot to templatednsmasq: add interface tag to dhcp-boot optionsdnsmasq: reverse rebind checkdnsmasq: remove superfluous escape in conf-dir directivednsmasq: allow lease time 0 to set "infinite"dnsmasq: add protocol selectpicker to leases viewdnsmasq: domain to host migration for hostsdnsmasq: allow multiple tags per dhcp-bootkea-dhcp: fix parsing both address families in static mappingskea-dhcp: translate reservation MAC address when dash is usedkea-dhcp: add advanced options (pd-)allocator in DHCPv6ipsec: attr 28673 previously rendered as 1 instead of strongswan default "yes"/"no" for a booleanopenvpn: add port-share as advanced featureopenvpn: add (push) block-ipv6 optionbackend: use the new errors:no instead of "exit 0" in actionsmvc: add contribDir to app config (contributed by Freddie Sackur)mvc: show versions on migration failure for claritymvc: saveguard JsonKeyValueStoreField->setSourceField()mvc: add static $internalStaticChildren in classes extending ArrayFieldplugins: os-beats 1.0 (contributed by Maxime Thiebaut)plugins: os-c-icap 1.8plugins: os-caddy 2.0.0plugins: os-postfix 1.24plugins: os-radsecproxy 1.1ports: dhcp6c 20250513 fixes spawning multiple instancesports: monit 5.35.2ports: nss 3.111ports: perl 5.40.2ports: pftop 0.13ports: php 8.3.21ports: syslog-ng 4.8.2
system: safeguard local_group_set() since users may not exist for valid reasonsinterfaces: emulate device name return in ifconfig edge case for legacy_interface_create()interfaces: cleanup spurious functions regarding VIP accessinterfaces: interfaces: improve private and bogon network filters (contributed by Maurice Walker)interfaces: consider tracked interfaces linked devices on reloadfirewall: add ability to specify IPv6 pipe and queue masking using the src-ip6/dst-ipv6 specifiers (contributed by Daniel Tang)firewall: use shared base_bootgrid_table and base_apply_button in shapercaptive portal: restore the logging of drop reasonscaptive portal: fix last_accessed being cached from previous entries if N/Acaptive portal: mark alias as type external for use in rulesdnsmasq: offer all DHCP options via IANA specificationdnsmasq: allow "static" setting on IPv6 rangesdnsmasq: do not create entries in dnsmasq-hosts file for dhcp-host entriesdnsmasq: prefix length is required when a lease-time is set due to the parsing orderdnsmasq: split up "hwaddr" and "iaid" for DHCPv6 leases and expose them in the leases overviewdnsmasq: add missing dhcp-boot to templatednsmasq: add interface tag to dhcp-boot optionsdnsmasq: reverse rebind checkdnsmasq: remove superfluous escape in conf-dir directivednsmasq: allow lease time 0 to set "infinite"dnsmasq: add protocol selectpicker to leases viewdnsmasq: domain to host migration for hostsdnsmasq: allow multiple tags per dhcp-bootkea-dhcp: fix parsing both address families in static mappingskea-dhcp: translate reservation MAC address when dash is usedkea-dhcp: add advanced options (pd-)allocator in DHCPv6ipsec: attr 28673 previously rendered as 1 instead of strongswan default "yes"/"no" for a booleanopenvpn: add port-share as advanced featureopenvpn: add (push) block-ipv6 optionbackend: use the new errors:no instead of "exit 0" in actionsmvc: add contribDir to app config (contributed by Freddie Sackur)mvc: show versions on migration failure for claritymvc: saveguard JsonKeyValueStoreField->setSourceField()mvc: add static $internalStaticChildren in classes extending ArrayFieldplugins: os-beats 1.0 (contributed by Maxime Thiebaut)plugins: os-c-icap 1.8plugins: os-caddy 2.0.0plugins: os-postfix 1.24plugins: os-radsecproxy 1.1ports: dhcp6c 20250513 fixes spawning multiple instancesports: monit 5.35.2ports: nss 3.111ports: perl 5.40.2ports: pftop 0.13ports: php 8.3.21ports: syslog-ng 4.8.2
Source:
Tweakers.net