Software-update: OPNsense 25.7.3

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de derde update voor versie 25.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 25.7.3 released

The Tabulator introduction into MVC grid views was a major success with virtually no complaints. Did you notice? Maybe you will now that more features have been unlocked: Dnsmasq grids group by interfaces, firewall automation rules now can show folders using categories and row count default and selections have been increased. A few performance and UX tweaks were carried out as well while at it.

StrongSwan moves to version 6.0.1 now after elaborate testing. The "make_before_break" value was flipped from off to on in their version jump, but the settings will still default to off for everyone unless already otherwise configured.

Here are the full patch notes:

system: properly check request type on HA status page in restartAllAction() (reported by Stanislav Fort of Aisle Research)system: prevent misconfigurations with the automatic user creation optionsystem: add pluginctl hook for cache_flushsystem: rewrite wwwonly bootstrap proceduresystem: allow authentication events from wwwonly userinterfaces: moved get_real_interface() to util.incfirewall: add "quick" mode in alias update to skip table size comparison during schedulesfirewall: adjust firewall_rule_lookup to open correct interface and rule from firewall live logfirewall: add port alias selection to source_port and destination_portfirewall: implement alias description tooltip and other UX tweaksfirewall: add optional Tabulator tree view to show categories as rule folders in automationfirewall: put sequence and sort_order in advanced mode of automation rulesfirewall: front-end table rendering performance improvement for alias diagnosticsfirewall: also set groups for special IPv6 interfacesfirewall: ignore empty lines for pf table countingfirewall: support tags in source NAT automation rulesfirewall: allow alias nesting for URL tablescaptive portal: move backend scripts directorycaptive portal: various style cleanupscaptive portal: restyle default login templatednsmasq: add Tabulator "groupBy" functionality to group by interfacesdnsmasq: add leases widget that shows latest leasesfirmware: add US east coast mirror for business editionfirmware: opnsense-patch: fix cache flush using new hookfirmware: add vuxml.freebsd.org to CRL handling hostnamesintrusion detection: fix downloads tab not loading with Tabulatoripsec: add default value to "make_before_break" that retains disabled defaultmonit: move backend scripts directorymvc: BaseModel: minor non-functional cleanupsmvc: ModelRelationField: keep array structure in memory to avoid reinitiating object constructionmvc: tweaked model definitions, especially descriptions and validation message stylemvc: slightly adjust two getOption() calls in constraintsmvc: BaseListField: always map values in getDescription()mvc: BaseListField: account for option container and passthrough valuemvc: remove getCurrentValue() compatibility wrappermvc: Backend: always return strings in configdRun() and configdpRun()mvc: improve replaceInputWithSelector() to support an empty placeholdermvc: stream output not properly cleansed when used in widget (reported by Stanislav Fort of Aisle Research)ui: bootgrid: add tabulatorOptions to translateCompatOptions()ui: bootgrid: raise rowCount default to 50 and adjust selections accordingly for most pagesui: bootgrid: simplify custom grid command additionsplugins: os-caddy 2.0.3plugins: os-frr 1.47plugins: os-netbird 1.0 (contributed by Gauss23 and Bethuel Mmbaga)plugins: os-nginx 1.35plugins: os-squid 1.3src: libfetch: ignore leaf certificates missing CRL which in practice is not offered by most authoritiessrc: assorted network stack fixes via stable/14src: if_ovpn: support IPv6 link-local addressessrc: if_ovpn: support floating clientssrc: if_ovpn: fill out sin_len/sin6_lensrc: if_ovpn: destroy cloned interfaces via a prison removal callbacksrc: ifconfig: support VLAN ID in static/deladdrports: krb5 1.22.1ports: nss 3.115.1ports: perl 5.42.0ports: php 8.3.25ports: strongswan 6.0.1

system: properly check request type on HA status page in restartAllAction() (reported by Stanislav Fort of Aisle Research)

system: prevent misconfigurations with the automatic user creation option

system: add pluginctl hook for cache_flush

system: rewrite wwwonly bootstrap procedure

system: allow authentication events from wwwonly user

interfaces: moved get_real_interface() to util.inc

firewall: add "quick" mode in alias update to skip table size comparison during schedules

firewall: adjust firewall_rule_lookup to open correct interface and rule from firewall live log

firewall: add port alias selection to source_port and destination_port

firewall: implement alias description tooltip and other UX tweaks

firewall: add optional Tabulator tree view to show categories as rule folders in automation

firewall: put sequence and sort_order in advanced mode of automation rules

firewall: front-end table rendering performance improvement for alias diagnostics

firewall: also set groups for special IPv6 interfaces

firewall: ignore empty lines for pf table counting

firewall: support tags in source NAT automation rules

firewall: allow alias nesting for URL tables

captive portal: move backend scripts directory

captive portal: various style cleanups

captive portal: restyle default login template

dnsmasq: add Tabulator "groupBy" functionality to group by interfaces

dnsmasq: add leases widget that shows latest leases

firmware: add US east coast mirror for business edition

firmware: opnsense-patch: fix cache flush using new hook

firmware: add vuxml.freebsd.org to CRL handling hostnames

intrusion detection: fix downloads tab not loading with Tabulator

ipsec: add default value to "make_before_break" that retains disabled default

monit: move backend scripts directory

mvc: BaseModel: minor non-functional cleanups

mvc: ModelRelationField: keep array structure in memory to avoid reinitiating object construction

mvc: tweaked model definitions, especially descriptions and validation message style

mvc: slightly adjust two getOption() calls in constraints

mvc: BaseListField: always map values in getDescription()

mvc: BaseListField: account for option container and passthrough value

mvc: remove getCurrentValue() compatibility wrapper

mvc: Backend: always return strings in configdRun() and configdpRun()

mvc: improve replaceInputWithSelector() to support an empty placeholder

mvc: stream output not properly cleansed when used in widget (reported by Stanislav Fort of Aisle Research)

ui: bootgrid: add tabulatorOptions to translateCompatOptions()

ui: bootgrid: raise rowCount default to 50 and adjust selections accordingly for most pages

ui: bootgrid: simplify custom grid command additions

plugins: os-caddy 2.0.3

plugins: os-frr 1.47

plugins: os-netbird 1.0 (contributed by Gauss23 and Bethuel Mmbaga)

plugins: os-nginx 1.35

plugins: os-squid 1.3

src: libfetch: ignore leaf certificates missing CRL which in practice is not offered by most authorities

src: assorted network stack fixes via stable/14

src: if_ovpn: support IPv6 link-local addresses

src: if_ovpn: support floating clients

src: if_ovpn: fill out sin_len/sin6_len

src: if_ovpn: destroy cloned interfaces via a prison removal callback

src: ifconfig: support VLAN ID in static/deladdr

ports: krb5 1.22.1

ports: nss 3.115.1

ports: perl 5.42.0

ports: php 8.3.25

ports: strongswan 6.0.1

Source: Tweakers.net