Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben eerder OPNsense 20.1.4 uitgebracht met de volgende aankondiging:
system:firewall:
- add missing strtolower() in LDAP sync response
- fix /var/run/legacy_log socket creation race with Syslog-ng
- add info button to display privilege / ACL endpoints
- make IPsec tap tunables overwriteable
interfaces:
- floating means either all interfaces or more than one selected
- simplify group maintenance by only applying them on filter reload
dhcp:
- use primary IPv6 and support VIP tracking
- multiple changes in radvd.conf setup (contributed by maurice-w)
firmware:
- fix DDNS support in DHCPv6 (contributed by Wagner Sartori Junior)
openvpn:
- mirror opnsense.ieji.de renamed to opn.sense.nz
unbound:
- improve openvpn_port_used() logic
mvc:
- minor cleanup in /api/unbound/diagnostics/stats endpoint
- remove 192.0.0.0/24 from rebinding prevention list (contributed by maurice-w)
shell:
- simplify reload of captive portal, cron, IDS, alias, loopback, VXLAN, web proxy, routes, syslog and shaper
- limit dropdown size to 10 is none specified
- support inheritance of the ArrayField type
- synchronize backup timestamps with revisions
- fixed width for timestamp column in logging
- init errorMessage to prevent crash reports
plugins:
- use interfaces_primary_address6() for correct IPv6 display
- append a newline in pluginctl -g mode
lang:
- os-acme-client 1.30[1]
- os-bind 1.13[2]
- os-freeradius 1.9.6[3]
- os-haproxy 2.21[4]
- os-maltrail 1.5[5]
- os-nginx 1.19[6]
- os-nut 1.7[7]
- os-postfix 1.14[8]
- os-tayga 1.0 (contributed by Michael Muenz)
- os-telegraf 1.7.7[9]
- os-unbound-plus 1.0 (contributed by Michael Muenz and Petr Kejval)
src:
- multiple updates to supported languages
- new Turkish translation (contributed by Aydin Yakar)
ports:
- work around PCI devices which return all zeros for reads of existing MSI-X table VCTRL registers
- fix incorrect checksum calculations with IPv6 extension headers[10]
- fix TCP IPv6 SYN cache kernel information disclosure[11]
- fix insufficient oce(4) ioctl(2) privilege checking[12]
- fix incorrect user-controlled pointer use in epair[13]
- fix kernel memory disclosure with nested jails[14]
- curl 7.69.1[15]
- krb5 1.18[16]
- openssh 8.2p1[17]
- openssl 1.1.1f[18]
- perl 5.30.2[19]
- php 7.2.29[20]
- python 3.7.7[21]
- strongswan 5.8.3[22]
- sudo 1.8.31p1[23]