Software-update: OPNsense 20.7.2

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 20.7.2 uitgebracht met de volgende aankondiging:

OPNsense 20.7.2 Released

While we are still looking closer at netmap/iflib performance on 12.1 we are rolling out a kernel with Intel em/igb updates that should avoid bad packet counts in the default installation. Syslog-ng received a workaround for the diagnosed startup issue and alias now supports MAC address content similar to how host content works.

Here are the full patch notes:

• system: set REQUESTS_CA_BUNDLE in environments
• system: improve parsing for temperature sensors
• system: add "new-password" hint for Chrome on login form
• system: rename syslog services description and hide legacy mode when not enabled
• system: force syslog-ng restart after boot sequence
• system: properly read new style logging directories
• reporting: replace line endings when sending traceback to syslog in flowd_aggregate
• reporting: dd traffic graph filter for private IPv4 networks (contributed by kcaj-burr)
• firewall: add MAC address alias type
• firewall: be more verbose when fetching alias remote content
• firewall: prevent pfctl error messages from being suppressed
• firewall: exclude all reserved pf.conf keywords from alias name
• firewall: bogons not loaded on initial load
• firewall: reset damaged bogons files on startup
• interfaces: add listen-queue-sizes in socket diagnostics
• firmware: properly report an unsigned repository
• firmware: revoke 20.1 fingerprint
• intrusion detection: rule cache parse error on invalid metadata
• intrusion detection: allow search for status enabled/disabled
• web proxy: correct template replacement during build time
• web proxy: bugfix in JSON access log
• unbound: updated project block lists links (contributed by gap579137)
• backend: add regex_replace template support
• plugins: os-acme-client 1.36
• plugins: os-dyndns 1.23 adds Gandi LiveDNS support (contributed by vizion8-dan)
• plugins: os-haproxy 2.24
• plugins: os-stunnel 1.0.1 includes performance tweaks
• plugins: os-telegraf 1.8.2
• plugins: os-tinc fixes cipher parsing on 20.7
• src: remove ACPI workaround for serial console on AMD EPYC
• src: Make pf.conf ':0' ignore link-local v6 addresses too
• src: default "show bad packets" tunable to off in e100 driver
• src: fix unsolicited promisc mode in e1000 driver
• src: add valectl to the system commands
• ports: ca_root_nss/nss 3.56
• ports: curl 7.72.0
• ports: libressl 3.1.4
• ports: openldap 2.4.51
• ports: php 7.3.21
• ports: python 3.7.9
• ports: sqlite 3.33.0
• ports: squid 4.13
• ports: syslog-ng dlsym() workaround
• ports: unbound 1.11.0