Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 21.1.2 uitgebracht met de volgende aankondiging:
OPNsense 21.1.2 releasedPlease do enjoy this round of timely crypto library updates and other reliability fixes. Work has so far been focused on the firmware update process to ensure its safety around edge cases and recovery methods for the worst case. To that end 21.1.3 will likely receive the full revamp including API and GUI changes for a swift transition after thorough testing of the changes now available in the development package of this release.
Here are the full patch notes:
- system: do not trim string fields in upstream XMLRPC library
- system: fix export API keys reload issue on Safari
- system: retain index after tunables sorting in 21.1.1
- system: fix firewall log widget update on small fixed number of entries
- system: replace traffic graphs in widget using chart.js
- system: make StartTLS work when retrieving LDAP authentication containers (contributed by Christian Brueffer)
- system: fix IPv6 route deletion on status page
- interfaces: work around slow manufacturer lookups in py-netaddr 0.8.0
- firewall: fix off-by-one error in alias utility listing
- firewall: fix live log matching with 'or' and empty filter (contributed by kulikov-a)
- reporting: prevent NetFlow crash when interface number is missing
- firmware: opnsense-update -t option executes after -p making it possible to run them at once
- firmware: opnsense-update -t option now also uses recovery code introduced recently for -p
- firmware: opnsense-update -vR no longer emits "unknown" if no version was found
- firmware: opnsense-verify -l option lists enabled package repositories
- firmware: add crypto package to health check
- firmware: fix two JS tracker bugs
- firmware: assorted non-breaking changes for upcoming firmware revamp
- intrusion detection: prevent flowbits:noalert from being dropped
- intrusion detection: fix policies not matching categories
- ipsec: phase2 local/remote network check does not apply on VTI interfaces
- web proxy: fix ownership issue on template directory
- rc: opnsense-beep utility wrapper including manual page
- plugins: increase revision number for all plugins to force installation of metadata added in 21.1.1
- plugins: os-acme-client 2.4
- plugins: os-postfix 1.18
- plugins: os-rspamd 1.11
- plugins: os-theme-cicada 1.27 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.24 (contributed by Team Rebellion)
- plugins: os-theme-vicuna 1.3 (contributed by Team Rebellion)
- ports: curl 7.75.0
- ports: libressl 3.2.4
- ports: openssl 1.1.1j
- ports: php 7.3.27
- ports: squid 4.14
- ports: unbound 1.13.1