Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 21.7.5 uitgebracht met de volgende aankondiging:

FreeBSD security advisories and an issue with Intel-based ixgbe driver with "ifconfig -v" stalls keep this release rolling. Also note that OpenSSH was updated to version 8.8 which deprecates ssh-rsa usage which is mainly an issue for client access from the OPNsense system to the outside and can be amended as per the suggestions in the respective release notes.

And as promised the development version includes the upgrade path to the 22.1-BETA1 release. This will be an online-beta with a few iterations over the FreeBSD 13 stable branch and eventually move to FreeBSD 13.1 release as that becomes available.

Suricata Netmap v14 support for multi-gigabit speed in IPS mode with RSS enabled

Separate VLAN MAC spoofing and permanent promiscuous mode setting

Tunable analytics provide automatic descriptions and type

IPsec tunnel overview ported to MVC with pagination

Proofpoint Emerging Threats rules for Suricata 5.0

Removed opportunistic interface address read functions

Console-based LAGG configuration support

Removed state killing on gateway failure feature

Improved firmware update capabilities

No-bind service awareness for virtual IPs

FreeBSD 13 stable branch

RFC 5424 and severity support in logs

Clog support has been removed

And more...

Please note that the beta version will always be available for upgrade when switching to the development version. At this point no stable packages are provided and this includes plugins. These will become available as the release candidate is released in early January 2022. All feedback is welcome but keep in mind that there are still a number of moving parts ahead. Upgrade responsibly.