Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor 2fa, openvpn, ipsec, carp en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars hebben OPNsense 23.1.2 uitgebracht en deze versie gaat vergezeld met de volgende aantekeningen:
OPNsense 23.1.2 releasedThis is mainly a reliability update with fixes in assorted subsystems. Of note is the OpenVPN authentication framework rewrite in order to take advantage of the upcoming OpenVPN 2.6 deferred authentication feature and the fix for DHCP renew behaviour that was reported on 23.1.
The roadmap for 23.7 was published, but at this point mainly consists of MVC/API porting efforts for existing static pages. While the rewrite is not strictly necessary from a user perspective it will move us a lot closer to our mission goal to introduce privilege separation and to provide an API for all components.
Here are the full patch notes:
- system: use singleton boot detection everywhere
- system: protect against more stray scripts on boot
- system: several shell_safe() conversions
- system: when applying auto-far default route make sure the local address is not empty
- system: refactor system_default_route() to prevent empty $gateway
- system: create system_resolver_configure() and cron job support
- system: add simple script and configd action to list current group membership (configctl auth list groups)
- system: prevent alias reload in routing reconfiguration like we do in rc.syshook monitor reload
- interfaces: protect against empty GIF host route
- interfaces: fix parsing of device names with a dot in packet capture
- interfaces: force newip calls through DHCP/PPP/OVPN on IPv4
- interfaces: force newip calls through DHCP/PPP on IPv6
- firewall: fix NAT dropdowns ignoring VIPs
- firewall: fix validation of alias names such as "A_BC"
- fIrewall: show all applicable floating rules when inspecting interface rules
- firewall: prevent networks from being sent to DNS resolver in update_tables.py
- reporting: make all status mapping colors configurable for themes in the Unbound DNS page
- dnsmasq: add dns_forward_max, cache_size and local_ttl options to GUI (contributed by Dr. Uwe Meyer-Gruhl)
- firmware: remove retired LibreSSL flavour handling and annotations
- ipsec: reqid should not be provided on mobile sessions
- ipsec: validate pool names on connections page
- ipsec: allow "@" character in all other eap_id fields for new connections
- ipsec: add connection data to XMLRPC sync
- ipsec: "Dynamic gateway" (rightallowany) option should be translated to 0.0.0.0/0,::/0
- network time: remove "disable monitor" to get rid of log warnings (contributed by Dr. Uwe Meyer-Gruhl)
- openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication
- openvpn: rename -cipher option to --data-ciphers-fallback and adjust GUI accordingly
- unbound: fix typo in logger and create a pipe early in dnsbl_module.py (contributed by kulikov-a)
- unbound: fix type cast to prevent unnecessary updateBlocklist action
- unbound: add missing blocklist
- ui: solve deprecation in PHP via html_safe() wrapper
- wizard: unbound hardened DNSSEC setting moved
- plugins: os-acme-client 3.16
- plugins: os-crowdsec 1.0.2
- plugins: os-rfc2136 1.8
- plugins: os-theme-cicada 1.33 (contributed by Team Rebellion)
- plugins: os-theme-tucan 1.26 (contributed by Team Rebellion)
- plugins: os-theme-vicuna 1.44 (contributed by Team Rebellion)
- src: fix multiple OpenSSL vulnerabilities
- src: pfsync: support deferring IPv6 packets
- src: pfsync: add missing bucket lock
- src: pfsync: ensure 'error' is always initialised
- ports: filterlog 0.7 fixes unknown TCP option print
- ports: lighttpd 1.4.69
- ports: monit 5.33.0
- ports: nss 3.88.1
- ports: openldap 2.6.4
- ports: openssh 9.2p1
- ports: php 8.1.16
- ports: phalcon 5.2.1
- ports: sqlite 3.41.0
- ports: strongswan 5.9.10
- ports: sudo 1.9.13p2
:fill(white):strip_exif()/i/2007222016.jpeg?f=thumbmedium)
:strip_icc():strip_exif()/u/506130/keitjes.jpg?f=community){kind=small}
/u/96077/crop5b8d7c89bae9d_cropped.png?f=community){kind=small}
:strip_exif()/u/19165/9cdefd.gif?f=community){kind=small}
