Versie 2.7 van de Community Edition van pfSense is uitgekomen. Dit pakket is gebaseerd op het besturingssysteem FreeBSD en richt zich op router- en firewalltaken. Het is verkrijgbaar in de gratis Community Edition en een Plus-uitvoering, die voorheen als Factory Edition werd aangeboden. Het is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we naar deze pagina. Versie 2.7.0 is een grote release waarin onder meer de overstap naar FreeBSD 14 is gemaakt. De belangrijkste veranderingen die in deze uitgave zijn aangebracht zijn hieronder voor je op een rijtje gezet.
Changes to pfSense CE 2.7.0 softwareThe latest information about the changes and new features in pfSense CE software can be found in the Release Notes. It is a best practice to review the Release Notes prior to any upgrade. Some of the key changes in version 2.7.0 include:
- Captive portal and limiters moved from ipfw to pf: pf is the default packet filter in pfSense software. These changes leverage L2 features previously added to pf and upstreamed to FreeBSD, and improve performance and stability of the captive portal by eliminating the need for packets to traverse both pf and ipfw.
- UPnP and multiple game systems: A fix has been added to address an issue with UPnP and multiple game systems. This resolves the problems some game systems experienced connecting to the internet when UPnP was enabled and multiple consoles are in use.
- New gateway state killing options: These options give the user more flexibility in how the firewall decides to kill states automatically during failover events and also adds several new manual ways to selectively remove states.
- Improved Firewall/NAT rule usability: The Firewall/NAT rule interface has been improved to make it easier to create and manage rules. This includes new buttons to toggle multiple rules and copy rules to other interfaces.
- Upgraded OpenVPN: OpenVPN has been upgraded to version 2.6.4. This includes a number of security fixes and performance improvements.
- Upgraded PHP: PHP has been upgraded to version 8.2.6. This includes a number of security fixes and performance improvements. This change may cause problems in packages that have not yet upgraded their use of PHP libraries.
- Moved to track the 'main' branch of FreeBSD: pfSense CE has been moved to track the 'main' branch of FreeBSD. This means that pfSense CE will now benefit from security updates and bug fixes more quickly, without incurring additional technical debt to backport to older versions of FreeBSD.
- Deprecated older IPsec transforms: This means that they will no longer be supported in this or future versions of pfSense software. Please check the release notes to determine if you need to migrate your IPsec infrastructure to a supported transform before updating.
- Added support for ChaCha20-Poly1305 to IPsec: ChaCha20-Poly1305 is also used in WireGuard and OpenVPN w/DCO, and provides an additional secure AEAD transform for all three VPN systems.
- Addressed issues with unbound crashes: A number of issues with unbound crashes have been addressed. These include a fix for an issue that could cause unbound to crash when receiving certain DNS queries.
- Added new packet capture GUI: A new packet capture GUI has been added, enhancing the ability to capture and analyze network traffic.
- Added UDP broadcast relay package: A new UDP broadcast relay package has been added. This package can be used to relay UDP broadcast packets between networks.