Software-update: OPNsense 25.7.3

Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben de derde update voor versie 25.7 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.

OPNsense 25.7.3 released

The Tabulator introduction into MVC grid views was a major success with virtually no complaints. Did you notice? Maybe you will now that more features have been unlocked: Dnsmasq grids group by interfaces, firewall automation rules now can show folders using categories and row count default and selections have been increased. A few performance and UX tweaks were carried out as well while at it.

StrongSwan moves to version 6.0.1 now after elaborate testing. The "make_before_break" value was flipped from off to on in their version jump, but the settings will still default to off for everyone unless already otherwise configured.

Here are the full patch notes:

• system: properly check request type on HA status page in restartAllAction() (reported by Stanislav Fort of Aisle Research)
• system: prevent misconfigurations with the automatic user creation option
• system: add pluginctl hook for cache_flush
• system: rewrite wwwonly bootstrap procedure
• system: allow authentication events from wwwonly user
• interfaces: moved get_real_interface() to util.inc
• firewall: add "quick" mode in alias update to skip table size comparison during schedules
• firewall: adjust firewall_rule_lookup to open correct interface and rule from firewall live log
• firewall: add port alias selection to source_port and destination_port
• firewall: implement alias description tooltip and other UX tweaks
• firewall: add optional Tabulator tree view to show categories as rule folders in automation
• firewall: put sequence and sort_order in advanced mode of automation rules
• firewall: front-end table rendering performance improvement for alias diagnostics
• firewall: also set groups for special IPv6 interfaces
• firewall: ignore empty lines for pf table counting
• firewall: support tags in source NAT automation rules
• firewall: allow alias nesting for URL tables
• captive portal: move backend scripts directory
• captive portal: various style cleanups
• captive portal: restyle default login template
• dnsmasq: add Tabulator "groupBy" functionality to group by interfaces
• dnsmasq: add leases widget that shows latest leases
• firmware: add US east coast mirror for business edition
• firmware: opnsense-patch: fix cache flush using new hook
• firmware: add vuxml.freebsd.org to CRL handling hostnames
• intrusion detection: fix downloads tab not loading with Tabulator
• ipsec: add default value to "make_before_break" that retains disabled default
• monit: move backend scripts directory
• mvc: BaseModel: minor non-functional cleanups
• mvc: ModelRelationField: keep array structure in memory to avoid reinitiating object construction
• mvc: tweaked model definitions, especially descriptions and validation message style
• mvc: slightly adjust two getOption() calls in constraints
• mvc: BaseListField: always map values in getDescription()
• mvc: BaseListField: account for option container and passthrough value
• mvc: remove getCurrentValue() compatibility wrapper
• mvc: Backend: always return strings in configdRun() and configdpRun()
• mvc: improve replaceInputWithSelector() to support an empty placeholder
• mvc: stream output not properly cleansed when used in widget (reported by Stanislav Fort of Aisle Research)
• ui: bootgrid: add tabulatorOptions to translateCompatOptions()
• ui: bootgrid: raise rowCount default to 50 and adjust selections accordingly for most pages
• ui: bootgrid: simplify custom grid command additions
• plugins: os-caddy 2.0.3
• plugins: os-frr 1.47
• plugins: os-netbird 1.0 (contributed by Gauss23 and Bethuel Mmbaga)
• plugins: os-nginx 1.35
• plugins: os-squid 1.3
• src: libfetch: ignore leaf certificates missing CRL which in practice is not offered by most authorities
• src: assorted network stack fixes via stable/14
• src: if_ovpn: support IPv6 link-local addresses
• src: if_ovpn: support floating clients
• src: if_ovpn: fill out sin_len/sin6_len
• src: if_ovpn: destroy cloned interfaces via a prison removal callback
• src: ifconfig: support VLAN ID in static/deladdr
• ports: krb5 1.22.1
• ports: nss 3.115.1
• ports: perl 5.42.0
• ports: php 8.3.25
• ports: strongswan 6.0.1