Het pakket OPNsense is een firewall met uitgebreide mogelijkheden. Het is gebaseerd op het besturingssysteem FreeBSD en is oorspronkelijk een fork van m0n0wall en pfSense. Het pakket kan volledig via een webinterface worden ingesteld en heeft onder andere ondersteuning voor mfa, OpenVPN, IPsec, CARP en captive portal. Daarnaast kan het packetfiltering toepassen en beschikt het over een traffic shaper. De ontwikkelaars achter OPNsense hebben versie 26.1.2 uitgebracht en de releasenotes voor die uitgave kunnen hieronder worden gevonden.
OPNsense 26.1.2 releasedThis is a smallish update with a number of fixes and another round of Python CVEs addressed. New images based on this stable version are planned for next week. At the moment work focuses on the IPv6 support for the captive portal which should not be too far away now. The 26.7 roadmap will also be published at the end of this month.
Here are the full patch notes:
- system: remove "upstream" from gateway grid as priority already reflects the proper data
- system: adjust gateway group priority (tier) wording
- interfaces: fix wlanmode argument usage
- firewall: fix target mapping inconsistency leading to references not being processed in destination NAT
- firewall: use local-port as target when specified in destination NAT
- firewall: fix missing reply-to when not specifically set in new rules
- firewall: live view: fix parsing of combined filters stored as converted strings
- firewall: fix group rename in source_net, destination_net and SNAT/DNAT target fields
- firewall: add tcpflags_any in new rules GUI for parity with legacy rules
- firewall: exclude loopback from interface selectpicker in new rules GUI
- firewall: well known ports added to filter rule selection
- firewall: undefined is also "*" in new rules grid
- firewall: add download button for validation errors in rule import
- firewall: allow TTL usage on host entries
- firmware: avoid update-hook background cleanups
- firmware: revoke 25.7 fingerprint
- kea: fix subnets GUI missing root node
- radvd: change tabs to spaces in radvd.conf for better maintenance
- unbound: safeguard the blocklist tester against empty configuration testing
- mvc: add $separator as parameter for CSV export and switch the default to a semicolon
- mvc: InterfaceField: minor adjustments and add resetStaticOptionList()
- mvc: catch empty data in CSV import
- tests: Shell: add testing framework
- plugins: os-haproxy 5.0
- ports: expat 2.7.4
- ports: hostwatch 1.0.12 now rate-limits database writes for recently seen hosts
- ports: ldns 1.9.0
- ports: nss 3.120
- ports: openldap 2.6.12
- ports: openvpn 2.6.19
- ports: py-duckdb 1.4.4
- ports: python additional security fixes
:fill(white):strip_exif()/i/2007222016.jpeg?f=thumbmedium)
:strip_icc():strip_exif()/u/55696/crop66942ced176a1_cropped.jpg?f=community){kind=small}
/u/94596/crop643fb12fd4e6d.png?f=community){kind=small}
/u/2315406/crop68f93a6430c94_cropped.png?f=community){kind=small}
:strip_icc():strip_exif()/u/219282/crop65bfaacd66e4c_cropped.jpg?f=community){kind=small}