Die Open-Source Firewall OPNsense wurde vor wenigen Tagen in Version 18.7.45veröffentlicht. Das Update behebt kleinere Fehler, nähert sich der Fertigstellung der Firewall Alias API, IPsec in Phase 1 das Multiple DH Gruppen und Hashes simultant auswählen lässt um so den Anfroderungen zwischen verschiedenen Mobile-Clients nachzukommen, und führt mehr mehr Möglichkeiten des NGinx Plugin (limiting, permanent bans, cache usw.) ein.
OPNsense 18.7.5 Release Notes
- system: add (de)select all option in LDAP importer
- firewall: keep previous content for URL alias on fetch error
- firewall: make schedule icon reflect current schedule state (contributed by framer99)
- firewall: toggle and migration fix for upcoming alias API
- firewall: round-robin limitation is for host alias outbound NAT only
- firewall: resolve network addresses in kernel for static routes bypass option
- firewall: do not clean up visible records when limit was not reached
- firewall: do not hardcode live log pass / block colours
- firewall: add live log direction icons
- firmware: shorten shaper name and assorted cleanups
- firmware: fix upgrade compatibility with FreeBSD 11.2
- firmware: use opnsense-version where appropriate
- firmware: correctly translate GUI buttons (contributed by Smart-Soft)
- dnsmasq: use more robust approach to interface binding
- ipsec: more secure phase 1 default settings (contributed by Michael Muenz)
- ipsec: support for multiple phase 1 DH groups and hashes
- openvpn: option to match CSO against common_name or login (contributed by Fabio Prina)
- unbound: fix usage of the remote control backend calls
- unbound: remove faulty “DHCP” label hint for IPv6 link-local registration option
- web proxy: several corrections for PAC template
- backend: fix CPU hogging when reading on already disconnected streams
- mvc: speed up parsing very large config files
- mvc: add single select constraint
- mvc: add UUID field to the result of addBase (contributed by CJ)
- ui: sidebar UX improvements (contributed by Team Rebellion)
- ui: use single guillemets for previous/next page
- plugins: os-acme-client /var MFS awareness
- plugins: os-cicada 1.5 (contributed by Team Rebellion)
- plugins: os-collectd 1.2 makes hostname override optional (contributed by Michael Muenz)
- plugins: os-dyndns 1.10 adds CloudFlare IPv6 support (contributed by Charles Ulrich)
- plugins: os-net-snmp 1.2 adds write access for users (contributed by Michael Muenz)
- plugins: os-nginx 1.2[1] (contributed by Fabian Franz)
- plugins: os-ntopng hides interface selection under advanced (contributed by Michael Muenz)
- plugins: os-openconnect allows uppercase usernames (contributed by Michael Muenz)
- plugins: os-postfix 1.6 adds port field (contributed by Michael Muenz)
- plugins: os-telegraf 1.7.0 adds global tags, HAProxy input, prometheus output, fixes logging (contributed by Michael Muenz)
- plugins: os-tukan 1.4 (contributed by Team Rebellion)
- plugins: os-vnstat 1.0 (contributed by Michael Muenz)
- plugins: os-zerotier fixes status table (contributed by Christoph Engelbert)
- ports: mpd5 upstream MTU fix[2]
- ports: PHP 7.1.23[3]
A hotfix release was issued as 18.7.5_1:
- mvc: do not speed up parsing very large config files until fixed
Quelle: https://forum.opnsense.org/index.php?topic=9982.msg45573#msg45573