Die Firewall OPNsense erhielt das Update 21.7.6, das einige Fehler behebt Plugins aktualisiert und das Suricata 5-basierte Regelset mit bringt. Ebenso ist Suricata auf Version 6.0.4 aktualisiert worden und eine optionale Änderung der Netmap API Version 14 ist vorhanden.

OPNsense 21.7.6 Release Notes

• system: move logging remnants of Relayd/HAProxy to plugin code
• system: support XMLRPC authentication using API keys
• system: escape shell parameters in cron jobs
• system: system log widget auto-refresh (contributed by kulikov-a)
• interfaces: make is_linklocal() properly detect all link-local addresses (contributed by Per von Zweigbergk)
• firewall: properly translate “any” port to upper or lower port bound
• firewall: support any-to-X ranges for rules port input (contributed by kulikov-a)
• firewall: drop policy based routing validation on interface rules
• captive portal: missing tooltip in session window
• captive portal: “connected since” malformed due to datetime already being converted
• dhcp: add current IPv4 address to static lease creation (contributed by Taneli Leppa)
• intrusion detection: switch to ET-Open Suricata 5 rulesets
• intrusion detection: support multiple policy property in metadata
• ipsec: inline only caller of get_configured_vips_list()
• ipsec: avoid VTI device recreation when using hostnames
• backend: add configctl “-d” and “-q” options for future use
• plugins: os-acme-client 3.5[1]
• plugins: os-dyndns 1.27[2]
• plugins: os-etpro-telemetry 1.6 switches to Suricata 5 rulesets
• plugins: os-frr 1.24[3]
• plugins: os-nginx 1.24[4]
• plugins: os-telegraf 1.12.3[5]
• plugins: os-wireguard 1.9[6]
• plugins: os-zabbix-agent 1.10[7]
• plugins: os-zabbix-proxy 1.6[8]
• ports: suricata 6.0.4[9] with Netmap API version 14 enabled

Quelle: OPNsense 21.7.6 released