Menü Schließen

OPNsense 24.1.2 Bugfix und Suricata 7 Release

OPNsense Logo

Die Open-Source Firewall OPNSense erhielt in der Community Version das Update 24.1.2. Damit folgen in kürzester Zeit wichtige Updates, was auf eine aktive Entwicklkung hindeutet und so für die Stabilität von OPNsense spricht.

Das Update Surricata 7, es wurden die relevanten Default Optionen zum laufen von Surricata und Netmap ausfindig gemcht,zurück. Weiterhin gibt es Bugfixes im DHCP Kea und das Update aufFreeBSD 13.2-p10, dass DDoS Angriffe einschränkt. Achtung das Update braucht einen Reboot.

OPNsense 24.1.2 Release Notes

  • system: accept colon character in log queries
  • system: add issuer and logo to OTP link
  • system: fix gateway migration issue causing individual items to be skipped
  • reporting: update traffic graph colors to be contrast and consistent (contributed by brotherla)
  • interfaces: fix strpos() deprecation null haystack
  • interfaces: add missing ACL entries for ARP/NDP tables
  • interfaces: fix VXLAN validation
  • firewall: change default traffic normalization behavior and choose “in” as standard direction for manual rules
  • firewall: make select width more consistent on alias diagnostics table selection
  • dhcp: set RemoveAdvOnExit to off in CARP mode for router advertisements
  • dhcp: make sure the register DNS leases options reflect that this is only supported for ISC DHCP
  • dhcp: make option_data_autocollect option more explicit in Kea
  • dhcp: gather missing Kea leases another way since the logs are unreliable
  • dhcp: add address constraint to Kea reservations
  • dhcp: add unique constraint for MAC address + subnet in Kea
  • dhcp: add domain-name to client configuration in Kea
  • dhcp: loosen constraints for TFTP boot in Kea
  • intrusion detection: adjust for default behaviour changes in Suricata 7
  • ipsec: improve enable button placement on connections page
  • ipsec: show EAP-RADIUS settings only when legacy tunnels are being used
  • ipsec: allow % to support %any in ID for connections
  • openvpn: when “cert_depth” is left empty it should ignore the value
  • openvpn: data-ciphers-fallback should be a single option
  • openvpn: fix support for /30 p2p/net30 instances
  • openvpn: add “various_push_flags” field for simple boolean server push options in connections
  • unbound: prevent os.write() on None when another thread closed the pipe in Python module
  • wireguard: key constraints should only apply on peers and not instances
  • wireguard: peer uniqueness should depend on pubkey + endpoint
  • wireguard: skip attached instance address routes
  • wireguard: remove duplicate ID columns
  • mvc: fix Phalcon 5.4 and up
  • src: jail: fix information leak[1]
  • src: bhyveload: use a dirfd to support -h[2]
  • src: EVFILT_SIGNAL: do not use target process pointer on detach[3]
  • src: setusercontext(): apply personal settings only on matching effective UID[4]
  • src: re: generate an address if there is none in the EEPROM
  • src: wg: detect loops in netmap mode
  • src: wg: detach bpf upon destroy as well
  • src: wg: fix access to noise_local->l_has_identity and l_private
  • src: wg: fix erroneous calculation in calculate_padding() for p_mtu == 0
  • plugins: os-acme-client 4.1[5]
  • plugins: os-ddclient 1.21[6]
  • plugins: os-dnscrypt-proxy 1.15[7]
  • ports: dnsmasq 2.90[8]
  • ports: openvpn 2.6.9[9]
  • ports: phalcon 5.6.1[10]
  • ports: radvd adds upstream patch for RemoveAdvOnExit option
  • ports: suricata 7.0.3[11]
  • ports: unbound 1.19.1[12]

2 Kommentare

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert