Die Open-Source Firewall und Fork von PFsense, OPNsense, wurde in Version 18.7 als Release Candidate 2 veröffentlicht. Das Update enthält ebenso die neu Version 4.0.5 von Suricata.
OPNsense 18.7 RC2 Änderungen
- system: show fingerprint in certificate details (contributed by Robin Schneider)
- system: fix NextCloud file name format (contributed by Fabian Franz)
- system: allow remote backup via cron command
- system: clarify interface labels for NetFlow generator
- system: restart syslog when interface bind addresses may have changed
- system: do not use forced down gateways for default gateway switching
- system: allow USB-based serial ports
- interfaces: allow /0 to /32 in 6rd and align prefix length calculation with effective prefix used
- interfaces: 6rd validation and avoid listing on assignment page
- firewall: remove virtual IP network address restrictions for IPv6
- firewall: ignore namelookup when no nameservers are configured
- firewall: drop detail description field in preparation for alias API
- firewall: do not emit reflection rules for the wrong address family
- firewall: properly handle 6rd / 6to4 tunnel device in rule generation
- firewall: allow to select external aliases
- dashboard: add a 6 widget columns option
- firmware: slightly improve remote probing of kernel and base set
- firmware: hide upgrade banner when update is done
- installer: give basic tip that GUI IP can be set in console (contributed by stilez)
- intrusion detection: clean up previously installed rules
- ipsec: add mutual RSA and EAP-MSCHAPv2 support
- monit: fix UI issues (contributed by Frank Brendel)
- ntp: typo in SiRF selection
- openvpn: change IP calculation of /31 tunnel networks (contributed by Daniil Baturin)
- openvpn: move generation of client connect / disconnect directives to server mode block
- openvpn: properly translate several validation messages
- openvpn: disable use of /32 tunnel networks
- shell: show SSH and HTTPS fingerprints in banner (contributed by Robin Schneider)
- shell: reset DHCPv6 configuration during port reconfigure
- shell: clarify install media login message (contributed by stilez)
- shell: move banner display to top
- unbound: add latest root hints to standard configuration
- web proxy: allow to not use request or response URL in ICAP
- mvc: multiselect may allow empty option, no need to give blank item too
- plugins: os-frr 1.4 cleans up redistribute options (contributed by ShaRose)
- plugins: os-zabbix-proxy 1.1 adds PSK-based encryption (contributed by fzoske)
- plugins: os-theme-cicada 1.2 (contributed by Team Rebellion)
- plugins: os-theme-rebellion 1.2 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.1 (contributed by Team Rebellion)
- plugins: os-openconnect 1.1 (contributed by Michael Muenz)
- plugins: os-net-snmp 1.0 fix for listening field (contributed by Michael Muenz)
- plugins: os-haproxy 2.7 restores multiselect where needed (contributed by Frank Wall)
- plugins: os-web-proxy-sso 2.2 UI fixes (contributed by Smart-Soft)
- ports: dhcp6c now supports raw option send and receive (contributed by Team Rebellion and Christoph Engelbert)
- ports: suricata 4.0.5[1]