pfSense Security und Bugfix Update 2.4.2

Für die Open-Source Firwall, pfSense von Netgate, gibt es das aktuelle Update 2.4.2. Dieses Update bringt neben Sicherheitspatchen auch 55 Bugfixes, sowie einige Neuerungen mit.

pfSense 2.4.2 Release Notes

Security / Errata


  • Fixed PPP interfaces with a VLAN parent when using the new VLAN names #7981
  • Fixed issues with QinQ interfaces failing to show as active #7942
  • Fixed a panic/crash when disabling a LAGG interface #7940
  • Fixed issues with LAGG interfaces losing their MAC address #7928
  • Fixed a crash in radvd on SG-3100 (ARM) #8022
  • Fixed an issue with UDP packet drops on SG-1000 #7426
  • Added an interface to manage the built-in switch on the SG-3100
  • Trimmed more characters off the interface description to avoid console menu output line wrapping on a VGA console
  • Fixed handling of the VIP uniqueid parameter when changing VIP types
  • Fixed PPP link parameter field display when a VLAN parent interface was selected #8098

Operating System

  • Fixed issues resulting from having a manually configured filesystem layout with a separate /usr slice #8065
  • Fixed issues updating ZFS systems created ZFS using an MBR partition scheme (empty /boot due to bootpool not being imported) #8063
  • Fixed issues with BGP sessions utilizing MD5 TCP signatures in routing daemon packages #7969
  • Updated dpinger to 3.0
  • Enhanced the update repository selection choices and methods
  • Updated the system tunables that tell the OS not harvest data from interrupts, point-to-point interfaces and Ethernet devices to reflect the new name/format for FreeBSD 11
  • Changed ruleset processing so that it retries if another process is in the middle of an update, rather than presenting an error to the user
  • Fixed some UEFI boot issues on various platforms


  • Fixed invalid entries in /etc/ssl/openssl.cnf (only affected non-standard usage of openssl in the cli/shell) #8059
  • Fixed LDAP authentication when the server uses a globally trusted root CA (new CA selection for “Global Root CA List”) #8044
  • Fixed issues creating a certificate with a wildcard CN/SAN #7994
  • Added validation to the Certificate Manager to prevent importing a non-certificate authority certificate into the CA tab #7885


  • Fixed a problem using IPsec CA certificates when the subject contains multiple RDNs of the same type #7929
  • Fixed an issue with enabling IPsec mobile client support in translated languages #8043
  • Fixed issues with IPsec status display/output, including multiple entries (one disconnected, one connected) #8003
  • Fixed display of multiple connected mobile IPsec clients #7856
  • Fixed display of child SA entries #7856


  • Added an option for OpenVPN servers to utilize “redirect-gateway ipv6” to act as the default gateway for connecting VPN clients with IPv6, similar to “redirect-gateway def1” for IPv4. #8082
  • Fixed the OpenVPN Client Certificate Revocation List option #8088

Traffic Shaping

  • Fixed an error when configuring a limiter over 2Gb/s (new max is 4Gb/s) #7979
  • Fixed issues with bridge network interfaces not supporting ALTQ #7936
  • Fixed issues with vtnet network interfaces not supporting ALTQ #7594
  • Fixed an issue with Status > Queues failing to display statistics for VLAN interfaces #8007
  • Fixed an issue with traffic shaping queues not allowing the total of all child queues to be 100% #7786
  • Fixed an issue with limiters given invalid fractional/non-integer values from limiter entries or passed to Captive Portal from RADIUS #8097


  • Fixed selection of IPv6 gateways when creating a new firewall rule #8053
  • Fixed errors on the Port Forward configuration page resulting from stale/non-pfSense cookie/query data #8039
  • Fixed setting VLAN Priority via firewall rules #7973


  • Fixed a problem with XMLRPC synchronization when the synchronization user has a password containing spaces #8032
  • Fixed XMLRPC Issues with Captive Portal vouchers #8079


  • Added an option to disable HSTS for the GUI web server #6650
  • Changed the GUI web service to block direct download of .inc files #8005
  • Fixed sorting of Services on the dashboard widget and Services Status page #8069
  • Fixed an input issue where static IPv6 entries allowed invalid input for address fields #8024
  • Fixed a JavaScript syntax error in traffic graphs when invalid data is encountered (e.g. user was logged out or session cleared) #7990
  • Fixed sampling errors in Traffic Graphs #7966
  • Fixed a JavaScript error on Status > Monitoring #7961
  • Fixed a display issue with empty tables on Internet Explorer 11 #7978
  • Changed configuration processing to use an exception rather than die() when it detects a corrupted configuration
  • Added filtering to the pfTop page
  • Added a means for packages to display a modal to the user (e.g. reboot required before package can be used)


  • Fixed display of available updates on the Installed Packages Dashboard widget #8035
  • Fixed a font issue in the Support Dashboard widget #7980
  • Fixed formatting of disk slices/partitions in the System Information Dashboard widget
  • Fixed an issue with the Pictures widget when there is no valid picture saved #7896


  • Fixed display of packages which have been removed from the repository in the Package Manager #7946
  • Fixed an issue displaying locally installed packages when the remote package repository is unavailable #7917


  • Fixed interface binding in ntpd so it does not erroneously listen on all interfaces #8046
  • Fixed a problem where restarting the syslogd service would make sshlockout_pf process orphans #7984
  • Added support for the ClouDNS dynamic DNS provider #7823
  • Fixed an issue in the User and Group Manager pages when operating on entries immediately after deleting an entry #7733
  • Changed the setup wizard so it skips interface configuration when run on an AWS EC2 Instance #6459
  • Fixed an IGMP Proxy issue with All-multicast mode on SG-1000 #7710

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.

Adblock Detected!

Taste-of-IT ist nur machbar, wenn auch die Werbung angezeigt wird. Wir versuchen hierbei diese so dezent wie möglich einzubinden, sodass der Besuch nicht beeinträchtigt wird. Unterstütze uns und setze in die Whitelist deines Browser. Vielen Dank