Die Entwickler der Open Source Firewall, pfSense, haben das Maintenance Release der Serie 2.3.x in Version 2.3.2-p1 veröffentllicht. Neben der Fehlerbehebung von 34 Bugs, bringt dieses Release auch 2 neue Features mit.
Neben den aktuellen Updates von OpenSSL in FreeBSD wurden auch einige verwendete Pakete wie:
- PHP auf 5.6.26
- libidn auf 1.33
- curl auf 7.50.3
- libxml2 auf 2.9.4
aktualisiert.
Das Update ist wie immer relativ einfach und über die Web-GUI durchführbar. Zum nachlesen lohnt ein Blick in den Upgrade Guide
Leider gibt es noch folgende Reg ressions / Probleme zwischen den Versionen 2.2.6 und dem 2.3 Release:
- IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
- IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
- Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223
pfSense 2.3.2-p1 Bugfixes und Features
| # | Tracker | Status | Priorität | Thema |
| 6824 | Bug | Rejected | Normal | Tab diagnostics does not recognize disk volume |
| 6813 | Bug | Resolved | Urgent | 2.3.3 built on Fri Sep 23 11:34:50 CDT 2016 – segfaulting processes result in non-functional system |
| 6801 | Bug | Resolved | Normal | Rule separators are moving when multiple firewall rules are deleted together |
| 6788 | Bug | Resolved | Low | [2.3.3] Services – NTP – Settings: Prefer/No Select checkboxes invisible when adding entries |
| 6780 | Bug | Resolved | Normal | status_logs_settings.php / system.inc: Remote syslog options need to catch up with changes in syslog config |
| 6771 | Bug | Resolved | Normal | Configuration backup count is not respected |
| 6762 | Bug | Resolved | Normal | Please match the requested format error in Chrome when editing certain form fields |
| 6759 | Bug | Resolved | Normal | system_authservers.php – LDAP “Bind Credentials” password is not masked |
| 6730 | Bug | Resolved | Normal | dnsmasq – Ignoring query from non-local network |
| 6724 | Bug | Resolved | Low | VLAN interface displayed wrong through interface assignment |
| 6723 | Feature | Resolved | Low | Make OpenVPN widget update dynamically |
| 6720 | Bug | Resolved | High | DHCPD Options in “Sub-“Pools ignored, dhcpd.conf does not contain informations, dhcpd therefore not serving |
| 6716 | Bug | Resolved | Normal | services_unbound_acls: Network “Delete” button is not hidden if only on network listed |
| 6715 | Bug | Resolved | Normal | diag_traceroute.php suggestions |
| 6713 | Bug | Resolved | Normal | diag_tables table or alias or database? |
| 6710 | Bug | Resolved | Normal | diag_resetstate.php confirmation prompt even if checkboxes unchecked |
| 6709 | Bug | Resolved | Normal | diag_resetstate select or all? |
| 6708 | Bug | Resolved | Normal | diag_sockets wrong info |
| 6706 | Bug | Resolved | Normal | diag_routes Use a regular expression description or use |
| 6705 | Bug | Resolved | Normal | diag_routes “Rows to display” is off by one |
| 6704 | Bug | Resolved | Normal | diag_edit.php Go to Line limits |
| 6703 | Feature | Resolved | Normal | diag_edit.php suggestion |
| 6701 | Bug | Resolved | Normal | diag_authentication.php related status link |
| 6700 | Bug | Resolved | Normal | dhcp6 Related log entries |
| 6676 | Bug | Resolved | Normal | Delete NAT rule with associated firewall rule does not update firewall separators position |
pfSense Release Notes 2.3.2-p1: https://blog.pfsense.org/?p=2122
2.3.2 Update 1 (Pending)
- FreeBSD-SA-16:26.openssl – Multiple vulnerabilities in OpenSSL. The only significant impact on pfSense is OCSP for HAproxy and FreeRADIUS.
- Several HyperV-related Errata in FreeBSD 10.3, FreeBSD-EN-16:10 through 16:16. See https://www.freebsd.org/relnotes/10-STABLE/errata/errata.html for details.
- Several built-in packages and libraries have been updated, including:
- PHP to 5.6.26
- libidn to 1.33
- curl to 7.50.3
- libxml2 to 2.9.4
- Added encoding to the ‘zone’ parameter on Captive Portal pages.
- Added output encoding to diag_dns.php for results returned from DNS. #6737
- Worked around a Chrome bug with regular expression parsing of escaped characters within character sets. Fixes “Please match the requested format” on recent Chrome versions. #6762
- Fixed DHCPv6 server time format option #6640
- Fixed /usr/bin/install missing from new installations. #6643
- Increased filtering tail limit for logging so searching will locate sufficient entries. #6652
- Cleaned up Installed Packages widget and HTML. #6601
- Fixed widget settings corruption when creating new settings. #6669
- Fixed various typos and wording errors.
- Removed defunct links to the devwiki site. Everything is on https://doc.pfsense.org now.
- Added a field to CA/Cert pages for OU, which is required by some external CAs and users. #6672
- Fixed a redundant HTTP “User-Agent” string in DynDNS updates.
- Fixed the font for sortable tables.
- Added a check to verify if an interface is active in a gateway group before updating dynamic DNS.
- Fixed wording of the “Reject leases from” option for a DHCP interface (it can only take addresses, not subnets.) #6646
- Fixed error reporting for SMTP settings test.
- Fixed saving of country, provider, and plan values for PPP interfaces
- Fixed checking of invalid “Go To Line” numbers on diag_edit.php. #6704
- Fixed off-by-one error with “Rows to Display” on diag_routes.php. #6705
- Fixed description of the filter box on diag_routes.php to reflect that all fields are searchable. #6706
- Fixed description of the box for the file to edit on diag_edit.php. #6703
- Fixed description of the main panel on diag_resetstate.php. #6709
- Fixed warning dialog when a box is unchecked on diag_resetstate.php. #6710
- Fixed log shortcut for DHCP6 areas. #6700
- Fixed the network delete button showing when only one row was present on services_unbound_acls.php #6716
- Fixed disappearing help text on repeatable rows when the last row is deleted. #6716
- Fixed dynamic DNS domain for static map DHCP entries
- Added control to set dashboard widget refresh period
- Added “-C /dev/null” to the dnsmasq command line parameters to avoid it picking up an incorrect default configuration which would override our options. #6730
- Added “-l” to traceroute6 to show both IP Addresses and Hostnames when resolving hops on diag_traceroute.php. #6715
- Added note about max ttl/hop limit in source comment on diag_traceroute.php.
- Clarified language on diag_tables.php. #6713
- Cleaned up the text on diag_sockets.php. #6708
- Fixed display of VLAN interface names during console assignment. #6724
- Fixed domain-name-servers option showing twice in pools when set manually.
- Fixed handling of DHCP options in pools other than the main range. #6720
- Fixed missing hostnames in some cases with dhcpdv6. #6589
- Improved pidfile handling for dhcpleases.
- Added checks to prevent accessing an undefined offset in IPv6.inc.
- Fixed the display of the alias popup and edit options on source and destination for both the address and port on outbound NAT.
- Fixed handling of backup config count. #6771
- Removed some dangling PPTP references that are no longer relevant.
- Fixed up/caught up remote syslog areas. Added “routing”, “ntpd”, “ppp”, “resolver”, fixed “vpn” to include all VPN areas (IPsec, OpenVPN, L2TP, PPPoE Server). #6780
- Fixed missing checkboxes in some cases when adding rows on services_ntpd.php. #6788
- Revised service running/stopped icons.
- Added a check to CRL management to remove certificates from the drop-down list that are already contained in the CRL being edited.
- Fixed rule separators moving when multiple firewall rules are deleted at the same time. #6801