pfSense – Update 2.3.2

      Keine Kommentare zu pfSense – Update 2.3.2

Die Entwickler der Open Source Firewall, pfSense, haben das Update 2.3.2 veröffentlicht. Dieses behebt 60 Fehler, bringt 8 Features und beinhaltet 2 Aufgaben von der ToDo-Liste.

https://doc.pfsense.org/index.php?title=2.3.2_New_Features_and_Changes

Weiterhin wurde die Anzahl an verfügbaren Paketen weiter verkleinert. Das pfSense Team hat alle Softwarepaket aussortiert die:

  • Apache with mod_security-dev / Proxy Server with mod_security – neither ever worked well, no active maintainer.
  • apcupsd – no package maintainer, not converted
  • arpwatch – no package maintainer, not converted
  • Asterisk – no package maintainer, not converted
  • bacula-client – no package maintainer, not converted
  • bandwidthd – caused stability problems for some, no package maintainer, not converted
  • bind – no package maintainer, not converted
  • check_mk agent – no package maintainer, not converted
  • DansGuardian – the upstream DansGuardian package is no longer maintained.
  • diag_new_states – no package maintainer, not converted
  • dns-server – no package maintainer, not converted
  • File Manager – no package maintainer, not converted
  • Filer – no package maintainer, not converted
  • HAVP antivirus and its dashboard widgets – the upstream HAVP project is no longer maintained. Antivirus support is now built into the Squid package.
  • imspector – the upstream imspector project is no longer maintained, and doesn’t function with current instant messaging protocols.
  • ipguard-dev – no package maintainer, not converted
  • lcdproc and lcdproc-dev – not converted.
  • mailscanner – no package maintainer, not converted
  • netio – no package maintainer, not converted
  • ntop – ntop has been deprecated by its creator in favor of ntopng.
  • ntopng – ntopng package was removed from FreeBSD ports because it no longer compiled. That issue has recently been fixed, and the package will return soon.
  • olsrd – no package maintainer, not converted
  • PHPService – no package maintainer, not converted
  • Postfix Forwarder – not converted (pending pull request)
  • Sarg – deprecated in favor of lightsquid
  • spamd – no package maintainer, not converted
  • squid / squid3 – the squid packages have been consolidated into a single squid package, using version 3.5. The “squid3” package has been removed, and the “squid” package is now version 3.
  • squidGuard / squidGuard-devel – the squidGuard packages have been consolidated into a single option. The squidGuard-devel version no longer exists.
  • SSHDCond – no package maintainer, not converted
  • stunnel – no package maintainer, not converted
  • TFTP – no package maintainer, not converted
  • tinc – no package maintainer, not converted
  • urlsnarf – no package maintainer, not converted
  • Varnish3 – no package maintainer, not converted
  • vHosts – no package maintainer, not converted
  • vnstat2 – being replaced with a new vnStat package
  • widentd – no package maintainer, not converted
  • Zabbix-2 agent – not converted. Zabbix LTS available as alternative.
  • Zabbix-2 proxy – not converted. Zabbix LTS available as alternative.

Wieder mit dabei sind jedoch folgende 2 neue Pakete:

  • ntopng
  • vnstat

pfSense 2.3.2 Liste der behobenen Bugs

# Thema
6622 DHCP Server: Dynamic DNS required fields are ambiguous
6617 “UNKNOWN” links in package manager
6613 Interface mismatch allows applying changes without saving them
6597 “PPPoE clients” placeholder wrong in firewall rules, floating rules on PPPoE creates broken ruleset
6595 Checking advanced DHCP config checkbox breaks option to ignore DHCP lease from specific IP
6590 Services – NTP: leap seconds file upload does not work
6589 dhcpd.leases missing hostnames in some cases
6587 interfaces_gif_edit.php: Link flag changes need to catch up with FreeBSD
6586 interfaces_gre_edit.php: Checkbox options that set link0, link1, and link2 appear to be no-ops on FreeBSD now
6585 status_logs_filter.php ipv6 support (reverse lookup)
6582 Import on Firewall/Aliases Only Works for IPs
6581 Router Advertisement forces (possibly empty) interface subnet contrary to GUI text, can crash radavd on boot.
6577 pkg_edit.php: rowhelper data not preserved on validation error
6573 /var/run/dmesg.boot
6561 diag_dns.php IPv6 support
6560 Add php shell sessions to enable and disable Persistent CARP Maintenance Mode
6557 nanobsd upgrades may fail from lacking resolv.conf
6553 net.inet.ip.dummynet.pipe_slot_limit can’t be set manually, should be automatic
6552 Invalid IPv6 address formats possible
6551 Invalid IPv6 address can be entered
6548 Enclosed delimiters not protected in DHCP client advanced options
6543 Some leases do not show up in DHCPv6 Lease status
6536 update + reboot, did not trigger the webgui 90 second countdown
6533 Allow configuration of Min and MaxRtrAdvInterval, AdvDefaultLifetime
6531 Kill states doesn’t work for states with translated destination
6530 Kill states doesn’t work for ‘in’ direction
6523 Firewall/Aliases/Ports: Unclear description and/or result of desired format
6516 Calendar date picker on system_usermanager.php only works in Chrome
6515 link_interface_to_vips slow with large numbers of VIPs
6514 services_captiveportal_zones_edit.php: Zone name cannot start with a number
6513 IKE mode auto omits aggressive from ipsec.conf
6510 Core files can fill up /var/run/
6509 Status monitoring not displaying graphs
6506 IPv6 static routes omit interface scope of link-local gateways
6505 dpinger – socket name too large
6504 services_dhcp.php: DHCP Static Mappings table should be sortable
6499 pf fragment states not purged
6498 firewall_nat_npt_edit.php: IPv4 addresses can be entered, but the page is only for IPv6
6494 Hang during bootup on lock(‘filter.lock’)
6464 X axis ticks don’t respond to resolution for custom time periods
6458 DHCP6 is enabled on AWS EC2 instance
6450 Deleting yourself in User Manager results in an empty user tag in the config
6446 Hyper-V “runtime went backwards” logs
6437 CBQ queues are not displaying options for bandwidth or borrowing
6416 wrong number for speed in /usr/local/www/services_ntpd_gps.php
6402 Monitoring won’t save default configuration of 8 hours with 1 minute resolution, resets resolution to 5 minutes when switching from 1 hour, 1 minute resolution
6399 Alias type not available from config during alias url table creation
6395 Comments are not removed from URL Table (Ports) links
6394 INCORRECT OUTPUT OF TRANSLATION
6388 Status / Dashboard save changes for all users
6372 OpenVPN client page does not expose proxy port field
6364 PHP Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 32 bytes) in /usr/local/www/status_carp.php on line 261
6355 DHCP relay listens for dhcp requests on the upstream interface.
6334 No data periods in monitoring are represented as 0 (zero). Skewing averages.
6317 vlan/track interface generates error “Can’t assign requested address” during boot
6315 tftp-proxy is not functioning properly through xinetd
6297 rc.linkup doesn’t trigger filter reload
6291 Serial console data fields not displayed on nanobsd VGA
6260 Namecheap Dynamic DNS does not accept * for hostname even though it is valid
6181 Updating url alias tables fails when remote server returns empty document.
6172 Restore the traffic totals previously displayed in RRD graphs data summary.
6139 vpn_openvpn_server.php – When saving a server, all CSCs should be resynced
6074 Odd wrap behavior on sortable tables
6050 services_dhcp.php: “Network booting” section default style is confusing/easy to overlook
6044 system>monitoring tooltip unit “null” for some graphs
6002 UPNP presentation_url and model_number
5990 AES-GCM should be an allowed encryption algorithm for IKEv2 in P1
4754 enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics
4639 NAT fails to correctly translate udp port numbers embedded in certain ICMP error packets
3069 traceroute6 fails to timeout and hangs the webconfigurator GUI

pfSense 2.2.6 und 2.3.2 bekannte Probleme

  • IPsec IPComp does not work. This is disabled by default. However in 2.3.1, it is automatically not enabled to avoid encountering this problem. Bug 6167
  • IGMP Proxy does not work with VLAN interfaces, and possibly other edge cases. Bug 6099. This is a little-used component. If you’re not sure what it is, you’re not using it.
  • Those using IPsec and OpenBGPD may have non-functional IPsec unless OpenBGPD is removed. Bug 6223

pfSense Release Notes 2.3.2 – https://blog.pfsense.org/?p=2108

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

This site uses Akismet to reduce spam. Learn how your comment data is processed.