Die Open-Source Firewall OPNsense in der Community Edition erhielt im Dezember das Update 23.7.10 und am 4.1.2024 das Bugfix Release 23.7.11. Beides sind Bugfix Releases und zeigen fast das Ende der OPNsense Serie 23.7, während die neue Serie 24.1 kurz vor den Startlöchern steht. Das genaue Releasedatum steht jedoch noch nicht fest.
Im Release 23.7.11 wurde mittels Python das relevante FreeBSD certctl tool bits neugeschrieben, dass für die Registrierung der Zertifikate im System dient. Es sollte nun 30 Mal schneller als vorher sein.
OPNsense 23.7.11 Release Notes
- system: implement relevant certctl tool functionality in Python to increase performance
- system: fix log severity selector (contributed by kulikov-a)
- system: include IPv6 link-local interface addresses for web GUI and OpenSSH (contributed by Maurice Walker)
- system: update cron and gateways model
- interfaces: obey menu group sequence when specified
- firewall: fix traceback in OpenVPN group alias due to wrong return type
- firewall: fix missing physical_interface() in shaper template
- dhcp: cache backend action „interface list macdb“ to increase responsiveness
- dhcp: allow saving with invalid range when IPv4 server is disabled
- dhcp: do not clobber $range_to / $range_from with the legacy test for lower 64 bit only input
- firmware: opnsense-update: avoid rewriting .cshrc and .profile files on base set updates
- firmware: add audit messages for relevant API actions
- firmware: implement „always reboot“ option
- firmware: add unlocked mode to launcher script
- firmware: use pluggable package repository scripts
- lang: assorted language updates
- network time: prevent the service from listening on a wildcard when selecting specific interfaces (contributed by doktornotor)
- openvpn: add virtual IPv6 address to widget and status page (contributed by cs-1)
- openvpn: consider clients missing CARP VHID as disabled
- unbound: replace JustDomains with Firebog blocklists (contributed by Amy Nagle)
- unbound: update root hints
- plugins: os-acme-client 3.20[1]
- plugins: os-ddclient 1.19[2]
- plugins: os-wireguard 2.6[3]
- ports: curl 8.5.0[4]
- ports: nss 3.95[5]
- ports: php 8.2.14[6]
- ports: py-netaddr 0.10.0[7]
- ports: squid 6.6[8]
- ports: sudo 1.9.15p4[9]
Quelle: OPNsense 23.7.11 released
OPNsense 23.7.10 Release Notes
- system: improve config revision audit ability
- system: cleanse system_get_language_code() output
- system: safeguard /tmp/PHP_errors.log file before usage
- system: add an optional random delay before executing remote backups
- system: fix regression in log viewer level selector
- reporting: OpenVPN server instances were missing from respective health graph
- interfaces: move interface list widget link to assignments page
- interfaces: add new backend jobs and extend with optional parameter
- interfaces: add validation for proxy ARP strict subnet use
- firewall: improve alias write behaviour by checking for changes beforehand
- firewall: fix preg_replace() to avoid truncated network display in rules listing
- firewall: add an ifconfig.debug file
- firmware: switch bogons/changelog set base URL to portable „opnsense-update -X“ call
- ipsec: move save button on mobile page into its own container
- ipsec: add support for RADIUS class groups in instances
- unbound: use tls-system-cert instead of tls-cert-bundle
- web proxy: fix setting unknown language directory
- ui: upgrade jqTree to version 1.7.5
- plugins: os-ddclient 1.18[1]
- plugins: os-dec-hw 1.0 is a Deciso hardware specific dashboard widget
- plugins: os-net-snmp fix for directory setup (contributed by doktornotor)
- plugins: os-telegraf 1.12.10[2]
- plugins: os-upnp now reloads on newwanip event
- plugins: os-wireguard fix for missing firewall reload
- plugins: os-wireguard-go fix for device registration
- src: clang: sanitizer failure with ASLR enabled[3]
- src: dhclient: do not add 0.0.0.0 interface alias
- src: ice: match irdma interface changes
- src: ixv: separate VFTA table for each interface
- src: libnetmap: better fix for port parsing failure
- src: pf: expose more syncookie state information to userspace
- src: pf: fix mem leaks upon vnet destroy
- src: pf: remove incorrect fragmentation check[4]
- src: rc: fix restart _precmd issue with _setup
- src: re: add support for 8168FP HW rev
- src: zfs: check dnode and its data for dirtiness in dnode_is_dirty()[5]
- ports: perl 5.36.3[6]
- ports: php 8.2.13[7]
- ports: phpseclib 3.0.34[8]
- ports: squid update fixes parent proxy crash[9]
- ports: strongswan 5.9.13[10]
Quelle: OPNsense 23.7.10 released
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.