Die Open-Source Firewall, OPNsense, wurde gestern aktualisiert. Das Update auf Version 18.7.3 behebt Fehler in der IPv6 Interface Auswahl, ermöglicht ZFS Pools zu importieren, führt Änderungen in den Plugins durch und behebt einige Sicherheitsprobleme in FreeBSD (LazyFPU & Falsches ELF Header Parsing).
Nach dem Update ist ein Neustart der Firewall notwendig!
OPNsense 18.7.3 Release Notes
- system: gateways widget show/hide feature (contributed by Team Rebellion)
- system: select correct IPv6 default route when underlying IPv6 interface differs
- system: extended meta-matching for special characters in ACL patterns
- system: show last diff by default in configuration history page
- system: refactor password logic in user manager for clarity
- system: link-local listen IPv6 requires reading underlying IPv6 interface
- interfaces: avoid boot mismatch on several virtual plugin devices
- interfaces: list widget show/hide feature (contributed by Team Rebellion)
- interfaces: stats widget show/hide feature (contributed by Team Rebellion)
- interfaces: stop wireless software before bringing down the interfaces
- interfaces: fix selection issue for DHCPv6 PD „none“ value
- interfaces: make „64“ the page default for DHCPv6 PD
- interfaces: allow IPv4 address override in 6RD
- interfaces: fix 18.7.2 gateway read regression in 6RD
- interfaces: give each 6RD tracker a different IPv6 address
- dhcp: add DHCP Dynamic DNS key algorithm selection (contributed by Ingo Theiss)
- dhcp: correctly load DHCPv6 settings in manual tracking (contributed by Team Rebellion)
- dhcp: do not show lease actions if interface cannot be found
- dhcp: unhide DHCPv6 service when not using automatic PD
- dnsmasq: annotate that „all“ is the recommended interface binding option
- importer: list all available ZFS pools (contributed by Smart-Soft)
- importer: do not try to unload ZFS on ZFS boot, sanely rejected anyway 😉
- importer: ZFS pools are now addressed as e.g. „zfs/zroot“
- importer: always loop until exit or successful import
- intrusion detection: source, destination, pass support in user rules (contributed by Michael Muenz)
- ipsec: change hash checkboxes in phase 2 to selectpicker
- openssh: change interface bind logic to only bind to currently available addresses
- openvpn: align status columns for client and P2P case (contributed by Andy Binder)
- shell: change banner and setaddr interface iteration
- unbound: swap stub-zone for forward-zone in overrides (contributed by John Keates)
- static: interface iteration conversions in system, firewall and interfaces pages
- ui: fix firmware-product file access when using ui_devtools
- plugins: os-bind 1.2 log file viewer and oversized list removal (contributed by Michael Muenz)
- plugins: os-c-icap 1.6 (contributed by Michael Muenz)
- plugins: os-dyndns 1.9 allow plus sign in username (contributed by Charles Ulrich)
- plugins: os-haproxy 2.9 backend HTTP reuse option (contributed by andrewheberle)
- plugins: os-net-snmp 1.1 IPv6 compatibility (contributed by MrXermon)
- plugins: os-rfc2136 1.4 widget style tweaks
- plugins: os-theme-rebellion 1.5 style update (contributed by Team Rebellion)
- plugins: os-tinc 1.4 log facility fix
- src: fix print of stf(4) interface information
- src: fix regression in Lazy FPU remediation[1]
- src: fix improper ELF header parsing[2]
- ports: curl 7.61.1[3]
- ports: lighttpd 1.4.50[4]
- ports: sudo 1.8.25p1[5]
[1] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:08.lazyfpu.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:12.elf.asc
[3] https://curl.haxx.se/changes.html
[4] https://www.lighttpd.net/2018/8/13/1.4.50/
[5] https://www.sudo.ws/stable.html#1.8.25p1
Quelle: https://opnsense.org/opnsense-18-7-3-released/
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.