Die Open Source Firewall OPNsense bringt ein Update auf die Version 23.1 heraus. Die Version bringt keine großen Neuerungen sondern, sondern pflegt die Basis. Die Version kann wie immer kostenfrei heruntergeladen werden. Downloadlink Hier ein Kurzüberblick über die Änderungen: Base system PHP 8.1 update New system status notification system Phpseclib 3 support for missing EC CA revocation Interfaces SLAAC WAN improvements Firewall Firewall alias BGP ASN type support Reporting Traffic graph polling interval selection and UX DNS insights dashboard Interfaces Packet capture MVC/API conversion * Virtual IP MVC/API conversion VPN IPsec legacy ipsec.conf to swanctl.conf migration IPsec MVC module using swanctl.conf layout Services Unbound: DNSBL to python implementation to fluently support larger lists Project Introduce tier system for plugin support levels Das komplette Changelog im Vergleich zur Version 22.7.11 system: replaced log_error() use with log_msg() and adjusted logging levels accordingly system: introduced a service boot log system: the LibreSSL flavour has been discontinued system: simplify gateway monitoring setup code system: add option to skip gateway monitor host route system: populate /etc/hosts file with IPv6 addresses too system: simplify and guard host route creation system: merge system_staticroutes_configure() into system_routing_configure() system: do not yield process after calling shutdown command system: apply tunables during late boot in case a module was loaded depending on them to be set to a specific value system: show size of ZFS ARC (adaptive replacement cache) in system widget system: introduce support tier annotations for core and plugins[2] system: add cron tasks for scrubbing and trimming ZFS pools (contributed by Iain Henderson) system: fix 6rd/6to4 gateway interface detection (contributed by Frans J Elliott) reporting: add Unbound DNS statistics frontend including client drill-down interfaces: heavy cleanup of the wireless device integration interfaces: use 802.1ad protocol for stacked VLAN parent (QinQ) interfaces: GIF and GRE now support subnet-based IPv6 configurations instead of always falling back to a point-to-point (/128) setup interfaces: GIF and GRE now disable IPv6 on IPv4 tunnels (contributed by Maurice Walker) interfaces: add isolated PPPoEv6 mode to selectively enable IPv6 CP negotiation and turn it off when no IPv6 mode is set interfaces: add support for SLAAC WAN interfaces without DHCPv6 (contributed by Maurice Walker) interfaces: register LAGG, PPP, VLAN and wireless devices as plugins interfaces: simplified get_real_interface() function interfaces: removed obsolete "defaultgw" files interfaces: simplified rc.linkup script interfaces: improve IP address cache behaviour in rc.newwanip(v6) scripts interfaces: converted virtual IPs to MVC/API interfaces: add MAC filtering to packet capture interfaces: convert ARP/NDP pages to server-side searchable variant interfaces: create null route for DHCPv6 delegated prefix interfaces: tighten the concept of hardware interfaces and pull supported plugin devices into assignments page automatically firewall: remove deprecated "Dynamic state reset" mechanic firewall: invalidate port forward rule entry when no target is specified firewall: hide deprecated source OS rule setting under advanced firewall: add group option to prevent grouping in interfaces menu firewall: safeguard against missing name from the alias API call intrusion detection: keep grid to prevent widgets being removed intrusion detection: reload grid after log drop (contributed by kulikov-a) intrusion detection: add verbose logging mode selector ipsec: disable charon.install_routes completely in case upstream would implement it for FreeBSD later on ipsec: move user PSK (pre-shared key) and static PSK items to new MVC/API implementation ipsec: migrate existing configuration from ipsec.conf to swanctl.conf ipsec: add a new independent connections MVC/API component to manage IPsec in a layout matching swanctl.conf syntax more closely ipsec: rewrote lease status page in MVC/API ipsec: add configurable "unique" setting to phase 1 ipsec: missing correct phase 1 to collect "Network List" option monit: support start timeout setting (contributed by spoutin) openvpn: add unique daemon name to each instance unbound: add statistics database backend unbound: add exact domain blocking mvc: call plugins_interfaces() optionally on service reconfigure mvc: match UUID for multiple values (contributed by kulikov-a) mvc: convert setBase() to an upsert operation mvc: change default sorting to case-insensitive mvc: add TextField tests (contributed by agh1467) mvc: implement required getRealInterface() variant ui: assorted improvements in bootgrid and form controls ui: switch to pure JSON data in bootgrids plugins: os-bind 1.25[3] plugins: os-ddclient 1.11[4] plugins: os-dyndns end of life note moves to 23.7 plugins: os-freeradius 1.9.22[5] plugins: os-frr 1.32[6] plugins: os-haproxy 4.0[7] plugins: os-puppet-agent 1.1[8] plugins: os-sslh 1.0[9] (contributed by agh1467) plugins: os-theme-cicada 1.32 (contributed by Team Rebellion) plugins: os-upnp 1.5[10] plugins: os-wireguard switches to kernel module with a separate os-wireguard-go variant available for installation to keep the old behaviour src: assorted FreeBSD 13 stable fixes for e.g. bpf, bridge, bsdinstall ifconfig, iflib, ipfw, ipsec, lagg, netmap, pf, route and vlan components ports: php 8.1.14[11] ports: sudo 1.9.12p2[12] Bei der Implementierung Ihres OPNsense Firewall sind wir Ihnen gerne behilflich.
