OPNsense 15.7 发布,防火墙和路由平台

jopen 9年前

OPNsense 15.7 发布,此版本代号为‘Brave Badger’。

OPNsense 15.7 是 OPNsense 15.1.12 的简单升级,强烈建议升级到最新版本!此版本把 LibreSSL 风情版升级到生产环境状态;改进了安装器的导入配置工具;可以无缝切换 OpenSSL 到 LibreSSL。

此版本最大的改进是入侵检测集成 (suricata) ;新的本地和远程代理服务器黑名单选项(squid)。

详细改进:

  • kernel: borrowed a dummynet / ipnat patch from m0n0wall to enable symmetric traffic shaping when NAT is involved

  • kernel: fix recurse lock panic for tmpfs in conjunction with unionfs

  • kernel: applied two stable patches that prevent squid from crashing [1]

  • kernel: retired ALTQ support

  • base: sendmail TLS/DH Interoperability Improvement [2]

  • base: improved iconv(3) UTF-7 support [3]

  • base: inconsistency between locale and rune locale states [4]

  • notable ports updates: phalcon 2.0.3 [5], curl 7.43.0_2 [6], openssh 6.8p1_8, python 2.7.10 [7], perl 5.20.2_5 [8], ntp 4.2.8p3 [9], libxml2 [10] 2.9.2_3, openldap24-server 2.4.41 [11]

  • opnsense-update: will no longer try to reinstall the installed version after a fresh installation

  • bsdinstaller: bring back cpdup to error out on low memory installation (you need 1 GB of RAM, or work around installation using the nano image)

  • traffic shaper: removed legacy queues support in favour of the new traffic shaper functionality

  • traffic shaper: allow direct enable/disable toggle

  • proxy: fix the initial daemon start on bootup

  • proxy: added LAN as the default interface configuration

  • proxy: local and remote blacklists with regex support

  • intrusion detection: initial release of our IDS GUI based on suricata

  • gateways: monitoring mode gained IPv6 support

  • captive portal: fix idle timeout bug

  • captive portal: d

  • not delete the wrong zone when having multiple configurations

  • captive portal: removed include files from exposed web directory

  • backend: always regenerate users and groups to avoid corruption after an unclean shutdown

  • backend: wait for configd socket to come up to address a startup race issue

  • backend: clean up configd socket on exit

  • backend: fixed regression that prevented user scripts from being started via /etc/rc.conf

  • gateways: only show apinger in services when monitoring is enabled for a gateway

  • languages: brought Simplified Chinese to 49% completed, German to 30% completed

  • universal plug and play: make page invoke static to remove exploitability of the legacy packages framework

  • crash reporter: finally enabled the send button and provides human-readable feedback whether the submission was complete

  • console: added non-interactive interface assignment for headless deployments

  • ssh: disable password authentication on factory reset to align with the standard configuration

  • diagnostics: avoid duplicated calls of gethostbyaddr() in NDP table view

  • users: prompt for old password on password change to prevent account hijacking

  • users: stripped the impossible scponly user privileges since said utility has never been part of our ecosystem

下载:

https://opnsense.org/download/

更多内容请看发行说明

Stay safe,
Your OPNsense team

OPNsense 是一个开源易用,而且易于构建的基于 FreeBSD 的防火墙和路由平台。包括大多数商业防火墙的特性。提供功能完整却易用的 GUI 管理界面。

最小硬件要求:

  • 1GHz dual core cpu

  • 1 GB RAM

  • 40GB SSD

  • Serial console or video

推荐配置:

  • 1.5GHz multi core cpu

  • 4 GB RAM

  • 120GB SSD

  • Serial console or video

OPNsense 15.7 发布,防火墙和路由平台