Software Update: OPNsense 20.7.2

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 20.7.2 with the following announcement:

OPNsense 20.7.2 Released

While we are still looking closer at netmap/iflib performance on 12.1 we are rolling out a kernel with Intel em/igb updates that should avoid bad packet counts in the default installation. Syslog-ng received a workaround for the diagnosed startup issue and alias now supports MAC address content similar to how host content works.

Here are the full patch notes:

• system: set REQUESTS_CA_BUNDLE in environments
• system: improve parsing for temperature sensors
• system: add “new-password” hint for Chrome on login form
• system: rename syslog services description and hide legacy mode when not enabled
• system: force syslog-ng restart after boot sequence
• system: properly read new style logging directories
• reporting: replace line endings when sending traceback to syslog in flowd_aggregate
• reporting: dd traffic graph filter for private IPv4 networks (contributed by kcaj-burr)
• firewall: add MAC address alias type
• firewall: be more verbose when fetching alias remote content
• firewall: prevent pfctl error messages from being suppressed
• firewall: exclude all reserved pf.conf keywords from alias name
• firewall: bogons not loaded on initial load
• firewall: reset damaged bogons files on startup
• interfaces: add listen-queue-sizes in socket diagnostics
• firmware: properly report an unsigned repository
• Firmware: Revoke 20.1 Fingerprint
• intrusion detection: rule cache parse error on invalid metadata
• intrusion detection: allow search for status enabled/disabled
• web proxy: correct template replacement during build time
• web proxy: bug fix in JSON access log
• unbound: updated project block lists links (contributed by gap579137)
• backend: add regex_replace template support
• plugins: os-acme-client 1.36
• plugins: os-dyndns 1.23 adds Gandi LiveDNS support (contributed by vizion8-dan)
• plugins: os-haproxy 2.24
• plugins: os-stunnel 1.0.1 includes performance tweaks
• plugins: os-telegraf 1.8.2
• plugins: os-tinc fixes cipher parsing on 20.7
• src: remove ACPI workaround for serial console on AMD EPYC
• src: Make pf.conf ‘:0’ ignore link-local v6 addresses too
• src: default “show bad packets” tunable to off in e100 driver
• src: fix unsolicited promisc mode in e1000 driver
• src: add valectl to the system commands
• ports: ca_root_nss/nss 3.56
• ports: curl 7.72.0
• ports: libressl 3.1.4
• ports: openldap 2.4.51
• ports: php 7.3.21
• ports:python 3.7.9
• ports: sqlite 3.33.0
• ports: squid 4.13
• ports: syslog-ng dlsym() workaround
• ports: unbound 1.11.0