Software Update: OPNsense 21.1.7

The package OPNsense is a firewall with extensive opportunities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 21.1.7 with the following announcement:

OPNsense 21.1.7 released

Today we move to Phalcon version 4 along with new FreeBSD security advisories and fixes for firewall live log as well as new features such as shell timeout and TLS remote syslog.

Here are the full patch notes:

• system: add shell inactivity timeout feature for csh/tcsh
• system: add Syslog-ng TLS transport options
• system: remove unrelated service restarts from filter_configure_xmlrpc()
• system: rotate interface statistics widget (contributed by FingerlessGloves)
• system: delete previous route when changed
• system: make web GUI restart action usable in cron jobs (contributed by Frank Wall)
• interfaces: interface_configure() checks for enabled already
• interfaces: system match for primary address only works with compressed IPv6
• interfaces: disable legacy CSRF output buffering when downloading a packet capture
• interfaces: execute OpenVPN device creation earlier during boot
• firewall: change live log address/port group matcher to correctly flip logic
• firewall: explicit default for filter rule association in NAT port forwards
• firewall: prevent controls overlap in live log (contributed by kulikov-a)
• firewall: let live log use the newly provided rule log label instead of guessing it
• firewall: calculate wildcard netmasks in aliases
• captive portal: fix GUI drop session issue
• dhcp: support ignore-client-uids in DHCPv4 (contributed by Kacper Why)
• firmware: push automatic flags to firmware frontend
• firmware: show update pending hint in system widget
• firmware: allow manual development override on business subscription
• intrusion detection: add YAML tag to custom.yaml.sample
• openvpn: return “result” instead of “status” in export
• unbound: honor space as “domainsearchlist” separator
• long: updated available translations
• mvc: migrated framework to Phalcon 4
• mvc: return UUID in ApiMutableModelControllerBase::validateAndSave() if applicable
• rc: unconditionally configure routing on rc.syshook start facility
• ui: change service restart icons to fa-repeat
• plugins: added variants support to share plugin code over different third-party software versions
• plugins: added NO_ABI marker to themes
• plugins: remove the use of $main_buttons in relevant code
• plugins: compatibility fixes with Phalcon 4
• plugins: os-nginx 1.23
• plugins: os-wireguard 1.7
• plugins: os-zabbix4-proxy is now a plugin variant
• src: SMAP bypass
• src: missing message validation in liradius
• src: pms data corruption
• ports: curl 7.77.0
• ports: isc-dhcp 4.4.2-P1
• ports: nss 3.66
• ports: openldap 2.4.59
• ports: pcre2 10.37
• ports: phalcon 41.2
• ports: py-certifi 2021.5.30
• ports: py-yaml 5.4.1
• ports: squid 4.15