Software Update: OPNsense 21.7.7

The package OPNsense is a firewall with extensive possibilities. It is based on the FreeBSD operating system and is originally a fork of m0n0wall and pfSense. The package can be set up completely via a web interface and has support for 2fa, openvpn, ipsec, carp and captive portal, among others. In addition, it can apply packet filtering and has a traffic shaper. The developers have released OPNsense 21.7.7 with the following announcement:

OPNsense 21.7.7 released

End-of-the-year security and reliability update coming right up! Due to inconclusive reports we are disabling the Netmap API version 14 support in Suricata to get a better understanding of the situation. The plan still is to keep it for the 22.1 upgrade and it has in fact been enabled on the development versions since September without any obvious issues.

The upgrade to 22.1-BETA3 is also included in the bundled development version.

Here are the full patch notes:

• system: fix /etc/ssl/cert.pem permission on backend call
• firewall: typo in direction for session diagnostics (contributed by kulikov-a)
• firewall: fix address direction for states diagnostics (contributed by kulikov-a)
• firmware: added generic configuration support via opnsense-update.conf
• firmware: modify the launcher to support -r and -s options
• firmware: fix upgrade prompt hint
• firmware: simplify repo file flush
• intrusion detection: update severity of ruleset download skipped log message (contributed by kulikov-a)
• intrusion detection: update embedded classification.config
• backend: configd profiler call fix
• ui: prevent browser auto-fill for username/password (contributed by NOYB)
• plugins: os-acme-client 3.6
• plugins: os-fetchmail removed since fetchmail author does not permit LibreSSL on FreeBSD
• plugins: os-firewall 1.1 adds “Don’t NAT” option
• plugins: os-haproxy 3.8
• plugins: os-stunnel is now available for LibreSSL using an embedded OpenSSL build
• src: axgbe: fix I2C timeouts by reissuing command on errors
• src: axgbe: fix possbile link instabilities
• src: axgbe: log GPIO signals on EEPROM read fails
• ports: curl 7.80.0
• ports: dnsmasq fixes multiple regressions
• ports: nss 3.73
• ports: php 7.4.26
• ports: phpseclib 2.0.35
• ports: suricata disables Netmap API version 14 introduced in 21.7.6