Posts for: #firewall

Netgate Launches Latest pfSense CE Software Version 2.7.1

Netgate, the provider of pfSense Community Edition (CE) software, has announced the release of version 2.7.1. pfSense CE is an open-source project that has been supported by Netgate since 2008. The source code for the project is available on GitHub under the Apache 2.0 open-source license. pfSense CE can be used on common hardware to build routers and more.

One major change in this release is the upgrade of OpenSSL to version 3.0.12. This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. With the upgrade to OpenSSL 3.0.12, older and weaker encryption and hash algorithms have been removed, and security certificates based on these algorithms have been deprecated. It is highly recommended to review the release notes and Netgate’s blog post on this topic before performing the upgrade.

Another notable feature in version 2.7.1 is the addition of Kea DHCP as an opt-in feature. While basic functionality is present, it is not yet feature-complete. Switching to the Kea DHCP server can be done through the web interface by navigating to System > Advanced and changing the server backend radio button in the DHCP Options section to “Kea DHCP”. It is important to note that switching to Kea DHCP may result in ignored hostnames for devices on the network that were assigned using static leases or rely on dynamic lease registration in DNS.

This release also includes improved support for SCTP (Stream Control Transmission Protocol) in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, whereas previously it was only possible to filter on source or destination address. Additionally, the IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the ongoing integration of the Kea DHCP server.

Other changes in version 2.7.1 include the upgrade of PHP to version 8.2.11 and the base operating system to a more recent point of FreeBSD 14-CURRENT. The release also addresses various bugs and issues.

Source: pfSense.

Netgate Launches pfSense CE Software Version 2.7.1 Release Candidate

Netgate has announced the Release Candidate (RC) of pfSense CE software version 2.7.1. This open-source project, supported by Netgate since 2008, is a widely-used firewall and routing platform. The RC release is an opportunity for users to try out the new version and provide feedback.

The major changes and features in pfSense CE software version 2.7.1 include:

  1. Upgraded OpenSSL to version 3.0.12: This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. The upgrade removes older and weaker encryption and hash algorithms, improving security.

  2. Kea DHCP added as an opt-in feature: The Kea DHCP server is now available as an optional feature. While it is not feature complete in this version, users can switch to Kea DHCP by navigating to the System > Advanced menu and changing the DHCP Options to “Kea DHCP”. However, switching to Kea DHCP may result in the ignoring of assigned hostnames and dynamic lease registration in DNS.

  3. Improved support for SCTP: Support for SCTP in firewall rules, NAT, and logging has been enhanced. Users can now filter SCTP packets by port number, in addition to source and destination address.

  4. IPv6 Router Configuration moved: The IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the integration with the Kea DHCP server.

Other changes in this release include upgrading PHP to version 8.2.11, upgrading the base operating system to a more recent point of FreeBSD 14-CURRENT, and addressing various bugs and issues.

Testing of the RC software release is crucial to ensure its reliability and robustness for all users. Netgate encourages users to download and test the release candidate, and provide feedback on any issues they encounter.

To install the upgrade, users can follow the detailed Upgrade Guide available in the pfSense documentation. It is recommended to back up the pfSense CE configuration prior to the upgrade. The upgrade can be performed through the web interface by navigating to System > Update and setting the Branch to “Next Stable Version (2.7.1-RC)”.