RSS

pfSense 2.4.4

3 Ottobre 2018

pfSense

pfsense-64

pfSense

pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e  ALTQ.

Versione 2.4.4

Questa versione contiene (in Inglese):

Free pfSense Gold Content

With the release of pfSense 2.4.4, all former pfSense Gold content is now free for all!

New Features

2.4.4 includes a number of significant new features:

  • OS Upgrade: Base Operating System upgraded to FreeBSD 11.2-RELEASE-p3. As a part of moving to FreeBSD 11.2, support is included for C3000-based hardware.
  • PHP 7.2: PHP upgraded to version 7.2, which required numerous changes to syntax throughout the source code and packages.
  • Routed IPsec (VTI): Routed IPsec is now possible using using FreeBSD if_ipsec(4) Virtual Tunnel Interfaces (VTI).
  • IPsec Speed Improvements: The new Asynchronous Cryptography option under the IPsec Advanced Settings tab can dramatically improve IPsec performance on multi-core hardware.
  • Default Gateway Group: The default gateway may now be configured using a Gateway Group setup for failover, which replaces Default Gateway Switching.
  • Limiter AQM/Queue Schedulers: Limiters now include support for several Active Queue Management (AQM) methods and Queue Scheduler configurations such as FQ_CODEL.
  • Certificate Subject Requirements: The Certificate Manager and OpenVPN wizard now only require the Common Name to be set, and all other fields are optional.
  • DNS over TLS: The DNS Resolver now includes support for DNS over TLS as both a client and a server, including for domain overrides.
  • Captive Portal Authentication: Captive Portal authentication is now integrated with the User Manager system. Captive Portal instances may now use RADIUS, LDAP, or Local Authentication like other integrated services.
  • Captive Portal HTML Design and Usability: The default Captive Portal page has been redesigned. Controls have also been added which allow the logo and background images and Terms of Service text to be customized without editing and uploading custom HTML code.
  • Integrated Switch Improvements: Netgate devices with integrated switches such as the SG-3100 and XG-7100 can now configure per-port speed and duplex settings, discrete port configuration interfaces can now be tied to switch ports for up/down status, and LAGG support is also now available (Load Balance mode only)
  • New Hardware: Support has been added for the new SG-5100.
  • and more!

Security

This release includes several important security patches:

  • FreeBSD SA for CVE-2018-6922: Resource exhaustion in TCP reassembly FreeBSD-SA-18:08.tcp
  • FreeBSD SA for CVE-2018-3620, CVE-2018-3646: L1 Terminal Fault (L1TF) Kernel Information Disclosure FreeBSD-SA-18:09.l1tf
  • FreeBSD SA for CVE-2018-6923: Resource exhaustion in IP fragment reassembly FreeBSD-SA-18:10.ip
  • FreeBSD SA for CVE-2018-14526: Unauthenticated EAPOL-Key Decryption Vulnerability FreeBSD-SA-18:11.hostapd
  • FreeBSD SA for CVE-2018-6924: Improper ELF header parsing FreeBSD-SA-18:12.elf
  • FreeBSD errata notice for LazyFPU remediation causing potential data corruption FreeBSD-EN-18:08.lazyfpu
  • Fixed two potential XSS vectors and an authenticated command execution issue.
  • Upgraded several binary packages in the base system to address upstream vulnerabilities, including strongSwan CVE-2018-5388, OpenSSH CVE-2018-15473, and cURL CVE 2018-14618
  • Updated default cryptographic settings for OpenVPN, IPsec, and Certificates
  • Changed the included DH groups to those defined in RFC 7919
  • Added stronger IPsec Pre-Shared Key usage warnings, and a button to generate a secure PSK
  • Changed from sshlockout_pf to sshguard for monitoring failed logins and locking out offenders, this allows the lockout to work on IPv4 and IPv6 and also terminates states when adding offenders to the block list
  • Disabled OpenVPN compression by default on new instances for security reasons due to VORACLE
    • Users are strongly urged to disable compression on OpenVPN instances if they pass unencrypted data such as HTTP to arbitrary Internet sites.

Notable Bug Fixes

In addition to security fixes, pfSense software version 2.4.4 also includes important bug fixes.

Risorse

La distribuzione può essere scaricata da:

Il sito web della distribuzione è: http://www.pfsense.org/

Screenshot

pfSense 2.0.2

pfSense 2.0.2

Conclusioni

La versione ha 32 bit è stata deprecata.

Subscribe

Subscribe to our e-mail newsletter to receive updates.

No comments yet.

Leave a Reply