pfSense

pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e  ALTQ.

Versione 2.1.4

Questa versione contiene (In Inglese):

• Patch for Captive Portal pipeno leaking issue which leads to the ‘Maximum login reached’ on Captive Portal. #3062
• Remove text not relevant to Allowed IPs on the Captive Portal. #3594
• Remove units from burst as it is always specified in bytes. (Per ipfw(8)).
• Add column for internal port on UPnP status page.
• Make listening on interface rather than IP optional for UPnP.
• Fix highlighting of selected rules. #3646
• Add guiconfig to widgets not including it. #3498
• /etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the version for XMLRPC check instead.
• Fix variable typo. #3669
• Delete all IP Aliases when an interface is disabled. #3650
• Properly handle RRD archive rename during upgrade and squelch errors if it fails.
• Convert protocol ssl:// to https:// when creating HTTP headers for XMLRPC.
• Show disabled interfaces when they were already part of an interface group. This avoids showing a random interface instead and letting the user add it by mistake. #3680
• The client-config-dir directive for OpenVPN is also useful when using OpenVPN’s internal DHCP while bridging, so add it in that case also.
• Use curl instead of fetch to download update files. #3691
• Escape variable before passing to shell from stop_service().
• Add some protection to parameters that come through _GET in service management.
• Escape argument on call to is_process_running, also remove some unecessary mwexec() calls.
• Do not allow interface group name to be bigger than 15 chars. #3208
• Be more precise to match members of a bridge interface, it should fix #3637
• Do not expire already disabled users, it fixes #3644
• Validate starttime and stoptime format on firewall_schedule_edit.php
• Be more careful with host parameter on diag_dns.php and make sure it’s escaped when call shell functions
• Escape parameters passed to shell_exec() in diag_smart.php and elsewhere
• Make sure variables are escaped/sanitized on status_rrd_graph_img.php
• Replace exec calls to run rm by unlink_if_exists() on status_rrd_graph_img.php
• Replace all `hostname` calls by php_uname(‘n’) on status_rrd_graph_img.php
• Replace all `date` calls by strftime() on status_rrd_graph_img.php
• Add $_gb to collect possibly garbage from exec return on status_rrd_graph_img.php
• Avoid directory traversal in pkg_edit.php when reading package xml files, also check if file exists before try to read it
• Remove id=0 from miniupnpd menu and shortcut
• Remove . and / from pkg name to avoid directory traversal in pkg_mgr_install.php
• Fix core dump on viewing invalid package log
• Avoid directory traversal on system_firmware_restorefullbackup.php
• Re-generate session ID on a successful login to avoid session fixation
• Protect rssfeed parameters with htmlspecialchars() in rss.widget.php
• Protect servicestatusfilter parameter with htmlspecialchars() in services_status.widget.php
• Always set httponly attribute on cookies
• Set ‘Disable webConfigurator login autocomplete’ as on by default for new installs
• Simplify logic, add some protection to user input parameters on log.widget.php
• Make sure single quotes are encoded and avoid javascript injection on exec.php
• Add missing NAT protocols on firewall_nat_edit.php
• Remove extra data after space in DSCP and fix pf rule syntax. #3688
• Only include a scheduled rule if it is strictly before the end time. #3558

Risorse

La distribuzione può essere scaricata da:

• 64 bit (92MB): http://files.nyi.pfsense.org/mirror/downloads/pfSense-LiveCD-2.1.4-RELEASE-amd64.iso.gz

Il sito web della distribuzione è: http://www.pfsense.org/

Conclusioni

Il fix più importante è stato per il bug di OpenSSSL