pfSense

pfSense è un distribuzione BSD derivata da m0n0wall, perciò basata su FreeBSD, nata per essere usata come firewall o router sui PC. Utilizza Packet Filter, FreeBSD 6.x e  ALTQ.

Versione 2.4.3

Questa versione contiene (in Inglese):

This release includes several important security patches:

• Kernel PTI mitigations for Meltdown (optional tunable) FreeBSD-SA-18:03.speculative_execution.asc
• IBRS mitigation for Spectre V2 (requires updated CPU microcode) FreeBSD-SA-18:03.speculative_execution.asc
• Fixes for FreeBSD-SA-18:01.ipsec
• Fixed three potential XSS vectors, and two potential CSRF issues
• CSRF protection for all dashboard widgets
• Updated several base system packages to address CVEs

In addition to security fixes, pfSense software version 2.4.3 also includes important bug fixes.

Notable bug fixes in 2.4.3 include:

• Fixed hangs due to Limiters and pfsync in High Availability configurations
• Imported a netstat fix to improve performance and reduce CPU usage, especially on the Dashboard and ARM platforms
• Fixed a memory leak in the pfSense PHP module
• Fixed DHCPv6 lease display for entries that were not parsed properly from the lease database
• Fixed issues on assign_interfaces.php with large numbers of interfaces
• Fixed multiple issues that could result in an invalid ruleset being generated
• Fixed multiple Captive Portal voucher synchronization issues with HA
• Fixed issues with XMLRPC user account synchronization causing GUI inaccessibility on secondary HA nodes
• … and many more!

There are several new features in 2.4.3, some of the more important ones are:

• Changed IPsec Phase 1 to allow selecting both IPv4 and IPv6 so the local side can allow inbound connections to either address family
• Changed IPsec Phase 1 to allow configuration of multiple IKE encryption algorithms, key lengths, hashes, and DH groups
• Changed SMTP notifications handling so they are batched, to avoid sending multiple e-mail messages in a short amount of time
• Added options to RFC 2136 Dynamic DNS for server key algorithm and to change the source address used to send updates
• Added VLAN priority tagging for DHCPv6 client requests
• Hardware support for the new XG-7100 including C3000 SoC support, C3000 NIC support, and Marvell 88E6190 switch support (Factory installations only)
• … and more!

Risorse

La distribuzione può essere scaricata da:

• 64 bit (306MB): https://sgpfiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.3-RELEASE-amd64.iso.gz

Il sito web della distribuzione è: http://www.pfsense.org/

Screenshot

pfSense 2.0.2

Conclusioni

La versione ha 32 bit è stata deprecata.