pfSense 2.4.5 released: free network firewall distribution

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third-party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.

pfSense started in 2004 as a fork of the m0n0wall Project (which ended 2015/02/15), though has diverged significantly since.

pfSense

By Gonzopancho (Own work) [CC BY-SA 4.0], via Wikimedia Commons

pfSense 2.4.5 has been released. This update contains important security fixes and bug fixes. It also introduces some new features as follows.

NEW FEATURES

2.4.5 adds several new features, including:

OS Upgrade: Base Operating System upgraded to FreeBSD 11-STABLE after FreeBSD 11.3

Added sorting and search/filtering to several pages including the Certificate Manager, DHCP Leases, and ARP/NDP Tables.

Added DNS Resolver (Unbound) Python Integration

Added IPsec DH and PFS groups 25, 26, 27, and 31

Changed UFS filesystem defaults to noatime on new installations to reduce unnecessary disk writes

Set autocomplete=new-password for forms containing authentication fields to help prevent browser auto-fill from completing irrelevant fields

Added new Dynamic DNS providers Linode and Gandi

For a complete list of new features, see the Release Notes.

SECURITY / ERRATA

pfSense software release version 2.4.5 addresses several security issues:

Potential cross-site scripting (XSS) vectors in several GUI pages

A privilege escalation issue where an authenticated user granted access to the picture widget could run arbitrary PHP code or gain access to pages for which they otherwise would not have privileges

Added a fsck run with -z for UFS filesystems on upgrade to address FreeBSD-SA-19:10.ufs

Fixed the format of XMLRPC authentication failure messages so they can be acted upon by sshguard

Added a custom CSRF Error page with warnings and confirmation prompts before resubmitting potentially harmful data

Addressed FreeBSD Security Advisories & Errata Notices

FreeBSD-SA-19:24.mqueuefs

FreeBSD-SA-19:23.midi

FreeBSD-SA-19:22.mbuf

FreeBSD-SA-19:21.bhyve

FreeBSD-SA-19:20.bsnmp

FreeBSD-SA-19:19.mldv2

FreeBSD-SA-19:18.bzip2

FreeBSD-SA-19:17.fd

FreeBSD-SA-19:16.bhyve

FreeBSD-SA-19:15.mqueuefs

FreeBSD-SA-19:14.freebsd32

FreeBSD-SA-19:13.pts

FreeBSD-SA-19:12.telnet

FreeBSD-SA-19:11.cd_ioctl

FreeBSD-SA-19:10.ufs

FreeBSD-SA-19:09.iconv

FreeBSD-SA-19:08.rack

FreeBSD-EN-19:18.tzdata

FreeBSD-EN-19:17.ipfw

FreeBSD-EN-19:16.bhyve

FreeBSD-EN-19:15.libunwind

FreeBSD-EN-19:14.epoch

FreeBSD-EN-19:13.mds

FreeBSD-EN-19:12.tzdata

FreeBSD-EN-19:11.net

For complete details about these issues, see the Release Notes.

NOTABLE BUG FIXES

In addition to security fixes, pfSense software version 2.4.5 also includes important bug fixes.

The default GUI certificate lifetime has been reduced to 825 days, to comply with current standards. These standards are being enforced strictly on platforms such as iOS 13 and macOS 10.15. After upgrading to pfSense software version 2.4.5, a new compatible GUI certificate may be generated from the console or SSH with the command pfSsh.php playback generateguicert

Several IPsec VTI fixes, including improved handling of IPsec restarts breaking VTI routing

Fixed several issues with custom view management in Status > Monitoring

Fixed serial console terminal size handling issues

Fixed privilege matching issues which may have prevented some users from accessing pages to which they should have had access, such as the User Manager

Fixed an issue when resolving FQDN entries in aliases where some entries could be missing

Download

Tags: pfSense

NEW FEATURES

SECURITY / ERRATA

NOTABLE BUG FIXES

Download

More Stories

1Password for Linux Beta releases

Chromium Microsoft Edge for Linux is available

Windows calculator app is available on Linux

Microsoft reminds Android users to beware of new ransomware

Microsoft and law enforcement agencies destroyed the Trickbot botnet that infects millions of devices

360 Netlab found a new HEH IoT P2P Botnet

Windows 10 Update can be used to load malicious files

Developers have compiled and run Windows XP from the leaked source code

Source code shows that the Windows XP theme is the same Mac

The Windows XP source code was accidentally leaked

Razer leaked 100,000 gamers’ personal details due to configuration errors