Thu. Apr 2nd, 2020

pfSense 2.4.5 released: free network firewall distribution

3 min read

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third-party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.

pfSense started in 2004 as a fork of the m0n0wall Project (which ended 2015/02/15), though has diverged significantly since.

pfSense

By Gonzopancho (Own work) [CC BY-SA 4.0], via Wikimedia Commons

pfSense 2.4.5 has been released. This update contains important security fixes and bug fixes. It also introduces some new features as follows.

NEW FEATURES

2.4.5 adds several new features, including:

  • OS Upgrade: Base Operating System upgraded to FreeBSD 11-STABLE after FreeBSD 11.3
  • Added sorting and search/filtering to several pages including the Certificate Manager, DHCP Leases, and ARP/NDP Tables.
  • Added DNS Resolver (Unbound) Python Integration
  • Added IPsec DH and PFS groups 25, 26, 27, and 31
  • Changed UFS filesystem defaults to noatime on new installations to reduce unnecessary disk writes
  • Set autocomplete=new-password for forms containing authentication fields to help prevent browser auto-fill from completing irrelevant fields
  • Added new Dynamic DNS providers Linode and Gandi

For a complete list of new features, see the Release Notes.

SECURITY / ERRATA

pfSense software release version 2.4.5 addresses several security issues:

For complete details about these issues, see the Release Notes.

NOTABLE BUG FIXES

In addition to security fixes, pfSense software version 2.4.5 also includes important bug fixes.

  • The default GUI certificate lifetime has been reduced to 825 days, to comply with current standards. These standards are being enforced strictly on platforms such as iOS 13 and macOS 10.15. After upgrading to pfSense software version 2.4.5, a new compatible GUI certificate may be generated from the console or SSH with the command pfSsh.php playback generateguicert
  • Several IPsec VTI fixes, including improved handling of IPsec restarts breaking VTI routing
  • Fixed several issues with custom view management in Status > Monitoring
  • Fixed serial console terminal size handling issues
  • Fixed privilege matching issues which may have prevented some users from accessing pages to which they should have had access, such as the User Manager
  • Fixed an issue when resolving FQDN entries in aliases where some entries could be missing