OPNsense 15.7 發布，防火墻和路由平臺

OPNsense 15.7 發布，此版本代號為‘Brave Badger’。

OPNsense 15.7 是 OPNsense 15.1.12 的簡單升級，強烈建議升級到最新版本！此版本把 LibreSSL 風情版升級到生產環境狀態；改進了安裝器的導入配置工具；可以無縫切換 OpenSSL 到 LibreSSL。

此版本最大的改進是入侵檢測集成 (suricata) ；新的本地和遠程代理服務器黑名單選項(squid)。

詳細改進：

• kernel: borrowed a dummynet / ipnat patch from m0n0wall to enable symmetric traffic shaping when NAT is involved

• kernel: fix recurse lock panic for tmpfs in conjunction with unionfs

• kernel: applied two stable patches that prevent squid from crashing [1]

• kernel: retired ALTQ support

• base: sendmail TLS/DH Interoperability Improvement [2]

• base: improved iconv(3) UTF-7 support [3]

• base: inconsistency between locale and rune locale states [4]

• notable ports updates: phalcon 2.0.3 [5], curl 7.43.0_2 [6], openssh 6.8p1_8, python 2.7.10 [7], perl 5.20.2_5 [8], ntp 4.2.8p3 [9], libxml2 [10] 2.9.2_3, openldap24-server 2.4.41 [11]

• opnsense-update: will no longer try to reinstall the installed version after a fresh installation

• bsdinstaller: bring back cpdup to error out on low memory installation (you need 1 GB of RAM, or work around installation using the nano image)

• traffic shaper: removed legacy queues support in favour of the new traffic shaper functionality

• traffic shaper: allow direct enable/disable toggle

• proxy: fix the initial daemon start on bootup

• proxy: added LAN as the default interface configuration

• proxy: local and remote blacklists with regex support

• intrusion detection: initial release of our IDS GUI based on suricata

• gateways: monitoring mode gained IPv6 support

• captive portal: fix idle timeout bug

• captive portal: d

• not delete the wrong zone when having multiple configurations

• captive portal: removed include files from exposed web directory

• backend: always regenerate users and groups to avoid corruption after an unclean shutdown

• backend: wait for configd socket to come up to address a startup race issue

• backend: clean up configd socket on exit

• backend: fixed regression that prevented user scripts from being started via /etc/rc.conf

• gateways: only show apinger in services when monitoring is enabled for a gateway

• languages: brought Simplified Chinese to 49% completed, German to 30% completed

• universal plug and play: make page invoke static to remove exploitability of the legacy packages framework

• crash reporter: finally enabled the send button and provides human-readable feedback whether the submission was complete

• console: added non-interactive interface assignment for headless deployments

• ssh: disable password authentication on factory reset to align with the standard configuration

• diagnostics: avoid duplicated calls of gethostbyaddr() in NDP table view

• users: prompt for old password on password change to prevent account hijacking

• users: stripped the impossible scponly user privileges since said utility has never been part of our ecosystem

下載：

https://opnsense.org/download/

更多內容請看發行說明。

Stay safe,
Your OPNsense team

OPNsense 是一個開源易用，而且易于構建的基于 FreeBSD 的防火墻和路由平臺。包括大多數商業防火墻的特性。提供功能完整卻易用的 GUI 管理界面。

最小硬件要求：

• 1GHz dual core cpu
  

• 1 GB RAM

• 40GB SSD

• Serial console or video

推薦配置：

• 1.5GHz multi core cpu
  

• 4 GB RAM

• 120GB SSD

• Serial console or video