Few days ago the launch of the new version of firewall distribution OPNsense 22.7, nicknamed "Powerful Panther", introduces FreeBSD 13.1 update, PHP 8.0, Phalcon 5, Stacked VLAN and Intel QuickAssist (QAT) support, DDoS protection using SYN cookies, MVC/API pages for IPsec status and Unbound overrides, new APCUPSD and CrowdSec plugins and much more.
For those unfamiliar with OPNsense, they should know that is a fork of the pfSense project, created with the objective of forming a completely open distribution kit that could have functionality at the level of commercial solutions for the deployment of firewalls and network gateways.
Unlike pfSense, the project is positioned as not controlled by a single company, since it is developed with the direct participation of the community and has a completely transparent development process, in addition to providing the opportunity to use any of its developments in third-party products, including commercial ones.
Among the OPNsense possibilities you can distinguish the fully open compilation tool, as well as the ability to install packages on top of an ordinary FreeBSD system, the load balancer, a web interface for organizations to connect users to the network, a system of visual and graphical reports, among other things.
OPNsense 22.7 Main New Features
In this new version of the distribution, the base of the system is presented.e switched to the FreeBSD 13.1 branch, besides that the system package has been moved to the updated versions of PHP 8.0.20, Phalcon 5, sqlite 3.39.0, meerkat 6.0.6, unbound 1.16.1.
As for the novelties that are presented in this new version, we can find that added support for Intel QuickAssist (QAT), as well as support for Stacked VLAN technology (multilayer encapsulation of VLAN tags) and that the mechanism of DDoS protection using the SYN cookie.
Other changes that stand out in this new version is that the APCUPSD and CrowdSec plugins, I also know that it added dynamic reloading of the necessary devices and also the WPA enterprise configuration for the infrastructure mode.
On the other hand, it is mentioned thate disabled IPv6 inside GIF 4in6 and 4in4 tunnels, as well as that corrections were made to inconsistencies in wireless management, also corrections to the impossibility of showing multiple loopbacks, the impossibility of showing several VXLANs and that a check is made if it is int before passing to convert_seconds_to_hms().
Of the other changes that stand out from this new version:
- Changed certificate revocation to use phpseclib library
- Performance improvement for set_single_sysctl()
- New setting for implementation mode to control PHP error flow
- /tmp MFS now uses a maximum of 50% RAM by default and can be adjusted
- /var MFS becomes /var/log MFS and uses a maximum of 50% RAM by default and can be tuned
- Previous special content of /var MFS is now permanently stored in /var to ensure full operability
- Added a filter to the system log widget (contributed by kulikov-a)
- Auto detection on far gateway requirement for default route
- Interfaces: switch to MVC/API variant for DNS lookup page
- Interfaces: refactor DHCP and PPPoE scripts to use ifctl exclusively
Lastly, it is worth noting that LibreSSL is mentioned to be scheduled for removal at the end of this series and will likely not receive any further maintenance. The next major update will happen
automatically OpenSSL style.
Finally if you are interested in knowing more about it, you can check the details In the following link.
Download the new version of OPNsense 22.7
Si do you want to get this new version only You must go to its official website and in the download section where you can find the compiled image in the form of a LiveCD and a system image to write to Flash drives in the following link.
The source code of the components of the distribution, as well as the tools used for the construction, are distributed under the BSD license.