pfSense 2.4.5 the new version of this open source firewall is now available

The new version of the compact system for creating firewalls and network gateways "PfSense 2.4.5". This new version presents some improvements, but above all it comes to solve some errors that were identified in the previous version.

For those who are unaware of pfSense should know that this is a custom FreeBSD distributionwhich is adapted for use as Firewall and Router. It is characterized by being open source, it can be installed on a wide variety of computers and it also has a simple web interface for its configuration.

About pfSense

pfSense makes use of developments from the m0n0wall project and active use of pf and ALTQ. The distribution is managed through the web interface.

Captive Portal, NAT, VPN (IPsec, OpenVPN), and PPPoE can be used to organize user access on a wired and wireless network. A wide range of capabilities are supported to limit bandwidth, limit the number of simultaneous connections, filter traffic, and create CARP-based fault-tolerant configurations.

Job statistics are displayed in graphs or in table form. Authorization is supported in the local user database, as well as through RADIUS and LDAP.

Among its main characteristics it's found:

  • Firewall
  • State Table
  • Network Address Translation (NAT)
  • High availability
  • Multi WAN
  • Load balancing
  • VPN that can be developed in IPsec, OpenVPN and in PPTP
  • PPPoE server
  • DNS server
  • Captive portal
  • DHCP server

PfSense has a package manager to expand its functionalitiesWhen choosing the desired package, the system automatically downloads and installs it. There are around seventy modules available, among which are the Squid proxy, IMSpector, Snort, ClamAV, among others.

Main new features pfSense 2.4.5

In this new issue we can find that the base system components have been updated to FreeBSD 11-STABLE.

For the part of the improvements from this new version, we can find on some pages of the web interface, including certificate manager, DHCP bind list, and ARP / NDP tables thatSupport for sorting and searching has appeared.

In the UFS file system settings for new systems, by default, the noatime mode is enabled to minimize unnecessary write operations.

On the other hand, in the unbound DNS resolver, added to Python scripting integration tools.

While for IPsec DH (Diffie-Hellman) and PFS (Perfect Forward Secrecy), Diffie-Hellman groups 25, 26, 27 and 31 were added.

In addition to this, the announcement mentions that "autocomplete = new-password" attribute has been added to authentication forms to disable auto-completion of fields with sensitive data and also added new DNS dynamic record providers: Linode and Gandi.

On the fixes side, the announcement mentions that several vulnerabilities have been fixed, including an issue in the web-based interface that allows an authenticated user with access to the image upload widget to run any PHP code and gain access to privileged pages of the administrator interface. Also, cross-site scripting (XSS) has been removed from the web-based interface.

Download and get pfSense

Finally, for those interested in being able to download and install or be able to test this system.

You can get the picture of this, from your website and in its download section you can find the links to download the system image.

In the download section we can find several images for the amd64 architecture, which vary in size from 300 to 360 MB, among them we can find a LiveCD and an image to install in USB Flash.

The image for usb can be recorded with Etcher which is a multiplatform tool. Or in the case of Windows they will be able to record the image with the help of Rufus.

While from Linux we can support ourselves from the terminal with the dd command.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.