pfSense 2.7.1 released: free network firewall distribution
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third-party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.
pfSense software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with commercial firewalls catch on to the web interface quickly, though there can be a learning curve for users not familiar with commercial-grade firewalls.
pfSense started in 2004 as a fork of the m0n0wall Project (which ended 2015/02/15), though has diverged significantly since.
By Gonzopancho (Own work) [CC BY-SA 4.0], via Wikimedia Commons
- PHP has been upgraded to 8.2.11
- The base operating system has been upgraded to a more recent point on FreeBSD 14-CURRENT
- Support for SCTP has been improved in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, previously it was only possible to filter on source or destination address.
- OpenSSL in the base system has been upgraded from 1.1.1t to 3.0.12.
For details, see OpenSSL upgraded to 3.0.12.
- Kea DHCP Server has been added as an opt-in feature preview for IPv4 and IPv6 DHCP service. Kea will eventually replace the ISC DHCPD daemon which is EOL.
- IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as a part of the ongoing DHCP Server changes.
- Certain parts of the base system are being migrated to packages rather than grouping them all together in an archive in the “base” package. For the most part this should be entirely transparent to users.
Specifically, the code from the main pfSense software repository is now a part of the “pfSense” package. This lets management of files be handled entirely by
pkgrather than carrying them in an archive. This migration is ongoing, so future versions will include additional portions of the system being packaged differently. - The default driver for NVMe storage devices changed from
nvd(4)tonda(4). For most users this will be a transparent change since the majority of installations are mounted by label and do not reference a storage device by name.Some swap configurations may reference the old device name in
/etc/fstab. Editing that file and correcting device names fromnvdtonda, followed by a reboot, should restore swap functionality.If the new driver is problematic in certain environments the default can be changed back to
nvd(4)by adding a loader tunable forhw.nvme.use_nvd=1.
More…
