Версия TING 1.3
1.3.3 (1 ноября 2018)
В данный релиз вошли дополнения от Smart-Soft.
Плагин os-proxy-useracl: добавлены автообновляемые удалённые чёрные списки, в том числе списки Роскомнадзора (IP, URL), список блокировки рекламы; добавлены предопределённые списки MIME-типов.
Плагин os-c-icap-clamav: добавлена блокировка категорий youtube.
Плагин os-sms-portal: добавлена поддержка протокола SMPP для отправки сообщений.
Плагин os-kaspersky: добавлены опции сканирования Phishing и KSN.
Исправлены обнаруженные ошибки.
1.3.2 (14 октября 2018)
Этот релиз TING основан на OPNsense версии 18.1.13.
Наработки команды разработчиков TING:
Плагин os-proxy-useracl: плагин полностью переработан, добавлены фильтры по MIME-type, User-Agent, добавлена возможность назначения правил на IP-адреса, добавлены расписания, добавлена возможность делать исключения для SSL-Bump, черные/белые списки для ICAP, возможность выбора опции regexp/dstdomain при составлении списков доменов.
Плагин os-squid-log: добавлен режим отображения информации одновременно по пропущенному и заблокированному трафику.
В дашборд выведена информация об аппаратной платформе и версии BIOS.
Обновлена и реорганизована документация на сайте.
Доработан перевод на русский язык.
Исправлены обнаруженные ошибки.
Ниже представлен полный список изменений OPNsense от версии к версии.
Изменения в OPNsense 18.1.13:
system: restart syslog when interface bind addresses may have changed
system: remove unused action_disable setting in gateway monitoring
ntp: typo in SiRF selection
openvpn: translate validated field names
rc: unset rcvar before evaluation (contributed by Nicholas de Jong)
installer: give basic tip that GUI IP can be set in console after install (contributed by stilez)
ports: suricata 4.0.5
Изменения в OPNsense 18.1.12:
system: improve local account expire cron job to also flush passwords and SSH keys
system: show fingerprint in certificate details (contributed by Robin Schneider)
system: fix Nextcloud file name format (contributed by Fabian Franz)
system: allow remote backup via cron command
interfaces: allow /0 to /32 in 6rd and align prefix length calculation with effective prefix used
firewall: do not trigger rules scheduling if scheduled rule is disabled
firewall: allow to select external aliases
firewall: ignore namelookup when no nameservers are configured
dashboard: remove tooltips from CPU widgets (contributed by Team Rebellion)
dashboard: add date to large CPU widget data
intrusion detection: add missing classification category
ipsec: add mutual RSA and EAP-MSCHAPv2 support
wizard: make clear that «admin password» means «root password»
ui: when JQuery Bootgrid rowselect is enabled the click event is triggered twice
mvc: switch from the default $_GET[„_url“] to $_SERVER and let Phalcon handle the routing
mvc: dynamic urls regardless if you have a trailing slash or not (contributed by Max Orelus)
mvc: multiselect may allow empty option, no need to give blank item too
mvc: add support for application-specific field types
ui: top level menu item link pivots and security improvements (contributed by Max Orelus)
plugins: os-net-snmp 1.0 (contributed by Michael Muenz)
plugins: os-openconnect 1.1 (contributed by Michael Muenz)
plugins: os-web-proxy-sso UI fixes (contributed by Smart-Soft)
Изменения в OPNsense 18.1.11:
system: enforce full password policy check for local passwords including TOTP
system: add RFC 7919 DH parameter files for upcoming 18.7 feature
system: add 3072-bit RSA key length options to certificates (contributed by Justin Coffman)
system: move auto-cron jobs to plugin files
interfaces: refactor reload handling around interfaces_configure()
interfaces: allow private addresses in 6RD
interfaces: check existence of «status» (contributed by Tian Yunhao)
reporting: add NetFlow/Insight database force repair function
dhcp: update from ISC version 4.3 to 4.4
importer: allow ZFS import for upcoming 18.7 ZFS installer feature
importer: allow import from simple MSDOS USB drives
intrusion detection: add app detect rules (contributed by Michael Muenz)
rc: suppress message of service not enabled on NetFlow backup
rc: use exec in /etc/rc and /etc/rc.shutdown hooks
rc: rework rc.syshook facility to be driven by directories and not suffixes
unbound: remove defunct unbound_statistics() function
plugins: os-postfix 1.4 advanced force recipient check (contributed by Michael Muenz)
plugins: service start corrections for accompanying rc.syshook changes
src: incorrect TLB shootdown for Xen-based guests
src: lazy FPU state restore information disclosure
src: enable usage of locate(1) utility
ports: isc-dhcp 4.4.1
ports: php 7.1.19
ports: unbound 1.7.3
Изменения в OPNsense 18.1.10:
system: provide default for user language
system: do not allow spaces in group names
system: dpinger gateway monitor option (contributed by Team Rebellion)
system: prepare for upcoming DH parameter regeneration feature
system: Nextcloud backup support (contributed by Fabian Franz)
system: userid 0 has trouble with %s in redirects, use %d instead
system: QR code quiet zone support
system: add selectpicker style where previously missing
firmware: exclude password database files from base update as it breaks sudo
interfaces: clean up reload structure for single interfaces
interfaces: remove unused interface reload script
interfaces: simplify semantics of link_interface_to_track6()
interfaces: assorted cleanups in the code
firewall: add enable flag to shaper rules
firewall: improve parsing speed of firewall log
firewall: fix wrong alias reference in outbound rules
firewall: generate ipfw comments for debugging (contributed by Robin Schneider)
firewall: move color settings from schedules to theme (contributed by Fabian Franz)
intrusion detection: correct typo in CSS
openvpn: raise default DH parameter to 2048 bit
console: pass output of stop scripts to user during halt/reboot
console: clarify that installer is for installing when SSH is off also
rc: change NetFlow backup to only stop/start when needed
rc: backup and restore via XML files again
rc: slightly refactor halt/reboot/shutdown
rc: break out config stop script
rc: simplify configctl plumbing
ui: add country flags for upcoming changes in GeoIP handling
ui: trigger onChange event to support custom hooks in form post
ui: change multi-select default from tokenizer to selectpicker
ui: add support for custom separators in select items
plugins: test for template scripts before executing them
plugins: os-acme-client fixes password field usage
plugins: os-relayd 2.0 MVC rewrite (contributed by Frank Brendel)
plugins: os-smart 1.3 translation and UI fixes (contributed by Fabian Franz)
plugins: os-upnp daemon now uses CHECK_PORTINUSE and PF_FILTER_RULES port options
plugins: os-zerotier 1.3.2 translation and UI fixes (contributed by Smart-Soft)
ports: ca_root_nss 3.37.3
ports: libressl 2.6.5
ports: openssl patch for CVE-2018-0732
ports: phalcon 3.4.0
ports: sqlite 3.24.0
ports: strongswan 5.6.3
ports: unbound 1.7.2
1.3.1 (10 июля 2018)
Этот релиз TING основан на OPNsense версии 18.1.9. Начиная с данной версии у нас появилась возможность выдавать DEMO-образы с ограниченным сроком действия для знакомства с функционалом.
Наработки команды разработчиков TING:
Система: запись лога на удалённый лог-сервер по протоколу TCP.
APU-устройства: кнопка сброса в настройки по-умолчанию, управление светодиодами.
Администрирование: добавлены ACL для управления доступом к плагинам.
Плагин os-kaspersky: возможность редактирования шаблонов ответов прокси.
Прокси: кастомизированные шаблоны ответов для разных причин блокировки.
Перевод назначений настроек tunnables.
Доработан перевод на русский язык.
Исправлены обнаруженные ошибки.
Ниже представлен полный список изменений OPNsense от версии к версии.
Изменения в OPNsense 18.1.9:
firewall: advanced option to reset states on IPv4 change
interfaces: rename $wancfg to $lancfg in tracking code
interfaces: further simplifications for dhclient usage
reporting: add logging to database repair stage
reporting: Insight click event issue
system: use uppercase gateway names for compatibility
system: gateway alert script always returns true
system: align static ACL check with MVC variant
system: pluggable backup support
system: configurable user landing pages
system: safety belt for password policy check
wizard: add missing element IDs to fix scripting issues
firmware: parse and return to be removed packages for update summary
firmware: release type change properly updates the repository and summary
firmware: extended settings can now be registered via XML files
firmware: return repository errors in greater detail (4 new error types)
firmware: make returned backend JSON a bit more human-readable
firmware: fix leak of base/kernel update info on package manager updates
firmware: refactor package manager update summary parsing for speed
firmware: add and use API for major upgrades
dhcp: fix unwanted name-server write in v6
dhcp: ldap-server does not exist in v6
intrusion detection: update classification.config
intrusion detection: optional fast log to syslog
ipsec: set ignore_acquire_ts to allow ASA compatibility
ipsec: add ike_name to syslog output
openvpn: improve validation between TCP, TCP4, TCP6, UDP, UDP4 and UDP6
console: manual pages for opnsense-importer and opnsense-installer
console: let opnsense-installer set up an early runtime environment
console: show firmware reboot hint prior to update when applicable
console: longer timeout for opnsense-importer invoke on first boot
console: proper return values for opnsense-importer in edge cases
mvc: support multiple directories for detached UI development
mvc: add AddressFamily option to NetworkField
mvc: non-functional menu node name tweaks
rc: action changes for «||» avoidance
ui: fix tokenizer selection when values and labels do not match
ui: serve 404 when page was not found
ui: add and use SVG logo support
ui: upgrade nvd3 to version 1.8.6
plugins: os-acme-client 1.15 (contributed by Frank Wall and Omar Khalil)
plugins: os-freeradius 1.7.0 (contributed by Michael Muenz)
plugins: os-haproxy 2.7 (contributed by Frank Wall)
plugins: os-postfix 1.3 (contributed by Michael Muenz)
plugins: os-siproxd 1.3 (contributed by Michael Muenz)
plugins: os-telegraf 1.4.0 (contributed by Michael Muenz)
ports: ca_root_nss 3.37.1
ports: curl 7.60.0
ports: pcre 8.42
ports: php 7.1.18
ports: pkg upstream fix for segfault on upgrade
ports: unbound 1.7.1
Изменения в OPNsense 18.1.8:
system: improve VLAN console assignment handling
system: move backup crypto code to the only page using it
system: improve validation for web GUI related settings
system: split off monitor reload for upcoming dpinger integration
system: default route handler skips an already active default route
system: default route handler purges hint files only when switching to a newer route
system: default gateway switching uses the standard default route handler
system: properly add LDAP picker to ACL
system: properly unset password expired message after password change
interfaces: clear up use IPv4 connectivity and fix several typos
interfaces: parse and report tunnel data
interfaces: move dhclient-script to proper location
interfaces: allow SLAAC to latch on to IPv4 link
reporting: add destination address in Insight detail search
dhcp: fix labels of services to align with menu
dhcp: domain-search-list usage was removed in 2012
ipsec: rewrite resolve_retry() for its only use case
ipsec: improve RADIUS secret escaping (contributed by Rafael Cano)
ipsec: fix missing disable of DH group setting
router advertisements: correctly merge DNS server arrays
router advertisements: fix DNSSL settings
router advertisements: fix duplicated subnet statements
openssh: also use static interface IP addresses to listen on explicitly
unbound: allow wildcard host entry (contributed by Eugen Mayer)
webgui: also use static interface IP addresses to listen on explicitly
backend: improve escaping of passed parameters
ui: correct heigh of the login title bar
ui: unify the label printing of interfaces
ui: refactor script match for help messages
rc: ZFS boot awareness
plugins: os-cache 1.0 is an optional web server cache for the GUI/API
plugins: os-debug 1.3 now holds its own PHP settings
plugins: os-nut 1.0 (contributed by Michael Muenz)
plugins: os-snmp 1.3 improves handling of interface binding
src: mishandling of x86 debug exceptions
src: multiple small kernel memory disclosures
src: timezone database information update
ports: ca_root_nss 3.37
ports: krb5 1.16.1
ports: liblz4 1.8.2
ports: python 2.7.15
ports: sqlite 3.23.1
ports: sudo 1.8.23
Изменения в OPNsense 18.1.7:
system: validate pfsync peer as IPv4-only
system: flip order of arguments for system_routing_configure()
system: convert cron to mutable model controller
system: convert routing to mutable model controller
system: log table header cleanup
system: more aggressive factory reset and shut down after completion
system: remove duplicate addresses before binding web GUI and OpenSSH
system: fix Framed-Route parsing for RADIUS authentication
system: properly translate save message on user language change
interfaces: PPPoE link down script improvements
interfaces: emit prefix-interface for trackers in advanced DHCPv6 configurations
interfaces: DHCPv6 configuration creation breakout (contributed by Team Rebellion)
interfaces: SIGHUP reload for dhcp6c (contributed by Team Rebellion)
interfaces: wait for dhcp6c to be stopped by pending apply
interfaces: only reconfigure VLAN interface after edit when necessary
interfaces: create IPv4 and IPv6 tunnel gateways for GIF/GRE when the setup allows it
interfaces: remove unused $flush argument from various functions
interfaces: fixed creation of GIF/GRE tunnel with an outer IPv6 remote address (contributed by Christoph Engelbert)
interfaces: fixed router advertisement setup of former static but now tracking interface (contributed by Christoph Engelbert)
interfaces: remove obsolete address requirement for CARP VIPs
interfaces: back out get_dyndns_ip() IPv6 online detection and properly propagate a lookup error
interfaces: no more spurious redirection for dhclient invoke
firewall: remove a side effect from filter_delete_states_for_down_gateways()
firewall: adjust maximum table entries for error-free bogonsv6 usage
firewall: add buckets option to traffic shaper
firewall: update help text for port ranges (contributed by Michael Muenz)
power: power off modal to indicate that the GUI is no longer responsive
captive portal: add traffic data and IP address to RADIUS accounting messages (contributed by fvanroie)
captive portal: fix voucher table rendering issue seen in Firefox
intrusion detection: add destination IP to alert search (contributed by Jeffrey Gentes)
intrusion detection: add abuse.ch URLhaus rules
ipsec: keep road warrior rightsubnet to default as stated by the docs
ipsec: add missing phase 2 DH groups
openvpn: switch to interface «any» for IPv6-friendly defaults
openvpn: remove side-effects from configuration code
openvpn: let CIDR validation tell us that only one network is expected
openvpn: allow explicit selection of tcp4 and udp4
openvpn: wizard can now set IPv4/IPv6 tunnel, local and remote addresses
openvpn: improved automatic local port selection in wizard
openvpn: bigger wizard button on server list page
openvpn: allow IPv6-only tunnel setups
openvpn: assorted cleanups in the associated GUI pages
unbound: fix a faulty format string
web proxy: use error_directory translation as set by system language (contributed by Smart-Soft)
web proxy: add support for SNMP (contributed by Smart-Soft)
web proxy: rewrite the IDN support to only affect the template write
console: make tracking the default for LAN IPv6 during interface reconfiguration
console: reset VLANs as stated during port reconfiguration
mvc: track attached models of model relation fields
mvc: remove obsoleted «page-» prefix check for ACL
mvc: unit tests for DependConstraint
mvc: only use configdpRun() when needed
rc: generate and permanently save host ID
rc: always reload VPN after filter to allow for better default gateway switching
rc: reconfigure IPv4 and IPv6 only once after boot
rc: do not run plugin reconfigure if a system configuration is not present
ui: merge system activity and services diagnostics menu
ui: move defaults page from firmware to configuration section
ui: fix issue with typeahead selection in tokenizer
ui: order reporting menu naturally
lang: updates for Czech, French, German, Portuguese (Brazil)
plugins: os-acme-client 1.14 adds support for CloudDNS (contributed by Frank Wall)
plugins: os-freeradius 1.5.3_1 fixes form property auto-select
plugins: os-monit 1.7_1 merges setup code into migration framework
plugins: os-postfix 1.2 relax relay host validation (contributed by Michael Muenz)
plugins: os-rspamd 1.3 adds file for milter headers (contributed by Fabian Franz)
plugins: os-snmp 1.2 avoids usage of does_interface_exist()
plugins: os-web-proxy-useracl 1.1._1 reworks IDN support
plugins: os-zabbix-agent 1.3 adds working default values (contributed by Frank Wall)
ports: enable previously defunct AES-NI acceleration in LibreSSL 2.6
ports: switch from dhcp6 to our own lightweight dhcp6c
ports: sudo upstream patch to correct a FreeBSD issue
ports: openldap 2.4.46
ports: openssh 7.7p1
ports: openvpn 2.4.6
ports: perl 5.26.2
ports: php 7.1.17
ports: sqlite 3.23.0
Изменения в OPNsense 18.1.6:
system: reverse reload order for gateway switching on OpenVPN
system: implement password policies for local accounts
system: separate web GUI and configd log files
system: add syslog and login service visibility
system: show root as disabled in user manager if disabled
interfaces: no longer restrict VLAN driver capability
firewall: switch back to the pre-18.1 auto-outbound NAT behaviour
firewall: reload schedules 1 minute later
firewall: filter descriptions option does no longer exist
firewall: updated anti-lockout link (contributed by Michael Muenz)
firewall: fix help text in shaper masks (contributed by Michael Muenz)
firewall: add delay option to pipe in shaper (contributed by Michael Muenz)
reporting: add insight aggregator to service list
dashboard: large CPU usage widget (contributed by Team Rebellion)
dhcp: fix display of DUID in IPv6 leases
firmware: let opnsense-patch apply chmod even in partially failed patches
firmware: let opnsense-code fetch all remotes as well as prune them
intrusion detection: provide custom.yaml for user edits
web proxy: fix pid file pointer for service status probe
ui: help data-for attribute (contributed by NOYB)
ui: reversed zebra redraw on static page mobile forms
ui: cleanup for unused classes in static pages
mvc: add constraint type for dependent fields
plugins: merge rc.plugins_configure code into pluginctl
plugins: os-c-icap 1.5_1 service controller fix (contributed by Fabian Franz)
plugins: os-frr 1.3 adds BGP for IPv6 (contributed by Michael Muenz)
plugins: os-lcdproc-sdeclcd 1.0 release adds LCD usage to Lanner/Watchguard Firebox
plugins: os-monit 1.7 fixes compatibility with UI rework
plugins: os-rspamd 1.2 allows to specify bad file extensions (contributed by Fabian Franz and Michael Muenz)
plugins: os-shadowsocks 1.0 release (contributed by Michael Muenz)
plugins: os-web-proxy-sso 2.2 adds XMLRPC sync (contributed by Smart-Soft)
plugins: os-web-proxy-useracl 1.1 adds XMLRPC sync (contributed by Smart-Soft)
plugins: os-zabbix-agent 1.2_1 fixes service controls
src: fix mutli-wan traffic shaper on non-default gateway interfaces
src: ipsec crash or denial of service
src: vt console memory disclosure
src: multiple small kernel memory disclosures
src: timezone database information update
ports: dnsmasq 2.79
ports: openssl 1.0.2o
ports: perl 5.26.1
ports: php 7.1.16
1.3.0 (16 апреля 2018)
Этот релиз TING основан на OPNsense версии 18.1.5. Данная версия включает в себя переход на FreeBSD 11.1, PHP 7.1. Также были включны исправления, касающиеся уязвимостей Meltdown и Spectre. Для исключения сюрпризов в HardenedBSD по-умолчанию включено противодействие уязвимости Meltdown (PTI) в том числе для процессоров AMD. Воздействие на производительность минимальное, однако противодействие уязвимости Spectre V2 (IBRS) может замедлять работу процессора.
Для управления этими настройками введены опции настройки системы. Вы можете:
Отключить PTI через установку «vm.pmap.pti» в значение «0» и перезагрузиться, и
Отключить IBRS через установку «hw.ibrs_disable» в значение «1» с нажатием «Применить».
Наработки команды разработчиков TING:
Плагин антивируса Kaspersky: os-kaspersky [1]
Переход на squid-4 [25]
Переход на ZFS на новых инсталляциях, начиная с версии 1.3.0.
UI: страница управления лицензиями доработана и переведена на MVC.
Плагин os-ndpi: улучшение обнаружения и блокировки Telegram.
Плагин os-security-scanner: управление работой сервиса, доработки UI.
Плагин os-c-icap-clamav: улучшенная альтернатива связке плагинов os-c-icap + os-clamav.
Доработан перевод на русский язык.
Исправлены обнаруженные ошибки.
Уже более трёх лет OPNsense внедряет инновации в брэндмауэр с открытым исходным кодом путём распределения функционала на отдельные модули, организации простых и надёжных обновлений прошивки, реализации многоязыковой поддержки, поддержки безопасности HardenedBSD, быстрой адаптации обновлений системного программного обеспечения а также чёткого лицензирования по лицензии 2-Clause BSD License.
Ниже представлен полный список изменений OPNsense от версии к версии.
Изменения в OPNsense 18.1.5:
system: optional prefix Google Drive backups with host and domain name
system: also render tunables in loader.conf to obsolete loader.conf.local editing
interfaces: allow /127, /128 and /32 static IP address configurations everywhere
interfaces: improve logging and assorted cleanups (contributed by Team Rebellion)
interfaces: ignore dynamic linkup events for unassigned interfaces
interfaces: hide previously assigned interfaces from bridges
interfaces: allow all IPv6 prefixes from 48 to 64 for DHCPv6 mode
firewall: add VIP gateway option for PPPoE interfaces
firewall: add update interval option to log widget (contributed by NOYB)
firewall: respect mask in traffic shaper queue config (contributed by Michael Muenz)
firmware: fix opnsense-code for src.git and ABI probing
firmware: fix opnsense-patch file permission apply for plugins
intrusion detection: support request headers in ruleset metadata
openvpn: switch status to version 3 to avoid wrong parsing of commas
openvpn: parse all states to retrieve all relevant connection status info
captive portal: exclude «I» from simplified voucher character set for clarity
plugins: os-lldpd 1.1 adds interface selection (contributed by Michael Muenz)
plugins: os-monit 1.6 fixes file path validation (contributed by Frank Brendel)
plugins: os-postfix 1.1 adds smart host and SMTP authentication (contributed by Michael Muenz)
plugins: os-tinc 1.3 corrects host port usage (contributed by DasTestament)
plugins: os-tor 1.6 adds IPv6 and exit settings (contributed by Gijs Peskens)
ui: update tokenizer to 2.6, visual tweaks and blur-add
ui: buttons for services control in MVC (contributed by Smart-Soft)
src: reinitialize IP header length after checksum calculation [2]
src: fix IPsec validation and use-after-free [3]
src: update timezone database information [4]
src: update file(1) to new version with security update [5]
src: add mitigations for two classes of speculative execution vulnerabilities on amd64 [6]
ports: ca_root_nss 3.36
ports: curl 7.59.0 [7]
ports: igmpproxy 0.2.1 [8]
ports: lighttpd 1.4.49 [9]
ports: openvpn 2.4.5 [10]
ports: phalcon 3.3.2 [11]
ports: php 7.1.15 [12]
ports: strongswan 5.6.2 fix for public key authentication [13]
Изменения в OPNsense 18.1.4:
system: improved default route handling
system: improved gateway switching
system: cleanse username on LDAP import
system: increase maximum size of firmware reports
firewall: shaper backend refactor
interfaces: improved reconfigure phase
reporting: fix sporadic «non-numeric value encountered» error
captive portal: add voucher expiry (contributed by Stephanowicz)
intrusion detection: use latest ET Open rules for Suricata version 4
intrusion detection: proper syslog with drops, requires log file reset
intrusion detection: backend refactor
plugins: os-frr 1.2 adds OSPF interface type (contributed by Marius Halden)
plugins: os-haproxy 2.6 [14]
ports: isc-dhcp 4.3.6P1 [15]
ports: pkg 1.10.5
ports: strongswan 5.6.2 [16]
Изменения в OPNsense 18.1.3:
system: account for variable headers in top output
system: move gateway status into main pages
system: slightly reorder routing configuration calls
system: optimize reading of SSL crypto library version string (contributed by Alexander Shursha)
system: rework LDAP authentication container selection
interfaces: avoid interaction of overview details with menu items
interfaces: allow «reject leases from» option in DHCP advanced settings
firewall: set alias cron update interval to 1 minute
firewall: align alias cron update with its background call
firewall: URL IP alias type missing in selections
firewall: fix defunct alias target in outbound NAT
firewall: ignore alias case while searching
firewall: move rule category filter to the top of the page
firewall: show IPv6 ports in live log and fix details for TCP
firewall: move general settings to AliasParser and fix Alias constructor to receive them
firewall: if the name of the alias equals its content try to resolve
dhcp: advertisement problem on PPPoE link without public IPv6 address (contributed by Team Rebellion)
dhcp: UEFI 64 network boot using wrong arch type
dhcp: validate maximum interface MTU
dhcp: add validation for DUID fields
ipsec: auto-route disable setting (contributed by Namezero)
network time: inline NMEA checksum calculator (contributed by Fabian Franz)
network time: fix stratum level write
unbound: optimize outgoing-range differently
unbound: local zone setting (contributed by NOYB)
ui: fix cropped dropdown regression
mvc: translate option values (contributed by Alexander Shursha)
mvc: fix access to undefined property translator
mvc: fix typo in getBase()
mvc: improve phpdoc
rc: protect console menu again, but keep shell invoke for rc.d subsystem
rc: fix some typos (contributed by John Eismeier)
rc: proper includes for plugin post-install hook
rc: recover all known shells
plugins: os-clamav 1.5 fixes log file parsing
plugins: os-frr 1.1 fixes service start on boot
plugins: os-haproxy 2.5 [17]
plugins: os-monit 1.5 (contributed by Frank Brendel)
ports: mpd 5.8 [18]
ports: ntp 4.2.8p11 [19]
ports: suricata 4.0.4 [20]
Изменения в OPNsense 18.1.2:
system: avoid default route from disappearing when no manual gateways are set
firewall: fix outbound NAT for OpenVPN interfaces
interfaces: multiple overview page improvements (contributed by NOYB)
console: check for root invoke in importer, installer and console menu
intrusion detection: always show schedule tab
intrusion detection: log first drop of a flow
intrusion detection: add a log file viewer
unbound: add num-queries-per-thread option values for 4096 and 8192
ui: remove chrome=1 from X-UA-Compatible meta element (contributed by NOYB)
ui: HTML compliance for attribute «type» on script element (contributed by NOYB)
ui: HTML compliance for «navigation» «role» on nav element (contributed by NOYB)
ui: checkbox and radio button label children tweaks (contributed by NOYB)
ui: break help text on small screens
ui use pluggable locations for theme files
ui: remove table-responsive padding on small screens
ui: user-scalable viewport (contributed by NOYB)
mvc: CRUD functions for mutable model controller (contributed by Fabian Franz)
plugins: os-frr 1.0 with CRUD refactor (contributed by Fabian Franz)
plugins: os-tor 1.5 with CRUD refactor (contributed by Fabian Franz)
ports: phalcon 3.3.1[21] [22]
ports: php 7.1.14 [23]
console: do not yet check for root in console menu as it clashes with rc.d
mvc: fix a typo in the new CRUD getBase() call, currently unused
Изменения в OPNsense 18.1.1:
firewall: ignore target port alias in port forwards when it equals the destination
firewall: align outbound NAT address output to edit page
firewall: use first region for country in GeoIP category instead of last one
system: improve layout of gateway status labels (contributed by Fabian Franz)
system: improve order of group / user setup as «wheel» was not added correctly on save
dashboard: touch device improvements in widgets (contributed by NOYB)
opendns: always refresh the setting on save
openvpn: open links in a new tab (contributed by Fabian Franz)
ui: system-wide HTML compliance improvements (contributed by NOYB)
plugins: arp-scan 1.1 improves interface search (contributed by Giuseppe De Marco)
plugins: os-dyndns 1.6 fixes Route 53 IPv6 usage (contributed by theq86)
plugins: os-freebsd 1.5.2 clarifies certificate validation (contributed by Michael Muenz)
plugins: os-openconnect 1.0 (contributed by Michael Muenz)
plugins: os-rfc2136 1.2 improves widget load
plugins: os-telegraf 1.3.1 adds ping hosts and graphite validation fix (contributed by Michael Muenz)
plugins: os-rspamd 1.1 fixes typos (contributed by Fabian Franz)
plugins: os-zerotier 1.3.1 makes database persist on /var MFS (contributed by David Harrigan)
ports: curl 7.58.0 [24]
ports: py27-cryptography 2.1.4
Основные изменения в OPNsense 18.1 по отношению к 17.7:
FreeBSD 11.1, PHP 7.1 and jQuery 3 migration
Realtek vendor NIC driver version 1.94
Portable NAT before IPsec support
Local group restriction feature in OpenVPN and IPsec
OpenVPN multi-remote support for clients
Strict interface binding for SSH and web GUI
Improved MVC tabs and general page layout
Shared forwarding now works on IPv6, in conjunction with «try-forwarding» and improved reply-to multi-WAN behaviour
Easy-to-use update cache support for Linux and Windows in web proxy
Intrusion detection alert improvements and plugin support for new rulesets (ET Pro, Snort VRT)
Revamped HAProxy plugin with introduction pages
Moved interface selection to menu and quick search for firewall rules, DHCP and wireless status
Alias backend rewrite for future extensibility
Plugin-capable firewall NAT rules
Migration of system routes UI and backend to MVC (also available via API)
Reverse DNS support for insight reporting (also available via API)
Fully rewritten firewall live log in MVC (also available via API)
New plugins: zerotier, mdns-repeater, collectd, telegraf, tor, siproxd, postfix, rspamd, redis, iperf, arp-scan, zabbix-proxy, frr, node_exporter