New OPNsense Release

Hi everyone,

Thanks again for the warm welcome of the 16.7 series! The feedback has been overwhelming, quite positively so. It was partly addressed in to be released code, shall be weaved into the upcoming roadmap or will be further discussed in our forums. Every wee bit counts on our way to 17.1. 🙂

This release addresses a pressing issue with the Intel e1000 driver in conjunction with IPS mode. For now, a piece of code that went into FreeBSD 10.3 has been reverted to bring back stability, but we are working with the author on a more permanent solution.

Here are the full patch notes:

  • system: default config now disables hardware offloading features
  • system: prevent carp demotion on sender and pfsync failures
  • firewall: removed obsolete reflection timeout value
  • firewall: added logging option for outbound NAT
  • firewall: fix interface address IPv6 outbound NAT
  • firewall: fix one-to-one copy feature
  • firewall: execute custom scrub rules before auto-generated rules
  • firmware: fixed race on base / kernel fetch
  • firmware: revoke the obsoleted 16.1 update fingerprint
  • interfaces: allow default route on multi-WAN PPPoE
  • interfaces: allow to set txpower for WiFi adapters
  • interfaces: allow backwards-compatible interface enable
  • vpn: fix faulty IPSec authenticator selection in phase 1
  • mvc: add missing CRL type in certificates cache
  • mvc: set robots meta to nofollow, noindex
  • mvc: always show logout button in menu
  • src: fix bspatch heap overflow vulnerability[1]
  • src: fix ICMP translation in pf
  • src: revert extended descriptor format for em(4)[2]
  • src: lower spurious log notice to debug in rtsold
  • plugins: os-haproxy 1.4 (contributed by Frank Wall)
  • ports: libressl 2.3.7[3]

Stay safe,
Your OPNsense team