Advertisment

pfSense 2.1 Open Source firewall-RELEASE now available!

author-image
Dhaval Gupta
New Update

This release brings many new features, with the biggest change being IPv6 support in most every portion of the system. There are also a number of bug fixes, and touch ups in general.

Advertisment

pfSense is a m0n0wall-derived operating system. It uses Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished), ALTQ for excellent packet queuing, and an integrated package management system for extending the environment.

 List of the new features and major changes in the pfSense 2.1 release.

- IPv6 support - throughout the GUI in many areas. See here for a list of complete areas and areas that still need work.

- PBI (push button installer) package support

- Based on FreeBSD 8.3

- Switch from Prototype to jQuery

- Multi instance Captive Portal

- Multiple Captive Portal RADIUS authentication sources (e.g. one for users, one for cards)

- Ability to select serial port speed

- DynDNS multi-wan failover

- IPsec multi-wan failover

- OpenVPN multi-wan failover

- AES-NI support (Cryptographic Accelerator feature on new Intel/AMD CPUs)

- NTP daemon now has GPS support

- Improved navigation and service status in the GUI

- More IPsec hash algorigthms and DH key groups added, "base" negotiation mode added.

- OpenVPN can accept attributes from RADIUS via avpairs for things like inacl, outacl, dns-server, routes.

- Aliases separated into tabs for Hosts, Ports, and URLs to improve manageability.

- Multiple language support, a mostly-complete translation for Brazillian Portuguese is included

- NAT reflection options re-worded to be less confusing

- Adjustable source tracking timeout for Sticky connections

- Support for certain thermal sensors via ACPI, coretemp, and amdtemp.

- System startup beep can be disabled

- Improved denoting of certificate purposes in the certificate list

- More system log separation, Gateways, Routing, Resolver split into their own tabs

- High Availability Synchronization options (Formerly known as "CARP Settings" under Virtual IPs Promoted to its own menu entry, System > High Avail. Sync."CARP" is a part of High Availability, as is XMLRPC/pfsync state synchronization, but it's a bit of a misnomer to refer to the sync settings as CARP.

- Updated atheros drivers

- Fixes for conf_mount_ro/conf_mount_rw reference checking/locking

- DHCP can support multiple pools inside a single subnet, with distinct options per pool

- DHCP can allow/deny access to a DHCP pool by partial (or full) MAC address

- Firewall logs can now be filtered by interface, sorted by any column, and can optionally show the matching rule description inline.

- Firewall rules now support matching on ECE and CWR TCP flags

- IPsec supports separate "split dns" field and doesn't just assume the default domain for split DNS domains

- Properly ignore disabled IPsec phase 2 entries

- Improvements for state killing when an interface goes down

- Diagnostics > Sockets page to show open network sockets on the firewall

- Added a warning to the PPTP page with links explaining how the protocol has been broken.

- Many, many bug fixes

- Various fixes for typos, formatting, etc.

DOWNLOAD

Advertisment