The OPNsense 21.7 firewall distribution has been released, which is a fork from the pfSense project, created with the goal of creating a completely open distribution that could have functionality at the level of commercial solutions for deploying firewalls and network gateways. Unlike pfSense, the project is positioned as not controlled by one company, developed with the direct participation of the community and has a completely transparent development process, as well as providing the opportunity to use any of its developments in third-party products, including commercial ones. The source texts of the distribution kit components, as well as the tools used for building, are distributed under the BSD license. The assemblies are prepared in the form of a LiveCD and a system image for writing to Flash drives (422 MB).
The core stuffing of the distribution is based on the HardenedBSD code, which supports a synchronized fork of FreeBSD, which integrates additional protection mechanisms and techniques to counter exploitation techniques. Among the features of OPNsense, one can single out a completely open assembly toolkit, the ability to install in the form of packages over regular FreeBSD, load balancing tools, a web interface for organizing user connection to the network (Captive portal), the presence of mechanisms for tracking connection states (stateful firewall based on pf), setting bandwidth limits, traffic filtering, creating a VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, support for DDNS (Dynamic DNS), a system of visual reports and graphs.
The distribution provides tools for creating fault-tolerant configurations based on the use of the CARP protocol and allowing you to run a spare node in addition to the main firewall, which will be automatically synchronized at the configuration level and take over the load in case of failure of the primary node. For the administrator, a modern and simple interface for setting up a firewall is offered, built using the Bootstrap web framework.
Among the changes:
- The distribution is based on the developments of HardenedBSD 12.1. The next release, 22.1, is scheduled to migrate to FreeBSD 13.
- A new installer has been proposed that provides built-in support for installing on partitions with the ZFS file system and is suitable for working in virtual machines that use UEFI.
- The interface for updating firmware has been redesigned.
- In the log reflecting the activity of traffic filtering, the actual rule identifiers are displayed to avoid misinterpretation after changing the set of rules.
- The ability to specify bit masks (wildcard mask) in network masks has been added to templates that allow you to associate a set of networks, hosts and ports with a specific symbolic name in firewall rules (aliases).
Source: opennet.ru