The OPNsense 22.1 firewall distribution has been released, which is a fork from the pfSense project, created with the goal of creating a completely open distribution that could have functionality at the level of commercial solutions for deploying firewalls and network gateways. Unlike pfSense, the project is positioned as not controlled by one company, developed with the direct participation of the community and has a completely transparent development process, as well as providing the opportunity to use any of its developments in third-party products, including commercial ones. The source texts of the distribution kit components, as well as the tools used for building, are distributed under the BSD license. The assemblies are prepared in the form of a LiveCD and a system image for writing to Flash drives (339 MB).
The core stuffing of the distribution is based on the FreeBSD code. Among the features of OPNsense, one can single out a completely open assembly toolkit, the ability to install in the form of packages over regular FreeBSD, load balancing tools, a web interface for organizing user connection to the network (Captive portal), availability of connection stateful mechanisms (stateful firewall based on pf), setting bandwidth limits, filtering traffic, creating a VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, support for DDNS (Dynamic DNS), a system of visual reports and graphs.
The distribution provides tools for creating fault-tolerant configurations based on the use of the CARP protocol and allowing you to run a spare node in addition to the main firewall, which will be automatically synchronized at the configuration level and take over the load in case of failure of the primary node. For the administrator, a modern and simple interface for setting up a firewall is offered, built using the Bootstrap web framework.
Among the changes:
- Switched to the FreeBSD 13-STABLE branch (the previous version was based on HardenedBSD 12.1).
- Provided indication in the log of information about the level of importance of the message (severity) to filter the logs by this value.
- Includes opnsense-log utility for inspecting logs.
- Added tools to tunables framework to override sysctl.
- Speed ββup the process of loading and configuring network interfaces. The transition to the use of the LUA loader has been made.
- Updated versions of additional programs from ports, for example, filterlog 0.6, hostapd 2.10, lighttpd 1.4.63, nss 3.74, openssl 1.1.1m, openvpn 2.5.5, php 7.4.27, sqlite 3.37.2, syslog-ng 3.35.1, unbound 1.14.0, wpa_supplicant 2.10.
Source: opennet.ru