2.1.5 New Features and Changes

The pfSense® software version 2.1.5 release follows shortly after 2.1.4 and is primarily a security release.

Security Fixes

Other Fixes

  • Handle a missing DHCPD config section properly during a configuration upgrade

  • Fix a regression that broke CARP+IP alias VIP functionality

  • Fix the Pass, Block, Reject and Interface filters in the Firewall Logs Widget #3725

  • Use HTTPS for dyndns providers that support it

  • Avoid resetting the firewall hostname from a WAN DHCP server #3746

  • Add missing qlimit keyword in some shaper rules

  • Change Cancel button to call history.back() when editing firewall aliases to fix issues with IE 11 #3728

  • Allow hostnames in bulk import since they are valid entries in a network type alias

  • Fix input validation logic on diag_testport.php, escape more shell arguments for good measure

  • Escape the individual dnsmasq advanced/custom options

  • Encode the detail field of an alias entry before displaying its contents back to the user

  • Encode interface/VIP descriptions before displaying them on the NTP daemon settings, and GIF/GRE interfaces

  • Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary

  • Shorten the wait at “reload” in startup wizard to 5 seconds from 60

  • Do not execute DNS lookups on GET, only pre-fill Host box so the user can press the button to execute

  • Turn alias creation links from DNS lookups into submit buttons for POST

  • Remove javascript alert DNS resolution action from the firewall log view. It was already removed from 2.2, and it’s better not to allow a GET action to perform that action

  • Require click-through POST confirmation when restoring or deleting a configuration from the backup history page

  • Avoid a “Cannot use string offset as an array” error if the packages section of the config is missing

  • Avoid generating an invalid IPsec (racoon) config if the user specified a mobile pool that is too small

  • IPsec phase 2 pinghost was not used if the source IP was a virtual IP address #3798

  • Move dhcp6c log to dhcpd.log #3799

  • Do not reset source and destination port range values when it’s an associated rule created by NAT port forward. #3778

  • Added filter.so to list of extensions loaded for filter_var() support.

  • The pfSense PHP module was setting the subnet mask of lo0 to /0, which could break some routes and cause other unintended routing side effects.