2.3.5-p2 New Features and Changes

New features and changes for this release of pfSense® software:

Security / Errata


  • Added an option to disable HSTS for the GUI web server #6650

  • Added filtering to pfTop page

  • Added ospf6d to the routing log

  • Change get_interface_subnet() to use configured value if available

  • Corrected sethelp call on firewall_rules_edit.php #8242

  • Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447

  • Fixed an issue with the address family selection for remote syslog servers using IPv6 #8323

  • Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239

  • Fixed config.xml corruption handling

  • Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries`#8275 <https://redmine.pfsense.org/issues/8275>`__

  • Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261

  • Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129

  • Fixed selection of IPv6 gateways when creating a new firewall rule #8053

  • Fixed various pf “busy” errors when the ruleset is reloaded

  • Improved handling of aliases that mix IP addresses and FQDNs #8290

  • Improved update repository controls

  • Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417