2.4.3-p1 New Features and Changes

Security / Errata


  • Added a check to avoid creating route-to rules for proxy ARP addresses
  • Corrected alias name input validation text referring to well-known and registered ports #8409
  • Corrected the list of pf reserved keywords to prevent aliases from using invalid custom names #8445
  • Fixed an issue with Captive Portal access rules being left behind on disconnect #8441
  • Fixed an issue with pressing Enter in the filter field of diag_pftop.php #8494
  • Fixed an issue with invalid rules generated due to the presence of IPv6 Alias VIPs #8408
  • Fixed an issue with IPsec mobile Pre-Shared Keys and iOS devices #8426
  • Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
  • Fixed firewall rules generated by the OpenVPN wizard #8391
  • Fixed handling of OpenVPN RADIUS attribute firewall rules #8480
  • Fixed handling of XMLRPC user/group synchronization when that section is disabled on the primary #8450
  • Fixed input validation to allow named services to be used in firewall rules rather than numbers alone #8410
  • Fixed issues with IP alias VIPs on Localhost at boot time #8393
  • Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
  • Updated SimplePie RSS to 1.5.1 #8423
  • Added more fields to the list that status.php uses to redact private information #8394