23.09.1 New Features and Changes

This is a maintenance software release including new features and bug fixes.

Consult the Upgrade Guide before proceeding with any upgrade.

Security / Errata

FreeBSD Notices

This release includes corrections for several FreeBSD Errata Notices and Security Advisories, including:

EFI Issue on Proxmox® VE

Some users of pfSense® software running under Proxmox VE 7.4 have had issues booting Virtual Machines via EFI. This may also affect other versions of Proxmox VE and pfSense software as well as FreeBSD.

Adding a serial port to the VM hardware appears to work around the issue for the time being. A fix for the root cause is under investigation and development for future versions.

At this time the best practice to avoid potential problems is to add a serial port to the VM, then shutdown the VM and start it back up before beginning the pfSense software upgrade process.

See also

See EFI Boot Issues for additional recommendations.

ZFS Data Corruption Details

Two data corruption bugs were recently reported against ZFS, including the version of ZFS in recent releases of pfSense software. These bugs have been corrected upstream in FreeBSD and the fixes have been imported into this release.

One bug was in block cloning, which is disabled by default on pfSense software, and thus is unlikely to be a significant concern on this platform. The other bug has been present in ZFS for years and was difficult to trigger.

Given the history of data corruption problems due to hole reporting in files, the corrections for this issue include a preventive measure to disable hole reporting. The downside of disabling hole reporting is the possibly increased disk space usage.


Users on previous releases of pfSense software can reduce the likelihood of encountering the data corruption issue by creating a System Tunable for vfs.zfs.dmu_offset_next_sync with a value of 0.

pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

  • Fixed: Rules using aliases of type URL (IPs) are not generated #14947


  • Fixed: ISC DHCP responds from a random port #15011


  • Fixed: PHP error on services_dhcpv6.php if the configuration contains an empty dhcpv6 section #14978

DHCP Relay

  • Fixed: Input validation prevents saving DHCPv6 Relay settings #14965

DNS Resolver

  • Changed: Update Unbound to 1.18.0_1 to address looping UDP retries when ENOBUFS is returned #14980


  • Fixed: Mobile IPsec Group Authentication cannot be enabled #14963

  • Fixed: Incorrect permissions on ipsec.auth-user.php #14974

  • Fixed: IPsec log categories set to “Audit” do not function properly or save properly in the GUI #14990

  • Changed: Update strongSwan to 5.9.11_3 #15050


  • Added: Add an appropriately named file to install images to indicate what they are #14887


  • Fixed: Mulicast traffic on a detached interface causes a panic #14917

  • Fixed: PHP Error on interfaces.php when creating a PPP interface #14949

  • Fixed: DHCP WAN with multiple (2+) IP Alias VIPs may show as an interface address at boot #14966


  • Changed: Update OpenVPN to 2.6.8_1 #15049

Operating System

  • Added: Method for users to customize shell initialization behavior #14746

  • Fixed: Potential ZFS file corruption #15034

Rules / NAT

  • Fixed: Invalid outbound NAT rules break the following rule #15024

  • Fixed: Automatic outbound NAT rules show an empty NAT Address #15025

Traffic Graphs

  • Fixed: Traffic graph filters apply incorrectly #14892


  • Fixed: pfSense-boot does not update the EFI loader #15007

Web Interface

  • Fixed: Firewall Maximum Table Entries “default size” is whatever is entered #11566