pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

  • Fixed: Using PF reserved keywords for interface descriptions results in an invalid ruleset #14007

  • Fixed: PHP error when attempting to bulk import Alias content #14013

  • Fixed: Alias list is not sorted #14015


  • Added: Option to enable/disable console bell, enabled by default #14002

Auto Configuration Backup

  • Fixed: PHP error if the configuration has an empty Auto Configuration Backup section #14076

Captive Portal

  • Fixed: PHP error in Captive Portal if usedmacs list is empty #14172


  • Fixed: PHP errors when configuration lacks any certificates #14004

  • Fixed: PHP error when exporting a CRL for an old CA #14022

  • Fixed: Some blank SAN fields are not ignored when creating a certificate #14124

  • Added: Ability to edit Certificate Revocation List properties #14185

  • Changed: Add note to inform the user that the “Next Certificate Serial” value is ignored when the “Randomize Serial” option is enabled #14188

Console Menu

  • Fixed: Console menu incorrectly shows option 99 on some ARMv7/ARM64 installations #14102

  • Added: Print ZFS Boot Environment status in console menu banner #14323

Cryptographic Modules

  • Added: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB) #14291


  • Fixed: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL #13573

  • Fixed: Automatic DHCP failover firewall rules are not present in the ruleset when failover is active #13965

  • Fixed: Multiple PHP errors in the DHCP Server when the configuration contains an empty section for an interface #13983

  • Fixed: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers #14115


  • Fixed: Typo in variable for DHCPv6 VLAN priority tag value #14010

DNS Forwarder

  • Fixed: DNS Forwarder (dnsmasq) is using an invalid combination of options when “Query DNS servers sequentially” is enabled #13655

DNS Resolver

  • Fixed: DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to “All” #13851


  • Fixed: System Information Dashboard widget stops showing CPU details on aarch64 #14204

  • Fixed: Changing the default IPsec widget tab removes all widgets #14053

  • Fixed: Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget #14176

  • Added: Support for Intel PCH temperature values in thermal sensors #14255

  • Fixed: PHP error in RSS widget after saving settings #14365


  • Added: Packet Capture GUI with granular control #13382

  • Changed: Add more disk information to status output #14103

Dynamic DNS

  • Changed: Improve DynDNS help text readability #14186


  • Fixed: Kernel panic accessing the GUI over IPsec in certain environments when using nginx sendfile with unmapped mbufs #13938

  • Changed: Update Time Zone data to 2023c or later #14209


  • Fixed: Dynamic gateway names use mixed case instead of upper case, leading to configuration mismatches #14057

  • Fixed: Gateway popup in firewall rule list does not indicate current gateway status #14327

Hardware / Drivers

  • Fixed: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled #13993

  • Fixed: Undersized CESA TDMA descriptor pools can be exhausted, leading to errors #14235

  • Fixed: Status LEDs on the Netgate 1100 do not function properly #14292

  • Fixed: 2100/1100 PCIe bus devices are not recognized #14334

  • Fixed: Intel e1000 driver (em, igb) cannot pass packets tagged with VLAN 0 #12821

  • Fixed: Malicious Driver Detection event on ixl(4) driver #13003

IGMP Proxy

  • Fixed: IGMP Proxy multicast group membership query packets have an invalid checksum #13929


  • Fixed: Deadlock in Charon VICI interface #13014

  • Fixed: PHP error from upgraded IPsec tunnel containing only deprecated ciphers #14009

  • Fixed: IPsec Phase 2 rekey failures with some PFS key groups #14217

  • Fixed: PHP Error performing IPv6 ip_in_subnet() when passing a host addresses within prefix #14256

IPv6 Router Advertisements (radvd/rtsold)

  • Fixed: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script #14072


  • Added: Priority Code Point (PCP) option on interface configuration #13511

  • Fixed: SNMP logs “Device not configured” error message when queries involve built-in switch port interfaces #13976

  • Fixed: PHP Error on status_interfaces.php with empty switch VLAN group configuration and assigned VLAN interfaces #13981

  • Added: Promiscuous Mode option on interface configuration #14295

  • Changed: Start rtsold immediately after dhcp6c sends a request #13492

  • Fixed: DHCP client can fail permanently if an interface is down at boot #13671

  • Changed: Trim blank characters from static IP address fields on the Interface configuration page #13959

  • Fixed: PHP error in when OpenVPN or IPsec instances referred to by assigned interface entries are missing #13973

  • Fixed: PHP error when attempting to create a GIF interface on ARM #14035

  • Fixed: Bridge interface is not properly validated when submitted on interfaces_bridge_edit.php #14052

  • Fixed: IPv6 interface configuration race condition can lead to kernel panic #14164


  • Added: Option to control log level of authentication messages in system logs (“Emergency” vs “Notice” level) #12464

  • Fixed: Nothing is logged through syslog if the configuration contains an empty <syslogd> section or if that section is not present #14283


  • Fixed: PHP error in NTP widget and status with GPS data #13999

  • Fixed: PHP error in NTP Server if the configuration contains a partial section of old openntpd settings #14033

  • Fixed: PHP error when the timeserver section of the configuration is empty #14036


  • Fixed: Identical SMTP notifications repeat in an infinite loop under certain conditions #14031


  • Fixed: SSL/TLS OpenVPN Client fails with ifconfig error when the IPv4 Tunnel Network is defined #13350

  • Fixed: OpenVPN crashes with Signal 8 with very low fragment size #13943

  • Changed: Update OpenVPN Wizard to match current certificate and OpenVPN options #14183

Operating System

  • Fixed: Early boot hangs on Hyper-V with Gen2 VMs #13895

  • Fixed: OpenVPN and GIF interface create/destroy operations fail due to outdated linker.hints #13963

  • Changed: Update memory graphs to account for changes in memory reporting #14011

  • Fixed: FreeBSD default cron jobs are enabled when they should be disabled #14016

  • Fixed: Kernel panic from incoming IPv6 connections #14077

  • Fixed: Kernel panic when PF passes a large/fragmented ICMP6 packet #14092

PHP Interpreter

  • Changed: Update PHP to 8.2.4 #14027

  • Fixed: PHP error if a non-privileged shell user attempts an operation which needs to write config.cache #14061

PPP Interfaces

  • Fixed: IPv6 does not work on secondary PPPoE WAN #13939

  • Fixed: PPP interfaces do not request DNS servers when “DNS Server Override” is enabled #13962

  • Fixed: PHP Error on status_interfaces.php from PPP interface uptime #14117

Package System

  • Added: Package plugin hook for pf Ethernet rules #14293

  • Added: Package plugin hook for web server configuration stanzas #13054

Rules / NAT

  • Added: Support for Ethernet (L2) filtering rules #14308

  • Fixed: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration #13953

  • Fixed: Custom default state timeouts are not respected in the ruleset #13992

  • Fixed: PHP Error enabling ICMP6 using EasyRule #14037

  • Fixed: The “Kill States” button does not work consistently #14091

  • Changed: Match upstream changes in PF syntax to disable fragment disassembly #14098

  • Fixed: PHP error when saving an ICMP firewall rule with no subtypes selected #14267

  • Fixed: Associated firewall rule for NAT port forward does not inherit nosync property, gets synchronized #14335

  • Fixed: PHP error from empty separator #14338


  • Fixed: Services Status page and Dashboard widget do not list the radvd service with certain static IPv6 configurations #14136

Setup Wizard

  • Changed: Update firewall host and domain fields in the Setup Wizard to match the description and warning text from system.php #14250

System Logs

  • Fixed: PHP error on status_logs_settings.php if the configuration contains an empty syslog section #13942

  • Fixed: syslogd tries to bind interfaces with no IP address #14120

Traffic Graphs

  • Fixed: PHP Error when viewing Traffic Graphs in iftop mode #14236

Traffic Shaper (Limiters)

  • Fixed: Traffic shaped by limiters is dropped when routed to a GIF gateway #14055

Traffic Shaper Wizards

  • Fixed: PHP errors when re-running Traffic Shaper Wizards with different settings #13915


  • Fixed: pfSense Plus Upgrade repo data remains on the system after upgradng #14137

  • Fixed: pfSense-boot can fail to copy the EFI bootloader #14045

User Manager / Privileges

  • Fixed: “All” user group overwritten after assigning an existing user to a group #14363

Virtual IP Addresses

  • Fixed: Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active #13908

Web Interface

  • Changed: Replace direct config accesses for the rest of the paths in #13701

  • Changed: Replace direct config accesses in system_advanced_sysctl #13702

  • Added: Support for iwlwifi wireless interfaces #14050


  • Fixed: PHP errors in xmlrpc.php during configuration synchronization if the target host has an empty XML tag for a given section #14034

  • Fixed: PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration #14182

  • Fixed: Filter/NAT rules configured with “No XMLRPC Sync” enabled are still synchronized #14316