pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

• Fixed: Using PF reserved keywords for interface descriptions results in an invalid ruleset #14007

• Fixed: PHP error when attempting to bulk import Alias content #14013

• Fixed: Alias list is not sorted #14015

Authentication

• Added: Option to enable/disable console bell, enabled by default #14002

Auto Configuration Backup

• Fixed: PHP error if the configuration has an empty Auto Configuration Backup section #14076

Captive Portal

• Fixed: PHP error in Captive Portal if usedmacs list is empty #14172

Certificates

• Fixed: PHP errors when configuration lacks any certificates #14004

• Fixed: PHP error when exporting a CRL for an old CA #14022

• Fixed: Some blank SAN fields are not ignored when creating a certificate #14124

• Added: Ability to edit Certificate Revocation List properties #14185

• Changed: Add note to inform the user that the “Next Certificate Serial” value is ignored when the “Randomize Serial” option is enabled #14188

Console Menu

• Fixed: Console menu incorrectly shows option 99 on some ARMv7/ARM64 installations #14102

• Added: Print ZFS Boot Environment status in console menu banner #14323

Cryptographic Modules

• Added: Support for cryptographic acceleration using the Multi-Buffer Crypto for IPsec Library (IPsec-MB, IIMB) #14291

DHCP (IPv4)

• Fixed: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL #13573

• Fixed: Automatic DHCP failover firewall rules are not present in the ruleset when failover is active #13965

• Fixed: Multiple PHP errors in the DHCP Server when the configuration contains an empty section for an interface #13983

• Fixed: DHCP Server page does not properly select a default interface tab if neither WAN nor LAN are capable of being DHCP servers #14115

DHCP (IPv6)

• Fixed: Typo in filter.inc variable for DHCPv6 VLAN priority tag value #14010

DNS Forwarder

• Fixed: DNS Forwarder (dnsmasq) is using an invalid combination of options when “Query DNS servers sequentially” is enabled #13655

DNS Resolver

• Fixed: DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to “All” #13851

Dashboard

• Fixed: System Information Dashboard widget stops showing CPU details on aarch64 #14204

• Fixed: Changing the default IPsec widget tab removes all widgets #14053

• Fixed: Uptime displays plural seconds for multiple minutes in the System Information Dashboard widget #14176

• Added: Support for Intel PCH temperature values in thermal sensors #14255

• Fixed: PHP error in RSS widget after saving settings #14365

Diagnostics

• Added: Packet Capture GUI with granular control #13382

• Changed: Add more disk information to status output #14103

Dynamic DNS

• Changed: Improve DynDNS help text readability #14186

FreeBSD

• Fixed: Kernel panic accessing the GUI over IPsec in certain environments when using nginx sendfile with unmapped mbufs #13938

• Changed: Update Time Zone data to 2023c or later #14209

Gateways

• Fixed: Dynamic gateway names use mixed case instead of upper case, leading to configuration mismatches #14057

• Fixed: Gateway popup in firewall rule list does not indicate current gateway status #14327

Hardware / Drivers

• Fixed: Switch ports on 7100/1100/2100 do not have Auto MDI-X support enabled #13993

• Fixed: Undersized CESA TDMA descriptor pools can be exhausted, leading to errors #14235

• Fixed: Status LEDs on the Netgate 1100 do not function properly #14292

• Fixed: 2100/1100 PCIe bus devices are not recognized #14334

• Fixed: Intel e1000 driver (em, igb) cannot pass packets tagged with VLAN 0 #12821

• Fixed: Malicious Driver Detection event on ixl(4) driver #13003

IGMP Proxy

• Fixed: IGMP Proxy multicast group membership query packets have an invalid checksum #13929

IPsec

• Fixed: Deadlock in Charon VICI interface #13014

• Fixed: PHP error from upgraded IPsec tunnel containing only deprecated ciphers #14009

• Fixed: IPsec Phase 2 rekey failures with some PFS key groups #14217

• Fixed: PHP Error performing IPv6 ip_in_subnet() when passing a host addresses within prefix #14256

IPv6 Router Advertisements (radvd/rtsold)

• Fixed: No working IPv6 gateway if upstream RA does not contain M or O flags because rtsold does not execute script #14072

Interfaces

• Added: Priority Code Point (PCP) option on interface configuration #13511

• Fixed: SNMP logs “Device not configured” error message when queries involve built-in switch port interfaces #13976

• Fixed: PHP Error on status_interfaces.php with empty switch VLAN group configuration and assigned VLAN interfaces #13981

• Added: Promiscuous Mode option on interface configuration #14295

• Changed: Start rtsold immediately after dhcp6c sends a request #13492

• Fixed: DHCP client can fail permanently if an interface is down at boot #13671

• Changed: Trim blank characters from static IP address fields on the Interface configuration page #13959

• Fixed: PHP error in gwlb.inc when OpenVPN or IPsec instances referred to by assigned interface entries are missing #13973

• Fixed: PHP error when attempting to create a GIF interface on ARM #14035

• Fixed: Bridge interface is not properly validated when submitted on interfaces_bridge_edit.php #14052

• Fixed: IPv6 interface configuration race condition can lead to kernel panic #14164

Logging

• Added: Option to control log level of authentication messages in system logs (“Emergency” vs “Notice” level) #12464

• Fixed: Nothing is logged through syslog if the configuration contains an empty <syslogd> section or if that section is not present #14283

NTPD

• Fixed: PHP error in NTP widget and status with GPS data #13999

• Fixed: PHP error in NTP Server if the configuration contains a partial section of old openntpd settings #14033

• Fixed: PHP error when the timeserver section of the configuration is empty #14036

Notifications

• Fixed: Identical SMTP notifications repeat in an infinite loop under certain conditions #14031

OpenVPN

• Fixed: SSL/TLS OpenVPN Client fails with ifconfig error when the IPv4 Tunnel Network is defined #13350

• Fixed: OpenVPN crashes with Signal 8 with very low fragment size #13943

• Changed: Update OpenVPN Wizard to match current certificate and OpenVPN options #14183

Operating System

• Fixed: Early boot hangs on Hyper-V with Gen2 VMs #13895

• Fixed: OpenVPN and GIF interface create/destroy operations fail due to outdated linker.hints #13963

• Changed: Update memory graphs to account for changes in memory reporting #14011

• Fixed: FreeBSD default cron jobs are enabled when they should be disabled #14016

• Fixed: Kernel panic from incoming IPv6 connections #14077

• Fixed: Kernel panic when PF passes a large/fragmented ICMP6 packet #14092

PHP Interpreter

• Changed: Update PHP to 8.2.4 #14027

• Fixed: PHP error if a non-privileged shell user attempts an operation which needs to write config.cache #14061

PPP Interfaces

• Fixed: IPv6 does not work on secondary PPPoE WAN #13939

• Fixed: PPP interfaces do not request DNS servers when “DNS Server Override” is enabled #13962

• Fixed: PHP Error on status_interfaces.php from PPP interface uptime #14117

Package System

• Added: Package plugin hook for pf Ethernet rules #14293

• Added: Package plugin hook for web server configuration stanzas #13054

Rules / NAT

• Added: Support for Ethernet (L2) filtering rules #14308

• Fixed: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration #13953

• Fixed: Custom default state timeouts are not respected in the ruleset #13992

• Fixed: PHP Error enabling ICMP6 using EasyRule #14037

• Fixed: The “Kill States” button does not work consistently #14091

• Changed: Match upstream changes in PF syntax to disable fragment disassembly #14098

• Fixed: PHP error when saving an ICMP firewall rule with no subtypes selected #14267

• Fixed: Associated firewall rule for NAT port forward does not inherit nosync property, gets synchronized #14335

• Fixed: PHP error from empty separator #14338

Services

• Fixed: Services Status page and Dashboard widget do not list the radvd service with certain static IPv6 configurations #14136

Setup Wizard

• Changed: Update firewall host and domain fields in the Setup Wizard to match the description and warning text from system.php #14250

System Logs

• Fixed: PHP error on status_logs_settings.php if the configuration contains an empty syslog section #13942

• Fixed: syslogd tries to bind interfaces with no IP address #14120

Traffic Graphs

• Fixed: PHP Error when viewing Traffic Graphs in iftop mode #14236

Traffic Shaper (Limiters)

• Fixed: Traffic shaped by limiters is dropped when routed to a GIF gateway #14055

Traffic Shaper Wizards

• Fixed: PHP errors when re-running Traffic Shaper Wizards with different settings #13915

Upgrade

• Fixed: pfSense Plus Upgrade repo data remains on the system after upgradng #14137

• Fixed: pfSense-boot can fail to copy the EFI bootloader #14045

User Manager / Privileges

• Fixed: “All” user group overwritten after assigning an existing user to a group #14363

Virtual IP Addresses

• Fixed: Firewall rules are not reloaded when removing a VIP, outdated rules/entries remain active #13908

Web Interface

• Changed: Replace direct config accesses for the rest of the paths in system_advanced_admin.inc #13701

• Changed: Replace direct config accesses in system_advanced_sysctl #13702

• Added: Support for iwlwifi wireless interfaces #14050

XMLRPC

• Fixed: PHP errors in xmlrpc.php during configuration synchronization if the target host has an empty XML tag for a given section #14034

• Fixed: PHP error when XMLRPC client attempts to synchronize without any synchronization settings in the configuration #14182

• Fixed: Filter/NAT rules configured with “No XMLRPC Sync” enabled are still synchronized #14316