pfSense Plus¶
Changes in this version of pfSense Plus software.
Aliases / Tables¶
Fixed: Firewall rules fail to load when a URL table alias file does not exist #13068
Added: Type column on Alias lists #13245
Fixed: Static ARP entries are not configured at boot #14374
Fixed: Firewall rules are not displayed properly when they reference a URL table alias and its file does not exist #14574
Backup / Restore¶
Changed: Increase timeout for password entry when restoring an encrypted configuration via ECL #14769
CARP¶
Added: Add unicast CARP indication and peer address to CARP status #14348
Fixed: Adding an IP Alias VIP using a unicast CARP VIP as its parent changes the CARP VIP to multicast at the OS level #14586
Added: Prevent CARP status/maintenance mode from being erroneously toggled #13804
Fixed: IPsec restart in CARP event scripts does not check VIP properly and never runs #14738
Captive Portal¶
Certificates¶
Fixed: Cannot validate Certificates against Certificate Revocation Lists for Intermediate Certificate Authorities #9889
Added: Improve System menu behavior for Certificate Manager privileges #14347
Fixed: CA and Certificate renewal page does not properly list some SHA1 certificates as being weak #14678
DNS Resolver¶
Dashboard¶
Diagnostics¶
Fixed:
diag_edit.php
warning is not cleared after picking non-directory to load #7589Changed: Combining Interface and Rule ID state table filter fields returns no results #14399
Fixed: Improve error handling in
status.php
#14513Added: Status output plugin hook for packages to include their own data #14777
Dynamic DNS¶
FreeBSD¶
Fixed: Kernel textdumps are not recovered properly on systems with multiple swap partitions #14767
Gateways¶
Fixed: Misleading error message when adding/editing static routes which use a gateway on a disabled interface #8846
Fixed: Cannot select IP Alias VIP with CARP VIP parent in Virtual IP drop-down on Gateway Groups #14524
Fixed: A default route can remain after setting the default gateway to None #14717
Hardware / Drivers¶
IGMP Proxy¶
IPsec¶
IPv6 Router Advertisements (radvd/rtsold)¶
Fixed: IPv6 neighbor discovery protocol (NDP) fails in some cases #13423
Interfaces¶
Fixed: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG #13218
Fixed: Cannot add a QinQ interface to a bridge #14377
Fixed:
find_interface_ipv6_ll()
can return a VIP instead of the interface address #14392Fixed: Primary interface address is incorrectly set to the last address on the interface #14623
Changed: Eliminate direct config access in
interfaces.php
#14790
Logging¶
Notifications¶
OpenVPN¶
Fixed: DCO OpenVPN server bound to Localhost does not pass traffic as expected #14682
Fixed: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert #13088
Fixed: OpenVPN can select the wrong interface IP address when multiple addresses are present #14646
Changed: Prevent weak SHA1 certificates from being used with OpenVPN clients and servers #14677
Changed: Check for deprecated OpenVPN encryption and digest options on upgrade #14686
Operating System¶
Fixed: Error when deleting ZFS Boot Environment created from duplicate of non-default entry #13348
Fixed: Console and system log may contain unnecessary Netlink debug messages from IPsec #14370
Added: Support receiving
EAPOL
frames on VLAN0
inwpa_supplicant
#14457Changed: Automatically configure PF states hash table size #14750
PHP Interpreter¶
PPP Interfaces¶
Fixed: PPP interface default username/password are not being populated from provider data on
interfaces.php
andinterfaces_ppps_edit.php
#14544
Rules / NAT¶
Fixed: Ethernet rule Action field hint text lists “reject” option which is not compatible with Ethernet rules #14515
Added: Support interface macros in Outbound NAT rules #3288
Added: Option to wait for interface selection before displaying firewall rules #13124
Fixed: Default tab on
firewall_rules.php
is not selected if the configuration has no WAN interface #14345Added: Support interface groups in firewall rule source/destination fields #14448
Fixed: “Convert interface definitions” option is not respected when bulk copying rules #14576
Fixed: Rule separators are ordered incorrectly after removing rules in certain positions #14619
Fixed: Rule separators are hidden when their index is greater than the number of rules #14621
Added: Extend support for SCTP in firewall and NAT rules #14640
Fixed: Separators get shifted when copying firewall rules between interfaces #14691
Fixed:
ctype_digit()
returns unexpected result for values <=255
which can break some validation functions/usages #14702
Traffic Shaper (ALTQ)¶
Traffic Shaper (Limiters)¶
Fixed: Limiters have no effect on upload traffic passed by policy routing rules #14039
Translations¶
UPnP/NAT-PMP¶
User Manager / Privileges¶
Fixed: Copy function for User Manager Groups does not work for first group in list #14695
Web Interface¶
Changed: GUI pages should use
POST
for AJAX calls, notGET
#12431Fixed: Refactor IPsec code using config access functions #13704
Fixed: PHP error in CSRF Magic from invalid time value #14394
Fixed: Breadcrumb path missing on
system_register.php
#14462Changed: Prevent weak SHA1 certificates from being used with GUI and Captive Portal #14672