pfSense Digest

As promised, we found some bug(s) in 1.0 and have fixed them.

1.0.1 is now making its way to the mirrors and here is a rundown of the bugs fixed:

• Set maximum cache size for apc to 7 megabytes
• Restart check_reload_status if it exits
• Misc syslog.conf fixes
• Snort now blocks traffic correctly
• PF does not know about congestion flags, remove from shaper
• Misc OpenNTPD system logging tab fixes
• Removes states from a user when disconnected by Captive Portal
• Fix FTP helper when strict LAN or Optional LAN rules are in place
• ZoneEdit now works
• Filter reloads rules correctly after changes
• Faster, snappier webConfigurator and console

As always, updates can be found in the “updates” section of the “download” portion of the pfSense site.

The pfSense team is excited to bring you our first ever real release!

That is right, 1.0 is finally blessed and is making its way to the mirrors now. We have tried really hard to eliminate all bugs but with any software we expect to find some as this release will be used by a lot more people. With that said, there are a few problems that you should be aware of. Check this wiki article to see the release caveats.

Other than the few small items mentioned in the above wiki article 1.0 is solid and performs quite well. We are rather proud of our work.

So grab 1.0 and install it this weekend and head over to our forum and post your experiences, good or bad. Also, please digg our release notice!

Happy pfSensing!

We plan on releasing 1.0 about a week from today (around the 13th).

Please test 1.0-RC3a, b, c and please let us know ASAP if there are any final problems.

We are very excited to finally see a release date for 1.0!

I have pushed out another update that corrects the interface alias assignments when using carp.

IE (from /tmp/rules.debug):

# cat /tmp/rules.debug | grep carp
lan = “{ fxp1 carp1 }”
wan = “{ fxp0 carp0 carp2 carp3 }”

Please update and make sure it does not break your config. 1.0 is approaching rapidly!

I have pushed out a RC3b update which replaces MSNTP with OpenNTPD.

Please test, this should hopefully fix the DNS lookup issues once and for all.

I have pushed out a minor update which includes a newer version of apc (our php opcode caching daemon).

Please apply this update (using System -> Firmware Update) after updating to 1.0-RC3.

After a long bug hunting run, the pfSense team is proud to bring you 1.0-RC3!

With this release, we bring you these performance improvements:

• Filter reload speed has improved by a power of atleast 5. What used to take 1.5-2 minutes to reload (if you are using traffic shaping, etc on slower hardware) is down to about 18 seconds. Average speed without traffic shaping on a 266 mhz is about 8 seconds now.
• Bootup speeds are now a *LOT* faster. For example on my WRAP 266 the bootup has gone from about 2:07 down to 1:08.
• General webConfigurator speeds have been improved quite a bit. For example it used to take about 45 seconds to mount the compact flash card to RW status. Now it takes about 8. This affects any page that needs to write out configuration data.

And now, a brief list of bugs fixed since RC2 (full list can be found here):

• Captive portal image fixes and tweaks
• Load balancer input validation tightened quite a bit to prevent foot shoting
• PFI configuration fixes
• When config.xml is not found on bootup, pfSense will attempt to restore a backup and log the error
• Embedded images are now upgradable!
• Embedded images are now 128 megabytes in size
• Improve m0n0wall upgrade code
• CARP input validation tightened quite a bit to prevent foot shooting
• Miniupnpd package added
• status.php no longer loops forever
• RRD Graphs reset after interface changes correctly now
• *MANY* FTP helper / proxy fixes
• Improved captive portal error handling when either the clients ip address or mac address cannot be deterimined (code says, shouldn’t happen, but it does)
• OLSR tweaks / fixes
• routed package added
• DHClient now sends the client name correctly
• Input validation fixes to firewall nat edit
• Status -> Interfaces now show bridge status
• *MANY* fixes to reflection – the code we all love to hate
• Negating rules now works as it should
• VPN FTP connections now bypass the FTP Helper
• System logs should work a bit better, showing the correct number of entries
• Status, Interfaces now shows optional gateways if they exist
• DHCP Server updated to V3.0.4
• Snort package added
• Squid package audited, should be feature complete and 100% working
• Packages now restart after dynamic IP changes
• Status -> Services now stops, starts and restarts services correctly
• Status -> Services now shows package descriptions
• Status -> Services now shows service state correctly
• SSH Shell package added
• Many OpenVPN fixes. Do not use tunX assigned interfaces!
• OpenSSL fixes vendor fixes
• PHP has been updated PHP 4.4.4
• PHP APC has been updated to 3.0.11
• IPSEC-Tools racoon upadted to 0.6.6
• Misc Captive portal RADIUS fixes
• Deleting a static dhcp entry now reloads the dhcp server correctly
• And *MANY* more, refer to cvstrac for more information

A complete list can be viewed at cvstrac.