pfSense Digest

The pfSense development team is proud to bring you the 1.2 release! This brings the features and bug fixes from more than 16 months of development since the 1.0 release. Already widely tested and deployed throughout the Release Candidate phase, this release provides the finishing touches on releases already proven in a wide range of network environments. The Release Candidate versions have been downloaded more than 250,000 times.

The changes since the RC4 release follow.

• Improve CARP input validation – GUI previously allowed incorrect configurations that caused panics. Fixed to not allow entry of such configurations, so typos and configuration errors cannot crash system.
• Clarify text and fix typos on several screens.
• Revert DHCP client to default timeout of 60 seconds.
• Reload static routes when an interface IP address is changed by an administrator.
• Fix a few areas allowing potential cross site scripting.
• Fix a couple issues with package uninstalls.
• Shorten firewall rule, NAT and traffic shaper description fields to prevent users from entering description names too long for the pf ruleset.
• Fix traffic shaper queue name generation to prevent creating invalid ruleset for interface names longer than 15 characters.
• Improve efficiency of RRD graph creation by removing duplicate commands. Graph updates now use less CPU time.

For a complete list of all source commits since the branching of the 1.2 release, see the cvstrac change log.

Upgrade Information

For those wishing to upgrade to the 1.2 release from any previous pfSense release, please see the Upgrade Guide.

New to the pfSense Project?

For those new to the project, we recommend checking out our Features page and screenshot gallery.

If you’re ready to install, a user contributed installation guide is available.

Downloads

It will be as long as 24 hours before all the mirrors have the 1.2 release, but it is currently available on some of them including the NYI.net mirror.

Note if you aren’t sure which version you need, see the Versions page on the website.

New installs
Updates

Support for previous versions

1.2 is the only supported pfSense version. No previous releases will receive any bug fix updates nor any future security updates. 1.2 is significantly more stable than past release versions, and we strongly recommend everyone make plans to upgrade. There are systems out there with several years of uptime running very early alpha pfSense releases that are stable, but we advise against that.

The final required item for the 1.2 release is now finished – an entirely rewritten website is now available.

If you’re still seeing the old site, wait an hour for your DNS server to expire its cache and you’ll see it then.

It’s not perfect, but we’ll continue working on it and it’s already a drastic improvement from the mess the previous site had become. It was an embarrassment to the quality the software has become, and we’re very happy to finally have a replacement available.

1.2 release was wrapped up on Sunday and will be official once we get it out on the mirrors and publish the announcement on Monday.

The previously discussed pfSense Tutorial has been accepted for BSDCan 2008! This will be a 4 hour training session covering as much of pfSense as possible in that time. All the popular features will be covered, some more extensively than others depending on how things work out with the restrictions of time and what attendees are most interested in.

The conference is May 14-17, 2008 at University of Ottawa in Ottawa, Ontario, Canada.  The tutorials are on the 14th and 15th, and we are not yet sure of the exact time and date of ours (I’ll update this post when the exact schedule is available).

You do need a passport to travel from the US, but don’t let that scare you off. Getting through customs both ways has never been an issue for us, even carrying multiple laptops and enough gear to build a respectable network.    It’s not nearly as much of a pain as I’ve experienced going to and from Europe.

This is a great conference at a low cost. Every year we meet great people and have an awesome time.  This will be the fourth straight BSDCan that Scott and I have attended, and both of us strongly recommend it. This year may be the best yet, since we’ll be able to meet a number of you on one of the first two days of the conference. We look forward to meeting you and hope to spend some of the evening hours with you guys in one of the several bars we frequent while there.

If you’ll be attending and would like to request a specific topic be covered, please leave a comment here or email me and we’ll do our best to accommodate.

Several people have requested a recording of the session be made available for purchase. I’m going to see what we can do about that, but don’t know if we’ll be able to pull that off.

If you have any questions on the conference, travel, accommodations, or anything else related please leave a comment or email me.

By popular demand, we’re working on putting up a Cafe Press store offering pfSense stickers, shirts, and possibly other items. We’re designing some options, and looking for fitting slogans or design suggestions.

Add a comment here with your thoughts, or email me if you prefer.

If we choose your suggestion for our store, we’ll send you the item(s) inspired by your selection gratis. Please make sure you leave a valid email address with your comment (it’s only visible to us admins) so we can get in contact with you if we choose your slogan.

1.2 coming in the next few days, we’re finishing up one last thing on it.

We found some issues with lacking input validation on CARP IPs that allowed people to enter invalid configurations. Depending on what exactly is misconfigured, it could cause the system to enter a panic loop, rendering the system unusable.

Since this can be a significant problem, we have been thoroughly testing this area to ensure the improved input validation and other logic fully eliminates these possibilities for user error and typos to blow up a system.

Expect 1.2 final within a week.