Introduced a new release of the distribution for creating firewalls OPNsense 21.1 , which is a fork of the pfSense project with the goal of creating a fully open source distribution that could have the functionality of a commercial solution for deploying firewalls and network gateways. Unlike pfSense, the project is positioned as not controlled by one company, developed with the direct participation of the community and has a completely transparent development process, as well as providing the opportunity to use any of its developments in third-party products, including commercial ones. The source code of the distribution’s components, as well as the tools used for building, are distributed under the BSD license. Assemblies prepared in the form of a LiveCD and a system image for writing to Flash drives (421 MB).
The base distribution is based on the HardenedBSD code, which maintains a synchronized fork of FreeBSD, which integrates additional protection mechanisms and techniques for countering exploitation of vulnerabilities. OPNsense’s features OPNsense include a completely open build toolkit, the ability to install in the form of packages on top of regular FreeBSD, load balancing tools, a web interface for organizing connection of users to the network (Captive portal), the presence of mechanisms for tracking the state of connections (stateful firewall based on pf), setting bandwidth restrictions, filtering traffic, creating VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, support for DDNS (Dynamic DNS), a system of visual reports and graphs.
The distribution provides tools for creating fault-tolerant configurations based on the use of the CARP protocol and allowing you to start a spare node in addition to the main firewall, which will be automatically synchronized at the configuration level and will take over the load in the event of a primary node failure. The administrator is offered a modern and simple interface for configuring the firewall, built using the Bootstrap web framework.
Among the changes:
- New packet filter rules and address translation categories proposed.
- Updated design of graphs with traffic visualization. Added support for displaying IPv6 traffic.
- Intrusion detection system rule management tools have been added.
- Added function to assign aliases to MAC addresses.
- Added NAT over IPsec support.
- UEFI support has been added to the serial boot image.
- Improved work of plugin with VPN WireGuard support.
