took place Distribution release to create firewalls OPNSense 21.7 , which is a branch from the PfSense project, created in order to form a fully open distribution, which could have functionality at the level of commercial solutions for deploying firewalls and network gateways. Unlike Pfsense, the project is positioned as an uncompripal one company, which is directly involved in the direct participation of the community and has a fully transparent development process, as well as providing the possibility of using any of its workflows in third-party products, including commercial. The source texts of the distribution components, as well as the tools used to build, distributed under the BSD license. Build Prepared in the form of a LiveCD and system image for recording on Flash drives (422 MB).
Basic distribution filling is based on the HardenedBSD code that supports the synchronized FREEBSD forc, which integrated additional protection mechanisms and techniques to counter the use of vulnerabilities. Among Opportunities OPNSense You can select a fully open assembly toolkit, the ability to install packages on top of the usual FreeBSD, load balancing tools, web-interface for organization Connecting users to networks (Captive Portal), the presence of mechanisms to track the states of connections (stateful firewall based on PF), setting bandwidth restrictions, traffic filtering, creating a VPN based on IPsec, OpenVPN and PPTP, integration with LDAP and RADIUS, DDNS support (dynamic DNS), a system of visual reports and graphs.
The distribution is provided to create fault-tolerant configurations based on the use of the Carp protocol and allow you to start in addition to the main firewall, the spare node that will be automatically synchronized at the configuration level and takes on the load in the event of a primary node failure. For the administrator, a modern and simple interface is offered for configuring a firewall, built using WEB-framework Bootstrap.
Among the changes:
- Distribution is based on HardenedBSD 12.1. In the next issue, 22.1 is planned to go to FreeBSD 13.
- A new installer is proposed that provides built-in installation support to the sections with the ZFS file system and suitable for work in virtual machines that use UEFI.
- Recycled interface for updating firmware.
- in the log reflecting the activity of filtering traffic, provided with topical rule identifiers to avoid incorrect interpretation after changing the rule set.
- in templates that allow you to associate a set of networks, hosts and ports with a specific character name in the rules of the firewall ( Aliases ) Added the ability to specify wildcard symbols (WildCard) in network masks.