Hi guys,

It is time for a swift update for our dear Hyper-V users. There is a packet forwarding regression in FreeBSD 10.2 that has not been added as errata yet so we had to pin it down with the help of three brave testers. If you happen to want to run Hyper-V without going through the issue, install from an older 15.7 image and upgrade directly to avoid the bad version.

To improve upon Suricata 3.0 and the SSL fingerprint lists we are now enabling users to add user-defined rules for adding and enforcing their own fingerprints. But wait, that is not all. On top of that the IP geolocation feature was added as well while at it. :)

Otherwise, only smaller bugs have been addressed to make 16.1 look even shinier. The FreeBSD security advisory for OpenSSL got integrated too, but is not of much concern since we consistently use the ports version for our components. The important fixes have been shipped with version 16.1.1 back on Monday.

Here are the full patch notes:


Stay safe,
Your OPNsense team