NOTE: pfSense ships with a default set of DH parameters due to the
time/CPU they require to generate. A new set of DH parameters may
be generated by the user at any time as described in
Fixes for filesystem corruption in various cases during an unclean shut down
(crash, power loss, etc.).
Changed new filesystems to use the ‘sync’ option to avoid loss of
Added upgrade code to activate the ‘sync’ option on the root slice
for existing installations.
Changed new filesystems to use softupdates and journaling (AKA
Changed the way fsck is handled at boot time:
Followed best practice of using fsck from FreeBSD rc.d/fsck
script. (Run preen mode first and later try forcefully fixing
Added as much information during boot on the status of the
filesystem as possible.
Changed fsck to run with -C flag and always in foreground
during boot to prevent issues that might schedule background
The forcesync patch for
#2401 was considered
harmful to the filesystem and removed. As such, there may be some
noticeable slowness with NanoBSD on certain slower disks, especially
CF cards and to a lesser extent, SD cards. If this is a problem, the
filesystem may be kept read-write on a permanent basis using the
option on Diagnostics > NanoBSD.
Fixed a problem with more than 64 IP addresses in the “self” table in
Fixed issues with FQDNs in aliases causing static entries to be lost.
Added the tracker ID rule number lookup to dynamic firewall log.
Fixed alias rename and delete not being propagated to outbound NAT.
Fixed tracker IDs of policy route negation rules which had been
duplicating the tracker ID of the rule they were based upon. This
confused the log parser and displayed the negation rule rather than
the actual rule. #4651
Fixed logging of passed IGMP traffic when the rule is not set to log.
Fixed a situation where a combination of L2TP, overlapping subnets,
port forwards and NAT reflection could cause an invalid ruleset.
Added a GUI field to control the size of the pf fragment limit
Fixed both the kernel and choparp to better handle I/O and prevent
issues in the way it handles BPF, which can contribute to a panic
when using Proxy ARP VIPs.
Merged a patch that avoids a panic on sockbuf module.
Fixed AESNI to be SMP friendly to avoid various decryption errors and
possible encryption mistakes. Also present
critical_enter/critical_exit to avoid preemption of the
currentrunning thread which should fix panics.
Updated time zone data from FreeBSD 10.1-RELEASE.
Fixed creation of /var/spool/lock on NanoBSD at boot time.
Removed boot_serial=’yes’ from loader.conf when serial is disabled.
Fixed an issue where mtree would fail during an upgrade from a
previous version of FreeBSD when moving to 2.2.x.
Clarified that DNS Forwarder and Resolver both apply in DHCP/DHCPv6
and router advertisements.
Removed unnecessary filtering on the DHCP static mappings table.
Added appropriate RA Flags for “Stateless DHCP”.
Added error checking to avoid warnings about DHCP relay during boot.
Fixed hostname validation for static DHCP leases such that only fully
qualified hostnames must be unique, not only short names.
Fixed adding DHCP static mappings from the DHCP leases view to
Stopped invalid DHCP settings from being applied when input errors
Removed DHCP static lease overlap cleanup and its associated function
and killing of the DHCP daemon. This behavior could cause problems
with failover scenarios, especially when adding/editing/removing
Fixed various issues in the installer for GEOM mirrors (mirror slice
detection, gmirror cleanup on non-clean disks.)
Fixed new user creation to use skel as the source of new user files
rather than copying from the home directory of root.
Changed growl so it will not be called if the configured address
isn’t an IP address or resolvable hostname. This avoids 1 minute
timeout delay in fsockopen in growl.class. This change cuts that down
to about a 20 second timeout.
Added a reboot after restoring a full backup in the GUI.
Deprecated /usr/local/bin/3gstat as it was no longer used. It was
replaced by 3gstats.php long ago.
Started using the “host!” flag when setting CURLOPT_INTERFACE, as
recommended by the CURL documentation.
Started passing the interface to CURLOPT_INTERFACE instead of the IP
address, also started using the “if!” flag to avoid CURL trying to
resolve the interface name.
Fixed NTP serial configuration to setup the serial port before
attempting to configure a GPS unit.
Cleaned up various HTML/XHTML issues.
Fixed a check for deleting a VIP when in use by OpenVPN.
Fixed issues with backup/restore of a config.xml breaking the serial
console on ADI installs.
Fixed several issues with boot speed when WAN was disconnected.
Reduce the timeout for HTTP/HTTPS connection attempts for items
like URL table aliases. Once connected, they can run past that. 5
seconds should be more than enough for any properly-functioning