2.3.5-p2 New Features and Changes

Security / Errata


  • Added an option to disable HSTS for the GUI web server #6650
  • Added filtering to pfTop page
  • Added ospf6d to the routing log
  • Change get_interface_subnet() to use configured value if available
  • Corrected sethelp call on firewall_rules_edit.php #8242
  • Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
  • Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
  • Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239
  • Fixed config.xml corruption handling
  • Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275
  • Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
  • Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
  • Fixed selection of IPv6 gateways when creating a new firewall rule #8053
  • Fixed various pf “busy” errors when the ruleset is reloaded
  • Improved handling of aliases that mix IP addresses and FQDNs #8290
  • Improved update repository controls
  • Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417