2.2.4-RELEASE Coming Soon

Mr. Jingles

If I could politely ask: is the firewall rules log mess, that has existed ever since 2.0, finally fixed?

As in descriptions don't match the actual rules, and the non descriptions, only (@540645064) kind of descriptions, making the FW log utterly useless?

stephenw10

Hmm, a number of log issues were fixed for 2.2.3:
https://doc.pfsense.org/index.php/2.2.3_New_Features_and_Changes#Rules.2FAliases.2FNAT
I know you're running an earlier version. That may have already been addressed.

Steve

Harvy66

Do we know if it includes the very recent last fin fix?

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc

cmb

@Harvy66:

Do we know if it includes the very recent last fin fix?

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc

Yes. It's generally not applicable for our use cases though. https://doc.pfsense.org/index.php?title=2.2.4_New_Features_and_Changes

@Mr.:

If I could politely ask: is the firewall rules log mess, that has existed ever since 2.0, finally fixed?

As in descriptions don't match the actual rules, and the non descriptions, only (@540645064) kind of descriptions, making the FW log utterly useless?

That general issue has been fixed with static tracking IDs in all 2.2.x versions. Every pre-2.2x version (not since 2.0, every release ever) used pf's rule numbers, which may change every time you make a ruleset change.

cmb

Now coming tomorrow. Noticed fixing a mobile IPsec rightid problem made it impossible to configure many EAP situations. That's fixed.
https://github.com/pfsense/pfsense/commit/9a2bec12621c8feaaddd781a89915267659496d2
https://github.com/pfsense/pfsense/commit/5e11c6a176d70f1caa987e64a01a8f996b18aad7

and documentation updated to reflect the correct config.
https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2

Release rebuilt, going through test matrix again now. This one should come out after I get up on Sunday.

Those who want to test the latest, gitsync RELENG_2_2 off the most recent snapshot and you'll have the same as we're testing for final release.

n3by

Limiter - NAT reflection problems are fixed in this release ?

stephenw10

Are referring to this? https://redmine.pfsense.org/issues/4326

Steve

n3by

yes … it's work in progress.
Thx

Supermule

Wondering if its the same meachanism that stops rounting when SYN/ACK flooded?

jwt

@Supermule:

Wondering if its the same meachanism that stops rounting when SYN/ACK flooded?

Brian, are you going to stop, or not?