Is this true? No need to upgrade pfsense fw running 2.1.2…



  • Hi  I have admin that says that our firewall do not need to be upgraded as we only have the webgui open for lan-connections. And we do not use any 3rd party packages.  Is that a correct statement? Or is it vulnerable to run this old version?

    BR


  • Galactic Empire

    There's been loads of bug fixes / improvements since 2.1.2.



  • Absolutely wrong. There are plenty of attacks that apply to systems that only route and filter TCP/IP traffic and have been fixed in the later versions of PfSense/FreeBSD.

    These are only a couple of them:

    https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc

    https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc


  • Rebel Alliance Global Moderator

    "I have admin"

    Get a new one - this one clearly doesn't have a clue about security.



  • @johnpoz:

    "I have admin"

    Get a new one - this one clearly doesn't have a clue about security.

    Or instead of taking away someone's income: enroll the person in some good courses


  • Rebel Alliance Global Moderator

    Didn't say fire the guy, he is prob qualified to change the toner in the printer and help the users when their mice stop working.. ;) But from a statement like that he shouldn't be in security that is for damn sure..

    The other aspect, even if not worried about security issue because of no code, nothing open to the outside… How is he an admin of anything?  The code is not current and no longer supported.  The OS it based on freebsd is old and out dated 8.3 - and guess what no longer supported.

    So even if you had a question on how to do something, or something XYZ not working. Your out of luck..  First thing anyone is going to tell you is get current..  That your not even on the latest version of that branch is disconcerting... 2.1.5 was the last version on that branch..

    Go through the release notes for the versions of all the stuff changed and fixed..  And keep in mind release notes are normally just the highlights of stuff fixed, corrected, added.. There normally many other things that do not get mentioned.  You would have to look in redmine for all the resolved issues that are fixed in a specific release, etc.