2.2.5 Almost here!
-
After watching the bug list grow and seemingly never making progress, it's almost here! 2 bugs still opened.
-
Down to one opened bug.
-
Pity that limiters are still broken. I'm holding off till they fix it.
-
Yay, 0 bugs remaining, all fixed :)
Well done guys!
-
How is limiters broken?
-
How is limiters broken?
Something to do with squid.
-
And NAT. And, at least for a while, kernel panics with pfsync and rules with limiters enabled.
-
@KOM:
How is limiters broken?
Something to do with squid.
Ah, I don't use Squid, so I never ran across it.
Is there something specific on NAT? I run limiters and NAT with no issue. Both 1:1 and PAT. I limit on both sides (WAN and LAN).
-
When I was testing 2.2 I put limiters on LAN clients as I always do. When I enabled an internal port forward on the LAN interface, the limiters were no longer effective.
This is one of the NAT bugs:
https://redmine.pfsense.org/issues/4590
It points at some more. That's not exactly what I was doing but it's probably related.
-
Yay, 100%!
-
Yeah, since yesterday :)
-
Pity that limiters are still broken. I'm holding off till they fix it.
In that case, you will likely be waiting for 2.3 at minimum. 2.2.5-RELEASE is now on the download and update servers, though isn't official until it is announced. There are no current plans for any further 2.2.x releases, though this may change if a serious security issue or erratum arises before 2.3 is ready for release.
There comes a point where you have to shoot for a release. There are sufficient improvements in 2.2.5 to make a new release well worthwhile, though it is obviously disappointing if this release doesn't contain a fix you were hoping for.
It looks like the time has come for the pfSense team to devote their attention to 2.3. This is already slated to include valuable improvements, including support for IPv6 fragmentation (at last), a welcome move from PBI to pkg based packages, a more modern build system and a new bootstrap based web UI.
-
I, too, am sitting on a couple 2.1.5 systems due to the limiter issues. Happily upgrading systems that don't require limiters+NAT/HA.
