pfSense 1.2 Release Candidate 3 has released. pfSense is a small, FreeBSD-based firewall and a m0n0wall-derived operating system. It uses Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished), ALTQ for excellent packet queuing, and an integrated package management system for extending the environment with new features.
Here are just a few of the new improvements and features that have made their way into this new version:
* IPSEC Carp rules cleanup
* IPSEC stability worksarounds for > 150 tunnels
* Only reload webConfiguration from System -> Advanced when cert changes
* Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
* Do not allow sticky connection bit to be set if pppoe is enabled. Ticket #1319
* Disable firmware upgrade for embedded and cdrom and suggest using the console option to upgrade. Ticket #1433
* Recompile MPD with MSS/dial-on-demand patches (also fixes idle timeout bug) Obtained-from: http://svn.m0n0.ch/wall/tags/release-1.3b3/build/patches/packages/mpd.patch
* Fix CP not sending Acct-Session-Time to Radius during accounting update Ticket #1434
* Work around heavy network activity issues. [20070116, update 20070212] Systems with very heavy network activity have been observed to have some problems with the kernel memory allocator. Symptoms are processes that get stuck in zonelimit state, or system livelocks. One partial workaround for this problem is to add the following line to /boot/loader.conf and reboot: kern.ipc.nmbclusters=”0″
* Bump lighttpd to 1.4.18
* Show wireless nodes regardless if we can deterimine BSS value.
* IPSEC tunnel endpoint highlighting in system logs
* Show the IPSEC interface as a option for the traffic graph.
* Add RRD Settings page.
* Make it possible to disable RRD graphs. Bump config so it’s on by default if it wasn’t already.
* Correctly set reflection timeout for all protocols.
* Restart snmp services after LAN IP changes Ticket #1453
* Bump miniupnpd version to RC9 -add multiple interface support
* Speedup ARP page by using diag_dhcp_leases.php page code for parsing the dhcpd.leases file
* Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address
* Do not allow DHCP server to be enabled when DHCP relay is enabled, and vice versa Ticket #1488
* IPSEC keep alive pinger using the wrong source IP address Ticket #1482
* Failover DHCP Server in 10 seconds as opposed to 60 seconds
You can download pfSense and/or its live CD at here.