Sharing a quick post while waiting for pfSense 2.3.3 to update on my router. This update was released just two weeks ago. I hadn’t had the opportunity to upgrade earlier, having been terribly busy of late. There wasn’t any particularly relevant security fixes that needed to be applied anyway. This is mostly a maintenance release.
From pfSense’s release notes, this update brings numerous stability and bug fixes, fixes for a handful of security issues in the GUI, and a handful of new features. I’m not expecting anything to break, but sometimes you never can be quite sure about these problems.
Firewalls are, after all, sensitive, complex, boxes. Over the weekend, I had some network trouble at work that, based on observed symptoms likely pointed to a firewall problem. It might be my firewall appliance, or it might have been another one elsewhere. The problem automagically self-resolved without any specific corrective action on our part. That’s the weird thing. While, for some people, a problem going away is always a good thing, I think for me a problem that inexplicably self-resolved is also a problem of its own.
Today’s pfSense upgrade wasn’t without glitches.
unboundDNS resolver failed to start after a reboot. I had to start it manually. I’m not sure if it would auto-restart on its own at the next boot. That’ll be something I’ll need to test another time.
- IPv6 global addresses changed, unfortunately, on my downstream devices, even though the ISP-delegated prefix remained unchanged. It broke access to a server.
I had hoped the upgrade would be more uneventful. Unfortunately, pfSense software update is still not a totally glitch-free activity.
Update (2017-03-07): It seems
unbound wouldn’t auto-restart. I had my DNS Resolver configured to listen only on the LAN interfaces, and this apparently causes some problems. Changing the DNS Resolver to listen to ALL interfaces fixes this problem, and
unbound starts up properly after boot up.