pfSense 2.6

pfSense 2.6 Released, ZFS Is Now the Default File System

Netgate announced that pfSense+ software version 22.01 and pfSense CE software version 2.6 are now available for upgrades and new installations.

pfSense is a FreeBSD-based operating system for routers and firewalls. It can be installed on most commodity hardware, including old computers and embedded systems. pfSense is typically configured and operated through a user-friendly web interface, making administration easy even for users with limited networking knowledge.

pfSense CE (Community Edition) is the open source branch freely available for use, as opposed to pfSense+ which is the new closed source branch.

The pfSense CE is going to continue on the naming scheme of 2.5, 2.6, etc., and then the Plus version is going to use the year.month naming convention for the releases.

pfSense 2.6 Highlights

pfSense 2.6 UI

Looking at this new release, the biggest new feature is the switch to ZFS as a default file system. It is a copy-on-write file system so it’s going to offer better resiliency for things like accidentally pulling the plug out without properly shutting things down and recovering from that.

Moreover, switching to ZFS also is going to affect log compression. That means if a system is using ZFS there is no need to have log compression enabled because ZFS itself can have compression. This will actually be very useful in all situations which require a lot of data storage needs on pfSense.

Related: Linux File System Types Explained, Which One Should You Use

Keep in mind that it is not possible to change from UFS to ZFS in place. In other words, a reinstallation of pfSense is required to migrate from UFS to ZFS.

Another interesting change in pfSense 2.6 is the fact that the default password hash format in the User Manager has been changed from bcrypt to SHA-512. So, someone might be asking isn’t SHA older or less secure? This is actually compliance they have it outlined here and it is for things that need to be protected up to top-secret requiring SHA-384 or higher.

Many times pfSense has been used in government and other places that have to be at a certain level of compliance with which algorithms were used, so that seemed to be why that change was made.

Last but not least, the pfSense development team has made numerous changes and improvements to the IPsec protocols built into pfSense, improving both the stability and performance of VPN tunnels with this protocol.

Of course, there is a ton of other smaller changes that comes with pfSense 2.6. For detailed information about all of them, you can refer to the release notes.

Leave a Reply

Your email address will not be published.