New Build of hbsdfw
21 views
Skip to first unread message
Shawn Webb
Dec 17, 2023, 6:39:34 PM12/17/23
to HardenedBSD Users
Hey all,
I've published a new build of hbsdfw. hbsdfw (short for HardenedBSD
Firewall) is a fork of OPNsense based on HardenedBSD 14-STABLE. It's a
hobby sub-project of HardenedBSD.
Shortly after FreeBSD moved base OpenSSL to 3, the default version in
ports was also bumped to 3. When porting the HardenedBSD 13-STABLE
hbsdfw changes to 14-STABLE, we also inherited the OpenSSL 3 update.
However, the OPNsense codebase is not yet ready for OpenSSL 3 and
(until today) the recent builds of hbsdfw had issues because of
OpenSSL 3.
With this latest build of hbsdfw, I've moved us back to OpenSSL 1.1.1
in ports. I'm happy to report that doing so fixes a lot (all?) of the
problems with broken services like Unbound DNS.
I'm following OPNsense's work closely, paying especially close
attention to anything related to OpenSSL 3 support.
As usual, if you're upgrading an existing installation, these are the
steps to follow:
1. Backup your existing config
2. Reinstall with the new image
3. Restore the config backup
Please let me know if you have any questions, comments, or concerns.
Download link:
https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
SHA256 (hbsdfw_installer_vga_14.0-20231214-083405.iso.xz) = cd36b44c0476d20e34b623e62607c2f6b9a815d3d4ebe5cd9999bcbecd098f44
$ wc -c hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
1608947456 hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
I've published a new build of hbsdfw. hbsdfw (short for HardenedBSD
Firewall) is a fork of OPNsense based on HardenedBSD 14-STABLE. It's a
hobby sub-project of HardenedBSD.
Shortly after FreeBSD moved base OpenSSL to 3, the default version in
ports was also bumped to 3. When porting the HardenedBSD 13-STABLE
hbsdfw changes to 14-STABLE, we also inherited the OpenSSL 3 update.
However, the OPNsense codebase is not yet ready for OpenSSL 3 and
(until today) the recent builds of hbsdfw had issues because of
OpenSSL 3.
With this latest build of hbsdfw, I've moved us back to OpenSSL 1.1.1
in ports. I'm happy to report that doing so fixes a lot (all?) of the
problems with broken services like Unbound DNS.
I'm following OPNsense's work closely, paying especially close
attention to anything related to OpenSSL 3 support.
As usual, if you're upgrading an existing installation, these are the
steps to follow:
1. Backup your existing config
2. Reinstall with the new image
3. Restore the config backup
Please let me know if you have any questions, comments, or concerns.
Download link:
https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
SHA256 (hbsdfw_installer_vga_14.0-20231214-083405.iso.xz) = cd36b44c0476d20e34b623e62607c2f6b9a815d3d4ebe5cd9999bcbecd098f44
$ wc -c hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
1608947456 hbsdfw_installer_vga_14.0-20231214-083405.iso.xz
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Luna Jernberg
Dec 18, 2023, 2:34:54 AM12/18/23
to Shawn Webb, Luna Jernberg, HardenedBSD Users
Getting 403 forbidden so can't download
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@hardenedbsd.org.
> To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@hardenedbsd.org.
Shawn Webb
Dec 18, 2023, 11:37:29 AM12/18/23
to Luna Jernberg, HardenedBSD Users
Good catch! This is now fixed. I keep forgetting to chmod 644 files I
upload to ~/public_html. :-)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
upload to ~/public_html. :-)
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages