I've now successfully deployed the latest version of #hbsdfw (a fork of #OPNsense based on #HardenedBSD ).
You can find the latest build here: https://hardenedbsd.org/~shawn/hbsdfw/hbsdfw_installer_vga_13.2-20230315-090352.iso.xz
Follow
I should probably mention some notable changes, including a few goodies on the #HardenedBSD side:
- The new kernel heap zeroing feature can be enabled by setting
hardening.kmalloc_zeroto1. - The TTY pushback vulnerability is mitigated by default.
- New #OpenSSL, #OpenSSH, #Python, and #Unbound.
- Remote syscall over ptrace boundary is prohibited by default.
- Latest improvements in #OPNsense core.
- Latest improvements in #FreeBSD and HardenedBSD 13-STABLE.
Default username and password: root and hbsdfw
Please remember that we do not have a solid in-place upgrade path, so upgrading to new builds requires the following process:
- Backup your existing config
- Reinstall with the new build
- Restore config from backup
Can confirm! Highly recommend OPNsense users this upgrade, to harden their firewall. Should be the most secure device in the network - as a bouncer to keep the baddies out.
CC: @h3artbl33d