 Tom here from Orange Systems and on December 7th of 2023 Nekite released PF Sense Plus version 23.09.1 and PF Sense Community Edition or CE software version 2.7.2. This is to address underlying problems in the FreeBSD operating system that were fixed by FreeBSD. So now there's an update to PF Sense. This is going to fix a few security problems and specifically some ZFS potential file corruption issues that are really an edge case, but I really think it's important that they get fixed. So let's get started, but actually you should probably pause the video if you haven't updated. Too long didn't watch. Do these security updates and watch the rest of this video where we talk about the details. Are you an individual or forward thinking company looking for expert assistance with network engineering, storage or virtualization projects? Perhaps you're an internal IT team seeking help to proactively manage, monitor or secure your systems. We offer comprehensive consulting services tailored to meet your specific project needs. Whether you require fully managed or co-managed IT services, our experienced team is ready to step in and help. We specialize in supporting businesses that need IT administration or IT team seeking an extra layer of support to enhance their operations. To learn more about any of our services, head over to our website and fill out the higher S form at LawrenceSystems.com. Let us start crafting the perfect IT solution for you. If you want to show some extra love for our channel, check out our swag store and affiliate links down below that will lead you to discounts and deals for products and services we've discussed on this channel. With the ad read out of the way, let's get you back to the content that you really came here for. Now you'll find this blog post linked down below, but I also am not asking you to do anything I haven't done myself, which means yes, I have updated not only my lab systems, my studio systems and my other production systems at the office. Everything went fine doing the update on testing it both virtual versions of this that I have an XEP and G and on hardware. So far, no issues at all. Now the first thing on this list is ZFS problems and problems that could lead to data corruption. This is a ZFS problem. It's a pretty extensive one that the community came together and did a lot of digging on because, well, it was a little confusing figuring it out. I actually followed this in some other forums and I'm really happy to see it dressed because you never want the words corruption inside of any sentence that's dealing with ZFS unless it's talking about how ZFS doesn't cause corruption with the exception of this bug. I don't believe we've had a bug like this in ZFS since around maybe 2009. So good news is ZFS bugs are really, really rare. It is a very popular file system and this was addressed. I'll probably do a deep dive on this later because yes, this is not just a free BSD or ZFS or PF sense problem. This is specifically a global ZFS problem in other projects that also are based on ZFS. They also addressed that PF sense a potential issue that could cause ZFS to cause high CPU usage. So that's been addressed as well. The bigger security thing that really prompted this is going to be the TCP denial of service attack from spoofed RST packets. There is a free BSD advisory on this. This is in the PF filter module, the firewall module if you will for PF sense. And it was supposed to be the PF filter validating the sequence numbers of TCP. If you're familiar with how that works, things come in expected sequence numbers. And if you're not validating those numbers, that means someone else could send other packets and your system would accept those if they were in sequence. So spoofing things out of sequence would cause a denial of service breaking that TCP stream. So that one's definitely a bug you want to see fixed because well, you don't want a bunch of spoof packets coming in that were out of order and not where they belong. And I'm happy to see that addressed to other things in here. Open VPN updated to 2.68 release notes are available and strong swan addressing a CVE. If you're not familiar with strong swan, that is the tool behind IPsec. So good to see that CVE updated. And you'll also find other Arata notes and minor fixes that were done in both PF sense plus and PF sense CE over in their documentation. So while they're doing an update, they fixed a few little minor issues, nothing major, but hey, they may interest you. They may even a bug that you were waiting on to get fixed with the notes out of the way. Let's talk about firewalls and security because this is the perfect conversions of both of those topics. I choose neck gate and specifically PF sense here because they have been really on top of security. This is something that matters because I'm tasked with not only securing myself, but also securing my clients where I've deployed PF sense. And they've continuously been on the ball when it comes to security with a couple of major updates, which included earlier this year, the open SSL issues. Open SSL was deprecated the 111 version. So they refactored all the code in both plus and CE to get it to the latest version of open SSL to a supported version. This matters for security, especially around VPNs. Then they have also addressed this most recent issue. And I'm really happy with the rapid response from time this bug was reported and made public to having updates for not only PF sense plus, but once again, PF sense CE proving that even with the free community edition, they're still on top of security. And that makes me happy. Now, some of you may disagree or some of you may accuse me of being paid to say nice things. It just comes down to security. I'm gonna let the facts speak for themselves. They are up to date. There are other projects that are not up to date on these security issues. And that matters. Let me know your thoughts down below because, well, I don't mind being told I'm wrong. And I'm certainly open minded enough to have another perspective. So if I'm wrong and you think that Kate is behind on security and other companies are more up to date, Hey, I'm interested in hearing it. Maybe there's something I've overlooked. If you want to engage with me more in depth on that topic, head over to forums.laurancesystems.com because you can't post links down in YouTube comments. And I do like engaging and having good conversations with people on this topic. Like and subscribe if you want to see more content on this channel, read the blog post and happy updating. All right, thanks.