pfSense® CE 2.8.0 has been released, introducing significant performance improvements and system enhancements for both home and production environments. This version focuses on upgrading core systems, enhancing networking capabilities, and improving overall stability.
- Core System Upgrades: pfSense® CE 2.8.0 is built on FreeBSD 15.0 and includes a PHP upgrade to version 8.3, resulting in better hardware support, faster performance, and a more secure web interface.
- Networking Enhancements: The update features a new PPPoE backend for improved performance, NAT64 support for IPv6 clients accessing IPv4 resources, and changes to state policy for enhanced security.
- Security Improvements: Multiple vulnerabilities have been patched, and overall system stability has been enhanced across various functionalities, including firewall and DHCP services.
pfSense® CE 2.8.0 Is Here: What’s New and Why It Matters
The latest version of pfSense® Community Edition (CE) is now available — version 2.8.0 brings major performance upgrades, system overhauls, and networking enhancements designed to power up your infrastructure, whether you’re a home lab hero or managing production firewalls.
Core System Upgrades
FreeBSD 15.0 Base
- What changed? pfSense is now built on FreeBSD 15.0.
- Why it matters: Improved kernel, better hardware support, faster system performance.
- Good to know: Expect broader compatibility with modern NICs and processors.
PHP 8.3 Upgrade
- What changed? PHP upgraded from 8.2 to 8.3.
- Why it matters: Smoother WebGUI experience with improved speed and tighter security.
Infrastructure & Stability
New PPPoE Backend (if_pppoe)
- What changed? Replaces legacy MPD-based driver.
- Why it matters: Boosts performance and reduces CPU load—especially useful for multi-gigabit PPPoE setups.
- Heads-up: Not enabled by default. Go to System → Advanced → Networking to switch it on.
Bootloader & Serial Console Fixes
- Upgraded bootloader streamlines OS upgrades.
- Fixes for serial ports improve console reliability (legacy ISA serial ports may face issues).
Low-Memory Systems Advisory
- If you have ≤1GB RAM (especially with ZFS):
- Disable non-essential services.
- Reboot before upgrading to avoid issues.
Networking & Routing Enhancements
State Policy: New Default Behavior
- Change: Default state policy now “Interface Bound” (instead of “Floating”).
- Why: Tighter security and predictable firewall behavior.
- How to revert: System → Advanced → Firewall & NAT, or override per rule.
Gateway Failback Improvements
- Auto-clears stale states when a high-priority gateway comes back online.
- Why it matters: Faster, more reliable failover and recovery.
Full NAT64 Support
- Includes: NAT64 firewall rules, DNS64, and Router Advertisements.
- Use case: IPv6-only clients can now access IPv4 resources smoothly.
Advanced DHCP & DNS (via Kea)
Kea is now the default DHCP daemon — more powerful, flexible, and modern.
Key Features:
- High Availability (HA) for DHCPv4/v6 with hot-standby
- Encrypted lease synchronization
- Dynamic DNS updates from DHCP clients (no restarts needed!)
- Prefix Delegation in DHCPv6 (requires reconfiguration)
- Support for static ARP entries and advanced configs via JSON snippets
GUI & Package Updates
AutoConfigBackup (ACB) Redesign
- Stronger encryption
- Better key handling
- More reliable scheduling and uploads
Expanded System Aliases
- Now supports more built-in and reserved networks
- Aliases can be used directly in user firewall rules
Security & Bug Fixes
- Multiple WebGUI XSS vulnerabilities patched
- Fixes for OpenVPN, IPsec, Wake-on-LAN, and dashboard bugs
- System-wide stability improvements across firewall, DHCP, console, and package management
pfSense CE 2.8.0 is a must-upgrade for users seeking top-tier performance and future-ready networking. From the backend engine to the WebGUI polish, it’s clear Netgate is investing heavily in CE’s evolution.
For more details, contact TEKNOLOGIIA experts
