One of the useful features of both pfSense Plus and pfSense CE software is the ability to install system patches between releases, ensuring that your pfSense software (firewall/router/ VPN) is as safe as possible. These patches may include security fixes, bug fixes, and other beneficial changes between releases. We’ve been asked multiple times in our support and community forums for more details on this functionality.
You can install system patches between releases using the System_Patches add-on package, which adds a System menu option for Patches. This menu option shows which patches are available and manages their application.
The best place to find this and other popular add-on packages (like pfBlockerNG) is through Netgate’s Package Manager functionality, another helpful and sometimes overlooked feature in pfSense software.
Select System > Package Manager to access the package manager.
Click on Available Packages to see all of the add-on packages available.
Scroll down to System_Patches, and click on its “+ Install” button.
Confirm the installation and wait until the Package Installer shows “installation successfully completed.”
Once the System_Patches package is installed, you will find a System > Patches menu item in the pfSense WebGUI. Choosing it opens the System / Patches screen.
The System / Patches screen lists available system patches, including a section of “Recommended System Patches.”
It is recommended that you read the available information for a patch before installing it. Clicking on the “+ Apply” button for a patch will apply it, updating your pfSense software.
Check for new system patches by going to System > Package Manager > Installed Packages and viewing the icons in the “Actions” column. Clicking on “Update” for the System_Patches package, if it is visible, will update the package. You can also remove or reinstall the package from this screen.
System patches include security fixes, bug fixes, and other beneficial changes distributed in between regular software updates. Following this process is an excellent way to ensure that your pfSense software (firewall/router/ VPN) is as safe & secure as possible, especially in the time between major software releases. Netgate believes the security of our (and your) users is of utmost importance, and we highly recommend that all admins install the available recommended System Patches for their version of pfSense software.
Software patches fix bugs, security vulnerabilities, and improve functionality in existing software. They are typically small updates applied to the main program to address specific issues.
pfSense is built on FreeBSD, an open-source Unix-like operating system. FreeBSD provides the core foundation for pfSense's networking and security features.
System security patches are updates designed to fix vulnerabilities in an operating system or software. They protect against potential exploits and improve overall system security.
pfSense is based on the FreeBSD kernel. This provides pfSense with a stable and secure foundation for its firewall and routing capabilities.
pfSense 2.7.0 is based on FreeBSD 13.1. This version of FreeBSD provides the core operating system components for pfSense 2.7.0.
pfSense supports multiple VPN protocols, including OpenVPN, Wireguard, and IPsec. The choice depends on specific needs, but OpenVPN is often recommended for its balance of security and ease of use.
Netgate pfSense Plus appliances offer official support, optimized hardware, and additional features not available in the Community Edition. They provide a turnkey solution for businesses requiring professional support and advanced capabilities.
While some users do utilize the System_Patches package, it's not universally adopted. Its use depends on specific needs and comfort level with applying additional patches outside the standard update process.
pfSense CE (Community Edition) is free and open-source, while pfSense Plus is a commercial version with additional features and support. pfSense Plus includes enterprise-grade capabilities and official Netgate backing.
Firewall rules control network traffic by allowing or blocking specific connections based on criteria like source, destination, and protocol. They are typically applied in order, with the first matching rule determining the action taken on a packet.