Blog

Using pfSense Software System Patches

Written by Netgate | February 28, 2024

One of the useful features of both pfSense Plus and pfSense CE software is the ability to install system patches between releases, ensuring that your pfSense software (firewall/router/ VPN) is as safe as possible. These patches may include security fixes, bug fixes, and other beneficial changes between releases. We’ve been asked multiple times in our support and community forums for more details on this functionality.

You can install system patches between releases using the System_Patches add-on package, which adds a System menu option for Patches. This menu option shows which patches are available and manages their application.

The best place to find this and other popular add-on packages (like pfBlockerNG) is through Netgate’s Package Manager functionality, another helpful and sometimes overlooked feature in pfSense software.

Installing the System_Patches Add-on Package

Select System > Package Manager to access the package manager.

Click on Available Packages to see all of the add-on packages available.

Scroll down to System_Patches, and click on its “+ Install” button.

Confirm the installation and wait until the Package Installer shows “installation successfully completed.

 

Viewing and Installing Available Patches

Once the System_Patches package is installed, you will find a System > Patches menu item in the pfSense WebGUI. Choosing it opens the System / Patches screen.

The System / Patches screen lists available system patches, including a section of “Recommended System Patches.”

It is recommended that you read the available information for a patch before installing it. Clicking on the “+ Apply” button for a patch will apply it, updating your pfSense software.

Checking for An Updated System_Patches Add-on Package

Check for new system patches by going to System > Package Manager > Installed Packages and viewing the icons in the “Actions” column. Clicking on “Update” for the System_Patches package, if it is visible, will update the package. You can also remove or reinstall the package from this screen.

 

Conclusion

System patches include security fixes, bug fixes, and other beneficial changes distributed in between regular software updates. Following this process is an excellent way to ensure that your pfSense software (firewall/router/ VPN) is as safe & secure as possible, especially in the time between major software releases. Netgate believes the security of our (and your) users is of utmost importance, and we highly recommend that all admins install the available recommended System Patches for their version of pfSense software.

pfSense Software System Patches Q&A

What do software Patches do?

Software patches fix bugs, security vulnerabilities, and improve functionality in existing software. They are typically small updates applied to the main program to address specific issues.

What operating system is pfSense built on?

pfSense is built on FreeBSD, an open-source Unix-like operating system. FreeBSD provides the core foundation for pfSense's networking and security features.

What are system security Patches?

System security patches are updates designed to fix vulnerabilities in an operating system or software. They protect against potential exploits and improve overall system security.

What kernel is pfSense based on?

pfSense is based on the FreeBSD kernel. This provides pfSense with a stable and secure foundation for its firewall and routing capabilities.

What version of FreeBSD is pfSense 2.7.0 based on?

pfSense 2.7.0 is based on FreeBSD 13.1. This version of FreeBSD provides the core operating system components for pfSense 2.7.0.

Which VPN to use in pfSense?

pfSense supports multiple VPN protocols, including OpenVPN, Wireguard, and IPsec. The choice depends on specific needs, but OpenVPN is often recommended for its balance of security and ease of use.

Why buy a Netgate pfSense Plus appliance?

Netgate pfSense Plus appliances offer official support, optimized hardware, and additional features not available in the Community Edition. They provide a turnkey solution for businesses requiring professional support and advanced capabilities.

Does anyone use the System_Patches in the package manager?

While some users do utilize the System_Patches package, it's not universally adopted. Its use depends on specific needs and comfort level with applying additional patches outside the standard update process.

What is the difference between pfSense CE and pfSense Plus?

pfSense CE (Community Edition) is free and open-source, while pfSense Plus is a commercial version with additional features and support. pfSense Plus includes enterprise-grade capabilities and official Netgate backing.

What are the basics of firewall rules?

Firewall rules control network traffic by allowing or blocking specific connections based on criteria like source, destination, and protocol. They are typically applied in order, with the first matching rule determining the action taken on a packet.