Netgate SG-1000 microFirewall

Author Topic: Is this true? No need to upgrade pfsense fw running 2.1.2...  (Read 280 times)

0 Members and 1 Guest are viewing this topic.

Offline mkillen

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Is this true? No need to upgrade pfsense fw running 2.1.2...
« on: January 26, 2018, 08:05:34 am »
Hi  I have admin that says that our firewall do not need to be upgraded as we only have the webgui open for lan-connections. And we do not use any 3rd party packages.  Is that a correct statement? Or is it vulnerable to run this old version?

BR

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 491
  • Karma: +45/-0
    • View Profile
Re: Is this true? No need to upgrade pfsense fw running 2.1.2...
« Reply #1 on: January 26, 2018, 08:09:29 am »
There's been loads of bug fixes / improvements since 2.1.2.

Offline kpa

  • Hero Member
  • *****
  • Posts: 1228
  • Karma: +138/-6
    • View Profile
Re: Is this true? No need to upgrade pfsense fw running 2.1.2...
« Reply #2 on: January 26, 2018, 08:16:50 am »
Absolutely wrong. There are plenty of attacks that apply to systems that only route and filter TCP/IP traffic and have been fixed in the later versions of PfSense/FreeBSD.

These are only a couple of them:

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15094
  • Karma: +1408/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is this true? No need to upgrade pfsense fw running 2.1.2...
« Reply #3 on: January 26, 2018, 09:30:43 am »
"I have admin"

Get a new one - this one clearly doesn't have a clue about security.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Online heper

  • Hero Member
  • *****
  • Posts: 2708
  • Karma: +257/-11
    • View Profile
Re: Is this true? No need to upgrade pfsense fw running 2.1.2...
« Reply #4 on: January 27, 2018, 02:45:18 am »
"I have admin"

Get a new one - this one clearly doesn't have a clue about security.

Or instead of taking away someone's income: enroll the person in some good courses

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15094
  • Karma: +1408/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is this true? No need to upgrade pfsense fw running 2.1.2...
« Reply #5 on: January 27, 2018, 04:05:22 am »
Didn't say fire the guy, he is prob qualified to change the toner in the printer and help the users when their mice stop working.. ;) But from a statement like that he shouldn't be in security that is for damn sure..

The other aspect, even if not worried about security issue because of no code, nothing open to the outside... How is he an admin of anything?  The code is not current and no longer supported.  The OS it based on freebsd is old and out dated 8.3 - and guess what no longer supported.

So even if you had a question on how to do something, or something XYZ not working. Your out of luck..  First thing anyone is going to tell you is get current..  That your not even on the latest version of that branch is disconcerting... 2.1.5 was the last version on that branch..

Go through the release notes for the versions of all the stuff changed and fixed..  And keep in mind release notes are normally just the highlights of stuff fixed, corrected, added.. There normally many other things that do not get mentioned.  You would have to look in redmine for all the resolved issues that are fixed in a specific release, etc.
« Last Edit: January 27, 2018, 04:14:02 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)