pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162015-02-22T19:07:54ZpfSense bugtracker
Redmine pfSense Packages - Bug #4462 (Resolved): Custom ACLS (After_Auth) not written to squid.confhttps://redmine.pfsense.org/issues/44622015-02-22T19:07:54ZVolker Kuhlmannlist0570@top.geek.nz
<p>Services->Proxy server->General, the input field "Custom ACLS (After_Auth)" is not written to squid.conf.</p>
<p>Tested squid3-dev 3.3.10 pkg 2.2.8 on 2.1.5.</p> pfSense Packages - Feature #4461 (Rejected): Squid options too late in squid.confhttps://redmine.pfsense.org/issues/44612015-02-22T19:06:38ZVolker Kuhlmannlist0570@top.geek.nz
<p>The UI on Services->Proxy server->ACL has a good list list of ACL types to add.<br />Unfortunately most of these are not going to do anything because the UI inserts them at the end of squid.conf, by which all the previsouly defined http_access directives have already been evaluated.</p>
<p>Likewise, Services->Proxy server->Common allows to enter custom ACLs, which are also inserted at the end of squid.conf where they are most likely not going to be effective.</p>
<p>There is no way to insert directives in squid.conf before</p>
<blockquote>
<p>http_access deny !safeports<br />http_access deny CONNECT !sslports</p>
</blockquote>
<p>to influence those two.</p>
<p>I would like to allow some specific exceptions to destination domain and destination port (e.g. plesk control panels) but don't like to allow extra ports for all destinations.</p>
<p>Tested squid3-dev 3.3.10 pkg 2.2.8 on 2.1.5.<br />Not sure whether this is a bug or feature request.</p> pfSense Packages - Bug #4247 (Resolved): Changes not saved when expression list becomes emptyhttps://redmine.pfsense.org/issues/42472015-01-19T23:21:15ZVolker Kuhlmannlist0570@top.geek.nz
<p>On the page pfsense/pkg_edit.php?xml=squidguard_dest.xml&act=edit<br />for editing a target category the new expression list is not saved when it becomes empty through editing. The previous content remains in /var/db/squidGuard/.../exressions although the BUI shows an empty list.</p>
<p>I have not tested the same with domain and URL lists.</p>
<p>squidguard 1.4_4 pkg v.1.9.9</p> pfSense Packages - Bug #4243 (Resolved): Last squidguard update prevents squid from startinghttps://redmine.pfsense.org/issues/42432015-01-19T14:54:49ZVolker Kuhlmannlist0570@top.geek.nz
<p>I don't believe I am seeing a package update breaking things completely...</p>
<p>squidguard 1.4_4 pkg v.1.9.9 introduces illegal directives into the squid 2.7.9 pkg v.4.3.4 config file. For some reason, on boot or after installing the package, squid still starts up - although a fatal error is logged. When changing the configuration the change never becomes active because some safety mechanism prevents the running squid from being stopped, to avoid it not running afterwards. After stopping it squid can no longer be started.</p>
<p>Both these packages are marked as "stable", the rest of squid/squidguard for pfsense is all "beta".<br />Together with problems in <a class="external" href="https://redmine.pfsense.org/issues/4088">https://redmine.pfsense.org/issues/4088</a> not being fixed that render squidguard useless by effectively bypassing it the "stable" status is best changed to "junk level". This is not pfsense quality :-(<br />Please test changes and pay attention to the log files before committing changes. ;-)</p>
<p>Patch attached.</p> pfSense - Bug #4124 (Resolved): Alias FQDNs don't permit trailing periodhttps://redmine.pfsense.org/issues/41242014-12-17T14:48:51ZVolker Kuhlmannlist0570@top.geek.nz
<p>On page<br /><a class="external" href="https://pfsense/firewall_aliases_edit.php?id=xx">https://pfsense/firewall_aliases_edit.php?id=xx</a><br />for alias type network(s) entering an FQDN with trailing period is rejected with a syntax error.</p>
<p>Bug exists in 2.1.5 too.</p> pfSense Packages - Bug #4088 (Feedback): Buggy squidgurd config file is createdhttps://redmine.pfsense.org/issues/40882014-12-09T05:44:19ZVolker Kuhlmannlist0570@top.geek.nz
<p>The config file that is generated for squidguard 1.4_4 pkg v.1.9.6 is buggy in two ways, leading to unexpected and dangerous behaviour.</p>
<p>1) Do not write out sources for disabled ACLs, or squidguard treats these<br />sources as "always pass"!</p>
<p>2) Squidguard doesn't know log statements in the action block for sources in the<br />acl block.</p>
<p>Patch attached.</p> pfSense Packages - Bug #4087 (Rejected): Rule reload doesn't update FQDN entries in pf tableshttps://redmine.pfsense.org/issues/40872014-12-09T05:30:25ZVolker Kuhlmannlist0570@top.geek.nz
<p>pf tables can be populated from FQDNs through pfsense aliases. This is a very good feature for a number of reasons. The IP address(es) looked up from the FQDN are updated periodically, which is good.<br />However the FQDNs are not re-evaluated and pf tables are not updated after applying changes to the aliases or filter rules, creating confusion when setting up rules. In connection with bug#4086 using FQDNs becomes impossible.<br />Re-evaluation and FQDNs and update of their IP addresses should happen as part of a rule reload. This would be behaviour expected by the user.</p> pfSense - Bug #4086 (Rejected): Gateway monitoring DoShttps://redmine.pfsense.org/issues/40862014-12-09T05:21:21ZVolker Kuhlmannlist0570@top.geek.nz
<p>Default configuration is to monitor the WAN gateway once per second and to take action if it doesn't respond for 10 seconds. Taking action seems a little superfluous in a situation with a single WAN connection (e.g. SOHO Internet) because no alternative is available anyway. As part of the action it seems the WAN interface is brought up and down, and in particular, rules are reloaded.<br />In my case my ISP's cable gateway stopped responding to pings, most of the time. Internet connectivity was not affected, however pfsense starts playing yoyo with interfaces, rules reloading, and burning 100% CPU on the check_reload_status process plus a whole lot of php processes.<br />As part of the rule reload all pf tables are cleared of their FQDN entries. Because they have an (up to 5 minute?) delay of being re-established they effectively are never there in the WAN-yoyo case.<br />Not rate-limiting the GW up/down effectively produces a DoS.<br />Observed on 2.1.5 amd64, but probably present on all architectures and other 2.1 versions.</p> pfSense - Bug #2408 (Rejected): Wireless run driver crashes kernelhttps://redmine.pfsense.org/issues/24082012-05-03T06:52:57ZVolker Kuhlmannlist0570@top.geek.nz
<p>The run driver for a common 11n Ralink chipset casues severe system instability and kernel crashes. I have tested that with 2 different Tenda W322U USB wireless adapters and on 2 different 32bit x86 systems running pfsense 2.0.1. The crashes seem somewhat wireless traffic related. In some cases the system didn't even reboot, and I had to scrape for monitor/keyboard for the headless box.</p>
<p>The same crash occurs with a D-Link DWL-G122 HW Ver C1, IC: 4216A-WLG122C1, which has a Rlink chipset too but only a 11g one.</p>
<p>Within the last week I have submitted about half a dozen crash reports via the pfsense web interface.</p>
<p>The problems and crashes are identical to the ones reported here, for a different adapter and sometimes older pfsense versions:<br /><a class="external" href="http://forum.pfsense.org/index.php?topic=44491.0">http://forum.pfsense.org/index.php?topic=44491.0</a><br /><a class="external" href="http://forum.pfsense.org/index.php?topic=14349.0">http://forum.pfsense.org/index.php?topic=14349.0</a></p>
<p>There is also mention of this driver with chipsets is a recommended model.</p>
<p>Well I have a very clear recommendation for anything using the run driver and pfsense 2.0.1: It's totally useless, and actually worse then useless.</p>
<p>Please consider updating the current hardware recommendation/compatibility list, sying that anything supported by the run driver currently won't work.</p> pfSense Packages - Feature #1581 (Resolved): lightsquid logfile locationhttps://redmine.pfsense.org/issues/15812011-06-03T04:49:48ZVolker Kuhlmannlist0570@top.geek.nz
<p>2.0RC1, lightsquid 1.8.0 pkg v.1.2</p>
<p>The lightsquid logfile location is hardcoded in <br />/usr/local/pkg/lightsquid.inc<br />to /var/squid/log/<br />when the squid log location default (compiled into the binary) <br />is /var/squid/logs/</p>
<p>Worse, lightsquid overwrites squid's log location at every boot.</p>
<p>That's not really a good design. lightsquid should read the actual squid log location, or at least have that configurable.</p> pfSense Packages - Bug #1580 (Closed): countryblock doesn't uninstall cleanlyhttps://redmine.pfsense.org/issues/15802011-06-03T04:31:57ZVolker Kuhlmannlist0570@top.geek.nz
<p>The countryblock package doesn't uninstall cleanly and leaves some files behind, causing squid to fail on startup with an error about a missing include config file.</p>
<p>Observed 2.0RC1, countryblock current version (beta 0.2.1).</p>
<p>The remaining file is /usr/local/pkg/pf/countryblock.sh</p>
<p>The squid error from the syslog is<br />root: Countryblock was found not running<br />php: : The command '/usr/local/pkg/pf/countryblock.sh start' returned exit code '2', the output was 'not running root: Countryblock was found not running Status: 404 Not Found Content-type: text/html No input file specified. 0 table deleted. 180 22 rm: /tmp/rules.debug.tmp: No such file or directory rm: /tmp/rules.debug.tmp: No such file or directory 0 1 2 3 4</p> pfSense Packages - Bug #1579 (Resolved): countryblock doesn't uninstall cleanlyhttps://redmine.pfsense.org/issues/15792011-06-03T04:31:09ZVolker Kuhlmannlist0570@top.geek.nz
<p>The countryblock package doesn't uninstall cleanly and leaves some files behind, causing squid to fail on startup with an error about a missing include config file.</p>
<p>Observed 2.0RC1, countryblock current version (beta 0.2.1).</p>
<p>The remaining file is /usr/local/pkg/pf/countryblock.sh</p>
<p>The squid error from the syslog is<br />root: Countryblock was found not running<br />php: : The command '/usr/local/pkg/pf/countryblock.sh start' returned exit code '2', the output was 'not running root: Countryblock was found not running Status: 404 Not Found Content-type: text/html No input file specified. 0 table deleted. 180 22 rm: /tmp/rules.debug.tmp: No such file or directory rm: /tmp/rules.debug.tmp: No such file or directory 0 1 2 3 4</p>