pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-04-08T15:44:03ZpfSense bugtracker
Redmine pfSense - Bug #8445 (Resolved): creating an alias named "log" breaks rule processinghttps://redmine.pfsense.org/issues/84452018-04-08T15:44:03Zlists b
<p>i created an ip alias, and named it "log". upon the rules reloading, an error occurred:</p>
<p>There were error(s) loading the rules: /tmp/rules.debug:45: syntax error - The line in question reads [45]: table <log> persist</p>
<p>here is some context from rules.debug:</p>
<p>44: irc_server = "<irc_server>" <br />45: ircs_u = "{ 6697 }" <br />46: table <log> persist<br />47: log = "<log>" <br />48: managesieve = "{ 4190 }" <br />49: table <mda> persist<br />50: mda = "<mda>"</p>
<p>it's pretty clear why it broke. although i would like to be able to use whatever string i'd like for the name of an alias, if this constraint persists, it would probably be wise to disallow the user from using this string.</p> pfSense - Bug #8410 (Resolved): unable to use registered services by name and unable to define al...https://redmine.pfsense.org/issues/84102018-03-31T14:42:53Zlists b
<p>related to some degree to bug 8409, i've found that i'm unable to create aliases for registered services using their actual name - for example, mdns [udp/5353]. this led me to expect that, when creating a firewall rule, i would be able to use the symbolic name for this service [e.g. "mdns"], rather than having to use the port number integer ["e.g. "5353"]. however, this does not appear to work. pfsense doesn't complain, but ignores what has been provided and sets the port field to "any".</p>
<p>if registered services cannot be defined using aliases, then their existing symbolic names from the services(5) database should be available for use to me it would make sense to use the autocomplete mechanism for this, since inclusion in the port drop down would be impractical].</p>
<p>conversely, if registered services cannot be referenced by symbolic name, then an admin should be able to define an alias for a given service.</p> pfSense - Bug #8409 (Resolved): pfsense alias complains about well known name for non well known ...https://redmine.pfsense.org/issues/84092018-03-31T14:34:31Zlists b
<p>when attempting to add a new port alias [firewall -> aliases -> ports -> add], for example, for mdns [udp port 5353], pfsense complains "The alias name must not be a well-known TCP or UDP port name [...]" [see attached screen shot].</p>
<p>well known ports are 0-1023. if this mechanism is actually checking more than just well-known ports, and is working as intended, to include all official/registered ports in the constraint, it would be best if the feedback conveyed that.</p> pfSense - Feature #8378 (Duplicate): allow webconfigurator to be configured to listen on only spe...https://redmine.pfsense.org/issues/83782018-03-18T15:03:15Zlists b
<p>currently, the webconfigurator listens on all network interfaces. please implement a mechanism to allow this to be configured by the admin.</p>
<p>better to not listen on undesired interfaces in the first place, rather than listen on them but then block traffic with the firewall.</p> pfSense - Feature #8376 (Rejected): please allow dashes in alias nameshttps://redmine.pfsense.org/issues/83762018-03-17T19:44:21Zlists b
<p>currently, characters in alias names are restricted to "a-z, A-Z, 0-9 and _". this is annoying because it's common to use a given hostname as the alias name, and hostnames often have dashes in them</p> pfSense - Bug #8375 (Duplicate): email session encryption fails in a private ca environmenthttps://redmine.pfsense.org/issues/83752018-03-17T15:46:14Zlists b
<p>when configuring email notifications, and enabling encryption, message notifications fail if the certificate provided by the server is signed by a ca other than those listed in /usr/local/share/certs/ca-root-nss.crt. this prevents use of a private/internal root ca.</p>
<p>please provide a mechanism for use of a private/internal root ca. this could be done similar to the auth/ldap server settings [system -> user manager -> authentication servers -> ldap server settings] system_authservers.php, or, imho, better by allowing augmentation of the system's root ca cert store [see feature <a class="issue tracker-2 status-11 priority-4 priority-default closed" title="Feature: please provide a mechanism to add certificates to the system's root certificate store (Duplicate)" href="https://redmine.pfsense.org/issues/8373">#8373</a>]</p> pfSense - Todo #8374 (Rejected): email notification settings should not require password confirma...https://redmine.pfsense.org/issues/83742018-03-17T15:37:17Zlists b
<p>the email notification settings page [system -> advanced -> notifications -> e-mail], system_advanced_notifications.php, requires the email auth password to be provided twice [e.g. "confirmed"]. this makes no sense. passwords should require confirmation when being set, not when being used. please remove this superfluous field.</p>
<p>this page should be the same as, for example, the auth/ldap server settings [system -> user manager -> authentication servers -> ldap server settings] system_authservers.php, where there is a single password field.</p> pfSense - Feature #8373 (Duplicate): please provide a mechanism to add certificates to the system...https://redmine.pfsense.org/issues/83732018-03-17T15:28:18Zlists b
<p>the system root certificate store [/usr/local/share/certs/ca-root-nss.crt] includes a default set of certificates, but must be manually modified to add additional certificates [for example, a private root ca certificate]. changes are also lost when a software update is performed. please provide a mechanism via the gui to make this adjustment.</p> pfSense - Feature #8372 (New): add gui setting to adjust refresh rate for dynamic firewall logshttps://redmine.pfsense.org/issues/83722018-03-17T15:21:21Zlists b
<p>status -> system logs -> firewall -> dynamic view [status_logs_filter_dynamic.php] appears to refresh approximately every 25 seconds [var updateDelay = 25500;]. please add a setting in the gui to allow this to be adjusted by the user if desired.</p>
<p>currently, this change must be made manually to status_logs_filter_dynamic.php</p>