pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-01-23T10:36:53ZpfSense bugtracker
Redmine pfSense - Todo #15184 (New): Change hint text in "Remote Log Servers" to reflect actual possible ...https://redmine.pfsense.org/issues/151842024-01-23T10:36:53ZSergei Shablovsky
<p>Dear pfSense Dev Team!</p>
<p>On a page<br /><strong>Status / System Logs / Settings</strong><br />Section<br />" <strong>Remote Logging Option</strong> " <br />UI Element<br />" <strong>Remote Log Servers</strong> "</p>
<p>In the input text field NOW there are hint<br />IP[:port]</p>
<p>Proposal to change this hint to<br />hostname/IP[:port]</p>
<p>to reflect "Remote Log Servers" section from official documentation<br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html">https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html</a><br /><em>Each remote server can use either an <strong>IP address or hostname</strong> , and an optional UDP port number.</em></p> pfSense - Todo #14359 (New): Reorganize Advanced Optionshttps://redmine.pfsense.org/issues/143592023-05-08T19:10:44ZJim Pingle
<p>The placement of several options under the various Advanced options tabs doesn't make much sense in current versions. Some are only at their current locations for historical reasons.</p>
<p>Some things should be moved, such as:</p>
<ul>
<li>Cryptographic and Thermal hardware - Split into two separate sections, no compelling reason to combine them these days.</li>
<li>Schedules - Move from Misc to Firewall & NAT tab since it's about killing states based on rule schedules</li>
<li>Gateway Monitoring - Move from Misc to Firewall & NAT tab since it's mostly about firewall states and rules based on gateway events/status.</li>
<li>Load Balancing - Move from Misc to Firewall & NAT tab since it's a pf gateway behavior option, also rename so it's more clear that it is for Multi-WAN.</li>
<li>Reset All States - Move from Networking Firewall & NAT tab since it's about resetting firewall states</li>
<li>Advanced Options section of Firewall & NAT tab, move to bottom of the page</li>
</ul>
<p>The Firewall & NAT page is getting rather long, however, so it may also be worth considering if that should be split into multiple tabs. For example the gateway bits could go on a Gateways & Multi-WAN tab.</p>
<p>It's all up for debate, but the current layout seems confusing for new users in various ways.</p> pfSense - Todo #14190 (Pull Request Review): Update nvd3 (web ui dependency) to 1.8.6https://redmine.pfsense.org/issues/141902023-03-28T02:56:36ZGChuf 6
<p>Updates and minifies nvd3 for better performance and some bug fixes.</p>
<p>PR: <a class="external" href="https://github.com/pfsense/pfsense/pull/4629">https://github.com/pfsense/pfsense/pull/4629</a></p> pfSense - Todo #13537 (Feedback): Update vendor fileshttps://redmine.pfsense.org/issues/135372022-10-02T06:54:21ZGChuf 6
<p>Update jquery and jquery_ui</p>
<p><a class="external" href="https://github.com/pfsense/pfsense/pull/4618">https://github.com/pfsense/pfsense/pull/4618</a></p>
<p>Reasons for update:</p>
<p>jquery_ui v1.13.0:<br /><em>Usage of deprecated jQuery APIs have been removed, 3 security issues fixed, ...</em><br /><a class="external" href="https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/">https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/</a></p>
<p>jquery v3.6.0:<br /><em>Bug fixes and improvements</em><br /><a class="external" href="https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/">https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/</a></p> pfSense - Todo #13508 (In Progress): Uncouple RAM Disk size from available kernel memoryhttps://redmine.pfsense.org/issues/135082022-09-22T09:28:09ZSteve Wheeler
<p>Now that we are building RAM disks with tmpfs the size is no longer restricted by the available kernel memory but we are till checking for that and limiting the size.</p>
<p>This is only significant in armv7 and really only the 3100 where kernel memory is limited but does apply to all architectures.</p> pfSense - Todo #13159 (New): Decrease distance between img-buttons in webGUI to eliminate mistake...https://redmine.pfsense.org/issues/131592022-05-12T21:15:09ZSergei Shablovsky
<p>Hi, dear pfSense Dev Team!</p>
<p>Please, decrease distance between img-buttons in “Action” column in most webGUI pages to eliminate mistake entry, especially when pfSense remotely accessed from iPad (or any same size tablet) or 15-16-17” notebook that mostly used by SysAdmins nowadays.</p>
<p>Because so easy to tap on wrong image-button, so SysAdmin need constantly making pinch-in/pinch out. Very annoying design mistake...Sorry</p> pfSense - Todo #12025 (New): Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interfa...https://redmine.pfsense.org/issues/120252021-06-10T17:34:03ZKris Phillips
<p>Although it is VERY rarely necessary, we should add a banner to the top of the 1:1 NAT page notifying end users that they have just 1:1 NAT'ed the WAN interface address and this is usually not recommended due to connectivity issues for dpinger, IPSec, etc. that may occur. Often we see users 1:1 NAT their WAN address out of lack of experience/understanding. Additionally, this should be useful if there was a way to verify against an HA member as well or CARP VIP as it can sometimes be easy to forget that your secondary unit is using the 1:1 NAT address you just configured on the primary and pushed it to the secondary (which then causes gateway monitoring to fail on that interface).</p> pfSense - Todo #11508 (Pull Request Review): Update SimplePie to to v1.5.6https://redmine.pfsense.org/issues/115082021-02-23T02:58:44ZGChuf 6
<p>Mostly bug and issue fixes, some new features. One micro-performance optimisation.</p>
<p>PR: <a class="external" href="https://github.com/pfsense/simplepie/pull/3">https://github.com/pfsense/simplepie/pull/3</a></p> pfSense - Todo #11280 (New): Add WireGuard to ALTQ listhttps://redmine.pfsense.org/issues/112802021-01-21T15:31:31ZJim Pingle
<p>wg interfaces support ALTQ, so can be added to the list.</p> pfSense - Todo #8270 (New): Fix grammatically erroneous repetitionhttps://redmine.pfsense.org/issues/82702018-01-10T16:06:23ZMaxwell Cody
<p>The pfSense web interface has some grammatically incorrect repetition due to, what I suspect to be, a very lackadaisical use of initialisms. You will notice that on at least four different pages, the phrase "IP Protocol" is used to refer to the delineation between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). The grammatical error here is rather simple to notice by simply deconstructing the initialism. By deconstructing the initialism you will see that the deconstructed phrase reads "Internet Protocol Protocol." This is grammatically incorrect.</p>
<p>I've personally come up with two unique and novel solutions to this issue.</p>
<p>1. Change the phrase to read simply "Protocol." <br />2. Change the phrase to read "IP Version." (Deconstructing the initialism here may be preferable)</p>
Pages affected:
<ul>
<li>status_logs_settings.php</li>
<li>diag_testport.php</li>
<li>diag_traceroute.php</li>
<li>diag_ping.php</li>
</ul> pfSense - Todo #7385 (New): Sanitize PHP includes https://redmine.pfsense.org/issues/73852017-03-14T03:39:49ZKill Bill
<p>Includes are massively wrong across the entire pfSense code.</p>
<p>Sort of a reminder. Please, review functions used in the code when touching a file. Pretty much every single piece of PHP seems to get this wrong, kinda surprised how few things break due to this. A particularly popular variant that must have been caused by some copy-paste is</p>
<pre>
require_once("filter.inc");
require_once("shaper.inc");
</pre>
<p>in files that have absolutely nothing to do with traffic shaping or filtering.</p>
<pre>
/usr/local/www/diag_backup.php:74:require_once("shaper.inc");
/usr/local/www/easyrule.php:65:require_once("shaper.inc");
/usr/local/www/firewall_aliases_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_aliases_import.php:68:require_once("shaper.inc");
/usr/local/www/firewall_aliases.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_1to1_edit.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_1to1.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_edit.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_npt_edit.php:67:require_once("shaper.inc");
/usr/local/www/firewall_nat_npt.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_out_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_out.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat.php:68:require_once("shaper.inc");
/usr/local/www/firewall_rules_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_rules.php:69:require_once("shaper.inc");
/usr/local/www/firewall_schedule_edit.php:82:require_once("shaper.inc");
/usr/local/www/firewall_schedule.php:72:require_once("shaper.inc");
/usr/local/www/firewall_shaper.php:64:require_once("shaper.inc");
/usr/local/www/firewall_virtual_ip_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_virtual_ip.php:69:require_once("shaper.inc");
/usr/local/www/interfaces_assign.php:72:require_once("shaper.inc");
/usr/local/www/interfaces.php:71:require_once("shaper.inc");
/usr/local/www/load_balancer_pool.php:65:require_once("shaper.inc");
/usr/local/www/load_balancer_setting.php:66:require_once("shaper.inc");
/usr/local/www/load_balancer_virtual_server.php:65:require_once("shaper.inc");
/usr/local/www/pkg_edit.php:66:require_once("shaper.inc");
/usr/local/www/pkg_edit.php.save:66:require_once("shaper.inc");
/usr/local/www/pkg_mgr_install.php:67:require_once("shaper.inc");
/usr/local/www/services_captiveportal_filemanager.php:80:require_once("shaper.inc");
/usr/local/www/services_captiveportal_hostname_edit.php:73:require_once("shaper.inc");
/usr/local/www/services_captiveportal_hostname.php:71:require_once("shaper.inc");
/usr/local/www/services_captiveportal_ip_edit.php:79:require_once("shaper.inc");
/usr/local/www/services_captiveportal_ip.php:71:require_once("shaper.inc");
/usr/local/www/services_captiveportal_mac_edit.php:79:require_once("shaper.inc");
/usr/local/www/services_captiveportal_mac.php:69:require_once("shaper.inc");
/usr/local/www/services_captiveportal.php:67:require_once("shaper.inc");
/usr/local/www/services_captiveportal_vouchers_edit.php:65:require_once("shaper.inc");
/usr/local/www/services_captiveportal_vouchers.php:69:require_once("shaper.inc");
/usr/local/www/services_captiveportal_zones_edit.php:64:require_once("shaper.inc");
/usr/local/www/services_captiveportal_zones.php:64:require_once("shaper.inc");
/usr/local/www/services_dhcp.php:68:require_once("shaper.inc");
/usr/local/www/services_dnsmasq.php:70:require_once("shaper.inc");
/usr/local/www/services_ntpd_acls.php:65:require_once("shaper.inc");
/usr/local/www/services_ntpd.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_expire.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal.php:68:require_once("shaper.inc");
/usr/local/www/status_captiveportal_test.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_voucher_rolls.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_vouchers.php:65:require_once("shaper.inc");
/usr/local/www/status_interfaces.php:66:require_once("shaper.inc");
/usr/local/www/status_lb_pool.php:69:require_once("shaper.inc");
/usr/local/www/status_logs_settings.php:68:require_once("shaper.inc");
/usr/local/www/status_monitoring.php:61:require("shaper.inc");
/usr/local/www/system_advanced_admin.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_firewall.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_misc.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_network.php:69:require_once("shaper.inc");
/usr/local/www/system_gateway_groups.php:65:require_once("shaper.inc");
/usr/local/www/system_gateways.php:65:require_once("shaper.inc");
/usr/local/www/system.php:68:require_once("shaper.inc");
/usr/local/www/system_routes.php:68:require_once("shaper.inc");
/usr/local/www/vpn_ipsec.php:68:require_once("shaper.inc");
/usr/local/www/vpn_ipsec_settings.php:64:require_once("shaper.inc");
/usr/local/www/wizard.php:65:require_once("shaper.inc");
/usr/local/www/xmlrpc.php:67:require_once("shaper.inc");
</pre>
<p>(The above being on an uptodate 2.3.4 snapshot.)</p>
<p>Also, <code>require_once("functions.inc");</code> should be replaced with proper includes everywhere.</p>
<pre>
/usr/local/www/crash_reporter.php:62:require_once("functions.inc");
/usr/local/www/diag_backup.php:72:require_once("functions.inc");
/usr/local/www/diag_command.php:312: fwrite($phpfile, "require_once(\"/etc/inc/functions.inc\");\n\n");
/usr/local/www/diag_halt.php:69:require_once("functions.inc");
/usr/local/www/diag_reboot.php:69:require_once("functions.inc");
/usr/local/www/firewall_aliases_edit.php:66:require_once("functions.inc");
/usr/local/www/firewall_aliases.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat_1to1.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat_npt.php:67:require_once("functions.inc");
/usr/local/www/firewall_nat_out.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat.php:66:require_once("functions.inc");
/usr/local/www/firewall_rules.php:66:require_once("functions.inc");
/usr/local/www/firewall_schedule_edit.php:80:require_once("functions.inc");
/usr/local/www/firewall_shaper.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_queues.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_vinterface.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_wizards.php:62:require_once("functions.inc");
/usr/local/www/firewall_virtual_ip.php:67:require_once("functions.inc");
/usr/local/www/getstats.php:68:include_once("includes/functions.inc.php");
/usr/local/www/guiconfig.inc:82:require_once("functions.inc");
/usr/local/www/head.inc:55:require_once("functions.inc");
/usr/local/www/includes/functions.inc.php:3: * functions.inc.php
/usr/local/www/index.php:182:require_once('includes/functions.inc.php');
/usr/local/www/index.php:73:require_once('functions.inc');
/usr/local/www/interfaces_assign.php:70:require_once("functions.inc");
/usr/local/www/interfaces_gre_edit.php:62:require_once("functions.inc");
/usr/local/www/interfaces_gre.php:62:require_once("functions.inc");
/usr/local/www/interfaces_groups_edit.php:63:require_once("functions.inc");
/usr/local/www/interfaces_groups.php:62:require_once("functions.inc");
/usr/local/www/interfaces.php:68:require_once("functions.inc");
/usr/local/www/interfaces_ppps_edit.php:67:require_once("functions.inc");
/usr/local/www/interfaces_ppps.php:66:require_once("functions.inc");
/usr/local/www/interfaces_qinq.php:62:require_once("functions.inc");
/usr/local/www/load_balancer_pool.php:63:require_once("functions.inc");
/usr/local/www/load_balancer_setting.php:64:require_once("functions.inc");
/usr/local/www/load_balancer_virtual_server.php:63:require_once("functions.inc");
/usr/local/www/pfblockerng/pfblockerng.php:43:require_once('functions.inc');
/usr/local/www/pfblockerng/pfblockerng_update.php:49:require_once('functions.inc');
/usr/local/www/pkg_edit.php:64:require_once("functions.inc");
/usr/local/www/pkg_edit.php.save:64:require_once("functions.inc");
/usr/local/www/pkg_mgr_install.php:65:require_once("functions.inc");
/usr/local/www/services_captiveportal_filemanager.php:78:require_once("functions.inc");
/usr/local/www/services_captiveportal_hostname_edit.php:71:require_once("functions.inc");
/usr/local/www/services_captiveportal_hostname.php:69:require_once("functions.inc");
/usr/local/www/services_captiveportal_ip_edit.php:77:require_once("functions.inc");
/usr/local/www/services_captiveportal_ip.php:69:require_once("functions.inc");
/usr/local/www/services_captiveportal_mac_edit.php:77:require_once("functions.inc");
/usr/local/www/services_captiveportal_mac.php:67:require_once("functions.inc");
/usr/local/www/services_captiveportal.php:65:require_once("functions.inc");
/usr/local/www/services_captiveportal_vouchers_edit.php:63:require_once("functions.inc");
/usr/local/www/services_captiveportal_vouchers.php:67:require_once("functions.inc");
/usr/local/www/services_captiveportal_zones_edit.php:62:require_once("functions.inc");
/usr/local/www/services_captiveportal_zones.php:62:require_once("functions.inc");
/usr/local/www/services_dnsmasq.php:67:require_once("functions.inc");
/usr/local/www/services_servicewatchdog.php:42:require_once("functions.inc");
/usr/local/www/services_snmp.php:66:require_once("functions.inc");
/usr/local/www/squid_monitor.php:25:require_once("/etc/inc/functions.inc");
/usr/local/www/stats.php:55:require_once("includes/functions.inc.php");
/usr/local/www/status_captiveportal_expire.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal.php:66:require_once("functions.inc");
/usr/local/www/status_captiveportal_test.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal_voucher_rolls.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal_vouchers.php:63:require_once("functions.inc");
/usr/local/www/status_filter_reload.php:63:require_once("functions.inc");
/usr/local/www/status_lb_pool.php:67:require_once("functions.inc");
/usr/local/www/status_logs_settings.php:66:require_once("functions.inc");
/usr/local/www/status.php:72:require_once("functions.inc");
/usr/local/www/suricata/suricata_download_rules.php:27:require_once("functions.inc");
/usr/local/www/suricata/suricata_select_alias.php:27:require_once("functions.inc");
/usr/local/www/system_advanced_admin.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_firewall.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_misc.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_network.php:67:require_once("functions.inc");
/usr/local/www/system_gateway_groups.php:63:require_once("functions.inc");
/usr/local/www/system_gateways.php:63:require_once("functions.inc");
/usr/local/www/system_patches.php:30:require_once("functions.inc");
/usr/local/www/system.php:66:require_once("functions.inc");
/usr/local/www/system_routes.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_keys_edit.php:65:require_once("functions.inc");
/usr/local/www/vpn_ipsec_keys.php:65:require_once("functions.inc");
/usr/local/www/vpn_ipsec_mobile.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_phase1.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_phase2.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_settings.php:61:require_once("functions.inc");
/usr/local/www/widgets/widgets/captive_portal_status.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/carp_status.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/dyn_dns_status.widget.php:60:require_once("functions.inc");
/usr/local/www/widgets/widgets/gateways.widget.php:63:require_once("functions.inc");
/usr/local/www/widgets/widgets/installed_packages.widget.php:65:require_once("functions.inc");
/usr/local/www/widgets/widgets/interface_statistics.widget.php:65:require_once("functions.inc");
/usr/local/www/widgets/widgets/interfaces.widget.php:27:require_once("functions.inc");
/usr/local/www/widgets/widgets/ipsec.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/load_balancer_status.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/log.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/ntp_status.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/picture.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/rss.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/smart_status.widget.php:61:require_once("functions.inc");
/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php:23:require_once("functions.inc");
/usr/local/www/widgets/widgets/system_information.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/system_information.widget.php:63:include_once("includes/functions.inc.php");
/usr/local/www/widgets/widgets/traffic_graphs.widget.php:76:require_once("functions.inc");
/usr/local/www/wizard.php:63:require_once("functions.inc");
/usr/local/www/xmlrpc.php:63:require_once("functions.inc");
</pre> pfSense - Todo #6727 (New): Missing file apple-touch-icon-precomposed.png ?https://redmine.pfsense.org/issues/67272016-08-18T14:10:11ZAndy Kniveton
<p>I notice this occasionally in my log files after logging in via the web browser :-</p>
<p>Aug 18 19:50:38 pfsense.localdomain nginx: 2016/08/18 19:50:38 [error] 36942#100114: *10595 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 172.16.1.20, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "172.16.1.1"</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/apple-touch-icon-precomposed.png<br />ls: /usr/local/www/apple-touch-icon-precomposed.png: No such file or directory</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/*.png<br />/usr/local/www/apple-touch-icon.png/usr/local/www/logo.png<br />/usr/local/www/logo-black.png /usr/local/www/pfs-mini.png<br />[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root:</p>
<p>Maybe its just worth doing a symbolic link in the next pfSense build.</p> pfSense - Todo #6697 (New): White squares around the numeric values in the Status / Queues pagehttps://redmine.pfsense.org/issues/66972016-08-13T07:46:19ZAndy Kniveton
<p>White squares around the numeric values in the Status / Queues page, I've tried Safari & Firefox, both show the same.</p> pfSense - Todo #6647 (New): Enable Additional Security Headershttps://redmine.pfsense.org/issues/66472016-07-26T20:30:24ZChris Buechlercbuechler@gmail.com
<p>The nginx instance for the web GUI should enable CSP. Just adding the following works:</p>
<pre>
add_header Content-Security-Policy "default-src 'self';";
</pre>
<p>though I suspect that may break some edge case I'm not thinking of. The captive portal nginx instance shouldn't have that set, as people routinely include external resources that would be broken by that.</p>
<p>Adding upgrade-insecure-requests while there wouldn't hurt either.</p> pfSense - Todo #6501 (New): Tightening up subnet expansionhttps://redmine.pfsense.org/issues/65012016-06-19T15:00:35ZStilez y
<p>A couple of days ago I put a PRE into Github to remove the subnet_expand() function. It isn't used anywhere in the codebase, isn't robust, and would need a complete rewrite to handle IPv6 anyway.</p>
<p>But then I noticed a few places exist where subnet expansion <em>does</em> happen - just not using this function. Typically this is related to subnet VIPs and in particular Radius or ARP Proxy config, where the user gets a drop-down list of interfaces which include VIPs generated from a subnet:</p>
<ul>
<li>services_captiveportal.php - build_radiusnas_list()</li>
<li>pkg_edit.php - generic proxy-ARP GUI element</li>
<li>firewall_nat_edit/nat_out_edit/nat_1to1_edit.php - same code, proxy arp interface list</li>
</ul>
<p>I'm not sure what would nee fixing in these, but some things do, and I;m happy to fix them if I know what's wanted. So this is a todo that I'm happy to do myself if someone can answer a couple of Q's:</p>
<ol>
<li>What is a "reasonably largest" number of values that should be autocreated in order that a <select> element remains tolerably long (and not too hard to generate/render, especially on nano-platforms)?</li>
<li>As a user could have quite a large VIP subnet, what should the GUI do to make it easy for the user, if the number of interfaces+VIPs to be offered in a GUI form is more than this?</li>
<li>Alternatively, any thoughts on a better way to offer a list of IPs/IFs/VIPs than a dropdown list, which saves the system having to manually create an arbitrary length dropdown list when it is very long?</li>
</ol>