pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-03-14T03:39:49ZpfSense bugtracker
Redmine pfSense - Todo #7385 (New): Sanitize PHP includes https://redmine.pfsense.org/issues/73852017-03-14T03:39:49ZKill Bill
<p>Includes are massively wrong across the entire pfSense code.</p>
<p>Sort of a reminder. Please, review functions used in the code when touching a file. Pretty much every single piece of PHP seems to get this wrong, kinda surprised how few things break due to this. A particularly popular variant that must have been caused by some copy-paste is</p>
<pre>
require_once("filter.inc");
require_once("shaper.inc");
</pre>
<p>in files that have absolutely nothing to do with traffic shaping or filtering.</p>
<pre>
/usr/local/www/diag_backup.php:74:require_once("shaper.inc");
/usr/local/www/easyrule.php:65:require_once("shaper.inc");
/usr/local/www/firewall_aliases_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_aliases_import.php:68:require_once("shaper.inc");
/usr/local/www/firewall_aliases.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_1to1_edit.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_1to1.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_edit.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_npt_edit.php:67:require_once("shaper.inc");
/usr/local/www/firewall_nat_npt.php:69:require_once("shaper.inc");
/usr/local/www/firewall_nat_out_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat_out.php:68:require_once("shaper.inc");
/usr/local/www/firewall_nat.php:68:require_once("shaper.inc");
/usr/local/www/firewall_rules_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_rules.php:69:require_once("shaper.inc");
/usr/local/www/firewall_schedule_edit.php:82:require_once("shaper.inc");
/usr/local/www/firewall_schedule.php:72:require_once("shaper.inc");
/usr/local/www/firewall_shaper.php:64:require_once("shaper.inc");
/usr/local/www/firewall_virtual_ip_edit.php:68:require_once("shaper.inc");
/usr/local/www/firewall_virtual_ip.php:69:require_once("shaper.inc");
/usr/local/www/interfaces_assign.php:72:require_once("shaper.inc");
/usr/local/www/interfaces.php:71:require_once("shaper.inc");
/usr/local/www/load_balancer_pool.php:65:require_once("shaper.inc");
/usr/local/www/load_balancer_setting.php:66:require_once("shaper.inc");
/usr/local/www/load_balancer_virtual_server.php:65:require_once("shaper.inc");
/usr/local/www/pkg_edit.php:66:require_once("shaper.inc");
/usr/local/www/pkg_edit.php.save:66:require_once("shaper.inc");
/usr/local/www/pkg_mgr_install.php:67:require_once("shaper.inc");
/usr/local/www/services_captiveportal_filemanager.php:80:require_once("shaper.inc");
/usr/local/www/services_captiveportal_hostname_edit.php:73:require_once("shaper.inc");
/usr/local/www/services_captiveportal_hostname.php:71:require_once("shaper.inc");
/usr/local/www/services_captiveportal_ip_edit.php:79:require_once("shaper.inc");
/usr/local/www/services_captiveportal_ip.php:71:require_once("shaper.inc");
/usr/local/www/services_captiveportal_mac_edit.php:79:require_once("shaper.inc");
/usr/local/www/services_captiveportal_mac.php:69:require_once("shaper.inc");
/usr/local/www/services_captiveportal.php:67:require_once("shaper.inc");
/usr/local/www/services_captiveportal_vouchers_edit.php:65:require_once("shaper.inc");
/usr/local/www/services_captiveportal_vouchers.php:69:require_once("shaper.inc");
/usr/local/www/services_captiveportal_zones_edit.php:64:require_once("shaper.inc");
/usr/local/www/services_captiveportal_zones.php:64:require_once("shaper.inc");
/usr/local/www/services_dhcp.php:68:require_once("shaper.inc");
/usr/local/www/services_dnsmasq.php:70:require_once("shaper.inc");
/usr/local/www/services_ntpd_acls.php:65:require_once("shaper.inc");
/usr/local/www/services_ntpd.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_expire.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal.php:68:require_once("shaper.inc");
/usr/local/www/status_captiveportal_test.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_voucher_rolls.php:65:require_once("shaper.inc");
/usr/local/www/status_captiveportal_vouchers.php:65:require_once("shaper.inc");
/usr/local/www/status_interfaces.php:66:require_once("shaper.inc");
/usr/local/www/status_lb_pool.php:69:require_once("shaper.inc");
/usr/local/www/status_logs_settings.php:68:require_once("shaper.inc");
/usr/local/www/status_monitoring.php:61:require("shaper.inc");
/usr/local/www/system_advanced_admin.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_firewall.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_misc.php:69:require_once("shaper.inc");
/usr/local/www/system_advanced_network.php:69:require_once("shaper.inc");
/usr/local/www/system_gateway_groups.php:65:require_once("shaper.inc");
/usr/local/www/system_gateways.php:65:require_once("shaper.inc");
/usr/local/www/system.php:68:require_once("shaper.inc");
/usr/local/www/system_routes.php:68:require_once("shaper.inc");
/usr/local/www/vpn_ipsec.php:68:require_once("shaper.inc");
/usr/local/www/vpn_ipsec_settings.php:64:require_once("shaper.inc");
/usr/local/www/wizard.php:65:require_once("shaper.inc");
/usr/local/www/xmlrpc.php:67:require_once("shaper.inc");
</pre>
<p>(The above being on an uptodate 2.3.4 snapshot.)</p>
<p>Also, <code>require_once("functions.inc");</code> should be replaced with proper includes everywhere.</p>
<pre>
/usr/local/www/crash_reporter.php:62:require_once("functions.inc");
/usr/local/www/diag_backup.php:72:require_once("functions.inc");
/usr/local/www/diag_command.php:312: fwrite($phpfile, "require_once(\"/etc/inc/functions.inc\");\n\n");
/usr/local/www/diag_halt.php:69:require_once("functions.inc");
/usr/local/www/diag_reboot.php:69:require_once("functions.inc");
/usr/local/www/firewall_aliases_edit.php:66:require_once("functions.inc");
/usr/local/www/firewall_aliases.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat_1to1.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat_npt.php:67:require_once("functions.inc");
/usr/local/www/firewall_nat_out.php:66:require_once("functions.inc");
/usr/local/www/firewall_nat.php:66:require_once("functions.inc");
/usr/local/www/firewall_rules.php:66:require_once("functions.inc");
/usr/local/www/firewall_schedule_edit.php:80:require_once("functions.inc");
/usr/local/www/firewall_shaper.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_queues.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_vinterface.php:62:require_once("functions.inc");
/usr/local/www/firewall_shaper_wizards.php:62:require_once("functions.inc");
/usr/local/www/firewall_virtual_ip.php:67:require_once("functions.inc");
/usr/local/www/getstats.php:68:include_once("includes/functions.inc.php");
/usr/local/www/guiconfig.inc:82:require_once("functions.inc");
/usr/local/www/head.inc:55:require_once("functions.inc");
/usr/local/www/includes/functions.inc.php:3: * functions.inc.php
/usr/local/www/index.php:182:require_once('includes/functions.inc.php');
/usr/local/www/index.php:73:require_once('functions.inc');
/usr/local/www/interfaces_assign.php:70:require_once("functions.inc");
/usr/local/www/interfaces_gre_edit.php:62:require_once("functions.inc");
/usr/local/www/interfaces_gre.php:62:require_once("functions.inc");
/usr/local/www/interfaces_groups_edit.php:63:require_once("functions.inc");
/usr/local/www/interfaces_groups.php:62:require_once("functions.inc");
/usr/local/www/interfaces.php:68:require_once("functions.inc");
/usr/local/www/interfaces_ppps_edit.php:67:require_once("functions.inc");
/usr/local/www/interfaces_ppps.php:66:require_once("functions.inc");
/usr/local/www/interfaces_qinq.php:62:require_once("functions.inc");
/usr/local/www/load_balancer_pool.php:63:require_once("functions.inc");
/usr/local/www/load_balancer_setting.php:64:require_once("functions.inc");
/usr/local/www/load_balancer_virtual_server.php:63:require_once("functions.inc");
/usr/local/www/pfblockerng/pfblockerng.php:43:require_once('functions.inc');
/usr/local/www/pfblockerng/pfblockerng_update.php:49:require_once('functions.inc');
/usr/local/www/pkg_edit.php:64:require_once("functions.inc");
/usr/local/www/pkg_edit.php.save:64:require_once("functions.inc");
/usr/local/www/pkg_mgr_install.php:65:require_once("functions.inc");
/usr/local/www/services_captiveportal_filemanager.php:78:require_once("functions.inc");
/usr/local/www/services_captiveportal_hostname_edit.php:71:require_once("functions.inc");
/usr/local/www/services_captiveportal_hostname.php:69:require_once("functions.inc");
/usr/local/www/services_captiveportal_ip_edit.php:77:require_once("functions.inc");
/usr/local/www/services_captiveportal_ip.php:69:require_once("functions.inc");
/usr/local/www/services_captiveportal_mac_edit.php:77:require_once("functions.inc");
/usr/local/www/services_captiveportal_mac.php:67:require_once("functions.inc");
/usr/local/www/services_captiveportal.php:65:require_once("functions.inc");
/usr/local/www/services_captiveportal_vouchers_edit.php:63:require_once("functions.inc");
/usr/local/www/services_captiveportal_vouchers.php:67:require_once("functions.inc");
/usr/local/www/services_captiveportal_zones_edit.php:62:require_once("functions.inc");
/usr/local/www/services_captiveportal_zones.php:62:require_once("functions.inc");
/usr/local/www/services_dnsmasq.php:67:require_once("functions.inc");
/usr/local/www/services_servicewatchdog.php:42:require_once("functions.inc");
/usr/local/www/services_snmp.php:66:require_once("functions.inc");
/usr/local/www/squid_monitor.php:25:require_once("/etc/inc/functions.inc");
/usr/local/www/stats.php:55:require_once("includes/functions.inc.php");
/usr/local/www/status_captiveportal_expire.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal.php:66:require_once("functions.inc");
/usr/local/www/status_captiveportal_test.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal_voucher_rolls.php:63:require_once("functions.inc");
/usr/local/www/status_captiveportal_vouchers.php:63:require_once("functions.inc");
/usr/local/www/status_filter_reload.php:63:require_once("functions.inc");
/usr/local/www/status_lb_pool.php:67:require_once("functions.inc");
/usr/local/www/status_logs_settings.php:66:require_once("functions.inc");
/usr/local/www/status.php:72:require_once("functions.inc");
/usr/local/www/suricata/suricata_download_rules.php:27:require_once("functions.inc");
/usr/local/www/suricata/suricata_select_alias.php:27:require_once("functions.inc");
/usr/local/www/system_advanced_admin.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_firewall.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_misc.php:67:require_once("functions.inc");
/usr/local/www/system_advanced_network.php:67:require_once("functions.inc");
/usr/local/www/system_gateway_groups.php:63:require_once("functions.inc");
/usr/local/www/system_gateways.php:63:require_once("functions.inc");
/usr/local/www/system_patches.php:30:require_once("functions.inc");
/usr/local/www/system.php:66:require_once("functions.inc");
/usr/local/www/system_routes.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_keys_edit.php:65:require_once("functions.inc");
/usr/local/www/vpn_ipsec_keys.php:65:require_once("functions.inc");
/usr/local/www/vpn_ipsec_mobile.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_phase1.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_phase2.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec.php:66:require_once("functions.inc");
/usr/local/www/vpn_ipsec_settings.php:61:require_once("functions.inc");
/usr/local/www/widgets/widgets/captive_portal_status.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/carp_status.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/dyn_dns_status.widget.php:60:require_once("functions.inc");
/usr/local/www/widgets/widgets/gateways.widget.php:63:require_once("functions.inc");
/usr/local/www/widgets/widgets/installed_packages.widget.php:65:require_once("functions.inc");
/usr/local/www/widgets/widgets/interface_statistics.widget.php:65:require_once("functions.inc");
/usr/local/www/widgets/widgets/interfaces.widget.php:27:require_once("functions.inc");
/usr/local/www/widgets/widgets/ipsec.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/load_balancer_status.widget.php:64:require_once("functions.inc");
/usr/local/www/widgets/widgets/log.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/ntp_status.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/picture.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/rss.widget.php:58:require_once("functions.inc");
/usr/local/www/widgets/widgets/smart_status.widget.php:61:require_once("functions.inc");
/usr/local/www/widgets/widgets/squid_antivirus_status.widget.php:23:require_once("functions.inc");
/usr/local/www/widgets/widgets/system_information.widget.php:59:require_once("functions.inc");
/usr/local/www/widgets/widgets/system_information.widget.php:63:include_once("includes/functions.inc.php");
/usr/local/www/widgets/widgets/traffic_graphs.widget.php:76:require_once("functions.inc");
/usr/local/www/wizard.php:63:require_once("functions.inc");
/usr/local/www/xmlrpc.php:63:require_once("functions.inc");
</pre> pfSense - Todo #6727 (New): Missing file apple-touch-icon-precomposed.png ?https://redmine.pfsense.org/issues/67272016-08-18T14:10:11ZAndy Kniveton
<p>I notice this occasionally in my log files after logging in via the web browser :-</p>
<p>Aug 18 19:50:38 pfsense.localdomain nginx: 2016/08/18 19:50:38 [error] 36942#100114: *10595 open() "/usr/local/www/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 172.16.1.20, server: , request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "172.16.1.1"</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/apple-touch-icon-precomposed.png<br />ls: /usr/local/www/apple-touch-icon-precomposed.png: No such file or directory</p>
<p>[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root: ls /usr/local/www/*.png<br />/usr/local/www/apple-touch-icon.png/usr/local/www/logo.png<br />/usr/local/www/logo-black.png /usr/local/www/pfs-mini.png<br />[2.3.2-RELEASE][<a class="email" href="mailto:admin@pfsense.localdomain">admin@pfsense.localdomain</a>]/root:</p>
<p>Maybe its just worth doing a symbolic link in the next pfSense build.</p> pfSense - Todo #6697 (New): White squares around the numeric values in the Status / Queues pagehttps://redmine.pfsense.org/issues/66972016-08-13T07:46:19ZAndy Kniveton
<p>White squares around the numeric values in the Status / Queues page, I've tried Safari & Firefox, both show the same.</p> pfSense - Todo #6647 (New): Enable Additional Security Headershttps://redmine.pfsense.org/issues/66472016-07-26T20:30:24ZChris Buechlercbuechler@gmail.com
<p>The nginx instance for the web GUI should enable CSP. Just adding the following works:</p>
<pre>
add_header Content-Security-Policy "default-src 'self';";
</pre>
<p>though I suspect that may break some edge case I'm not thinking of. The captive portal nginx instance shouldn't have that set, as people routinely include external resources that would be broken by that.</p>
<p>Adding upgrade-insecure-requests while there wouldn't hurt either.</p> pfSense - Todo #6501 (New): Tightening up subnet expansionhttps://redmine.pfsense.org/issues/65012016-06-19T15:00:35ZStilez y
<p>A couple of days ago I put a PRE into Github to remove the subnet_expand() function. It isn't used anywhere in the codebase, isn't robust, and would need a complete rewrite to handle IPv6 anyway.</p>
<p>But then I noticed a few places exist where subnet expansion <em>does</em> happen - just not using this function. Typically this is related to subnet VIPs and in particular Radius or ARP Proxy config, where the user gets a drop-down list of interfaces which include VIPs generated from a subnet:</p>
<ul>
<li>services_captiveportal.php - build_radiusnas_list()</li>
<li>pkg_edit.php - generic proxy-ARP GUI element</li>
<li>firewall_nat_edit/nat_out_edit/nat_1to1_edit.php - same code, proxy arp interface list</li>
</ul>
<p>I'm not sure what would nee fixing in these, but some things do, and I;m happy to fix them if I know what's wanted. So this is a todo that I'm happy to do myself if someone can answer a couple of Q's:</p>
<ol>
<li>What is a "reasonably largest" number of values that should be autocreated in order that a <select> element remains tolerably long (and not too hard to generate/render, especially on nano-platforms)?</li>
<li>As a user could have quite a large VIP subnet, what should the GUI do to make it easy for the user, if the number of interfaces+VIPs to be offered in a GUI form is more than this?</li>
<li>Alternatively, any thoughts on a better way to offer a list of IPs/IFs/VIPs than a dropdown list, which saves the system having to manually create an arbitrary length dropdown list when it is very long?</li>
</ol> pfSense - Todo #6390 (New): Autoscale from Traffic Graph not correct size (big graphs)https://redmine.pfsense.org/issues/63902016-05-23T01:36:00ZManuel M.manuel.michalski@me.com
<p>Hey guys</p>
<p>The autoscale feature from the traffic graph is too big. Attached is a screeshot, where your can see what I mean ;)</p> pfSense - Todo #6332 (New): Upgrade encryption options to cover current range of recommendationshttps://redmine.pfsense.org/issues/63322016-05-07T22:24:48ZStilez y
<p>Several packages, as well as base, have GUI where the user can specify a cipher, digest, or other encryption-related standard. The options for these selections seem to have issues:</p>
<ol>
<li>They are scattered around and often hard-coded, making them harder to review and periodically update as a whole. </li>
<li>They often present an apparently inadequate range which does not cover the current recommendations for use by major bodies. </li>
<li>There is no page which allows easy admin setting of permissible crypto options (beyond a very basic "allow , so the only way to confirm if undesirably weak crypto is permitted in some function is to check every GUI where a crypto method can be specified.</li>
<li>Defaults and options are at times presented which are currently considered to be effectively broken and should really not be suggested any more, or at least not as defaults (DH=1024 in OpenVPN, MD5 as a digest, etc)</li>
<li>In some circumstances such as longer term resistance to retrospective analysis or decryption of sessions and data (>2030 or >2040) NIST refers to FIPS 140-2 (table 2 p.88) and recommends asymmetric keys >7680 bits or >15360 bits. The European Union Agency for Network and Information Security (ENISA) concurred back in 2013 that crypto based on RSA, DLP and pairing and requiring long term resistance should use >15360 bits. But no pfSense setting where asymmetric key size is entered, allows >4096 bits even if this is recommended in some cases.</li>
</ol>
<p>Some pfSense functions do allow a full range of options, for example openVPN gets its list of digests and ciphers directly from openVPN and therefore supports all.</p>
<p>POSSIBLE IMPROVEMENT?</p>
<ol>
<li>Move the hard-coded lists and the most important defaults to more obvious locations where they can be maintained more accessibly.</li>
<li>Create static tables of common descriptors for the most common crypto methods, such as "considered broken", "legacy", "current use", "future use", "long term use", "may break compatibility" etc. Then, where the GUI allows a user to select a crypto method (almost always a dropdown selector) note after the crypto method, the groups it's in, so the user can see for each method, its current status. For example, SHA1 might appear as <em>"SHA1 (considered legacy, use stronger if able)"</em> while an 8192-bit key might appear <em>"8192 bits (currently excessive, recommended for >2030 only; may not be compatible with all software)"</em>, or similar. This would greatly help people to choose appropriate key sizes rather than guessing at random or using outdated information. As recommendations are only updated every year, or every few years, categorising this way this would not be burdensome or need constant updates, it could be updated annually or 2-yearly with new releases of the firmware, or checked automatically every X days much like bogon tables (nicer?).</li>
</ol>
<p>It might also be easy to provide a simple usage tracker to identify when a crypto method that has been used, changes category, and warn the user.</p> pfSense - Todo #5902 (New): Use a common place for default valueshttps://redmine.pfsense.org/issues/59022016-02-17T06:10:35ZPhillip Davisphil@jankaritech.com
<p>Currently the default value of many settings is used in the backend code that implements something, and is also in the text of the help message, and might be in other "front-end" validation code that runs when the settings are saved. Having a default setting (e.g. number) used literally in 3 different places leads to it getting out-of-sync when the default is changed.<br />Put all default values (and other "constants") into include files. Use the values from the include files everywhere. That way the system stays consistent when default values are changed.</p> pfSense - Todo #5480 (New): inconsistent display of default values in fieldshttps://redmine.pfsense.org/issues/54802015-11-18T17:20:41ZJared Dillardjdillard@netgate.com
<p>Feedback from a user:</p>
<blockquote>
<p>One thing I noticed is that the UI is inconsistent with the display of default values in fields. It's not a new issue, but since one of the goals of 2.3 is to clean up the UI, it's a good time to fix it.<br />In some cases the default is already in the field as if the user put it there (Max Processes).<br />In other cases the default is shown grayed out if the field hasn't been modified by the user (SSH port).<br />Finally, sometimes it's just empty even if there's a default value, and the default is discussed in the description.<br />My preference would be to show the default grayed out if the field hasn't been modified by the user, like it is with the SSH port. But anything would be acceptable as long as it's consistent.</p>
</blockquote> pfSense - Todo #5445 (New): Improve banner for "background activity"https://redmine.pfsense.org/issues/54452015-11-14T12:00:19ZStilez y
<p>A number of router functions involve background activity which is ongoing for a while before completing. (Examples: package install/update, firmware update, waiting for reboot, waiting for rules to be reloaded, php crash detected)</p>
<p>Quite often the user gets shown a status banner for (some) of these but it's very "hit and miss" and shows in some circumstances but not others. So there isn't a <strong>consistent</strong> info banner displayed to the user, when these kinds of activities are going on in the background, displayed above the current page on every page, until they complete. But often there should be a one-line banner displayed saying "packages being reinstalled" or "package reinstall complete" following an update, so the user is aware this is still going on rather than having to wonder if it's complete yet.</p>
<p>So this is a request - can we have a consistent "notification system", a bit like the system log ticker perhaps, that doesn't take much screen real estate, but certain background activities can \2set" and "unset" text to go in it, so the user can see at least a note that "background activities in progress" and click to expand and view what activities of these kinds are ongoing or completed, and dismiss/clear them at will.</p>
<p>That way, for any present or future router functionality or package activity that may require some time to complete in the background, once started, the user can see an icon on the banner bar that indicates "something is being done in the background" and can click to view the current background activities and statuses, if they wish.</p>
<p>The current system isn't very informative or consistent (you often "lose" this info if you do something else while waiting and then its not always easy to be sure what is going on, or if it completed yet).</p>
<p>Hope I've explained this well enough!</p> pfSense - Todo #2099 (New): Remove "queue" from CARP traffichttps://redmine.pfsense.org/issues/20992012-01-17T03:00:19ZMichele Di Mariamichele@nt2.it
<p>Hello,<br /> as it happened for the "Outbound NAT", there's the possibility that the CARP traffic can be matched by one of the rules in the "Floating Rules" (For example: Interface: LAN, source: ANY). This brings, under heavy traffic, to loose some of the CARP packets, which causes CARP to promote the secondary machine as master.</p>
<p>What could be done is to create a static rule just after the "floating rules" that matches all the CARP traffic and removes the queue (but I don't know if it's possible).</p> pfSense - Todo #1940 (New): Integrate rSyslogdhttps://redmine.pfsense.org/issues/19402011-10-08T07:14:02ZErmal Luçieri@pfsense.org
<p>Seems its a better alternative to syslog since it supports encryption and can secure communication.<br /><a class="external" href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/rsyslog5/pkg-descr?rev=1.7">http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/rsyslog5/pkg-descr?rev=1.7</a></p> pfSense - Todo #1521 (New): Multipath Routing GUI Supporthttps://redmine.pfsense.org/issues/15212011-05-12T11:28:44ZJim Pingle
<p>It would be nice to have multiple gateways for a given route with metrics that get properly respected for route preference, without the need for a dynamic routing protocol.</p>
This would make a lot of things easier:
<ul>
<li>Multiple "default" gateways with an order of preference handled purely in the routing table, and the ability to round-robin traffic if two routes have the same metric</li>
<li>Multiple gateways/paths to a single remote network that can failover gracefully without the need for a dynamic routing protocol</li>
<li>And many more.</li>
</ul>
<p>This is mainly a note to check in on this in the future (2.1, 2.2, way beyond). Perhaps involving ECMP as well.</p> pfSense - Todo #33 (New): L2TP users integration with user managerhttps://redmine.pfsense.org/issues/332009-07-14T16:46:31ZChris Buechlercbuechler@gmail.com
<p>The L2TP Users tab needs to go away and be integrated with the user manager.</p> pfSense - Todo #32 (New): PPPoE Server users integration with user managerhttps://redmine.pfsense.org/issues/322009-07-14T16:44:23ZChris Buechlercbuechler@gmail.com
<p>PPPoE Server users tab needs to go away and be integrated into the user manager along with all the other services.</p>