pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T03:23:33ZpfSense bugtracker
Redmine pfSense - Feature #15276 (New): Support JSON content for URL type firewall aliaseshttps://redmine.pfsense.org/issues/152762024-02-21T03:23:33ZSergei Shablovsky
<p>Brilliant pfSense DevTeam!</p>
<p>WHERE<br />In Firewall / Aliases, URLs tab(selector)</p>
<p>CASE<br />JSON need to be allowed in “URL (IPs)” type of firewall aliases, the same as XML and TXT are allowed.</p>
<p>ARGUMENT<br />Nowadays most SaaS and services present their data on JSON and XML more frequently than PLAIN TXT file answer on certain URL.<br />(For example external monitoring services.)</p>
<p>And logically wrong if pfSense user able to entering the XML and PLAIN TXT source in URL (IPs), but no JSON. (And only URL Table (IPs) allow the JSON).</p>
<p>I understand that from the beginning of pfSense’s life exist only 2 types of URL-sources:<br />- small lists<br />- big lists <br />and to eliminate time and resources to keep IPs, the parameter/ability of refresh of big lists was made in WebGUI.</p>
<p>But FROM USERS PERSPECTIVE all 3(JSON, XML and PLAIN TXT) source are the same - certain amount of data, and frustrating when possible to add XML and PLAIN TXT in URL (IPs), but JSON - only in another type, only in URL Table (IPs).</p>
<p>Thank You!</p> pfSense - Feature #15068 (New): Show if an alias is currently in usehttps://redmine.pfsense.org/issues/150682023-12-05T22:36:42ZMarcelo Cury
<p>I would like to check if it is possible to include in a future release the ability to see if an alias is being used in a Firewall rule when checking the aliases page.<br />Perhaps also show the Track ID ? I think this would be a very nice feature to have.</p>
<p>As I see it, it would help a lot to track things, avoid exclusions of aliases that are in use and help to clean up.</p>
<p>Thanks.</p> pfSense Plus - Feature #14133 (New): Exporting and Importing - Change Layouthttps://redmine.pfsense.org/issues/141332023-03-20T03:47:01ZSteven Cedrone
<p>Please change Backup & Restore to allow for choosing only what areas you want to import/export without having to do it one area at a time.</p>
<p>The drop down-style boxes for "Backup Area" and "Restore Area" should allow you to hold CTRL and choose multiple areas at a time. Or change the drop-down boxes to scrolling boxes similar to other Areas of PfSense when you select Multiple WAN or LAN connections in PfBlocker for example.</p>
<p>This would be quite handy for exporting partial settings for new setup-up's without having to do it area by area.</p> pfSense - Feature #13732 (New): Allow the use of macros within aliaseshttps://redmine.pfsense.org/issues/137322022-12-07T11:33:09ZLuc Courville
<p>Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be better if we can have more flexibility.</p>
<p>Can you make the option to create an Alias with Interface net and interface address.(drop down list) (same as when we create rules in destination drop down list) (ex: This Firewall, any, Alias or host, interface_name net....)<br />That way when we create a alias we choose Lan net, dmz net....<br />After that we can create a any rules with that alias.</p>
<p>There is my workaround about ipv6 traffic. <br /><img src="https://redmine.pfsense.org/attachments/download/4558/clipboard-202212071225-g4pv3.png" alt="" /><br />I create an interface group and add all local net. (Dynamic ipv6 from ISP)<br />Then create all rules for my need and it seem to work.</p>
<p>All other tab is reserved to IPv4 only.</p>
<p>If we can have alias as request the correct rules could be in tab interface instead of having lots of deny rules.</p>
<p>Best way to have the same behavior as we have in ipv4 (block all communication between vlan).</p> pfSense - Feature #13220 (New): Voucher per-roll bandwidth restrictions and traffic quotashttps://redmine.pfsense.org/issues/132202022-05-26T08:08:08ZRaymond Chauke
<p>I hope PFSENSE can Enable per-voucher roll bandwidth restriction. where during the vouchers roll creation i can be able set KB,MB or GB speed per voucher's roll.</p>
<p>where during the vouchers roll creation i can be able set KB,MB or GB Traffic quota Clients can be disconnected after exceeding 1gb or 500mb amount of traffic, inclusive of both downloads and uploads per voucher's roll.</p> pfSense - Bug #13110 (New): changing CARP VIP address does not update outbound NAT interface IPhttps://redmine.pfsense.org/issues/131102022-04-30T13:19:52Z→ luckman212luke.hamburg@gmail.com
<p>In my testing, on a 2 node HA cluster running 22.05.a.20220426.1313, if you change the Virtual IP, it is properly synced to the backup node, but the manual outbound NAT rule is not updated, so things break slightly. I am not sure if this is by design, but since you are selecting the IP by interface name, it seems like it would intuitively work the way other aliases work and "follow" changes to the chosen named VIP.</p> pfSense Packages - Feature #11931 (New): Add support for validating a domain's ownership via Goog...https://redmine.pfsense.org/issues/119312021-05-17T08:09:13ZAlex Cazacu
<p>Add support for validating a domain's ownership via Google Cloud Cloud DNS.</p>
<p>Support for Google Cloud Cloud DNS is already implemented in the <a href="https://github.com/acmesh-official/acme.sh" class="external">acme-official/acme-sh</a>. See <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">dns_gcloud.sh</a>.</p>
The associated script <a href="https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_gcloud.sh" class="external">documentation</a> omits to mention that authenticating and configuring <code>gcloud</code> can be performed in a non-interactive way by:
<ol>
<li>Creating a Google Cloud service account key: <a href="https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys" class="external">documentation</a>.</li>
<li>Authenticating <code>gcloud</code> with the created service account key: <a href="https://cloud.google.com/sdk/docs/authorizing#authorizing_with_a_service_account" class="external">documentation</a>.</li>
<li>Configuring <code>gcloud</code>: via <code>gcloud config set</code> - <a href="https://cloud.google.com/sdk/docs/properties#setting_properties;" class="external">documentation</a> via environment variables: <a href="https://cloud.google.com/sdk/docs/properties#setting_properties_via_environment_variables" class="external">documentation</a>.</li>
</ol> pfSense - Bug #10352 (New): RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords ...https://redmine.pfsense.org/issues/103522020-03-17T09:27:26ZJim Pingle
<p>RADIUS authentication fails with the authentication server entry set to use MSCHAPv1 or MSCHAPv2 when passwords contain international characters. Authentication with the same password succeeds when set to PAP or MD5-CHAP.</p>
<p>I've tried running through a few different encodings (UTF-8, UTF-16, and the chap module's own unicode conversion function) without success.</p>
<p>It works when using <code>radtest</code> at the CLI regardless of type passed to that program. Packet captures of similar requests don't show significant differences between PHP and radtest.</p>
<p>Could be a limitation of Crypt_CHAP_MSv1 / Crypt_CHAP_MSv2 / Auth_RADIUS_*, but we should at least eliminate possible local code causes first.</p>
<p>Low priority since there are ways to make it work (PAP, MD5-CHAP), and users could choose to use other compatible passwords.</p> pfSense - Feature #10290 (New): Firewall Aliases Add button on top of listhttps://redmine.pfsense.org/issues/102902020-02-25T07:08:23ZConstantine Kormashev
<p>It would be good if we one more Add button would add on top of list. If adding new aliases happens often, then Add on top makes that process faster.<br />Probably it would be good adding "top" Add button to all Firewall aliases sections.</p> pfSense Packages - Feature #9725 (New): Ability to use template variables in acme packagehttps://redmine.pfsense.org/issues/97252019-09-04T04:59:00ZTobi Miller
<p>would be very helpful to be able to use variables in acme package action section<br />Using variables something like that would be possible as action</p>
<p><code>sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer</code></p>
<p>that would make the actions very portable if one needs another domain with the same actions: just clone the record in acme package, change values (like name and domain) and hit save. <br />Would save a lot of time and possible errors due to typos when replacing the domain in the action</p> pfSense - Feature #8775 (New): Use SRV record for LDAP Authenticationhttps://redmine.pfsense.org/issues/87752018-08-09T18:26:27Zfw admin
<p>Maybe it is me, but, using an SRV record to resolve to either SSL or TLS LDAP server doesn't work. IMO, this would provide elegant failover for authentication.</p>
<p>Keep up the great work.</p> pfSense - Feature #8694 (New): Client CA Auth for PFSense WebGuihttps://redmine.pfsense.org/issues/86942018-07-26T07:13:47ZStefan Bühler
<p>Hi all<br />Could you add the possibility to authentificate with a client certificate for accessing the pfsense webgui</p>
<p>Stefan</p> pfSense - Bug #7648 (New): SPAN ports on an interface renders CARP HA inoperativehttps://redmine.pfsense.org/issues/76482017-06-14T21:05:03ZDavid Van Cleef
<p>When a SPAN port is added to an interface, CARP breaks.</p>
<p>The source address of the CARP announcement, which should be from the IETF VRRP mac range changes to the mac of the physical interface.</p> pfSense - Feature #5735 (New): Automaticaly add DHCP leases to alias list or make it readable in ...https://redmine.pfsense.org/issues/57352016-01-05T05:21:42ZA Bdaywalker@eth0.io
<p>Hi<br />Last week I had a bigger Setup to deploy with some static DHCP Leases and a few Port forwarding's. I Just want to ask if it would be possible to automate the Process of creating (and linking of course) an Alias that belongs to a DHCP Lease.<br />Something like a system wide network object. Also Maybe fpr Subnets, and Ports of course.<br />But for now i struggled with having to enter everything twice (static DHCP leases and Aliases for the Firewall Rules)</p>
<p>Best regards</p> pfSense - Bug #1738 (New): Restore fails when username in backup is not matchinghttps://redmine.pfsense.org/issues/17382011-08-03T01:00:10ZLouis-David Perronldperron@ldasolutions.ca
<p>It's not likely that it will happen to anyone, but the consequences are quite time consuming.</p>
<p>When on the default configuration of today's snapshot, if I import a backup that is using something else as "admin" for web user, then it's almost impossible to properly restore the backup.</p>
<p>After the config upload, my browser gets redirected to interfaces_assign.php, but it mentions:<br />No page assigned to this user! Click here to logout.</p>
<p>If I click logout and then I login into the new user, I get to the install package screen, even if the interfaces are still in the same state as before the restore.</p>