pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T03:59:00ZpfSense bugtracker
Redmine pfSense - Todo #15277 (New): Allow mixed source (URL (IPs), URL Table (IPs), Host(s) and Network(...https://redmine.pfsense.org/issues/152772024-02-21T03:59:00ZSergei Shablovsky
<p>Dear Brilliant pfSense DevTeam!</p>
<p>WHERE<br />in Firewall / Aliases</p>
<p>ARGUMENT <br />From firewall and user perspective there are two possible aliases:<br />- aliases for ports;<br />- aliases for IPs;<br />and pfSense make ability to entering both MANUALLY or AUTOMATICALLY by parsing the source (in PLAIN TXT, XML, JSON) himself.<br />And pfSense have WebGUI for entering this both.</p>
<p>From user perspective THE ALIASES ARE LOGICAL OBJECT TO GROUPING the IPs and ports.</p>
<p>FROM USER PERSPECTIVE would be useful mixed source of one type (for example URL (IPs), URL Table (IPs), Host(s) and Network(s) IN ONE ALIAS. <br />The same for Port(s), URL Port(s) and URL Table (Ports) - also IN ONE ALIAS.</p>
<p>EXAMPLE<br />Most external monitoring SaaS and servers/appliances manufacturers provide their services in a mixed form: FQDN + fixed IPs + fixed ports. <br />And if for ports LOGICALLY RIGHT to aggregate ports numbers in ONE ALIAS (for example StatusCake_PORT_MONITORING), for URLs would be also LOGICALLY RIGHT to aggregate IPs into ONE ALIAS (for example StatusCake_IP_MONITORING).</p>
<p>Page with example <a class="external" href="https://www.statuscake.com/kb/knowledge-base/what-are-your-ips/">https://www.statuscake.com/kb/knowledge-base/what-are-your-ips/</a></p>
<p>Otherwise pfSense user need to create 3(three!!!) separate aliases (URL (IPs), URL Table (IPs), Host(s)) for one service and after make + ANOTHER ONE alias for aggregating all 3(three) sources into one to using in pfSense firewall rules…<br />This significantly increase ability to mistyping/errors in process of rules configurations.</p>
<p>Thank You so much!</p> pfSense - Todo #15271 (New): Add information about group keys to Pushover notification settingshttps://redmine.pfsense.org/issues/152712024-02-20T07:04:07ZSergei Shablovsky
<p>Brilliant pfSense DevTeam!</p>
<p>Please Correct “User key” description in System/Advanced/Notification/Pushover</p>
<p>from <br />“Enter user key of the Pushover account”</p>
<p>to<br />“Enter User Key (to send notifications to particular Pushover User) or Group Key (to broadcast notifications to all users in a particular group).</p>
<p>Because the last changes in Pushover service.</p> pfSense - Todo #15184 (New): Change hint text in "Remote Log Servers" to reflect actual possible ...https://redmine.pfsense.org/issues/151842024-01-23T10:36:53ZSergei Shablovsky
<p>Dear pfSense Dev Team!</p>
<p>On a page<br /><strong>Status / System Logs / Settings</strong><br />Section<br />" <strong>Remote Logging Option</strong> " <br />UI Element<br />" <strong>Remote Log Servers</strong> "</p>
<p>In the input text field NOW there are hint<br />IP[:port]</p>
<p>Proposal to change this hint to<br />hostname/IP[:port]</p>
<p>to reflect "Remote Log Servers" section from official documentation<br /><a class="external" href="https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html">https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html</a><br /><em>Each remote server can use either an <strong>IP address or hostname</strong> , and an optional UDP port number.</em></p> pfSense - Todo #14958 (New): Always reinstall *-kmod packageshttps://redmine.pfsense.org/issues/149582023-11-09T13:09:44ZKristof Provost
<p>We should ensure that *-kmod packages (such as drm-510-kmod) always get reinstalled on upgrade.<br />These ports are kernel modules, and there is insufficient ABI stability between freebsd-src updates for them to reliably work when the kernel changes.</p>
<p>Reinstalling the packages ensures that we install a version built against the new kernel, even if the port itself hasn't changed.</p> pfSense - Todo #14359 (New): Reorganize Advanced Optionshttps://redmine.pfsense.org/issues/143592023-05-08T19:10:44ZJim Pingle
<p>The placement of several options under the various Advanced options tabs doesn't make much sense in current versions. Some are only at their current locations for historical reasons.</p>
<p>Some things should be moved, such as:</p>
<ul>
<li>Cryptographic and Thermal hardware - Split into two separate sections, no compelling reason to combine them these days.</li>
<li>Schedules - Move from Misc to Firewall & NAT tab since it's about killing states based on rule schedules</li>
<li>Gateway Monitoring - Move from Misc to Firewall & NAT tab since it's mostly about firewall states and rules based on gateway events/status.</li>
<li>Load Balancing - Move from Misc to Firewall & NAT tab since it's a pf gateway behavior option, also rename so it's more clear that it is for Multi-WAN.</li>
<li>Reset All States - Move from Networking Firewall & NAT tab since it's about resetting firewall states</li>
<li>Advanced Options section of Firewall & NAT tab, move to bottom of the page</li>
</ul>
<p>The Firewall & NAT page is getting rather long, however, so it may also be worth considering if that should be split into multiple tabs. For example the gateway bits could go on a Gateways & Multi-WAN tab.</p>
<p>It's all up for debate, but the current layout seems confusing for new users in various ways.</p> pfSense - Todo #14352 (New): Virtual IP address configuration input fields are handled inconsiste...https://redmine.pfsense.org/issues/143522023-05-05T15:48:38ZJim Pingle
<p>When editing a VIP, some options are enabled/disabled when changing types (e.g. Address Type, CARP Options) while others are hidden or shown based on type (Expansion). These should be made consistent so they are all shown or hidden only as needed for each type.</p>
<p>Also a good opportunity to clean up the form in general, for example:</p>
<ul>
<li>Move Description up to the top</li>
<li>Split CARP options into a separate form section</li>
<li>Group Address Type and Expansion into their own section for Proxy ARP/Other Type VIPs</li>
</ul>
<p>So it would end up with three sections:</p>
<ul>
<li>General: Description, Type, Address</li>
<li>Address Options (Only shown for Proxy ARP and Other): Address Type, Expansion</li>
<li>CARP Options (Only shown for CARP VIPs): VIP Password, VHID, Adv base/skew, CARP mode (Plus).</li>
</ul> pfSense - Todo #14264 (New): Consider lowering default session timeout from current default of fo...https://redmine.pfsense.org/issues/142642023-04-10T10:01:11ZJim Pingle
<p>The current session timeout is 240 minutes (four hours), but it might be time to lower that a bit. Current concerns with session hijacking make that seem like a larger window than it should be by default.</p>
<p>It's hard to say what the most optimal secure value here is without irritating the user, but it may be at least enough to cut it in half (two hours, 120 minutes) and see what the user experience is like.</p>
<p>Users are always free to change the value as they see fit (System > User Manager, Settings tab) so anyone with immediate concerns can lower it themselves now, and if someone finds whatever the new default value is too short, they could raise it themselves as well.</p> pfSense - Todo #14260 (New): Change “IP[:PORT]” to “IP / FQDN[:PORT]https://redmine.pfsense.org/issues/142602023-04-09T17:18:31ZSergei Shablovsky
<p>Hi!</p>
<p>In System Logs -> Settings page in Remote Log Servers section:</p>
<p>Change “IP[:PORT]” to “FQDN or IP [:PORT] in grayed suggestion inside field.</p> pfSense - Todo #14211 (New): OpenVPN Status page (Stop|Start|Restart) - Use Ajax instead of full ...https://redmine.pfsense.org/issues/142112023-03-31T05:13:52ZJon Brown
<p>(Status --> OpenVPN)</p>
<p>When I (Start|Stop|Restart) an OpenVPN service in any of the sections (Client Connections|Peer to Peer Server Instance Statistics|Client Instance Statistics) the page reloads when complete.</p>
<p>When I want to stop and start many OpenVPN connections (I have at 10 configured) because the page refreshes after I perform an action, I have to scroll down and figure out where I was (not hard I grant you) which is annoying.</p>
<p>Can it be made so the information for the Service I just (stopped|started|restarted) is refreshed by Ajax instead of a full page reload.</p>
<p>This might be related to this issue <a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: OpenVPN status page improvements (Resolved)" href="https://redmine.pfsense.org/issues/13129">#13129</a></p> pfSense - Todo #14190 (Pull Request Review): Update nvd3 (web ui dependency) to 1.8.6https://redmine.pfsense.org/issues/141902023-03-28T02:56:36ZGChuf 6
<p>Updates and minifies nvd3 for better performance and some bug fixes.</p>
<p>PR: <a class="external" href="https://github.com/pfsense/pfsense/pull/4629">https://github.com/pfsense/pfsense/pull/4629</a></p> pfSense - Todo #13899 (New): Unclear description for UPnP option Override WAN addresshttps://redmine.pfsense.org/issues/138992023-01-24T14:52:42ZMarcos M
<p>The description is currently:</p>
<blockquote>
<p>Use an alternate WAN address to accept inbound connections, such as an IP Alias or CARP Virtual IP address.</p>
</blockquote>
<p>This makes it sound like the field supports aliases which it does not. It could instead simply state:</p>
<blockquote>
<p>Use an alternate IP address to accept inbound connections.</p>
</blockquote> pfSense - Todo #13644 (In Progress): Enable ALTQ support in cxgbe(4)https://redmine.pfsense.org/issues/136442022-11-09T14:50:15ZSteve Wheeler
<p>The cxgbe(4) driver is shown in documentation as supporting ALTQ but the code there appears to have had that removed as far back as 2012.</p>
<p>The pfSense input error checking shows it as supported and allows selecting cxgbe interface types for traffic shaping. The results in an unloadable ruleset.</p>
<p>There are a number of previous tickets relating to this where support for cxgbe interface types was added to pfSense but it appears it could never have worked.</p>
<p>ALTQ support should be added ideally. If it cannot be the cxgbe NICs should be removed from the supported interface list to prevent creating a bad ruleset.</p> pfSense - Todo #13592 (New): Clarify Hardware TCP Segmentation Offloading optionhttps://redmine.pfsense.org/issues/135922022-10-24T13:21:43ZMarcos M
<p>Under <code>System / Advanced / Networking</code>, the option <code>Disable hardware TCP segmentation offload</code> is checked by default. In the system tunables page, <code>net.inet.tcp.tso</code> is set to <code>1</code>. Running <code>ifconfig -vvvma</code> shows the option is not set; the tunable should be changed to 0 to match the default behavior.</p> pfSense - Todo #13414 (New): IPsec: Phase 1 Delay advanced option does not include scale or type ...https://redmine.pfsense.org/issues/134142022-08-13T18:58:06ZPat Jensen
<p>The description for dead peer detection delay does not include the type of timer, or the scale. This makes it difficult to understand, configure or troubleshoot.</p>
<p>It should match the same design langauge as the Expiration timers listed above it in the Phase 1 configuration.</p>
<p>Setting is currently labeled:<br />Delay between sending peer acknowledgement messages. In IKEv2, a value of 0 sends no additional messages and only standard messages (such as those to rekey) are used to detect dead peers.</p>
<p>Setting should be labeled similarly:<br />Time, in seconds, between sending peer...</p> pfSense - Todo #13159 (New): Decrease distance between img-buttons in webGUI to eliminate mistake...https://redmine.pfsense.org/issues/131592022-05-12T21:15:09ZSergei Shablovsky
<p>Hi, dear pfSense Dev Team!</p>
<p>Please, decrease distance between img-buttons in “Action” column in most webGUI pages to eliminate mistake entry, especially when pfSense remotely accessed from iPad (or any same size tablet) or 15-16-17” notebook that mostly used by SysAdmins nowadays.</p>
<p>Because so easy to tap on wrong image-button, so SysAdmin need constantly making pinch-in/pinch out. Very annoying design mistake...Sorry</p>