pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-02-21T03:23:33ZpfSense bugtracker
Redmine pfSense - Feature #15276 (New): Support JSON content for URL type firewall aliaseshttps://redmine.pfsense.org/issues/152762024-02-21T03:23:33ZSergei Shablovsky
<p>Brilliant pfSense DevTeam!</p>
<p>WHERE<br />In Firewall / Aliases, URLs tab(selector)</p>
<p>CASE<br />JSON need to be allowed in “URL (IPs)” type of firewall aliases, the same as XML and TXT are allowed.</p>
<p>ARGUMENT<br />Nowadays most SaaS and services present their data on JSON and XML more frequently than PLAIN TXT file answer on certain URL.<br />(For example external monitoring services.)</p>
<p>And logically wrong if pfSense user able to entering the XML and PLAIN TXT source in URL (IPs), but no JSON. (And only URL Table (IPs) allow the JSON).</p>
<p>I understand that from the beginning of pfSense’s life exist only 2 types of URL-sources:<br />- small lists<br />- big lists <br />and to eliminate time and resources to keep IPs, the parameter/ability of refresh of big lists was made in WebGUI.</p>
<p>But FROM USERS PERSPECTIVE all 3(JSON, XML and PLAIN TXT) source are the same - certain amount of data, and frustrating when possible to add XML and PLAIN TXT in URL (IPs), but JSON - only in another type, only in URL Table (IPs).</p>
<p>Thank You!</p> pfSense - Feature #15209 (New): Option to specify custom user home directory pathshttps://redmine.pfsense.org/issues/152092024-01-28T17:21:29ZRonald Antonyrcfa+pfsense.org@cubiculum.com
<p>There are plenty of reasons not to have a home directory in /home/username</p>
<p>There should be the option of specifying an alternative home directory</p>
<p>I can fix that from the shell, but that means changes will not be saved as part of the configuration, and things will break with backup/restore, which is VERY BAD.</p>
<p>This is particularly of concern with users with the <code>User - System: Copy files to home directory (chrooted scp)</code> privileges, as they are likely set up to access specific locations to make/retrieve backups, or facilitate the ACME challenge.</p> pfSense - Feature #15068 (New): Show if an alias is currently in usehttps://redmine.pfsense.org/issues/150682023-12-05T22:36:42ZMarcelo Cury
<p>I would like to check if it is possible to include in a future release the ability to see if an alias is being used in a Firewall rule when checking the aliases page.<br />Perhaps also show the Track ID ? I think this would be a very nice feature to have.</p>
<p>As I see it, it would help a lot to track things, avoid exclusions of aliases that are in use and help to clean up.</p>
<p>Thanks.</p> pfSense - Feature #14907 (New): DNS Resolution on Diagnostics > States Summaryhttps://redmine.pfsense.org/issues/149072023-10-22T17:24:02ZWolfgang Thegreat
<p>Hello,</p>
<p>In version 2.7.0, the page of Diagnostics > States Summary shows numeric IPs, which are sometimes hard to understand / remember their meaning, so I ask to have a checkbox at this page to add their matching name next to the numeric IP value - either, as first option, their local pfSense alias name and if non exists, then do a reverse DNS lookup to find their DNS name.</p>
<p>Thank you.</p> pfSense - Feature #14886 (New): Visual improvement to the Gateway widget: display the icon in a c...https://redmine.pfsense.org/issues/148862023-10-16T19:25:35ZPatrik Stahlman
<p>A small tweak to the Gateway widget to display the icon in a color reflecting the status.</p>
<p>Rationale: <br />In my four column setup the status text is not always visible so I can't quickly determine the gateway status without shifting/scrolling the widget to the right. With this change I can see the status in the icon color.</p>
<p>Change:<br />1. move the code that determines the background color before the output of the icon. No change to the code, just a move.<br />2. add the background color to the icon formatting</p> pfSense - Feature #14860 (New): Column consistancy between DHCP Static mapping and ARPhttps://redmine.pfsense.org/issues/148602023-10-10T20:05:01ZJohn Weithman
<p>Just a suggestion that the column IP and MAC be swapped in the table for Diagnostics / ARP. This would be consistant in showing MAC, IP, Hostname (at least these 3 columns) in the same.</p>
<p>I was copy/pasting from both tables to do some comparison and noticed the difference and thought it would be better.</p> pfSense - Bug #14587 (New): Firewall Log Sort By Timehttps://redmine.pfsense.org/issues/145872023-07-18T15:14:08ZBrian Shell
<p>When viewing the System Logs > Firewall, and trying to sort by Time with newest first, it appears the sort is working alphabetically instead of chronologically. For example, this is the order I see when attempting to sort. Don't be concerned about the gaps of time between as this is simply due to to events being logged during those times and that is expected based on the logging I have enabled. Jun 30, Jun 28, Jun 27, Jun 26, Jun 25, Jun 24, Jun 23, Jun 22, Jun 21, Jul 6, Jul 4, Jul 18, Jul 13, Jul 10. Hopefully this will be something reproducible so a developer can see it because it is hard to explain in words. Attaching part of a screenshot so you can see the sorting. You won't see the issue from my screenshot I would have to scroll down and send many pages of screens.</p> pfSense - Todo #14359 (New): Reorganize Advanced Optionshttps://redmine.pfsense.org/issues/143592023-05-08T19:10:44ZJim Pingle
<p>The placement of several options under the various Advanced options tabs doesn't make much sense in current versions. Some are only at their current locations for historical reasons.</p>
<p>Some things should be moved, such as:</p>
<ul>
<li>Cryptographic and Thermal hardware - Split into two separate sections, no compelling reason to combine them these days.</li>
<li>Schedules - Move from Misc to Firewall & NAT tab since it's about killing states based on rule schedules</li>
<li>Gateway Monitoring - Move from Misc to Firewall & NAT tab since it's mostly about firewall states and rules based on gateway events/status.</li>
<li>Load Balancing - Move from Misc to Firewall & NAT tab since it's a pf gateway behavior option, also rename so it's more clear that it is for Multi-WAN.</li>
<li>Reset All States - Move from Networking Firewall & NAT tab since it's about resetting firewall states</li>
<li>Advanced Options section of Firewall & NAT tab, move to bottom of the page</li>
</ul>
<p>The Firewall & NAT page is getting rather long, however, so it may also be worth considering if that should be split into multiple tabs. For example the gateway bits could go on a Gateways & Multi-WAN tab.</p>
<p>It's all up for debate, but the current layout seems confusing for new users in various ways.</p> pfSense - Feature #13805 (New): A way to reliably determine if system is the primary or secondary...https://redmine.pfsense.org/issues/138052022-12-26T15:29:16ZChristopher Cope
<p>There is no current way, as far as I can tell, to reliably determine if the current system is the primary or secondary.</p>
A few of the current ways include:
<ul>
<li>"Synchronize Config to IP" isn't set it's likely secondary, but isn't certain.</li>
<li>Checking the advskew is a good way, but these are sometimes changed, so it isn't 100% either.</li>
</ul>
<p>My thoughts are to add a setting to System > High Avail. Sync for Primary/Secondary.</p>
This would allow behavior specific to that to be implemented. Such as:
<ul>
<li>Disabling the ability to toggle CARP maintenance mode on the Secondary, to avoid confusion.</li>
<li>Auto filling advskew when creating new VIPs</li>
<li>etc.</li>
</ul>
<p>I could write the code and submit a merge request for this, but would appreciate any thoughts / comments on anything I may be missing before I do that.</p> pfSense - Feature #13732 (New): Allow the use of macros within aliaseshttps://redmine.pfsense.org/issues/137322022-12-07T11:33:09ZLuc Courville
<p>Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be better if we can have more flexibility.</p>
<p>Can you make the option to create an Alias with Interface net and interface address.(drop down list) (same as when we create rules in destination drop down list) (ex: This Firewall, any, Alias or host, interface_name net....)<br />That way when we create a alias we choose Lan net, dmz net....<br />After that we can create a any rules with that alias.</p>
<p>There is my workaround about ipv6 traffic. <br /><img src="https://redmine.pfsense.org/attachments/download/4558/clipboard-202212071225-g4pv3.png" alt="" /><br />I create an interface group and add all local net. (Dynamic ipv6 from ISP)<br />Then create all rules for my need and it seem to work.</p>
<p>All other tab is reserved to IPv4 only.</p>
<p>If we can have alias as request the correct rules could be in tab interface instead of having lots of deny rules.</p>
<p>Best way to have the same behavior as we have in ipv4 (block all communication between vlan).</p> pfSense - Bug #13565 (New): LOR on Boot for Static Routes Startup Item in KVM environmenthttps://redmine.pfsense.org/issues/135652022-10-15T18:44:53ZKris Phillips
<p>When booting the following message is present in the boot list:</p>
<p>Setting up static routes...Invoking IPv6 network device address event may sleep with the following non-sleepable locks held:<br />exclusive sleep mutex vtnet0-rx0 (vtnet0-rx0) r = 0 (0xfffff80005927480) locked <code> /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/dev/virtio/network/if_vtnet.c:2195<br />stack backtrace:<br />#0 0xffffffff80debac5 at witness_debugger+0x65<br />#1 0xffffffff80decc2a at witness_warn+0x3fa<br />#2 0xffffffff80fe02da at in6_update_ifa+0xbda<br />#3 0xffffffff8100fb85 at in6_ifadd+0x1d5<br />#4 0xffffffff8100c38c at nd6_ra_input+0xfbc<br />#5 0xffffffff80fdac0e at icmp6_input+0x77e<br />#6 0xffffffff80ff4ab3 at ip6_input+0xbc3<br />#7 0xffffffff80ee90a0 at netisr_dispatch_src+0x220<br />#8 0xffffffff80ec39ec at ether_demux+0x17c<br />#9 0xffffffff80ec5066 at ether_nh_input+0x3f6<br />#10 0xffffffff80ee8f2f at netisr_dispatch_src+0xaf<br />#11 0xffffffff80ec3ea9 at ether_input+0x99<br />#12 0xffffffff80b863e1 at vtnet_rxq_eof+0x791<br />#13 0xffffffff80b85ba7 at vtnet_rx_vq_process+0x97<br />#14 0xffffffff80d34b39 at ithread_loop+0x279<br />#15 0xffffffff80d30fd0 at fork_exit+0x80<br />#16 0xffffffff8130e3de at fork_trampoline+0xe<br />lock order reversal: (sleepable after non-sleepable)<br /> 1st 0xfffff80005927480 vtnet0-rx0 (vtnet0-rx0, sleep mutex) </code> /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/dev/virtio/network/if_vtnet.c:2195<br /> 2nd 0xffffffff8366fbd0 in6_multi_sx (in6_multi_sx, sx) @ /var/jenkins/workspace/pfSense-CE-snapshots-master-main/sources/FreeBSD-src-devel-main/sys/netinet6/in6_mcast.c:1193<br />lock order vtnet0-rx0 -> in6_multi_sx attempted at:<br />#0 0xffffffff80deb68d at witness_checkorder+0xbfd<br />#1 0xffffffff80d84783 at _sx_xlock+0x63<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed parent" title="Bug: Gateway not added when switching from DHCP to static (Resolved)" href="https://redmine.pfsense.org/issues/2">#2</a> 0xffffffff80fe8a31 at in6_joingroup+0x31<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: VPN negation rules not added in 2.0 (Resolved)" href="https://redmine.pfsense.org/issues/3">#3</a> 0xffffffff80fe0682 at in6_update_ifa+0xf82<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Remove hard coded VLAN supported interfaces list (Resolved)" href="https://redmine.pfsense.org/issues/4">#4</a> 0xffffffff8100fb85 at in6_ifadd+0x1d5<br /><a class="issue tracker-4 status-3 priority-4 priority-default closed" title="Todo: Don't sync on every filter reload (Resolved)" href="https://redmine.pfsense.org/issues/5">#5</a> 0xffffffff8100c38c at nd6_ra_input+0xfbc<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Status -> Wireless display bugs (Resolved)" href="https://redmine.pfsense.org/issues/6">#6</a> 0xffffffff80fdac0e at icmp6_input+0x77e<br /><a class="issue tracker-4 status-5 priority-4 priority-default closed" title="Todo: [ Fit123 ] Captive Portal (Closed)" href="https://redmine.pfsense.org/issues/7">#7</a> 0xffffffff80ff4ab3 at ip6_input+0xbc3<br /><a class="issue tracker-2 status-3 priority-5 priority-high4 closed" title="Feature: Clear states after failover (Resolved)" href="https://redmine.pfsense.org/issues/8">#8</a> 0xffffffff80ee90a0 at netisr_dispatch_src+0x220<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: route-to forwards broadcast and multicast frames in some scenarios (Resolved)" href="https://redmine.pfsense.org/issues/9">#9</a> 0xffffffff80ec39ec at ether_demux+0x17c<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Enable SSH console menu doesn't work on embedded (Resolved)" href="https://redmine.pfsense.org/issues/10">#10</a> 0xffffffff80ec5066 at ether_nh_input+0x3f6<br /><a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Feature: Allow multiple syslog servers (Resolved)" href="https://redmine.pfsense.org/issues/11">#11</a> 0xffffffff80ee8f2f at netisr_dispatch_src+0xaf<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Editing DNS forwarder overrides does not trigger sync to secondary (Resolved)" href="https://redmine.pfsense.org/issues/12">#12</a> 0xffffffff80ec3ea9 at ether_input+0x99<br /><a class="issue tracker-2 status-3 priority-4 priority-default closed" title="Feature: wireless page to have option to select transmit and receive antennas (Resolved)" href="https://redmine.pfsense.org/issues/13">#13</a> 0xffffffff80b863e1 at vtnet_rxq_eof+0x791<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: reply-to should not be added when bridging (Resolved)" href="https://redmine.pfsense.org/issues/14">#14</a> 0xffffffff80b85ba7 at vtnet_rx_vq_process+0x97<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Package reinstall on configuration restore doesn't work (Resolved)" href="https://redmine.pfsense.org/issues/15">#15</a> 0xffffffff80d34b39 at ithread_loop+0x279<br /><a class="issue tracker-1 status-3 priority-4 priority-default closed" title="Bug: Deleting multiple OPT interfaces results in an invalid configuration (Resolved)" href="https://redmine.pfsense.org/issues/16">#16</a> 0xffffffff80d30fd0 at fork_exit+0x80<br /><a class="issue tracker-2 status-5 priority-10 priority-lowest closed" title="Feature: LED support on ALIX, WRAP, etc. (Closed)" href="https://redmine.pfsense.org/issues/17">#17</a> 0xffffffff8130e3de at fork_trampoline+0xe<br />done.</p> pfSense - Todo #13414 (New): IPsec: Phase 1 Delay advanced option does not include scale or type ...https://redmine.pfsense.org/issues/134142022-08-13T18:58:06ZPat Jensen
<p>The description for dead peer detection delay does not include the type of timer, or the scale. This makes it difficult to understand, configure or troubleshoot.</p>
<p>It should match the same design langauge as the Expiration timers listed above it in the Phase 1 configuration.</p>
<p>Setting is currently labeled:<br />Delay between sending peer acknowledgement messages. In IKEv2, a value of 0 sends no additional messages and only standard messages (such as those to rekey) are used to detect dead peers.</p>
<p>Setting should be labeled similarly:<br />Time, in seconds, between sending peer...</p> pfSense - Feature #13220 (New): Voucher per-roll bandwidth restrictions and traffic quotashttps://redmine.pfsense.org/issues/132202022-05-26T08:08:08ZRaymond Chauke
<p>I hope PFSENSE can Enable per-voucher roll bandwidth restriction. where during the vouchers roll creation i can be able set KB,MB or GB speed per voucher's roll.</p>
<p>where during the vouchers roll creation i can be able set KB,MB or GB Traffic quota Clients can be disconnected after exceeding 1gb or 500mb amount of traffic, inclusive of both downloads and uploads per voucher's roll.</p> pfSense - Feature #13219 (New): Enable/Disable single voucher rollhttps://redmine.pfsense.org/issues/132192022-05-26T08:05:26ZRaymond Chauke
<p>Dear PfSense Team.</p>
<p>I have a voucher roll that is lost, All i want is to disable only that specific lost roll until it is found, it is then i will enable it back to usage.</p>
<p>See how it have been highlighted and suggested on the picture uploaded.<br />!<br /><img src="https://redmine.pfsense.org/attachments/download/4258/clipboard-202205261500-bd0zv.png" alt="" /><br />!<br />It will be very useful to have the function enabled in the future. may be in the next version...</p>
<p>Regards.<br />Raymond.</p> pfSense - Feature #13161 (New): FLASH PORT'S LED button, to help quickly find port that need to b...https://redmine.pfsense.org/issues/131612022-05-13T03:05:25ZSergei Shablovsky
<p>Dear pfSense Dev Team!</p>
<p>Seems there are reason to making FLASH PORT'S LED button in sections Interface (and State / Interfaces) , to make a little help for thousands of newcomers or Hard SysEngeneer (who have madness with jacks&cables&patches each day 8+h) quickly find port that need to be connected to patch&cable.</p>
<p>Flashing time 15s would be enough (and in most cases are maximum possible in most NICs).</p>
<p>This is just TWO commands and a PHP-code for button!</p>