pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162024-03-28T15:30:27ZpfSense bugtracker
Redmine pfSense Plus - Feature #15368 (New): Bulk import DHCP host reservationshttps://redmine.pfsense.org/issues/153682024-03-28T15:30:27ZChris W
<p>It'd be a huge time saver to import from a CSV or XML file into Kea, or even just pasting into a text field like Firewall > Alias > Bulk Import currently does.</p> pfSense Plus - Feature #15306 (New): Change Gateway Status from Pending to Unavailablehttps://redmine.pfsense.org/issues/153062024-03-03T01:25:28ZKris Phillips
<p>Per customer statement and request, gateway statuses of "Pending" are confusing as a state for gateways that do not exist yet due to dynamic allocation. Something like a state of "Unavailable" may be more appropriate wording.</p> pfSense Plus - Feature #15305 (New): Gateway Status Changes to Pending Do Not Trigger Gateway Log...https://redmine.pfsense.org/issues/153052024-03-03T01:22:28ZKris Phillips
<p>When a gateway transitions from an Online state to a Pending state, there is no logged event in the Gateway monitoring logs currently to state that the gateway has become unavailable.</p>
<p>Additionally, Email/System Notifications will send a notification for Gateway Up/Down events, but will not send a notification for changes to and from a Pending state. This would be useful for things like ISP equipment power loss or failures where the physical link is lost.</p> pfSense Plus - Feature #15295 (New): State Filter Rule ID needs clarificationhttps://redmine.pfsense.org/issues/152952024-02-28T23:38:28ZMike Moore
<p>Not sure if this is a feature request but this isn't a bug.</p>
<p>See the forum post for details - <a class="external" href="https://forum.netgate.com/topic/186429/no-states-show-up-when-filtering-by-trackerid/5?_=1709161373761">https://forum.netgate.com/topic/186429/no-states-show-up-when-filtering-by-trackerid/5?_=1709161373761</a></p>
<p>Searching for states under Diagnostics/States/States and if you filter by Rule ID I mistakingly thought this meant TrackerID. The RuleID shows up if you hover over the state's entry of the firewall rule in the GUI and look at the bottom of the WebUI url and it will show what the corresponding ruleID is.</p>
<p>This doesnt make much sense considering if I search the firewall log in the WebUI and if i filter by "Rule Tracker ID" I can submit the TrackerID there and im able to narrow down my search whereas if i filter in the states screen nothing matches Rule ID because it's specifically looking for a number that the system generates for the Rule but there is no place in the UI to even know what that rule number could or would be.</p>
<p>The solution would be to either:<br />1. Fix the State filter so that it can filter by tracker ID instead of Rule ID<br />2. OR update documentation to inform users of the best place to find the rule ID.</p> pfSense Plus - Feature #15284 (New): Specify a Device parameter for Pushover Notificationshttps://redmine.pfsense.org/issues/152842024-02-22T03:14:10ZMichael Klein
<p>Hello,</p>
<p>Can you please add the ability to specify a DEVICE parameter for Pushover notifications so that a notification is sent to a specific device under that user account instead of ALL DEVICES under that user account? The menu is located at: System, Advanced, Notifications, Pushover.</p>
<p>Thank you!</p> pfSense Plus - Feature #15280 (New): Boot Environments 2.0https://redmine.pfsense.org/issues/152802024-02-21T19:59:52ZChristian McDonaldcmcdonald@netgate.com
<p>Changes:</p>
<ul>
<li>Configuration History is now a separate page and is no longer part of Backup & Restore.</li>
<li>Configuration History is now aware of Boot Environments. Supports downloading, deleting and restoring across boot environment boundaries.</li>
<li>System updates are now installed in an offline clone of the running system and booted "temporarily" to facilitate automatic fallback to previous working environment.</li>
<li>Boot Verification is performed when booting temporary Boot Environments. System will automatically reboot into prior boot environment upon boot failure.</li>
</ul>
<p><img src="https://redmine.pfsense.org/attachments/download/5936/clipboard-202402211456-bdjnl.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5937/clipboard-202402211457-fegcy.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5938/clipboard-202402211457-rbjkq.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5939/clipboard-202402211457-fcvqv.png" alt="" /><br /><img src="https://redmine.pfsense.org/attachments/download/5940/clipboard-202402211458-ydyne.png" alt="" /></p> pfSense Plus - Feature #15186 (New): Test DNS over TLShttps://redmine.pfsense.org/issues/151862024-01-24T23:57:32ZJeff Kuehl
<p>The ability to readily confirm TLS DNS would be established once saved.</p> pfSense Plus - Feature #15070 (New): Script to fix: ld-elf.so.1: Shared object "libssl.so.30" not...https://redmine.pfsense.org/issues/150702023-12-06T05:14:20ZJonathan Lee
<p>When using boot environments to move system back a version to last stable version users can no longer check for updates. This version is displayed under GUI as a version to still use. Thus a boot environment should not contain this error for standard users it should default back also.</p>
<p>Error is:<br /><code>ld-elf.so.1: Shared object "libssl.so.30" not found, required by "pfSense-repoc"</code></p>
<p>stephenw10 fixed my issue with the linked library Boot Environment issue for plus</p>
<p><code>pkg-static upgrade -f pfSense-repoc</code></p>
<p>can we add a simple script that will auto run this command when users change to an older boot environment have a try catch error condition for this?</p>
<p>That way previous stable version boot environments do not see this error.</p> pfSense Plus - Feature #15022 (New): Package install/reinstall feature request.https://redmine.pfsense.org/issues/150222023-11-22T01:23:31ZJonathan Lee
<p>Hello fellow Redmine community members. I have noticed time and time again I have the ability to scroll during package installs to see the what package dependencies are installing and to check version numbers but I can't get it to stay still for longer than a split second before it auto scrolls back to the bottom. Can we make this stay where users are when the scroll and remove the auto scroll function?</p>
<p>We currently have no way to see the dependency information after it scrolls past because auto scroll takes us back to the bottom again.</p>
<p>See attached photo, I wanted to check what dependency versions were installed, Everytime you scroll it defaults to bottom again.</p> pfSense Plus - Feature #15013 (New): Speed Shift - Add Field to control lowest C-Statehttps://redmine.pfsense.org/issues/150132023-11-19T14:56:54ZDieter Kreuz
<p>Dear pfSense-team,</p>
<p>after updating to 2.7.1 i was curious how well the new speed shift GUI entries work.<br />In fact after adjusting it to per core and a value of 90, i can see my i3-7100U is able to clock somewhat lower and park the cores more often.</p>
<p>One thing in noticed with the command:<br />sysctl dev.cpu | grep cx_</p>
<p>is, that my CPU supports C1 and C2, but the lowest c-state setting was set to C1 by default:<br />dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc<br />dev.cpu.0.cx_lowest: C1</p>
<p>By adding the following command to the tunables:<br />hw.acpi.cpu.cx_lowest = C2</p>
<p>I was able to get the CPU to use its C2-states too. Another XEON-pfsense setup was able to use its C3 states as well, by using the commands stated.<br />One is able to see the usage of c-states with the following command:<br />sysctl dev.cpu | grep cx_usage</p>
<p>dev.cpu.0.cx_usage_counters: 3717721 111658492<br />dev.cpu.0.cx_usage: 3.22% 96.77% last 294us</p>
<p>Would it be possible to add a new selection-field to the now existing speedshift-gui in order to be able to select the lowest c-state.<br />May the selectable values can be parsed from the cpus cabability, which is represented by the values of "dev.cpu.0.cx_method".</p>
<p>Thanks in advance.<br />Best regards<br />Dieter</p> pfSense Plus - Feature #14976 (New): Cleaner way to know if an interface failedhttps://redmine.pfsense.org/issues/149762023-11-13T15:36:44ZMike Moore
<p>When an interface status changes from UP to DOWN or is flapping, there are other syslog messages that get generated because of it, such as packages restarting and dpinger restarting interfaces, etc.. This makes finding root cause very difficult as one has to shift through the noise as i recently had to do.</p>
<p>See forum post here: <a class="external" href="https://forum.netgate.com/topic/184059/random-disconnect/12?_=1699889265804">https://forum.netgate.com/topic/184059/random-disconnect/12?_=1699889265804</a></p>
<p>Request: Maybe have Kernel messages in a separate tab in the System > Logs menu. Or maybe just have some method in the GUI to indicate that a link did flap - some notification.</p>
<p>Juniper Networks keeps a timer counter of when the link last flapped when a 'show interface' command is given. This is helpful in knowing when a link issue occurred.</p> pfSense Plus - Feature #14945 (New): Allow IPsec VTI ``ipsecX`` interfaces to be added to interfa...https://redmine.pfsense.org/issues/149452023-11-06T16:54:39ZMike Moore
<p>Provide the ability to add IPsecX interfaces that are set up for VTI and filtering enabled, to be part of an Interface Group.<br />With the help of a Netgate Admin, modifying a .php file ive been able to test grouping IPsec interfaces and so far so good.</p>
<p>reference: <a class="external" href="https://forum.netgate.com/topic/183820/interface-groups-no-ipsec-tunnels-listed/8?_=1699278877471">https://forum.netgate.com/topic/183820/interface-groups-no-ipsec-tunnels-listed/8?_=1699278877471</a></p> pfSense Plus - Feature #14928 (New): FEATURE REQUEST: Wireless ath0 and MAC address controlshttps://redmine.pfsense.org/issues/149282023-10-27T18:48:30ZJonathan Lee
<p><code>ifconfig ath0_wlan0 list mac</code></p>
<p>This has the ability to have a ACL lists added. Can we please have the ability to migrate the ACL or static assigned MAC addresses into the Wireless settings?</p>
<p><code>ifconfig ath0_wlan0 mac:add</code></p>
<p><a class="external" href="https://man.freebsd.org/cgi/man.cgi?ifconfig">https://man.freebsd.org/cgi/man.cgi?ifconfig</a></p>
<pre><code>@ MAC-Based Access Control List Parameters<br /> The following parameters support an optional access control list fea-<br /> ture available with some adapters when operating in ap mode; see<br /> wlan_acl(4). This facility allows an access point to accept/deny asso-<br /> ciation requests based on the MAC address of the station. Note that<br /> this feature does not significantly enhance security as MAC address<br /> spoofing is easy to do.</code></pre>
<pre><code>mac:add address<br /> Add the specified MAC address to the database. Depending on<br /> the policy setting association requests from the specified sta-<br /> tion will be allowed or denied.</code></pre>
<pre><code>mac:allow<br /> Set the ACL policy to permit association only by stations reg-<br /> istered in the database.</code></pre>
<pre><code>mac:del address<br /> Delete the specified MAC address from the database.</code></pre>
<pre><code>mac:deny<br /> Set the ACL policy to deny association only by stations regis-<br /> tered in the database.</code></pre>
<pre><code>mac:kick address<br /> Force the specified station to be deauthenticated. This typi-<br /> cally is done to block a station after updating the address<br /> database.</code></pre>
<pre><code>mac:open<br /> Set the ACL policy to allow all stations to associate.</code></pre>
<pre><code>mac:flush<br /> Delete all entries in the database.</code></pre>
<pre><code>mac:radius<br /> Set the ACL policy to permit association only by stations ap-<br /> proved by a RADIUS server. Note that this feature requires the<br /> hostapd(8) program be configured to do the right thing as it<br /> handles the RADIUS processing (and marks stations as autho-<br /> rized).</code></pre>
<p>@</p>
<p>This ability is already part of FreeBSD and can be accessed in pfSense from command line. This would provide greater security into the pcie mini card also.</p>
<p>If we have items statically assigned in DHCP it would be easy to migrate that into auto added MAC adds</p> pfSense Plus - Feature #14915 (New): MAC-aliasses / Lists with MAC-addresses would be very helpfullhttps://redmine.pfsense.org/issues/149152023-10-24T14:54:14ZLouis B
<p>I would like to create a MAC-filter using the Ethernet layer firewall and it is absolutely not practical / a good idea to define a rule for each mac-address to check. In general If you want to set a TAG in favor of policy filtering, it will almost certainly be related to a group of mac-addresses, not a single one.</p>
<p>So it would be very helpful if the firewall alias function would be extended for mac-addresses.</p> pfSense Plus - Feature #14810 (New): add Packet Too Big icmp type in firewallhttps://redmine.pfsense.org/issues/148102023-09-25T21:58:26Zyon Liuinfo@ipv6china.com
<p>I hope more ICMP type refinements can be added to the firewall options.<br />For example, add Type 2 - Packet Too Big and 4 Fragmentation Needed and Don't Fragment was Set</p>
<p>Because I have security blocking most ICMP and only allowing necessary ICMP.</p>