pfSense » pfSense Packages

08/05/2017

11:17 AM Bug #7753 (Not a Bug): "Bypass Proxy for These Source IPs" does not seem to be working anymore

Jim Pingle

10:26 AM Bug #7753: "Bypass Proxy for These Source IPs" does not seem to be working anymore

This ticket should be closed. "Bypass Proxy for These Source IPs" works as expected. Yuri Weinstein

08/04/2017

11:18 AM Bug #7756 (Resolved): suricata suricata_check_dir_size_limit() needs to be improved

The cleanup process in suricata_check_dir_size_limit() is not very optimal. There are a couple issues:
- It immed... Orion Poplawski

05:11 AM Bug #7755 (Closed): Avahi package is not secure by default

pfSense Avahi Plugin is insecure per default and may at least cause internal information leaking to wrong network zon... Roland Kletzing

08/03/2017

07:06 PM Bug #7753 (Not a Bug): "Bypass Proxy for These Source IPs" does not seem to be working anymore

I used to exclude two IPs using this option for Arlo Pro video cameras (by Netgear) and it used to work fine, but aft... Yuri Weinstein

05:30 PM Bug #7674: Issue Downloading Snort Alert Log Download

This also appears to affect the downloading of the blocked hosts list. If you press the download button, it thinks a... Andrew -

02:11 PM Bug #7752: Squid 3 reverse proxy - HTTPS==>HTTP fails

Jim Pingle wrote:
> Using an HTTP backend with an HTTPS frontend works fine in HAProxy if you need it to work right ... Seyed N

06:30 AM Bug #7752 (Feedback): Squid 3 reverse proxy - HTTPS==>HTTP fails

Using an HTTP backend with an HTTPS frontend works fine in HAProxy if you need it to work right now. The reverse squi... Jim Pingle

05:53 AM Bug #7752 (Not a Bug): Squid 3 reverse proxy - HTTPS==>HTTP fails

I configured the package Squid 3 (version 0.4.37 based on Squid-3.5.26) as reverse proxy.
On my pfSense virtual ma... Seyed N

08/01/2017

02:59 PM Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts

It doesn't depend of a pfSense version and as soon as package is updated will be available for all supported versions Renato Botelho

07/31/2017

12:41 PM Feature #7548 (Resolved): Add absolute offset stat to NTP monitoring display

Jim Pingle

12:02 PM Feature #7548: Add absolute offset stat to NTP monitoring display

Tested, working (2.4.0.b.20170731.0959) John Pettitt

07:51 AM Bug #7736 (Feedback): Crahs with Quagga OSPF and the latest 2.4 Beta

I just pushed a fix, give it a try when the package update shows next (0.6.20) Jim Pingle

07/30/2017

07:47 AM Bug #7736 (Resolved): Crahs with Quagga OSPF and the latest 2.4 Beta

Crash report begins. Anonymous machine information:
amd64
11.0-RELEASE-p11
FreeBSD 11.0-RELEASE-p11 #193 d... Andreas Strub

07/27/2017

12:12 PM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

@BBcan177
Looks like it worked !
Pls make it default. Yuri Weinstein

11:56 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

@BBcan177
Thx for the clue.
What's the proper way to modify /usr/local/pkg/pfblockerng/pfblockerng.inc ?
I made c... Yuri Weinstein

11:32 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

Can you edit */usr/local/pkg/pfblockerng/pfblockerng.inc*
and replace the line (-) with the new line (+):
Line 4... BBcan177 .

07/26/2017

11:44 PM Bug #7729 (Resolved): pfBlockerNG orders NAT licked rules to the bottom of firewall rules

When I use pfBlockerNG and rules order as this https://snag.gy/yFQa5b.jpg after rules update my NAT linked non-pfBlo... Yuri Weinstein

12:30 PM Bug #7278 (Feedback): Suricata Service - Advanced Configuration Pass-Through not working

Merged, thanks! Renato Botelho

08:54 AM Feature #7548 (Feedback): Add absolute offset stat to NTP monitoring display

Merged, thanks! Renato Botelho

07/24/2017

09:34 AM Bug #7191 (Resolved): squid package EN-US grammar errors

Jim Pingle

09:29 AM Bug #7191: squid package EN-US grammar errors

Also fixed in 0.4.37 so I am sure this bug can be closed now. Vincent Bentley

09:18 AM Bug #7674: Issue Downloading Snort Alert Log Download

Ryan Eckenrode wrote:
> I have found that I am no longer able to download the Alert Logs from the snort_alerts.php p... Vincent Bentley

07/21/2017

07:08 PM Bug #7716 (Resolved): Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password

Any changes to the Suricata barnyard configuration page requires that you update the password as well, otherwise the ... Renaud Holcombe

07/17/2017

10:30 AM Feature #7706 (Resolved): Add option to write certificate to the filesystem after renew

In some cases it would be handy to have the certificate data written out to the filesystem so that action scripts cou... Jim Pingle

07/15/2017

01:58 PM Feature #7699 (New): OpenVPN Client Export - Default Gateway

Hi,
Just a thought, but - it would be nice to be able to set this option in Client Export, not just in the server ... Russell Morris

07/14/2017

03:18 PM Bug #7696 (Resolved): Telegraf Package Saving Incorrect Password

The contents of the password field are not being passed properly to the telegraf.conf file. The password is being en... Galen POSPISIL

07/13/2017

06:09 PM Feature #7691 (New): Allow for custom icap services for squid

We would like to integrate additional icap services into the pfsense squid configuration, but there is no way add the... Orion Poplawski

07/12/2017

07:53 AM Feature #7189: Letsencrypt acme sync in HA environment

Relevant Commits:
2.4:
https://github.com/pfsense/FreeBSD-ports/commit/119d687658b46a0310a481c22f5a435e5de9625f
... Jim Pingle

07:51 AM Feature #7189 (Resolved): Letsencrypt acme sync in HA environment

Works on both 2.4 and 2.3.x now. Jim Pingle

07/11/2017

03:59 PM Feature #7189 (Feedback): Letsencrypt acme sync in HA environment

Pushed a fix for 2.3.x versions now. Jim Pingle

03:29 PM Feature #7189 (Assigned): Letsencrypt acme sync in HA environment

Well, it works on 2.4, needs some adjustments for 2.3.x yet. Jim Pingle

03:11 PM Feature #7189 (Feedback): Letsencrypt acme sync in HA environment

I just pushed a new feature to the ACME package, it can now send service restart commands via XMLRPC using the system... Jim Pingle

07/10/2017

09:44 AM Bug #7681: OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

Thank you Jim! Makes sense. David Nuzik

07:37 AM Bug #7681: OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

I made a different issue entry for the actual underlying problem here: https://redmine.pfsense.org/issues/7685 Jim Pingle

07:36 AM Bug #7681 (Not a Bug): OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

It does appear that they are the same, but different versions of OpenSSL or different libraries that are OpenSSL-like... Jim Pingle

08:29 AM Feature #7686: Add option in HAProxy to configure SSL defaults based on the Mozilla SSL Configuration Generator

oops, misspelled configure in the subject line Corey Boyle

08:27 AM Feature #7686 (New): Add option in HAProxy to configure SSL defaults based on the Mozilla SSL Configuration Generator

Would be nice to have "Modern | Intermediate | Old" options in the configuration of HAProxy for SSL cipher suites, ba... Corey Boyle

07/08/2017

10:50 PM Feature #7683 (New): Splunk Universal Forwarder Package

It would be nice to have a Splunk Universal Forwarder package so we can send logs and other monitor capable files e.g... Dennis Chow

07:40 PM Bug #7681 (Not a Bug): OpenVPN client export utility - Exporting Android inline configuration can include incorrect client auth method in .ovpn file

Intro:
Hello this is my first bug entry. I hope I have done a good job reporting the specifics of what I believe to ... David Nuzik

07/07/2017

03:14 PM Bug #7263 (Resolved): FreeRADIUS - complete lack of input validation

Seems to be good. Jim Pingle

02:39 PM Bug #7237 (Resolved): ACME - first table row on certs tab does not autoexpand the fields

This has been fixed for a while now Jim Pingle