pfSense » pfSense Packages

08/22/2017

04:42 PM Bug #7438: Squid 0.4.36_2 Remote Cache Parent not working

As noted above, this needs to go to the forums to identify the problem. Kill Bill

04:17 PM Bug #7674: Issue Downloading Snort Alert Log Download

This problem is fixed in the Snort package update to version 3.2.9.5. This ticket can be closed when the pull reques... Bill Meeks

02:24 PM Bug #7610: Squid use all memory ram.

This is an upstream bug with no fix and no good workaround for 3.5.x - cf. http://bugs.squid-cache.org/show_bug.cgi?i... Kill Bill

01:20 PM Bug #7797: Squid Reverse Proxy alternating between destinations

As noted on another bug (Bug #7752), the reverse proxy part of Squid is pretty much unmaintained. I'd strongly sugges... Kill Bill

01:09 PM Bug #7797 (Feedback): Squid Reverse Proxy alternating between destinations

Hello,
It's pretty hard to explain this bug, but it seems to be very old bug. This post explain it perfectly: http... Mickael Fouquet

11:39 AM Bug #7752: Squid 3 reverse proxy - HTTPS==>HTTP fails

The way the reverse proxy part of the Squid package is written, it will only redirect HTTPS to HTTPS and HTTP to HTTP... Kill Bill

11:39 AM Bug #7391 (Not a Bug): 0.4.36_1 localnet ACL missing

Jim Pingle

11:31 AM Bug #7391: 0.4.36_1 localnet ACL missing

As noted in https://redmine.pfsense.org/issues/7391#note-7 the OpenVPN interfaces are not added by design since it ad... Kill Bill

11:37 AM Bug #7431 (Resolved): BIND (9.11-2) Log shortcut needs to be updated.

Jim Pingle

11:24 AM Bug #7431: BIND (9.11-2) Log shortcut needs to be updated.

Merged long ago, can be closed. Kill Bill

11:08 AM Bug #7696: Telegraf Package Saving Incorrect Password

https://github.com/pfsense/FreeBSD-ports/pull/399/ Kill Bill

07:59 AM Feature #7792: FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

The "Disable FIB Updates" option is the only GUI control to setup stub areas but it is global, not per interface/netw... Jim Pingle

01:26 AM Feature #7792 (Resolved): FRR pkg pfsense can not wok as ABR with stub areas (no stub area bit)

Setup pfsense as ABR with several areas and found one does not work properly if one of areas is stub. There are two m... Constantine Kormashev

07:53 AM Feature #7794 (Assigned): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

The OSPF metric option under Route Maps, "Metric" in the drop-down "Metric Action". The options there are the only op... Jim Pingle

03:14 AM Feature #7794 (Resolved): FRR pkg pfsense no metric-type option in OSPF redistribute section of web-interface

There is not @metric-type@ option in OSPF redistribute section of web-interface. By default FRR makes redistribution ... Constantine Kormashev

07:40 AM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

The input validation is weak to nonexistent all throughout FRR, it's all on my todo list yet.
As it is made now, i... Jim Pingle

01:46 AM Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

There is not any checking for RID in OSPF6 section in web interface now, but one must be, because in case there is no... Constantine Kormashev

08/18/2017

11:40 AM Bug #7782 (Resolved): FreeRADIUS 3 - temporary FreeRADIUS CA/certificate generated on each package reinstall

The code is pretty good to avoid user confusion and get things working out of the box, however it should set the conf... Kill Bill

10:36 AM Bug #6603: pfblockerng's Unbound modifications leave system broken post-config restore

Fed up with this issue. It breaks fresh 2.4 installs exactly as noted in the above comment - see https://redmine.pfse... Kill Bill

08/17/2017

08:54 AM Bug #7780 (Closed): Blacklist update doesn't work on Firefox

When I click in Download it does nothing. It works on Chrome.
Firefox 55.0.1 x86_64 on Arch Linux. Thiago Coutinho

08/16/2017

04:21 PM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

This bug is fixed in GUI package version 4.0.0 using the code submitted by the OP. Bill Meeks

04:17 PM Bug #7716: Suricata - Barnyard2 webui configuration updates result in base64-encoded value written to the config for the password

This bug was fixed in GUI package version 3.2.2_3 via a Pull Request submitted by the OP. Bill Meeks

04:12 PM Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts

This bug is fixed in GUI package version 4.0.0. Bill Meeks

08/15/2017

10:45 AM Bug #7766 (Resolved): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Looks good! Jim Pingle

08/11/2017

09:52 AM Bug #7766 (Feedback): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Version 0.1.19 should be fine Renato Botelho

09:28 AM Bug #7766: ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

Looks like we'll have to make a new port for it since the current pecl-ssh2 is only compatible with php 7+ Jim Pingle

09:02 AM Bug #7766 (Resolved): ACME Package on 2.4 requires pecl-ssh2, which is not in base any longer

commit af1ebe36a4787997f37a3cc1c1a9178e86286508 in the FreeBSD-ports repo removed pecl-ssh2 from the list of dependen... Jim Pingle

09:03 AM Bug #7208: ACME ftpwebroot doesn't work

Dmitry Ivanov wrote:
> Fatal error: Call to undefined function pfsense_pkg\acme\ssh2_connect() in /usr/local/pkg/acm... Jim Pingle

12:33 AM Bug #7208: ACME ftpwebroot doesn't work

PFSense 2.4.0
ACME 0.1.18
Fatal error: Call to undefined function pfsense_pkg\acme\ssh2_connect() in /usr/local/p... Dmitry Ivanov

12:02 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

Fixed in *PR#390*:
https://github.com/pfsense/FreeBSD-ports/pull/390/files BBcan177 .

08/10/2017

07:18 AM Bug #7764 (Not a Bug): Basic setup of squid + squidguard + ssl interception + transparent proxy produces https://http/* error.

It has to be something in your settings causing this. I can't reproduce it here. I have a working MITM transparent se... Jim Pingle

06:23 AM Bug #7764 (Not a Bug): Basic setup of squid + squidguard + ssl interception + transparent proxy produces https://http/* error.

Check this serverfault question:
https://serverfault.com/questions/866660/pfsense-squid-https-filtering-error-url-ca... m m

08/08/2017

11:53 AM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

Thanks! Another user had also submitted a fix for the EVE JSON log rotation issue. I asked him about incorporating ... Bill Meeks

11:43 AM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

Filed https://github.com/pfsense/FreeBSD-ports/pull/389 Orion Poplawski

08/07/2017

10:16 PM Bug #7756: suricata suricata_check_dir_size_limit() needs to be improved

I'm the volunteer package maintainer for Suricata on pfSense. Thank you for providing a patch to go along with your ... Bill Meeks

05:56 PM Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough

This should be fixed in the newer versions of nvd3. I am attempting to upgrade, but there are some kinks to work out. Jared Dillard

07:22 AM Bug #7758 (Not a Bug): Error on squid

That is most likely due to either a compatibility issue with your cipher selection in squid and that site, or with sq... Jim Pingle

02:08 AM Bug #7758 (Not a Bug): Error on squid

I deployed pfsense 2.3.4 and installed Squid 3.5.26. I config squid in transparent mode and enable HTTPS/SSL intercep... Phong Bui-Quang

08/05/2017

11:17 AM Bug #7753 (Not a Bug): "Bypass Proxy for These Source IPs" does not seem to be working anymore

Jim Pingle

10:26 AM Bug #7753: "Bypass Proxy for These Source IPs" does not seem to be working anymore

This ticket should be closed. "Bypass Proxy for These Source IPs" works as expected. Yuri Weinstein

08/04/2017

11:18 AM Bug #7756 (Resolved): suricata suricata_check_dir_size_limit() needs to be improved

The cleanup process in suricata_check_dir_size_limit() is not very optimal. There are a couple issues:
- It immed... Orion Poplawski

05:11 AM Bug #7755 (Closed): Avahi package is not secure by default

pfSense Avahi Plugin is insecure per default and may at least cause internal information leaking to wrong network zon... Roland Kletzing

08/03/2017

07:06 PM Bug #7753 (Not a Bug): "Bypass Proxy for These Source IPs" does not seem to be working anymore

I used to exclude two IPs using this option for Arlo Pro video cameras (by Netgear) and it used to work fine, but aft... Yuri Weinstein

05:30 PM Bug #7674: Issue Downloading Snort Alert Log Download

This also appears to affect the downloading of the blocked hosts list. If you press the download button, it thinks a... Andrew -

02:11 PM Bug #7752: Squid 3 reverse proxy - HTTPS==>HTTP fails

Jim Pingle wrote:
> Using an HTTP backend with an HTTPS frontend works fine in HAProxy if you need it to work right ... Seyed N

06:30 AM Bug #7752 (Feedback): Squid 3 reverse proxy - HTTPS==>HTTP fails

Using an HTTP backend with an HTTPS frontend works fine in HAProxy if you need it to work right now. The reverse squi... Jim Pingle

05:53 AM Bug #7752 (Not a Bug): Squid 3 reverse proxy - HTTPS==>HTTP fails

I configured the package Squid 3 (version 0.4.37 based on Squid-3.5.26) as reverse proxy.
On my pfSense virtual ma... Seyed N

08/01/2017

02:59 PM Bug #7578: Suricata -- Removing Hosts from Block Table via Alerts

It doesn't depend of a pfSense version and as soon as package is updated will be available for all supported versions Renato Botelho

07/31/2017

12:41 PM Feature #7548 (Resolved): Add absolute offset stat to NTP monitoring display

Jim Pingle

12:02 PM Feature #7548: Add absolute offset stat to NTP monitoring display

Tested, working (2.4.0.b.20170731.0959) John Pettitt

07:51 AM Bug #7736 (Feedback): Crahs with Quagga OSPF and the latest 2.4 Beta

I just pushed a fix, give it a try when the package update shows next (0.6.20) Jim Pingle

07/30/2017

07:47 AM Bug #7736 (Resolved): Crahs with Quagga OSPF and the latest 2.4 Beta

Crash report begins. Anonymous machine information:
amd64
11.0-RELEASE-p11
FreeBSD 11.0-RELEASE-p11 #193 d... Andreas Strub

07/27/2017

12:12 PM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

@BBcan177
Looks like it worked !
Pls make it default. Yuri Weinstein

11:56 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

@BBcan177
Thx for the clue.
What's the proper way to modify /usr/local/pkg/pfblockerng/pfblockerng.inc ?
I made c... Yuri Weinstein

11:32 AM Bug #7729: pfBlockerNG orders NAT licked rules to the bottom of firewall rules

Can you edit */usr/local/pkg/pfblockerng/pfblockerng.inc*
and replace the line (-) with the new line (+):
Line 4... BBcan177 .

07/26/2017

11:44 PM Bug #7729 (Resolved): pfBlockerNG orders NAT licked rules to the bottom of firewall rules

When I use pfBlockerNG and rules order as this https://snag.gy/yFQa5b.jpg after rules update my NAT linked non-pfBlo... Yuri Weinstein

12:30 PM Bug #7278 (Feedback): Suricata Service - Advanced Configuration Pass-Through not working

Merged, thanks! Renato Botelho

08:54 AM Feature #7548 (Feedback): Add absolute offset stat to NTP monitoring display

Merged, thanks! Renato Botelho

07/24/2017

09:34 AM Bug #7191 (Resolved): squid package EN-US grammar errors

Jim Pingle

09:29 AM Bug #7191: squid package EN-US grammar errors

Also fixed in 0.4.37 so I am sure this bug can be closed now. Vincent Bentley

09:18 AM Bug #7674: Issue Downloading Snort Alert Log Download

Ryan Eckenrode wrote:
> I have found that I am no longer able to download the Alert Logs from the snort_alerts.php p... Vincent Bentley