Activity
From 04/29/2019 to 05/28/2019
05/28/2019
-
07:27 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
- Snort3 rules are incompatible with Suricata 4.x. If you install those rules, they will overwrite some critical confi...
-
06:45 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
- I ran into this issue as well after having tried the Snort3 rules and reverted to 2.9 - Suricata is far pickier about...
-
11:05 AM Bug #9557 (Resolved): FRR Upgrades
- FRR 6.0.x seems to be OK on pfSense 2.5.0, so we need to play a bit of musical FRR upgrades:
* Copy FRR 6.0.x back... -
- Fix is in apcupsd 0.3.91_5
-
- apcupsd_status.php does not validate input or encode user input before use, leading to potential abuse (XSS, ACE).
-
- Fixed in ACME 0.5.8
-
- Fixed in ACME 0.5.8
05/27/2019
-
09:03 AM Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports
- already moved to 1.10.1
-
- Both versions were removed
-
07:48 AM Feature #9555 (Resolved): pimd package
- Folks - as it seems that IGMP Proxy is "broken" and pimd works is it possible to add (or replace) IGMP Proxy with pim...
05/25/2019
-
- In the future, do not report security issues via Redmine. See https://www.netgate.com/security/
-
04:05 PM Bug #9554 (Resolved): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php
- Stored XSS vulnerability occurs due to input validation errors in "Name" and "Description" fields when adding new acc...
-
03:37 PM Bug #9553: ACME package menus do not appear for user other than "admin"
- Example Screenshot
-
- ACME package menus do not appear for user other than "admin"
-
-
09:12 AM Feature #9551: Add py-speedtest-cli to package repo
- And it has always been there, next time I will be more diligent. Anyway, needed to use py27-speedtest-cli on 2.4.x an...
-
- Just a simple request to add py-speedtest-cli to the package repo
https://www.freshports.org/net/py-speedtest-cli/
05/23/2019
-
07:22 PM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
- YP Lo wrote:
> Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining G... -
07:32 AM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
- Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining GeoLite2 update s...
-
03:16 PM Bug #9546 (Resolved): Snort fails to load/start with host_attribute_table
- Using the PfSense gui to load and import an attribute table will cause Snort to error on startup. It will not start.
...
05/22/2019
-
08:50 PM Feature #9238: Add support for Zerotier
- I think it would be pretty awesome if PF supported this. ZT is a great and simple way of securing devices in a virtua...
05/20/2019
-
09:46 PM Bug #9542 (Closed): FreeRadius with MySQL not started and require mysql-client packet
- Hello!
Freedaius start log (with Mysql-enable)
> Could not link driver rlm_sql_mysql: Shared object "libmysqlclient...
05/19/2019
-
05:43 AM
Bug #9537 (New): One month offset in displayed data between time changes
- There is a bug in the Status > Traffic Totals package with a one-month offset in displaying data. The offset occurs a...
05/16/2019
-
08:44 PM Feature #9530 (Duplicate): FRR package add sync function to HA / backup firewall
- If you're using FRR and the existing feature;
*CARP Status IP* _Used to determine the CARP status. When the CARP vhi... -
- Version bump up in FRR and please add GUI support for faster convergence features in latest FRR;
*ip ospf dead-int... -
- 1. Build FRR with OSPF, build the VTi interfaces, etc. Start OSPF and it will work. OSFP will link up neighbor state ...
05/15/2019
-
03:26 AM Bug #9524: HAProxy-Backend blocks routed vlan traffic
- Hi guys,
thanks for your answers.
I didn't recognize the warning above the the "Use Client-IP" feature. I am sorry...
05/14/2019
-
11:09 PM Bug #9424: arpwatch package logs CARP MAC address changes
- Just a note that upstream arpwatch from FreeBSD was updated.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235... -
01:44 PM Bug #9524: HAProxy-Backend blocks routed vlan traffic
- Its likely because of transparent-client-ip feature enabled in the backend of haproxy, combined with the 'bug' / miss...
-
- This is almost certainly a configuration issue, and this site is not for support or diagnostic discussion.
For ass... -
- Hi everybody,
we have a weird haproxy-backend problem. HAProxy-backends seems to block routet traffic between two co...
05/12/2019
-
11:15 PM Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates
- Jim Pingle wrote:
> I am not sure it would be related to what you saw, but you might give the newest version of the ... -
11:02 AM Feature #9523: LADVD: Feature to enable setting interface descriptions
- Looking at FreeNAS, they've got a much more succinct description and only added support for the -z option, which seem...
-
- Good day. I'd be interested in seeing options for the -y and -z flag to LADVD get added.
These are explain in ladv... -
05:33 AM Feature #9521 (Resolved): Upgrade to HAProxy 1.9
- Some of our backends support HTTP/2, but it seems that HAProxy 1.8 only support HTTP/2 for the frontends.
The latest...
05/08/2019
-
- I am not sure it would be related to what you saw, but you might give the newest version of the ACME package a try (0...
-
- Great!
-
08:39 AM Bug #9492: Cannot reload remote haproxy via ACME package
- Works. Thx!
-
- I pushed another change just now that might help. Not sure it will, but it's worth a try.
-
- Hi Jim. Yes Haproxy did restart. While I agree that the sync error should be from something else it still seems to be...
-
- Pushed a new fix just now, try the next version when it shows up.
-
01:09 AM Feature #9498: ACME Package: Sorting on name, expiration, etc
- Hi!
Great job, but sorting date does not work OK.
05/07/2019
-
- There is no error in that output related to the service restart. The error at the top is from config sync, which isn'...
-
- I just installed, 0.5.7 but it still throws an error (Interestingly only on the firewall running ACME). Can I get mor...
-
- That isn't possible as the code that does the sync comes before the reload, and the sync process blocks. I haven't se...
05/06/2019
-
- I have two hosts using HA syncing to push the certificate store from host1 (primary) to host2 (backup). ACME renewal ...
-
- Give 0.5.7 a try when it shows up shortly. It should work.
-
- OK, thanks, I was highly optimistic about having found a probable cause for a minute there, but I guess I get to go b...
-
- I does not affect the webgui because it uses another xmlrpc call. It affects every normal service though. I could als...
-
- ACME pkg 0.5.7 now has search and sorting.
05/05/2019
-
- Would this affect more than just haproxy? This fits a failure to restart the webui on a remote system that occurred f...
05/04/2019
-
08:51 AM Bug #9500 (New): HAproxy does not delete non-applicable action config
- The steps to reproduce this are:
# Create a HAproxy frontend
# Create an action and populate its options
# Expor...
05/03/2019
-
01:20 PM Bug #9355: Telegraf Package - https for InfluxDB Server
- https is working for me: https://maxammann.org/posts/2019/05/pfsense-telegraf-letsencrypt/
-
- Mark Vejvoda wrote:
> I got this working on my SG-3100 by copying files from:
>
> https://centminmod.com/centminm...
05/02/2019
-
09:50 PM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
- I got this working on my SG-3100 by copying files from:
https://centminmod.com/centminmodparts/geoip-legacy/
to... -
05:52 PM Feature #9498: ACME Package: Sorting on name, expiration, etc
- The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs to it...
-
The ACME package has been working flawless for me now, for well over a year, I've migrated all of my ACME certs t...
05/01/2019
-
- Yeah, you're right. I didn't have a setup to test that handy, but it would have to come earlier. I'll come up with a ...
-
- Jim Pingle wrote:
> Fixed in ACME pkg v0.5.6
I just tried this and it still throws an error, to the best of my un... -
- Fixed in ACME pkg v0.5.6
-
-
-
-
-
- Fixed in ACME pkg v0.5.6
-
10:14 AM Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1)
- So far I have been unable to replicate this.
Tested with a 7100 and 1100 against us-west-2 and us-east-2 using AWS W... -
- When you apply the settings at step 3 the GUI times out. If you check AWS suring that time the Virtual Private Gatewa...
04/30/2019
-
- When creating a new VPN using the AWS VPN Wizard the webgui times out at step 3 going to step 4 and also at step 4 go...
-
09:53 AM Bug #9495: AWS VPC VPN wizard produces incorrect config (SHA256 should be SHA1)
- Sorry, forgot to add: in looking over the download configuration from AWS, I noticed that it also recommends the Phas...
-
- I was trying to create a site-to-site VPN to my AWS default VPC in the us-west-2 region using the AWS VPC VPN Wizard ...
04/29/2019
-
- If I replace:...
-
- The acme instance cannot restart a remote haproxy service. I looked at the code and found this snippet: https://githu...
Also available in: Atom