pfSense » pfSense Packages

06/04/2019

08:05 PM Bug #9528 (Duplicate): FRR OSPF state stuck in Extart / Exchange because of MTU following pfSense restart

This is fixed on 2.5.0, see #9111
The problem is not with FRR, but with IPsec VTI MTU handling.
Jim Pingle

07:10 PM Bug #9195 (Resolved): Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

Jim Pingle

05:35 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

A fix for this issue has been incorporated into the Suricata GUI package in version 4.1.4_2. The pull request is pos... Bill Meeks

07:10 PM Bug #8501 (Resolved): Incorrect categorization of status/info messages from suricata

Jim Pingle

05:24 PM Bug #8501: Incorrect categorization of status/info messages from suricata

This issue is resolved in Suricata package version 4.1.4_2 on pfSense-2.5-DEVEL. The pull request is here: [https:/... Bill Meeks

05:59 PM Bug #9031: Suricata fails to start with interface with /31 mask

I don't mean to say the /31 netmask is invalid. I was multitasking at the time and now I'm not sure now what I saw w... Bill Meeks

11:20 AM Bug #9031: Suricata fails to start with interface with /31 mask

Bill Meeks wrote:
> I can only reproduce this issue when I assign an invalid IP address to the interface for the giv... Jim Pingle

11:08 AM Bug #9031: Suricata fails to start with interface with /31 mask

Admittedly I'm very late responding to this bug report, but I just tested on Suricata 4.1.4_1 on pfSense-2.5-DEVEL. ... Bill Meeks

09:35 AM Bug #9174 (Resolved): Suricata rulesets in 2.4.4_1

Jim Pingle

09:27 AM Bug #9174: Suricata rulesets in 2.4.4_1

I just tested this with the most recent version of the Suricata package, version 4.1.4_1, and cannot reproduce this i... Bill Meeks

06/03/2019

09:56 PM Bug #9573: GeoIP database FAIL to download - Suricata package

Hmm... looks like it is getting pulled in as a dependency, probably with a library.
No matter, you still do not us... Bill Meeks

09:47 PM Bug #9573: GeoIP database FAIL to download - Suricata package

Hi, Bill
I´m sorry but suricata is the one installing package GeoIP-1.6.12.
Only the following packages are i... Carlos Montalvo J.

07:56 AM Bug #5168: squid doesn't function during/after HA failover

Hello,
any updates with this issue?
i have 200 vlans on my firewall and adding 200 lines with http_port is not g... Zeev Zalessky

06/02/2019

08:38 PM Bug #8577 (Resolved): Snort - Log retention not working

Jim Pingle

07:29 PM Bug #8577: Snort - Log retention not working

This issue is resolved and this ticket can be closed. Bill Meeks

08:38 PM Bug #9188 (Resolved): Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files

Jim Pingle

07:25 PM Bug #9188: Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files

This issue is resolved in the latest Suricata 4.1.4 package. Bill Meeks

07:23 PM Bug #9573: GeoIP database FAIL to download - Suricata package

You do not need to do anything to use the free GeoIP2 Lite database with Suricata on pfSense. It is automatically se... Bill Meeks

12:26 AM Bug #9573 (Rejected): GeoIP database FAIL to download - Suricata package

Hi, to everyone
Suricata v4.1.4 on pfSense 2.4.4-RELEASE-p3 (amd64)
Brand new suricata install, trying to get ... Carlos Montalvo J.

06/01/2019

05:28 PM Bug #9557 (Resolved): FRR Upgrades

2.5.0 snaps have FRR 7 now and it appears to be running OK Jim Pingle

05/31/2019

08:58 PM Bug #9571 (Resolved): FRR processes continue to restart after being disabled until reboot

Jim Pingle

06:27 PM Bug #9571: FRR processes continue to restart after being disabled until reboot

Looks good. Thanks. Chris Linstruth

12:45 PM Bug #9571 (Feedback): FRR processes continue to restart after being disabled until reboot

Fixed in FRR pkg version 0.5.0 Jim Pingle

01:38 PM Bug #9557: FRR Upgrades

pfSense 2.4.4 is using FRR 6 as expected. Still waiting on a new snapshot to check on pfSense 2.5.0/FRR 7 Jim Pingle

10:15 AM Bug #9557 (Feedback): FRR Upgrades

2.4.4 now uses FRR 6.x and 2.5.0 moved to 7.x Renato Botelho

12:45 PM Bug #8751 (Feedback): FRR prefix lists issues

I added some input validation for prefix lists in the latest version of the FRR package. (pkg version 0.5.0) Jim Pingle

12:45 PM Bug #8749 (Feedback): OSPF6 nssa not working

I removed all but the normal and stub types in FRR pkg version 0.5.0, the underlying FRR was also upgraded so I left ... Jim Pingle

12:45 PM Todo #8662 (Feedback): FFR OSPF Cleartext Password Lengths

Fixed in FRR pkg version 0.5.0 Jim Pingle

12:45 PM Feature #8610 (Feedback): FRR BGP "no bgp default ipv4-unicast" option.

Added in FRR pkg version 0.5.0 Jim Pingle

12:45 PM Bug #8308 (Feedback): FRR OSPF6D: interfaces not assigned to areas if they only have a link-local address

Fixed in FRR pkg version 0.5.0 Jim Pingle

12:45 PM Bug #8167 (Feedback): FRR OSPF6 range problem (subnet not advertized)

Disabled area..range statements in FRR pkg version 0.5.0
Doesn't look like they are supported even on FRR 7. Jim Pingle

12:45 PM Feature #7793 (Feedback): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

Jim Pingle

12:45 PM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section

Fixed in FRR pkg version 0.5.0 Jim Pingle

11:29 AM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

P Law wrote:
> Possibly a separate issue, but I am unable to resolve warnings that "app-layer-events.rules seems to ... Bill Meeks

10:50 AM Bug #9244 (Resolved): FRR Status BGP Summary only shows "IPv4 Unicast Summary"

This has been in and working for a while Jim Pingle

05/30/2019

10:08 PM Bug #9571 (Resolved): FRR processes continue to restart after being disabled until reboot

It looks like the configuration file in /var/etc/frr needs to be removed when the element (ospf, bgp, etc) is disable... Chris Linstruth

07:31 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

Uninstall without keeping settings and re-install restored the missing rules. Much work ahead to restore to its prev... P L

03:30 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

Possibly a separate issue, but I am unable to resolve warnings that "app-layer-events.rules seems to be missing!!! Pl... P L

02:49 PM Bug #9546 (Resolved): Snort fails to load/start with host_attribute_table

Jim Pingle

02:32 PM Bug #9546: Snort fails to load/start with host_attribute_table

This issue is now fixed in both the RELEASE and DEVEL branches of pfSense. In pfSense 2.4.4.x the fixed package vers... Bill Meeks

05/29/2019

09:18 PM Bug #9568 (New): UFSSwapDir::openLog: Failed to open swap log.

After a 3 days of been stopped Squid and SquidGuard, once started again Squid cannot start and the message is:
UFS... Julian Pinzón

11:16 AM Bug #9546: Snort fails to load/start with host_attribute_table

This issue is fixed in the upcoming snort-2.9.13_1 package that will be available for pfSense-2.5-DEVEL in the near f... Bill Meeks

07:55 AM Bug #7161 (Feedback): pfSense-pkg-bind9 changelog pointing to non-existent location

Renamed port from pfSense-pkg-bind9 to pfSense-pkg-bind, which matches PORTNAME that is used to construct Changelog URL Renato Botelho

02:28 AM Feature #9563 (Resolved): Syslog-ng TLS support

Hi,
I'm trying to send syslog over TLS. Added syslog-ng package and configure TLS. But syslog-ng does not start. I... Ken-ichi Sasaki

05/28/2019

07:27 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

Snort3 rules are incompatible with Suricata 4.x. If you install those rules, they will overwrite some critical confi... Bill Meeks

06:45 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments

I ran into this issue as well after having tried the Snort3 rules and reverted to 2.9 - Suricata is far pickier about... John Silva

11:05 AM Bug #9557 (Resolved): FRR Upgrades

FRR 6.0.x seems to be OK on pfSense 2.5.0, so we need to play a bit of musical FRR upgrades:
* Copy FRR 6.0.x back... Jim Pingle

09:35 AM Bug #9556 (Feedback): Encoding/validation issues in apcupsd_status.php

Fix is in apcupsd 0.3.91_5 Jim Pingle

09:15 AM Bug #9556 (Resolved): Encoding/validation issues in apcupsd_status.php

apcupsd_status.php does not validate input or encode user input before use, leading to potential abuse (XSS, ACE). Jim Pingle

08:35 AM Bug #9554 (Feedback): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php

Fixed in ACME 0.5.8 Jim Pingle

08:35 AM Bug #9553 (Feedback): ACME package menus do not appear for user other than "admin"

Fixed in ACME 0.5.8 Jim Pingle

05/27/2019

09:03 AM Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports

already moved to 1.10.1 Renato Botelho

08:56 AM Todo #9482 (Resolved): Remove zabbix 3.2 and 3.4 from pfSense

Both versions were removed Renato Botelho

07:48 AM Feature #9555 (Resolved): pimd package

Folks - as it seems that IGMP Proxy is "broken" and pimd works is it possible to add (or replace) IGMP Proxy with pim... Michael Pelley

05/25/2019

04:17 PM Bug #9554: Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php

In the future, do not report security issues via Redmine. See https://www.netgate.com/security/ Jim Pingle

04:05 PM Bug #9554 (Resolved): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php

Stored XSS vulnerability occurs due to input validation errors in "Name" and "Description" fields when adding new acc... Chi Tran

03:37 PM Bug #9553: ACME package menus do not appear for user other than "admin"

Example Screenshot Chris Linstruth

03:34 PM Bug #9553 (Resolved): ACME package menus do not appear for user other than "admin"

ACME package menus do not appear for user other than "admin" Chris Linstruth

09:57 AM Feature #9551 (Duplicate): Add py-speedtest-cli to package repo

Jim Pingle

09:12 AM Feature #9551: Add py-speedtest-cli to package repo

And it has always been there, next time I will be more diligent. Anyway, needed to use py27-speedtest-cli on 2.4.x an... Adam Jaremko

08:50 AM Feature #9551 (Duplicate): Add py-speedtest-cli to package repo

Just a simple request to add py-speedtest-cli to the package repo
https://www.freshports.org/net/py-speedtest-cli/ Adam Jaremko

05/23/2019

07:22 PM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3

YP Lo wrote:
> Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining G... Tj Ng

07:32 AM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3

Found out recently that ntopng v3.6 is already using GeoLite2 database, and hooked up the remaining GeoLite2 update s... YP Lo

03:16 PM Bug #9546 (Resolved): Snort fails to load/start with host_attribute_table

Using the PfSense gui to load and import an attribute table will cause Snort to error on startup. It will not start.
... Bill B

05/22/2019

08:50 PM Feature #9238: Add support for Zerotier

I think it would be pretty awesome if PF supported this. ZT is a great and simple way of securing devices in a virtua... Deon George

05/20/2019

09:46 PM Bug #9542 (Closed): FreeRadius with MySQL not started and require mysql-client packet

Hello!
Freedaius start log (with Mysql-enable)
> Could not link driver rlm_sql_mysql: Shared object "libmysqlclient... Konstantin Ab

05/19/2019

05:43 AM Bug #9537 (New): One month offset in displayed data between time changes

There is a bug in the Status > Traffic Totals package with a one-month offset in displaying data. The offset occurs a... Anonymous

05/16/2019

08:44 PM Feature #9530 (Duplicate): FRR package add sync function to HA / backup firewall

If you're using FRR and the existing feature;
*CARP Status IP* _Used to determine the CARP status. When the CARP vhi... Steven Perreau

08:36 PM Feature #9529 (Resolved): Version upgrade for FRR package and support new faster OSPF convergence features

Version bump up in FRR and please add GUI support for faster convergence features in latest FRR;
*ip ospf dead-int... Steven Perreau

08:24 PM Bug #9528 (Duplicate): FRR OSPF state stuck in Extart / Exchange because of MTU following pfSense restart

1. Build FRR with OSPF, build the VTi interfaces, etc. Start OSPF and it will work. OSFP will link up neighbor state ... Steven Perreau

05/15/2019

03:26 AM Bug #9524: HAProxy-Backend blocks routed vlan traffic

Hi guys,
thanks for your answers.
I didn't recognize the warning above the the "Use Client-IP" feature. I am sorry... Jonas Bechtel

05/14/2019

11:09 PM Bug #9424: arpwatch package logs CARP MAC address changes

Just a note that upstream arpwatch from FreeBSD was updated.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235... Art Manion

01:44 PM Bug #9524: HAProxy-Backend blocks routed vlan traffic

Its likely because of transparent-client-ip feature enabled in the backend of haproxy, combined with the 'bug' / miss... Pi Ba

10:26 AM Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic

This is almost certainly a configuration issue, and this site is not for support or diagnostic discussion.
For ass... Jim Pingle

09:56 AM Bug #9524 (Not a Bug): HAProxy-Backend blocks routed vlan traffic

Hi everybody,
we have a weird haproxy-backend problem. HAProxy-backends seems to block routet traffic between two co... Jonas Bechtel

05/12/2019

11:15 PM Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates

Jim Pingle wrote:
> I am not sure it would be related to what you saw, but you might give the newest version of the ... Mike Barnes

11:02 AM Feature #9523: LADVD: Feature to enable setting interface descriptions

Looking at FreeNAS, they've got a much more succinct description and only added support for the -z option, which seem... Jason Unovitch

10:21 AM Feature #9523 (Resolved): LADVD: Feature to enable setting interface descriptions

Good day. I'd be interested in seeing options for the -y and -z flag to LADVD get added.
These are explain in ladv... Jason Unovitch

05:33 AM Feature #9521 (Resolved): Upgrade to HAProxy 1.9

Some of our backends support HTTP/2, but it seems that HAProxy 1.8 only support HTTP/2 for the frontends.
The latest... S. Debreuil

05/08/2019

08:41 AM Bug #9502: ACME's XMLRPC restart of remote webgui sometimes retains old certificates

I am not sure it would be related to what you saw, but you might give the newest version of the ACME package a try (0... Jim Pingle

08:40 AM Bug #9492 (Resolved): Cannot reload remote haproxy via ACME package

Great! Jim Pingle

08:39 AM Bug #9492: Cannot reload remote haproxy via ACME package

Works. Thx! Florian Apolloner

08:00 AM Bug #9492: Cannot reload remote haproxy via ACME package

I pushed another change just now that might help. Not sure it will, but it's worth a try.
Jim Pingle

07:57 AM Bug #9492: Cannot reload remote haproxy via ACME package

Hi Jim. Yes Haproxy did restart. While I agree that the sync error should be from something else it still seems to be... Florian Apolloner

07:58 AM Feature #9498: ACME Package: Sorting on name, expiration, etc

Pushed a new fix just now, try the next version when it shows up. Jim Pingle

01:09 AM Feature #9498: ACME Package: Sorting on name, expiration, etc

Hi!
Great job, but sorting date does not work OK.
Greg M

05/07/2019

10:03 AM Bug #9492: Cannot reload remote haproxy via ACME package

There is no error in that output related to the service restart. The error at the top is from config sync, which isn'... Jim Pingle

02:24 AM Bug #9492: Cannot reload remote haproxy via ACME package

I just installed, 0.5.7 but it still throws an error (Interestingly only on the firewall running ACME). Can I get mor... Florian Apolloner

07:53 AM Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates

That isn't possible as the code that does the sync comes before the reload, and the sync process blocks. I haven't se... Jim Pingle

05/06/2019

09:54 PM Bug #9502 (Not a Bug): ACME's XMLRPC restart of remote webgui sometimes retains old certificates

I have two hosts using HA syncing to push the certificate store from host1 (primary) to host2 (backup). ACME renewal ... Mike Barnes

01:02 PM Bug #9492 (Feedback): Cannot reload remote haproxy via ACME package

Give 0.5.7 a try when it shows up shortly. It should work. Jim Pingle

02:27 AM Bug #9492: Cannot reload remote haproxy via ACME package

OK, thanks, I was highly optimistic about having found a probable cause for a minute there, but I guess I get to go b... Mike Barnes

02:00 AM Bug #9492: Cannot reload remote haproxy via ACME package

I does not affect the webgui because it uses another xmlrpc call. It affects every normal service though. I could als... Florian Apolloner

01:02 PM Feature #9498 (Feedback): ACME Package: Sorting on name, expiration, etc

ACME pkg 0.5.7 now has search and sorting. Jim Pingle