Project

General

Profile

Activity

From 05/27/2019 to 06/25/2019

06/25/2019

11:58 AM Bug #9601 (Feedback): Status_Monitoring rrd_fetch_json.php does not encode errors returned by the RRD module.
Pushed a fix in Status_Monitoring version 1.7.8.
Before:...
Jim Pingle
11:51 AM Bug #9601 (Resolved): Status_Monitoring rrd_fetch_json.php does not encode errors returned by the RRD module.
If @rrd_fetch()@ produces an error, this error is sent back in JSON without any processing. If the user creates a spe... Jim Pingle
01:49 AM Feature #8982: HAproxy ACL support for map in configuration UI
Further comments.
I have stumbled upon a case where I need to match the contents of an attribute in an SSL certifi...
Stéphane Lapie
01:47 AM Feature #9599 (New): Support for "peers" in HAproxy
I would like to raise a feature request for a "peers" section for sharing sticky tables between hosts in High Avail. ... Stéphane Lapie

06/16/2019

03:17 PM Feature #9588 (Duplicate): New package: node_exporter
I have opened a PR on Github to add a package for the Prometheus node_exporter: https://github.com/pfsense/FreeBSD-po... Carl Pettersson

06/14/2019

08:10 PM Feature #6022: Consider MLVPN for bonded VPN
If someone would add something to my Bounty maybe we will get it faster?
https://forum.netgate.com/topic/144050/mult...
Marvin Klose
08:00 AM Bug #9581 (Resolved): pfSense-pkg-suricata upgrade destroys default suricata rules
Jim Pingle
07:58 AM Bug #9581: pfSense-pkg-suricata upgrade destroys default suricata rules
Yeah, there
John Silva wrote:
> Confirmed that the rules are clobbered as expected when upgrading to 4.1.4_4. Th...
Bill Meeks

06/13/2019

09:53 PM Bug #9581: pfSense-pkg-suricata upgrade destroys default suricata rules
Confirmed that the rules are clobbered as expected when upgrading to 4.1.4_4. Thanks for the quick fix, Bill! John Silva
02:50 PM Bug #9581: pfSense-pkg-suricata upgrade destroys default suricata rules
This fix for this issue has been posted in this pull request: https://github.com/pfsense/FreeBSD-ports/pull/651.
...
Bill Meeks
05:09 AM Bug #9583 (Resolved): Freeradius 3 auth error on OTP (only on PFSense 2.5-dev)
Freeradius 3 on PFSense 2.5-dev using OTP (Google auth) fail auth (works correctly on simple autentication not OTP).
...
Luca De Andreis
12:17 AM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
Louis van Breda wrote:
> Hello,
>
>
> I just installed and tested the package on 244 r3 and it is simply not wo...
Tj Ng

06/11/2019

08:03 PM Bug #9581: pfSense-pkg-suricata upgrade destroys default suricata rules
Thank you for this report. I have added it to my To-Do list for the Suricata GUI package. Bill Meeks
07:31 AM Feature #9576 (Resolved): FRR: box missing for staticd.conf when using raw configuration files
Jim Pingle
04:04 AM Feature #9576: FRR: box missing for staticd.conf when using raw configuration files
I tested the upgrade to the new package (0.5.2) and it works well.
I also tested the upgrade (0.2_8 ==> 0.5.2) on a ...
Bruno Solal

06/10/2019

08:36 PM Bug #9581 (Resolved): pfSense-pkg-suricata upgrade destroys default suricata rules
Issue: Upgrade of pfSense-pkg-suricata removes default suricata events rules installed by the base suricata package (... John Silva

06/08/2019

01:44 PM Bug #9553 (Resolved): ACME package menus do not appear for user other than "admin"
Jim Pingle
12:23 PM Bug #9553: ACME package menus do not appear for user other than "admin"
Tested. Looks good. Chris Linstruth
09:00 AM Bug #9211: GeoIP broken in pfSense-pkg-ntopng-0.8.13_3
Hello,
I just installed and tested the package on 244 r3 and it is simply not working.
It realize that is pos...
Louis B

06/07/2019

12:54 PM Feature #9576 (Feedback): FRR: box missing for staticd.conf when using raw configuration files
Implemented in FRR pkg version 0.5.2. Jim Pingle
12:54 PM Todo #8662 (Feedback): FFR OSPF Cleartext Password Lengths
Implemented in FRR pkg version 0.5.2. Jim Pingle
08:56 AM Todo #8662 (New): FFR OSPF Cleartext Password Lengths
This should only affect cleartext passwords, not MD5.
https://forum.netgate.com/topic/143950/frr-ospf-interface-md...
Jim Pingle
11:26 AM Bug #9578 (Not a Bug): Zebra Doesn't detect VIP on lo0 has been removed
I don't believe there is anything we can do here. That's between FRR and the OS.
You could try a 2.5.0 snapshot wh...
Jim Pingle
11:14 AM Bug #9578 (Not a Bug): Zebra Doesn't detect VIP on lo0 has been removed
I am using FRR to advertise IP's located on lo0. Previously when using the Quagga package, when changing a VIP to a d... Nick Fisk

06/06/2019

08:54 PM Bug #9031: Suricata fails to start with interface with /31 mask
I did not do a lot of research trying to figure out the logic of the Suricata Radix Tree code, but only certain combi... Bill Meeks
04:23 PM Bug #9031: Suricata fails to start with interface with /31 mask
Bill Meeks wrote:
> Okay. Found the source of this bug and it is fixed in this pull request: https://github.com/pf...
e 1/1
06:00 PM Feature #9576 (Resolved): FRR: box missing for staticd.conf when using raw configuration files
On PfSense 2.4.4-RELEASE-p3 (amd64), I updated frr package from 0.2_8 (frr 5.0.2) to 0.5.1_1 (frr 6.0.2).
frr static...
Bruno Solal

06/05/2019

03:56 PM Bug #9031 (Resolved): Suricata fails to start with interface with /31 mask
Thanks! Jim Pingle
03:42 PM Bug #9031: Suricata fails to start with interface with /31 mask
Okay. Found the source of this bug and it is fixed in this pull request: https://github.com/pfsense/FreeBSD-ports/p... Bill Meeks
06:50 AM Feature #7793 (Resolved): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section
Jim Pingle
01:15 AM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section
I checked latest 0.5 it works fine, I got appropriate error if I did not set RID... Constantine Kormashev

06/04/2019

08:05 PM Bug #9528 (Duplicate): FRR OSPF state stuck in Extart / Exchange because of MTU following pfSense restart
This is fixed on 2.5.0, see #9111
The problem is not with FRR, but with IPsec VTI MTU handling.
Jim Pingle
07:10 PM Bug #9195 (Resolved): Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
Jim Pingle
05:35 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
A fix for this issue has been incorporated into the Suricata GUI package in version 4.1.4_2. The pull request is pos... Bill Meeks
07:10 PM Bug #8501 (Resolved): Incorrect categorization of status/info messages from suricata
Jim Pingle
05:24 PM Bug #8501: Incorrect categorization of status/info messages from suricata
This issue is resolved in Suricata package version 4.1.4_2 on pfSense-2.5-DEVEL. The pull request is here: [https:/... Bill Meeks
05:59 PM Bug #9031: Suricata fails to start with interface with /31 mask
I don't mean to say the /31 netmask is invalid. I was multitasking at the time and now I'm not sure now what I saw w... Bill Meeks
11:20 AM Bug #9031: Suricata fails to start with interface with /31 mask
Bill Meeks wrote:
> I can only reproduce this issue when I assign an invalid IP address to the interface for the giv...
Jim Pingle
11:08 AM Bug #9031: Suricata fails to start with interface with /31 mask
Admittedly I'm very late responding to this bug report, but I just tested on Suricata 4.1.4_1 on pfSense-2.5-DEVEL. ... Bill Meeks
09:35 AM Bug #9174 (Resolved): Suricata rulesets in 2.4.4_1
Jim Pingle
09:27 AM Bug #9174: Suricata rulesets in 2.4.4_1
I just tested this with the most recent version of the Suricata package, version 4.1.4_1, and cannot reproduce this i... Bill Meeks

06/03/2019

09:56 PM Bug #9573: GeoIP database FAIL to download - Suricata package
Hmm... looks like it is getting pulled in as a dependency, probably with a library.
No matter, you still do not us...
Bill Meeks
09:47 PM Bug #9573: GeoIP database FAIL to download - Suricata package
Hi, Bill
I´m sorry but suricata is the one installing package GeoIP-1.6.12.
Only the following packages are i...
Carlos Montalvo J.
07:56 AM Bug #5168: squid doesn't function during/after HA failover
Hello,
any updates with this issue?
i have 200 vlans on my firewall and adding 200 lines with http_port is not g...
Zeev Zalessky

06/02/2019

08:38 PM Bug #8577 (Resolved): Snort - Log retention not working
Jim Pingle
07:29 PM Bug #8577: Snort - Log retention not working
This issue is resolved and this ticket can be closed. Bill Meeks
08:38 PM Bug #9188 (Resolved): Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files
Jim Pingle
07:25 PM Bug #9188: Suricata GUI Package fails to send SIGHUP to the Suricata binary process when truncating/rotating the log files
This issue is resolved in the latest Suricata 4.1.4 package. Bill Meeks
07:23 PM Bug #9573: GeoIP database FAIL to download - Suricata package
You do not need to do anything to use the free GeoIP2 Lite database with Suricata on pfSense. It is automatically se... Bill Meeks
12:26 AM Bug #9573 (Rejected): GeoIP database FAIL to download - Suricata package
Hi, to everyone
Suricata v4.1.4 on pfSense 2.4.4-RELEASE-p3 (amd64)
Brand new suricata install, trying to get ...
Carlos Montalvo J.

06/01/2019

05:28 PM Bug #9557 (Resolved): FRR Upgrades
2.5.0 snaps have FRR 7 now and it appears to be running OK Jim Pingle

05/31/2019

08:58 PM Bug #9571 (Resolved): FRR processes continue to restart after being disabled until reboot
Jim Pingle
06:27 PM Bug #9571: FRR processes continue to restart after being disabled until reboot
Looks good. Thanks. Chris Linstruth
12:45 PM Bug #9571 (Feedback): FRR processes continue to restart after being disabled until reboot
Fixed in FRR pkg version 0.5.0 Jim Pingle
01:38 PM Bug #9557: FRR Upgrades
pfSense 2.4.4 is using FRR 6 as expected. Still waiting on a new snapshot to check on pfSense 2.5.0/FRR 7 Jim Pingle
10:15 AM Bug #9557 (Feedback): FRR Upgrades
2.4.4 now uses FRR 6.x and 2.5.0 moved to 7.x Renato Botelho
12:45 PM Bug #8751 (Feedback): FRR prefix lists issues
I added some input validation for prefix lists in the latest version of the FRR package. (pkg version 0.5.0) Jim Pingle
12:45 PM Bug #8749 (Feedback): OSPF6 nssa not working
I removed all but the normal and stub types in FRR pkg version 0.5.0, the underlying FRR was also upgraded so I left ... Jim Pingle
12:45 PM Todo #8662 (Feedback): FFR OSPF Cleartext Password Lengths
Fixed in FRR pkg version 0.5.0 Jim Pingle
12:45 PM Feature #8610 (Feedback): FRR BGP "no bgp default ipv4-unicast" option.
Added in FRR pkg version 0.5.0 Jim Pingle
12:45 PM Bug #8308 (Feedback): FRR OSPF6D: interfaces not assigned to areas if they only have a link-local address
Fixed in FRR pkg version 0.5.0 Jim Pingle
12:45 PM Bug #8167 (Feedback): FRR OSPF6 range problem (subnet not advertized)
Disabled area..range statements in FRR pkg version 0.5.0
Doesn't look like they are supported even on FRR 7.
Jim Pingle
12:45 PM Feature #7793 (Feedback): FRR pkg pfsense web interface checking for RID is setup in OSPF6 section
Jim Pingle
12:45 PM Feature #7793: FRR pkg pfsense web interface checking for RID is setup in OSPF6 section
Fixed in FRR pkg version 0.5.0 Jim Pingle
11:29 AM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
P Law wrote:
> Possibly a separate issue, but I am unable to resolve warnings that "app-layer-events.rules seems to ...
Bill Meeks
10:50 AM Bug #9244 (Resolved): FRR Status BGP Summary only shows "IPv4 Unicast Summary"
This has been in and working for a while Jim Pingle

05/30/2019

10:08 PM Bug #9571 (Resolved): FRR processes continue to restart after being disabled until reboot
It looks like the configuration file in /var/etc/frr needs to be removed when the element (ospf, bgp, etc) is disable... Chris Linstruth
07:31 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
Uninstall without keeping settings and re-install restored the missing rules. Much work ahead to restore to its prev... P L
03:30 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
Possibly a separate issue, but I am unable to resolve warnings that "app-layer-events.rules seems to be missing!!! Pl... P L
02:49 PM Bug #9546 (Resolved): Snort fails to load/start with host_attribute_table
Jim Pingle
02:32 PM Bug #9546: Snort fails to load/start with host_attribute_table
This issue is now fixed in both the RELEASE and DEVEL branches of pfSense. In pfSense 2.4.4.x the fixed package vers... Bill Meeks

05/29/2019

09:18 PM Bug #9568 (New): UFSSwapDir::openLog: Failed to open swap log.
After a 3 days of been stopped Squid and SquidGuard, once started again Squid cannot start and the message is:
UFS...
Julian Pinzón
11:16 AM Bug #9546: Snort fails to load/start with host_attribute_table
This issue is fixed in the upcoming snort-2.9.13_1 package that will be available for pfSense-2.5-DEVEL in the near f... Bill Meeks
07:55 AM Bug #7161 (Feedback): pfSense-pkg-bind9 changelog pointing to non-existent location
Renamed port from pfSense-pkg-bind9 to pfSense-pkg-bind, which matches PORTNAME that is used to construct Changelog URL Renato Botelho
02:28 AM Feature #9563 (Resolved): Syslog-ng TLS support
Hi,
I'm trying to send syslog over TLS. Added syslog-ng package and configure TLS. But syslog-ng does not start. I...
Ken-ichi Sasaki

05/28/2019

07:27 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
Snort3 rules are incompatible with Suricata 4.x. If you install those rules, they will overwrite some critical confi... Bill Meeks
06:45 PM Bug #9195: Suricata (latest): very large number of rules cause errors due to unknown reference keys on Rebuild with Interface SID Management List Assignments
I ran into this issue as well after having tried the Snort3 rules and reverted to 2.9 - Suricata is far pickier about... John Silva
11:05 AM Bug #9557 (Resolved): FRR Upgrades
FRR 6.0.x seems to be OK on pfSense 2.5.0, so we need to play a bit of musical FRR upgrades:
* Copy FRR 6.0.x back...
Jim Pingle
09:35 AM Bug #9556 (Feedback): Encoding/validation issues in apcupsd_status.php
Fix is in apcupsd 0.3.91_5 Jim Pingle
09:15 AM Bug #9556 (Resolved): Encoding/validation issues in apcupsd_status.php
apcupsd_status.php does not validate input or encode user input before use, leading to potential abuse (XSS, ACE). Jim Pingle
08:35 AM Bug #9554 (Feedback): Stored XSS in ACME Package (version 0.5.7_1) /acme/acme_accountkeys_edit.php
Fixed in ACME 0.5.8 Jim Pingle
08:35 AM Bug #9553 (Feedback): ACME package menus do not appear for user other than "admin"
Fixed in ACME 0.5.8 Jim Pingle

05/27/2019

09:03 AM Feature #9387 (Resolved): Update telegraf to 1.9.3 from ports
already moved to 1.10.1 Renato Botelho
08:56 AM Todo #9482 (Resolved): Remove zabbix 3.2 and 3.4 from pfSense
Both versions were removed Renato Botelho
07:48 AM Feature #9555 (Resolved): pimd package
Folks - as it seems that IGMP Proxy is "broken" and pimd works is it possible to add (or replace) IGMP Proxy with pim... Michael Pelley
 

Also available in: Atom