Activity

30 days up to

User

Activity

From 05/25/2020 to 06/23/2020

06/23/2020

03:24 PM Bug #10693 (New): pfSense Bind Zone Editor UI does not update zone serial number when a change is made: /pkg_edit.php?xml=bind_zones.xml&act=edit&id=0
populates the "Serial" field with the serial number of the current... Jeffrey Altman
12:57 PM Bug #10692 (Confirmed): PIMD starts twice at boot: Hello,
I just discoverd a critical error in the pfSense boot sequence.
- Independed if you have enabled the PIMD... Louis B

06/22/2020

12:21 PM Feature #10689 (Pull Request Review): Squid Reverse proxy IPv6 and HA support: Jim Pingle
10:53 AM Feature #10689: Squid Reverse proxy IPv6 and HA support: https://github.com/pfsense/FreeBSD-ports/pull/885 Viktor Gurov
03:22 AM Feature #10689 (Resolved): Squid Reverse proxy IPv6 and HA support: allow to listen on IPv4/IPv6/IPv4+IPv6 interfaces, see #8887
and add ability to select CARP interfaces, see #5168 Viktor Gurov
07:29 AM Bug #10688 (Pull Request Review): Remove Zabbix 4.2 ports: Jim Pingle
07:11 AM Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: pfSense-pkg-squid 0.4.44_27 - work as expected Viktor Gurov

06/21/2020

02:45 PM Bug #10688: Remove Zabbix 4.2 ports: https://github.com/pfsense/pfsense/pull/4365
https://github.com/pfsense/FreeBSD-ports/pull/884 Danilo Baio
02:42 PM Bug #10688 (Resolved): Remove Zabbix 4.2 ports: - Remove Zabbix 4.2 ports.
- Fix typos, reported on https://github.com/pfsense/FreeBSD-ports/pull/876
Zabbix 4.2 ... Danilo Baio

06/19/2020

09:10 AM Bug #10679 (Pull Request Review): Squid reverse proxy CA cert without prv key: Jim Pingle
09:05 AM Bug #10679: Squid reverse proxy CA cert without prv key: https://github.com/pfsense/FreeBSD-ports/pull/883 Viktor Gurov
08:55 AM Bug #10679 (Resolved): Squid reverse proxy CA cert without prv key: from https://forum.netgate.com/topic/154504/squid-0-4-44_26-cannot-select-external-ca-s
Currently is not possible to... Viktor Gurov
03:46 AM Feature #8727 (Resolved): Clone button in cron pkg: Cron 0.3.7_4 - works as expected Viktor Gurov
01:18 AM Feature #9765 (Resolved): Update iperf package to iperf3: pfSense 2.4.5 and 2.5 use iperf3
see also #10357 Viktor Gurov
01:12 AM Bug #10611 (Resolved): FRR applies file permissions to missing files: resolved in frr 0.6.6 Viktor Gurov
01:11 AM Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: frr 0.6.6 generates a configuration with the correct as-path:... Viktor Gurov

06/18/2020

11:26 AM Bug #10673 (Rejected): Avahi interface list is missing interfaces: Avahi already shows all enabled interfaces
all you need to do is assign and enable the OpenVPN interface Viktor Gurov
10:23 AM Bug #10673 (Rejected): Avahi interface list is missing interfaces: In avahi_settings.php, there is a list of network interfaces. Mine shows LAN, DMZ, WAN2. The list is missing my "WA... Jeremy 99
09:00 AM Feature #10441 (Feedback): Integration of bfd daemon: PR has been merged. Thanks! Renato Botelho
08:45 AM Bug #10654 (Feedback): Whitelisted domains starting with a dot are ignored: PR has been merged. Thanks! Renato Botelho
08:42 AM Bug #10611 (Feedback): FRR applies file permissions to missing files: PR has been merged. Thanks! Renato Botelho
08:42 AM Bug #10657 (Feedback): FRR: AS-Path Filter doesn't work anymore: PR has been merged. Thanks! Renato Botelho

06/15/2020

10:00 AM Feature #10665 (Resolved): Manual OSPF neighbor definitions: OSPF interface modes "non-broadcast" and "point-to-miltipoint" rely on being able to manually define specific OSPF ne... Jim Pingle

06/12/2020

09:50 AM Bug #10656 (Pull Request Review): Acme letsencrypt doesn't change private key type: Jim Pingle
07:39 AM Bug #10656: Acme letsencrypt doesn't change private key type: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/881 Viktor Gurov
06:45 AM Bug #10656 (Confirmed): Acme letsencrypt doesn't change private key type: Right, got the same issue Viktor Gurov
05:56 AM Bug #10656: Acme letsencrypt doesn't change private key type: It isn't really a duplicate of that bug. The fallout of that bug sets up the conditions where you might want to chan... Howard Holm
12:23 AM Bug #10656 (Rejected): Acme letsencrypt doesn't change private key type: Duplicate of #10655
Please add any additional comments to that issue. Viktor Gurov
09:44 AM Bug #10654 (Pull Request Review): Whitelisted domains starting with a dot are ignored: Jim Pingle
06:48 AM Bug #10654: Whitelisted domains starting with a dot are ignored: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/880 Viktor Gurov
09:42 AM Bug #10657 (Pull Request Review): FRR: AS-Path Filter doesn't work anymore: Jim Pingle
04:58 AM Bug #10657: FRR: AS-Path Filter doesn't work anymore: Correct, see http://docs.frrouting.org/en/latest/bgp.html#as-path-access-lists
Fix:
https://github.com/pfsense/Fr... Viktor Gurov
04:21 AM Bug #10657: FRR: AS-Path Filter doesn't work anymore: Syntax for as-path acl has changed in frr ...
Now it's ... Luki TJ
03:54 AM Bug #10657 (Resolved): FRR: AS-Path Filter doesn't work anymore: Hi,
after upgrade from 2.4.4_p3 to 2.4.5_p1 route-maps for BGP metric altering based on AS-Path match don't work a... Luki TJ
09:41 AM Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: If it works on the latest ntopng then it's already been fixed upstream. It may also be fixed by the newer OpenSSL on ... Jim Pingle
04:40 AM Bug #10655: ntopng fails with letsencrypt ECC certificates: It seems ntopng 3.8 issue, is the same error ERR_SSL_VERSION_OR_CIPHER_MISMATCH with EC-256 certificate
but there ... Viktor Gurov
09:40 AM Bug #8688 (Pull Request Review): Pass List Snort: Jim Pingle
01:38 AM Bug #8688: Pass List Snort: https://github.com/pfsense/FreeBSD-ports/pull/878
see also #10493 Viktor Gurov
07:12 AM Feature #10557 (Resolved): Add Zabbix 5.0 LTS (agent and proxy) packages: Renato Botelho

06/11/2020

09:49 PM Bug #10656 (Closed): Acme letsencrypt doesn't change private key type: As alluded to in this year and a half old post (https://forum.netgate.com/topic/116404/ntopng-and-let-s-encrypt-certi... Howard Holm
09:43 PM Bug #10655 (Resolved): ntopng fails with letsencrypt ECC certificates: Configuring ntopng to use letsencrypt certificates (via the Acme package) works with default RSA 2048 bit certificate... Howard Holm
01:05 PM Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Seems to work for me Pim Janssen
12:55 PM Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Danilo Baio wrote:
> Yes, it's missing zabbix config options for the 2.4.5 packages:
> https://github.com/pfsense/F... Danilo Baio
12:31 PM Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Pim Janssen wrote:
> Thanks, i just upgraded my zabbix-proxy on pfsense.
> Now i am getting the following error:
>... Danilo Baio
11:55 AM Feature #10557: Add Zabbix 5.0 LTS (agent and proxy) packages: Thanks, i just upgraded my zabbix-proxy on pfsense.
Now i am getting the following error:
`connection to database '... Pim Janssen
11:04 AM Bug #10654 (Resolved): Whitelisted domains starting with a dot are ignored: https://forum.netgate.com/topic/153933/solved-squid-0-4-44_25-assertion-failed-http-cc-1533-comm-monitorsread-serverc... Viktor Gurov
09:58 AM Bug #10146 (Resolved): squid4 obsolete options: OK - no NO_SSLv2 option in squid pkg 0.4.44_26 Viktor Gurov
04:38 AM Feature #9874 (Resolved): safesearch enforcing: link is ok now Viktor Gurov
04:37 AM Feature #10627 (Resolved): add Yandex Site Checker link: works as expected on the latest pfBlockerNG-devel Viktor Gurov
01:21 AM Feature #10653 (New): Allow to download frr_status: Add a button on the status_frr.php page to load all the frr status output as a txt file. Viktor Gurov
01:08 AM Feature #10628 (Resolved): Allow to change url_rewrite_children options: pfSense-pkg-squidGuard-1.16.18_6 works as expected Viktor Gurov

06/10/2020

05:28 PM Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: I don't have SSH access to the router, so unfortunately I cannot run acme.sh outside pfSense. I suppose the answer li... Oriane Tury
12:56 PM Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Jim Pingle wrote:
> That particular document is outdated, the Cert Manager supports forming chains on its own now. I... Dennis Adler
12:15 PM Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: That particular document is outdated, the Cert Manager supports forming chains on its own now. I have a setup with in... Jim Pingle
12:10 PM Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: > Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you impor... Dennis Adler
08:42 AM Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Either your CA/Cert subjects are not unique and it formed an incorrect internal association on import, or you importe... Jim Pingle
04:07 AM Bug #10649: OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: Note: I posted this initially on the Netgate forums. Several views but no feedback. Perhaps not many people set up a ... Dennis Adler
04:05 AM Bug #10649 (Not a Bug): OpenVPN Cllient Export Wizard Using Wrong Root CA Certificate: This occurs using pfSense 2.4.5-RELEASE (arm) on an SG-3100. OpenVPN CE Wizard v1.4.23.
I had two Root CAs in pfSe... Dennis Adler
11:04 AM Feature #10557 (Feedback): Add Zabbix 5.0 LTS (agent and proxy) packages: PR has been merged. Thanks! Renato Botelho
11:01 AM Feature #9874 (Feedback): safesearch enforcing: PR has been merged. Thanks! Renato Botelho
10:53 AM Feature #10628 (Feedback): Allow to change url_rewrite_children options: PR has been merged. Thanks! Renato Botelho
10:53 AM Feature #10627 (Feedback): add Yandex Site Checker link: PR has been merged. Thanks! Renato Botelho
10:52 AM Feature #10618 (Feedback): Set sysDescr the same as bsnmpd unless overriden with net-snmp: PR has been merged. Thanks! Renato Botelho
10:51 AM Bug #10146 (Feedback): squid4 obsolete options: PR has been merged. Thanks! Renato Botelho
10:50 AM Bug #5168 (Feedback): squid doesn't function during/after HA failover: PR has been merged. Thanks! Renato Botelho
10:49 AM Feature #9793 (Feedback): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: PR has been merged. Thanks! Renato Botelho
10:48 AM Feature #8727 (Feedback): Clone button in cron pkg: PR has been merged. Thanks! Renato Botelho
10:11 AM Bug #10647 (Feedback): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: PR has been merged. Thanks! Renato Botelho
09:19 AM Bug #10647 (Pull Request Review): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Jim Pingle
01:48 AM Bug #10647: FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: Fix:
https://github.com/pfsense/FreeBSD-ports/pull/877 Viktor Gurov
06:13 AM Feature #10599: Add support for hitless-reloads of HAproxy config: Thanks and sorry, missed it DRago_Angel [InV@DER]
05:40 AM Feature #10599 (Rejected): Add support for hitless-reloads of HAproxy config: Already supported:
see https://github.com/pfsense/FreeBSD-ports/blob/76396719e6e1b7c0c54dc70c2bb91c127a7ff8c4/net/... Viktor Gurov

06/09/2020

02:36 PM Bug #10647 (Resolved): FRR BGP Advanced > Aggregated Addresses ignores ipv6 subnets: The php script generating the bgp.conf file only writes out the configuration if the subnet is an ipv4 subnet: https:... Max Maton
11:49 AM Bug #10646 (Resolved): Reinstall package process stalls at pfBlockerNG when restoring a config: The package install process for pfBlockerNG completes but the processes do not close out preventing subsequent packag... Steve Wheeler
07:55 AM Bug #10642: ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: Have you tried doing this with acme.sh on its own (not through pfSense)? It may be a problem in the Gandi script, it ... Jim Pingle

06/08/2020

03:17 PM Bug #10642 (Duplicate): ACME certificate renewal with DNS-Gandi method fails when using multiple Gandi keys: With the ACME service, when trying to issue/renew a certificate on 2 domain names (or more) using the DNS-Gandi Live ... Oriane Tury
09:11 AM Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: In my opinion, that kind of service is a poor fit for a firewall. Especially given its "poor security history":https:... Jim Pingle
08:41 AM Feature #10557 (Pull Request Review): Add Zabbix 5.0 LTS (agent and proxy) packages: Jim Pingle

06/06/2020

02:40 PM Feature #10640 (Rejected): Request addition of ZNC to Package Manager available packages: I would like to request the addition of the ZNC package for installation via the pfSense Package Manager, pfSense rel... Murray Williams

05/30/2020

08:47 AM Bug #10146: squid4 obsolete options: https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Troubleshooting:
_NO_SSLv2 is relevant only fo... Viktor Gurov
06:43 AM Bug #5168: squid doesn't function during/after HA failover: https://github.com/pfsense/FreeBSD-ports/pull/867
This is mainly for Transparent mode and IPv6 squid configuration... Viktor Gurov

05/29/2020

11:31 PM Feature #10612 (Resolved): Add pfSense package for Zeek (formerly Bro) Network Security Monitor: PR: https://github.com/pfsense/FreeBSD-ports/pull/866 Prosper Doko
01:00 PM Bug #10611 (Resolved): FRR applies file permissions to missing files: When FRR starts it tries to apply file permissions to all the conf files for it's daemons. Including those that are n... Steve Wheeler
11:49 AM Bug #10444 (Resolved): FRR will not start in 2.4.5 aarch64: Same here on SG-1100, services start and I am seeing neighbors and routes exchanged. Jim Pingle
11:47 AM Bug #10444: FRR will not start in 2.4.5 aarch64: This looks good in 0.6.5. Service starts as expected.
Tested an SG-1100 running 2.4.5p1. Steve Wheeler
10:37 AM Bug #10444: FRR will not start in 2.4.5 aarch64: Please re-test with pfSense-pkg-frr 0.6.5 / frr7-7.3.1 to make sure problem persists Renato Botelho
11:06 AM Bug #10573 (Resolved): Netgate_Coreboot_Upgrade cannot write to flash in 2.4.5: Jim Pingle
11:04 AM Bug #10573: Netgate_Coreboot_Upgrade cannot write to flash in 2.4.5: This works correctly in the 0.28 package.
Tested on an SG-4860 in a 2.4.5p1 snapshot.
!Selection_849.png!
Steve Wheeler
05:07 AM Bug #10502: LLDP spamming errors on Netgate XG-7100: So maybe we can track this issue https://github.com/vincentbernat/lldpd/issues/394 and till it (or if it will not) fi... DRago_Angel [InV@DER]
04:53 AM Bug #10502: LLDP spamming errors on Netgate XG-7100: DRago_Angel [InV@DER] wrote:
> Additionally LLDPd with active NDP (enabled and forced) throw errors if chosen interf... Viktor Gurov
12:43 AM Bug #10608 (Closed): Update squid port to 4.11-p2: Current pfSense ports squid version 4.10 contains a bug that may cause a crash when users navigate the Internet,
See... Viktor Gurov

05/28/2020

10:06 AM Bug #10606: Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly): You might post on the IDS/IPS category of the forum to catch the snort developer's attention there. Similar issues ha... Jim Pingle
10:02 AM Bug #10606 (New): Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly): Snort Inline stopped working after upgrade to FreeBSD 12.1 (network traffic blocked after heavy load randomly).
Ne... David Rupprechter
10:01 AM Feature #10605 (Resolved): Add certificates from Trusted Store to Squid cert store: PfSense 2.5 has the 'add to Trust Store' feature #4068, which allows you to add pfSense certificates to /etc/ssl/cert... Viktor Gurov

05/27/2020

07:44 PM Bug #10602 (Resolved): Dashboard->Traffic Graphs bandwidth designations on hover pop-ups: The scales are reporting Mbytes/sec but the pop-up is using the Mbits/sec designation: Mb/s. Needs to be corrected ... Randall Barth
07:42 PM Bug #10601 (New): Dashboard->Traffic Graphs Scale is capped for outbound: The WAN out and LAN in scales are capped at 1 Mbyte/sec. They should adjust scale range as do the WAN in and LAN out. Randall Barth
03:08 PM Feature #10600: Add support for pfBlockerNG "Action list" feature: It would be cool if you add both flows. Thank you guys. And about HAproxy Reload Integration it better to be done as ... DRago_Angel [InV@DER]
03:04 PM Feature #10600 (New): Add support for pfBlockerNG "Action list" feature: Some other plugins that can use pfBlockerNG native aliases can need additional reload/restart action to load new IPs ... DRago_Angel [InV@DER]
02:48 PM Feature #9793 (Pull Request Review): Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Jim Pingle
01:24 PM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Ok, thanks DRago_Angel [InV@DER]
12:15 PM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: it would be nice to use "hitless-reloads" with 'action list'
Please create a new redmine issue for this
Viktor Gurov
11:43 AM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Tested this patch, it works as expected, thanks!
Could you please advice what the best|correct way(command) to recre... DRago_Angel [InV@DER]
11:24 AM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Yep, this fine. And yes, I understand what this commit adds, thanks =)
Will try to test it now. DRago_Angel [InV@DER]
11:04 AM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: This PR adds support for the URL Table alias type, and it can be not only the pfBlockerNG URL, but also a list on you... Viktor Gurov
10:39 AM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Hi Viktor,
I speak with @bbcan177 about this initially and tested changing files on filesystem. Reloading of SrcIPs ... DRago_Angel [InV@DER]
03:30 AM Feature #9793: Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native: Allows to use URL Table type alias:
https://github.com/pfsense/FreeBSD-ports/pull/865 Viktor Gurov
01:34 PM Feature #10599 (Rejected): Add support for hitless-reloads of HAproxy config: HAproxy allows reload configs without restart of service via socket command: https://www.haproxy.com/blog/hitless-rel... DRago_Angel [InV@DER]

05/25/2020

03:56 PM Bug #10476 (Resolved): Services - Acme - Certificates using loopia API: resolved in the latest acme pkg 0.6.8:... Viktor Gurov

Also available in: Atom

Project

General

Profile

pfSense » pfSense Packages

Activity

Activity

06/23/2020

06/22/2020

06/21/2020

06/19/2020

06/18/2020

06/15/2020

06/12/2020

06/11/2020

06/10/2020

06/09/2020

06/08/2020

06/06/2020

06/05/2020

06/04/2020

06/03/2020

06/01/2020

05/30/2020

05/29/2020

05/28/2020

05/27/2020

05/25/2020