pfSense » pfSense Packages

01/03/2021

10:04 AM Feature #9833: ACME: add ability to use custom ACME server

Stanislav Dimov wrote:
> +1. Any progress on this?
+1 on this as well. Have recently setup an ACME server locall... Michael .

08:29 AM Bug #11214 (Resolved): mail reports typo "Define reports to by sent periodically via email. "

/status_mail_report.php
Email Reports
Define reports to by sent periodically via email.
should be
Define re... gavin penney

01/02/2021

09:07 PM Feature #10818: UDP Broadcast Relay

Would absolutely love to see this becoming a pfSense package. Thank you Chetan and Garth for taking a shot at this. Kevin L

08:17 PM Feature #11201: Show iTLD Allow IDN domains

Those don't provide a number of domains per TLD. BBcan177 .

02:13 PM Bug #11175: FRR OSPFv6 config missing default area

Fixed
Default Area is added to OSPF6 configuration
router ospf6
area 0.0.0.0 range 684d:1111:222:3333::/64 co... Alhusein Zawi

11:25 AM Feature #11155: SafeSearch AAAA

Added description regarding IPv4/IPv6 redirect support by search engines.
https://github.com/pfsense/FreeBSD-ports/p... Danilo Zrenjanin

01/01/2021

11:12 PM Feature #11201: Show iTLD Allow IDN domains

BBcan177 . wrote:
> Best to edit the iTLD's and add the static IDN between the existing Puny code and the [xxx] coun... Viktor Gurov

01:59 PM Feature #11201: Show iTLD Allow IDN domains

Best to edit the iTLD's and add the static IDN between the existing Puny code and the [xxx] counts. ... BBcan177 .

02:07 PM Feature #11209: pfBlockerNG soft blocking

This won't work for HTTPS requests. And no way to do a redirection unless a Proxy is used. BBcan177 .

08:21 AM Feature #11209 (New): pfBlockerNG soft blocking

For the high false-positive feeds, or for some specific feeds (like https://1984.sh/covid19-domains-feed.txt) it woul... Viktor Gurov

10:47 AM Feature #11210 (Resolved): 3rd party rulesets

It would be useful to add the ability to use any additional third party rulesets,
and download/update them just like... Viktor Gurov

03:23 AM Feature #10605: Add certificates from Trusted Store to Squid cert store

"Extra Trusted CA" option to select the CA certificate that is used by the upstream SSL/MITM proxy:
https://gitlab.n... Viktor Gurov

12/31/2020

11:12 PM Bug #11205 (Duplicate): DNSBL SafeSearch redirection doesn't work with DuckDuckGo

see https://redmine.pfsense.org/issues/11155#note-3 Viktor Gurov

01:55 PM Bug #11205 (Duplicate): DNSBL SafeSearch redirection doesn't work with DuckDuckGo

It's not forcing safe search when using DuckDuckGo search engine. Danilo Zrenjanin

02:46 PM Feature #11206: FRR 7.5

I've bumped the port version to 0.7.0 for pfSense-pkg-frr because of the changes, but looking back at everything that... Ben Hughes

02:39 PM Feature #11206: FRR 7.5

PR: https://github.com/pfsense/FreeBSD-ports/pull/1018 Ben Hughes

02:39 PM Feature #11206 (Closed): FRR 7.5

Update the FRR port to 7.5 and update pfSense-pkg-frr to use 7.5 new features and other changes and fixes.
- FRR r... Ben Hughes

12:21 PM Bug #11204: Fix net-snmp logging to syslog

PR: https://github.com/pfsense/FreeBSD-ports/pull/1017 Ben Hughes

12:20 PM Bug #11204 (Resolved): Fix net-snmp logging to syslog

The net-snmp service command currently is set to log to a file rather than to syslog so log output ends up in file @/... Ben Hughes

11:05 AM Bug #11175 (Feedback): FRR OSPFv6 config missing default area

Fix has been merged in the last commit, will be in snapshots soon. Jim Pingle

12:16 AM Bug #11175: FRR OSPFv6 config missing default area

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/17 Viktor Gurov

11:04 AM Feature #10665 (Feedback): Manual OSPF neighbor definitions

There was an issue introduced recently which was not including the neighbor settings in the FRR configuration, I push... Jim Pingle

09:37 AM Feature #11155 (New): SafeSearch AAAA

DuckDuckGo fix:
https://github.com/pfsense/FreeBSD-ports/pull/1016 Viktor Gurov

09:19 AM Feature #11202 (Resolved): Antivirus feature update

1) Remove Google Safe Browsing feature as it's deprecated/outdated,
see https://blog.clamav.net/2020/06/the-future-o... Viktor Gurov

07:38 AM Feature #11201: Show iTLD Allow IDN domains

https://github.com/pfsense/FreeBSD-ports/pull/1015 Viktor Gurov

07:34 AM Feature #11201 (Resolved): Show iTLD Allow IDN domains

Show IDN(UTF8) translated domains in addition to punnycode-encoded domains
see screenshots Viktor Gurov

04:02 AM Feature #11199: Minor updates

https://github.com/pfsense/FreeBSD-ports/pull/1014 Viktor Gurov

02:50 AM Feature #11199 (Resolved): Minor updates

1) Alerts page - add Yandex.DNS (https://dns.yandex.com);
2) Threat lookup page - add Kaspersky and InterServer.net ... Viktor Gurov

03:50 AM Feature #11200 (New): Squid reverse proxy + multiple ssl certificates

https://forum.netgate.com/topic/94878/squid-reverse-proxy-multiple-ssl-certificates:
I recently have installes som... Viktor Gurov

02:45 AM Feature #11178: Filer do not ask what to do with previous filename

Also same applies on deletion of entry - when you delete files managed by filer - files doesn't removes. This can be ... DRago_Angel [InV@DER]

01:49 AM Feature #11178: Filer do not ask what to do with previous filename

User interaction isn't fine fit in general, maybe this can be parameter in per-file settings and be set by default to... DRago_Angel [InV@DER]

02:43 AM Bug #11180: Filer run action for files on sync that wan't been modified

Hi Viktor, thank you. Fix for this bug working. Tested:
1. modified file without script action - another files actio... DRago_Angel [InV@DER]

02:11 AM Bug #11180: Filer run action for files on sync that wan't been modified

DRago_Angel [InV@DER] wrote:
> Hi Viktor, can you please provide diff -u ? I can check fix and provide feedback. Tha... Viktor Gurov

01:49 AM Bug #11180: Filer run action for files on sync that wan't been modified

Hi Viktor, can you please provide diff -u ? I can check fix and provide feedback. Thank you for fix and also wish you... DRago_Angel [InV@DER]

01:41 AM Bug #11180: Filer run action for files on sync that wan't been modified

Fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/18 Viktor Gurov

02:07 AM Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages

BBcan177 . wrote:
> Before you uninstall, you need to uncheck "Keep Settings" in the General Tab.
it doesn't help
... Viktor Gurov

12:46 AM Bug #11108: pfsense 2.5.0-DEVELOPMENT (amd64) pfBlockerNG-devel 3.0.0_1

DRago_Angel [InV@DER] wrote:
> It not pushed to 2.5.0. Last version on pfSense 2.5.0 is 3.0.0_1. Please fix this. Or... Viktor Gurov

12/30/2020

11:51 PM Bug #11185 (Pull Request Review): Redis service stopping before NtopNg

Viktor Gurov

05:00 PM Bug #10935: FRR 0.6.7-6 - BGPD service recycled IPv6 without Route Map

0.6.8 has a *lot* of changes in it, so it's probably not directly relevant.
That config should work though so you'... Ben Hughes

04:55 PM Bug #11158: FRR Prefix Lists

As long as the configuration is getting generated correctly this is probably an FRR bug, I've run into various 'stran... Ben Hughes

04:52 PM Bug #11175: FRR OSPFv6 config missing default area

There's a typo in @frr_ospf6.inc@, I'll put a PR in that fixes it shortly. Ben Hughes

01:53 PM Bug #11135 (Feedback): HAproxy OCSP reponse crontab bug

PR has been merged. Thanks! Renato Botelho

01:47 PM Bug #5168: squid doesn't function during/after HA failover

Hello
I tested the HA and Squid on the last Dev snapshot version:
2.5.0-DEVELOPMENT (amd64)
built on Wed Dec 30 ... Stefano Mereghetti

09:15 AM Bug #11194 (Rejected): ACME DNS challenge for dynu.com not deleting all DNS TXT records upon completion

We don't have control over that code, you'd report that upstream to the acme.sh project directly: https://github.com/... Jim Pingle

12/29/2020

11:46 PM Bug #11194 (Rejected): ACME DNS challenge for dynu.com not deleting all DNS TXT records upon completion

I've had this issue and finally got around to tracking it down this afternoon. I use the ACME package in pfSense to ... Jim Brayton

12/28/2020

08:54 AM Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages

Is there a compelling reason to keep the shell scripts around even if the user didn't choose that? Typically a user w... Jim Pingle

06:21 AM Bug #10700 (Resolved): not all VPN IPs added with vpnaddresses option

Renato Botelho

12/27/2020

10:45 AM Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages

Before you uninstall, you need to uncheck "Keep Settings" in the General Tab. BBcan177 .

08:40 AM Feature #10818: UDP Broadcast Relay

I just came here to say the same, and saw your post Garth. I'm a programmer by profession, but have never built any P... Chetan Rao

08:19 AM Bug #11108: pfsense 2.5.0-DEVELOPMENT (amd64) pfBlockerNG-devel 3.0.0_1

It not pushed to 2.5.0. Last version on pfSense 2.5.0 is 3.0.0_1. Please fix this. Or this can be another issue that ... DRago_Angel [InV@DER]

12/26/2020

07:49 PM Bug #11175: FRR OSPFv6 config missing default area

To work around the issue for now
add the Area to the interface
Services>FRR>OSPF6>Edit>Interfaces:OSPF6 Interfac... Alhusein Zawi

05:50 PM Bug #11191: Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages

Manually removing the two .sh files removes them from the UI, so it appears they are not cleaned up properly on unins... Kris Phillips

05:41 PM Bug #11191 (Resolved): Installing and Removing pfBlockerNG Leaves Shell Scripts in webConfigurator Messages

On reboot after installing and then uninstalling pfBlockerNG, a few shell scripts remain in the shutdown/reboot messa... Kris Phillips

01:46 AM Feature #10818: UDP Broadcast Relay

I have found this tool really handy for me so I want to help to make it happen, unfortunately I don't have the progra... Garth Kirkwood

12/25/2020

09:07 AM Bug #10429: Status Traffic Total broken 2.4.5

Tested on the latest release.
Traffic Totals version - 2.3.2_1
Its functionality is fixed. There are minor com... Danilo Zrenjanin

08:43 AM Bug #10413 (Resolved): BIND plugins are not copied into chroot

Tested on the latest release.
Bind version 9.16_6. Plugins are automatically copied into /cf/named/usr/local/lib/n... Danilo Zrenjanin

12/24/2020

12:21 PM Bug #8688 (Resolved): Pass List Snort

Tested on Snort 4.1.2_2 and 4.1.2_4. I see all of my IPsec v4 and v6 addresses in my pass list as well as OpenVPN add... Max Leighton

11:57 AM Bug #10700: not all VPN IPs added with vpnaddresses option

Tested in Suricata 5.0.4_1 and 6.0.0_4. I'm seeing all of the relevant VPN IPs added to the list. Max Leighton

12/23/2020

02:55 PM Bug #11000: haproxy deprecated trick suggested

It was been deprecated from HAproxy 1.8 if trust manual: https://cbonte.github.io/haproxy-dconv/1.8/configuration.htm... DRago_Angel [InV@DER]

01:55 PM Bug #11185: Redis service stopping before NtopNg

I wrote basic patch which fix issue in my case:... DRago_Angel [InV@DER]

12/22/2020

12:21 PM Feature #11186 (Pull Request Review): Allow lo0/Loopback as a valid interface in OSPF/OSPF6

Jim Pingle

12:09 PM Feature #11186 (Closed): Allow lo0/Loopback as a valid interface in OSPF/OSPF6

PR: https://github.com/pfsense/FreeBSD-ports/pull/1011 Christian McDonald

11:14 AM Bug #11185: Redis service stopping before NtopNg

To note, if run:
if rune something like kill -15 `pgrep ntopng` then ntopng correctly shutting down via SIGTERM and ... DRago_Angel [InV@DER]

10:00 AM Bug #11185 (Resolved): Redis service stopping before NtopNg

Redis is dependency for NtopNG. It must stop after NtopNG, but it don't. In result when you stop NtopNG via pfSense w... DRago_Angel [InV@DER]

10:58 AM Bug #11108 (Resolved): pfsense 2.5.0-DEVELOPMENT (amd64) pfBlockerNG-devel 3.0.0_1

Tested on the latest snapshot.
pfBlockerNG version 3.0.0_7.
It works fine.
Ticket resolved. Danilo Zrenjanin

10:28 AM Feature #6651: Loopback interfaces

PR Review:
https://github.com/pfsense/FreeBSD-ports/pull/1011
This might not completely solve every use-case, b... Christian McDonald

12/21/2020

11:50 AM Bug #11182 (New): NRPE in HA syncs the bind IP

When using a local interface IP as the bind IP in NPRE 3.1_4, once the primary node resumes master after a failover e... Max Leighton

08:34 AM Bug #11180: Filer run action for files on sync that wan't been modified

Sorry "wan't been modified" -> "wasn't been modified" typo. DRago_Angel [InV@DER]

08:33 AM Bug #11180 (Feedback): Filer run action for files on sync that wan't been modified

You have for example 2 files:
1. unbound mod.py which then run command: `unbound-control -c /var/unbound/unbound.con... DRago_Angel [InV@DER]

05:22 AM Feature #11178 (New): Filer do not ask what to do with previous filename

When you create file via Filer plugin and after this rename this file you in most cases wait that previous file was b... DRago_Angel [InV@DER]

12/19/2020

10:42 PM Bug #11175 (Resolved): FRR OSPFv6 config missing default area

Configuring default area in OSPF6 main page is not reflecting in configuration *Services>FRR>OSPF6> OSPF6*
route... Alhusein Zawi

12/18/2020

02:34 PM Bug #11173: Status>Monitoring parameters are hidden by the interactive graph

Not a new problem, it's been like that for a while. Though I don't see an existing entry for it. Jim Pingle

02:29 PM Bug #11173 (Resolved): Status>Monitoring parameters are hidden by the interactive graph

There is text underneath the graph in Status>Monitoring which should show the system name, time period, resolution, a... Max Leighton

06:47 AM Bug #10507 (Resolved): Unable to use forwarders

Tested on the latest snapshot.
It doesn't add _'zone "." { }'_ anymore, if recursion is set to Yes and there are ... Danilo Zrenjanin

04:10 AM Bug #10506 (Resolved): Recursion not working on fresh BIND install

Tested on the latest snapshot. It works fine. Ticket resolved. Danilo Zrenjanin

12/16/2020

07:04 AM Feature #6651: Loopback interfaces

Any movement on this?
This would be really useful. Currently I'm having to create a dummy vlan on a physical nic ... Christian McDonald

03:58 AM Bug #11128 (Resolved): pfblockerng 3.0.0_3 not using upstream proxy for curl feed downloads

Tested on:... Danilo Zrenjanin

03:46 AM Bug #11152 (Resolved): rsync pkg not installed

Tested on:... Danilo Zrenjanin

12/15/2020

12:06 PM Bug #11166 (Rejected): OpenVPN Client installer behaviour when OpenVPN 2.5 is already installed

The OpenVPN client Windows installer changed to an MSI, nothing we can do about that. Request changes upstream in Ope... Jim Pingle

11:45 AM Bug #11166 (Rejected): OpenVPN Client installer behaviour when OpenVPN 2.5 is already installed

Former versions of OpenVPN Client Export allowed for the distribution of the installer that handled pre-existing inst... Gregory Guilmette

11:36 AM Feature #11165 (New): OpenVPN Exporter - Allow for name customization

The Exporter Module creates client configurations that show up in the client workstation with the Netgate/pfSense hos... Gregory Guilmette

07:22 AM Bug #11135 (Pull Request Review): HAproxy OCSP reponse crontab bug

Jim Pingle

07:14 AM Bug #11135: HAproxy OCSP reponse crontab bug

fix:
https://github.com/pfsense/FreeBSD-ports/pull/1006 Viktor Gurov

05:27 AM Feature #11155 (Feedback): SafeSearch AAAA

PR haws been merged. Thanks! Renato Botelho

05:27 AM Bug #11152 (Feedback): rsync pkg not installed

PR haws been merged. Thanks! Renato Botelho

05:24 AM Bug #11107 (Resolved): pfBlockerNG 3.0.0_1 doesn't have some feeds fixes

OK in pfBlockerNG-devel 3.0.0_5 Viktor Gurov

12/14/2020

11:42 PM Feature #11163 (Closed): Preferred Chain option

Add WebGUI option to select Preferred Chain,
see https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
Viktor Gurov

05:07 AM Feature #11148 (Closed): Snort Inline mode note

already there after pressing the 'save' button Viktor Gurov

01:31 AM Feature #11155: SafeSearch AAAA

Google, Youtube and Pixabay IPv6 (AAAA) SafeSearch:
https://github.com/pfsense/FreeBSD-ports/pull/1005 Viktor Gurov

12/12/2020

06:02 PM Bug #11158 (New): FRR Prefix Lists

Adding any value to *Minimum Prefix box* on Prefix Lists will stop receiving/sending the routes from/to the neighbor ... Alhusein Zawi

12/11/2020

10:19 AM Feature #11156 (New): Add an option include subdomains for the noAAAA feature

Thanks for including the noAAAA feature into pfBlockerNG, it works almost as good as the old python script.
But it's... Grimson Gretzleburg

09:23 AM Feature #11155 (Resolved): SafeSearch AAAA

SafeSearch DNS redirection doesn't work for AAAA queries,
must be added/fixed:
forcesafesearch.google.com - 200... Viktor Gurov

07:11 AM Bug #11101: Bind DNS Server won't start

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/16 Viktor Gurov

05:17 AM Bug #11152: rsync pkg not installed

https://github.com/pfsense/FreeBSD-ports/pull/1003 Viktor Gurov

04:15 AM Bug #11152 (Resolved): rsync pkg not installed

It's no possible to use RSYNC format feeds because rsync pkg is not installed:... Viktor Gurov

03:59 AM Bug #11136 (Resolved): Suricata trashcan icon for interface mapping delete has no effect

Tested on:... Danilo Zrenjanin

12/10/2020

09:27 AM Bug #8466: radiusd crash

able to reproduce:... Viktor Gurov

06:09 AM Bug #8466: radiusd crash

Same here on 2.4.5-RELEASE-p1 (amd64) - a nice way of locking yourself out of pfSense :-( Yury Zaytsev

06:32 AM Feature #11113 (Feedback): New phishing feeds

PR has been merged. Thanks! Renato Botelho

06:32 AM Bug #11128 (Feedback): pfblockerng 3.0.0_3 not using upstream proxy for curl feed downloads

PR has been merged. Thanks! Renato Botelho

12:59 AM Feature #11148 (Closed): Snort Inline mode note

It would be better to add a note about Inline mode rule actions,
from https://forum.netgate.com/topic/143812/snort-p... Viktor Gurov

12/07/2020

10:05 AM Bug #11136: Suricata trashcan icon for interface mapping delete has no effect

2.4.5 fix:
https://github.com/pfsense/FreeBSD-ports/pull/1001 Viktor Gurov

07:28 AM Bug #11136 (Feedback): Suricata trashcan icon for interface mapping delete has no effect

PR has been merged. Thanks! Renato Botelho

01:43 AM Bug #11136: Suricata trashcan icon for interface mapping delete has no effect

Fix:
https://github.com/pfsense/FreeBSD-ports/pull/1000 Viktor Gurov

08:28 AM Feature #11138 (New): new WebGUI checkboxes needed

New WebGUI checkboxes needed for these files:
/usr/local/etc/raddb/mods-config/files/authorize
/usr/local/etc/raddb... pf Driver

01:13 AM Bug #7271: Co-existence of unbound and BIND/named

Max Leighton wrote:
> Testing with bind 9.16_6 the default control port is still showing as 953 and conflicting wit... Viktor Gurov

12/06/2020

11:02 PM Bug #10516: FRR Access list

Alhusein Zawi wrote:
> Access list is working as expected on 2.5 but it is not taking an effect until restarting FRR... Viktor Gurov

06:26 PM Bug #11136 (Confirmed): Suricata trashcan icon for interface mapping delete has no effect

Attempting to delete interfaces using the trashcan icon produces system logs:... Steve Wheeler

05:42 PM Bug #11136 (Resolved): Suricata trashcan icon for interface mapping delete has no effect

The GUI offers two ways to delete an interface mapping on the Interfaces tab of Suricata.
Clicking the trashcan i... Max Leighton

02:41 AM Bug #11135: HAproxy OCSP reponse crontab bug

A more proper fix would be :... Stéphane Lapie

02:31 AM Bug #11135: HAproxy OCSP reponse crontab bug

Confirmed that the previous code did work with an older version :
* Old OpenSSL :... Stéphane Lapie

02:12 AM Bug #11135 (Feedback): HAproxy OCSP reponse crontab bug

Context : I have been using pfSense 2.5.0 development snapshots to get TLS 1.3 support.
I have noticed that the OC... Stéphane Lapie

12/05/2020

02:31 PM Bug #11131: pfblockerng-devel 3.0.0_2 logs when logging is disabled

Does the rule tracking ID match the one from the logs? What happens if you disable the rule - does it still get logged? Marcos M

01:43 PM Bug #7271: Co-existence of unbound and BIND/named

Testing with bind 9.16_6 the default control port is still showing as 953 and conflicting with unbound. Max Leighton