pfSense » pfSense Packages

04/20/2021

04:07 PM Feature #11827 (New): Please include acme deploy folder/scripts

The acme project includes a @deploy@ folder with several dozen scripts available to the --deploy-hook switch.
pfSe... Pete Holzmann

02:02 PM Feature #11826 (New): Preserve acme SAN Method parameters for new cert creations

In a given environment, it is very likely that SAN Method parameters (eg API Token) will be identical for every SAN c... Pete Holzmann

07:01 AM Bug #11711: New Squid Status Page Non-Functional

it works fine after disabling SquidGuard Viktor Gurov

04/19/2021

06:23 PM Feature #11823 (New): Route handling enhancements

In some cases, we have hundreds of routes from OSPF protocol and we only want to accept few of them in the local rout... Bruno Solal

02:55 PM Bug #11822 (Resolved): Upgrade ClamAV to 0.103.2

To address https://www.tenable.com/plugins/nessus/148516 ClamAV should be upgraded to 0.103.2 Max Leighton

08:27 AM Bug #11817: Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting

OK, I nuked my pfBLockerNG-devel config as other things were breaking. Please mark this as INVALID as I try again to... Loh Phat

07:31 AM Bug #11817 (Closed): Enabling Firewall / pfBlockerNG / DNSBL / IPv6 DNSBL blocks radvd from starting

Enabling this checkbox adds a line into the radvd.conf file which causes it to choke on startup thus causing IPv6 tra... Loh Phat

04/16/2021

10:37 AM Bug #11392 (Closed): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

Jim Pingle

09:05 AM Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)

Thank you for the suggested patch, but I think the rules update logic is going to need additional changes due to the ... Bill Meeks

03:06 AM Bug #6235: Snort sometimes crashes during rule update process (specifically related to VRT .so rule update?)

This issue still is still there. It happened last night to 2 of our PFSense boxes. Snort crashes due to the update pr... Sander Peterse

04/15/2021

09:49 PM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

fixed.
"bgp network import-check" is shown up in configuration by default.
router bgp 61000
no bgp network i... Alhusein Zawi

04/13/2021

04:10 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port

I can confirm that after upgrading our Netgate XG-7100 from 2.4.5p1 to 21.02.1 this issue began.
Neither the OpenV... Jason B

04/12/2021

08:39 PM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)

Same issue for me also. No flows being exported from the firewall as reported by capture on the firewall. Any ideas o... Nigel Smith

12:15 PM Bug #11802 (New): FreeRADIUS sync

freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that... Michael Schefczyk

06:49 AM Bug #11491: haproxy-devel v0.62_2 - startup error 'httpchk'

More over now HAproxy 2.0 support alpn h2 on backend and from 2.2 it supported on http-check. Also default server par... DRago_Angel [InV@DER]

04/11/2021

05:17 AM Feature #11798 (Duplicate): HA Sync for FRR config

I'm using two pfSense firewalls in a cluster with CARP.
On both FRR is configured but there is no sync option from ... Robert Sailer

04/10/2021

06:27 PM Bug #11797 (Confirmed): Traffic Totals lost upon reboot when using a ramdisk for /var and /tmp

When using a ramdisk for /var and /tmp, RRD Data and log files are saved from the ramdisk to disk on a regular basis ... John Cornwell

09:21 AM Bug #11637: Preprocs - possible to create two defaults

Tested in 2.6.0, and the original behavior is fixed. The GUI still has a slight issue:
When creating a new server ... Max Leighton

04/09/2021

08:24 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash

Resolved in pfBlockerNG v3.0.0_16 BBcan177 .

07:24 AM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

That's what I fixed yesterday but there isn't a new package yet. Wait for pfSense-pkg-frr version 1.1.0_10. Jim Pingle

04/08/2021

11:44 PM Bug #11392: FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

"bgp network import-check" will not be shown up in configuration if I did not enable it once.
if I enabled it it w... Alhusein Zawi

11:18 AM Bug #11392 (Feedback): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

Fixed committed and merged everywhere it is relevant. Jim Pingle

09:44 AM Bug #11392 (In Progress): FRR - Advanced Routing Behavior - Network Import Check: Flag should be reversed

This doesn't add the option when there is no @frrbgpadvanced@ config present, and it should since we want it to be th... Jim Pingle

11:06 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"

Duplicate of #11745 Jim Pingle

10:09 AM Bug #11791 (Duplicate): comp-lzo in Client export is still used when Allow Compression set to "Refuse"

I noticed that the field "Compression" is still being used in client export even when "Refuse any non-stub compressio... chiel chiel

07:20 AM Bug #11637 (Feedback): Preprocs - possible to create two defaults

PR merged on 2.6.0 / 2.5.1. It will be cherry-picked to stable after tests Renato Botelho

04/06/2021

11:45 PM Feature #11749: Option to disable NAT rule creation

I don't want to use the VIP Webservice in general, but the NAT rules are the biggest problem. I can't delete them and... Frank Gouton

07:41 AM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory

Looks like a settings issue, it's got an entry set to need a web root folder but the value is empty. Jim Pingle

01:53 AM Feature #11784 (New): squidguard auto update blacklist option

Would be nice to have an auto update blacklist option with a drop down menu for none, daily, weekly, fortnightly or m... ageekhere ageekhere

04/05/2021

05:44 PM Bug #11783: /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory

user was admin during setup process so permissions to create a director should not have been an issue. Martin Thygesen

05:44 PM Bug #11783 (Not a Bug): /usr/local/pkg/acme/acme_command.sh : Uncaught RuntimeException: Couldn't create directory

Tried to setup acme on new firewall instance using old Key & ID from previous installation
Failed to write directory... Martin Thygesen

12:19 PM Bug #11780 (Rejected): Suricata package fails to prune suricata.log

The suricata package does not prune suricata.log. As a result, suricata.log grows without bound eventually resulting ... Kushdeep Chabba

09:20 AM Bug #11766 (Pull Request Review): Certificate no more pointed "in use" by haproxy

Jim Pingle

04/04/2021

10:32 AM Bug #11766: Certificate no more pointed "in use" by haproxy

fix:
https://github.com/pfsense/FreeBSD-ports/pull/1059 Viktor Gurov

04/02/2021

11:58 AM Bug #11637: Preprocs - possible to create two defaults

This problem is corrected by Pull Request 1058 here: https://github.com/pfsense/FreeBSD-ports/pull/1058. This issue ... Bill Meeks

04/01/2021

12:21 PM Bug #11771: Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name

Nevermind, it's the SSL business. The "Access Darkstat" button tries to use SSL and the browser is complaining and n... Jon V

12:10 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name

There must be something wrong in your testing. The firewall can't tell if it's being accessed by IP address or hostna... Jim Pingle

12:01 PM Bug #11771 (Rejected): Darkstat WebGUI Cannot be accessed when Pfsense is accessed via a DNS name

Lets say you have a DNS entry "pfsense-local" the configuration of Darkstat only works when you navigate to 192.168.1... Jon V

12:00 PM Bug #11768 (Pull Request Review): FRR OSPF - Comment field within the ospf interfaces gets longer and longer

Jim Pingle

11:29 AM Bug #11768: FRR OSPF - Comment field within the ospf interfaces gets longer and longer

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/80 Viktor Gurov

08:56 AM Bug #11768 (Resolved): FRR OSPF - Comment field within the ospf interfaces gets longer and longer

The comment field in the assigned ospf interfaces gets longer e.g.
interface ovpns1
description "ospfd: vpn230 D... Robert Sailer

03:54 AM Bug #11766: Certificate no more pointed "in use" by haproxy

Also seeing this - see my comments in linked thread JohnPoz _

03:37 AM Bug #11766 (Resolved): Certificate no more pointed "in use" by haproxy

https://forum.netgate.com/topic/162606/certificate-no-more-pointed-in-use-by-haproxy:
I've seen in version 2.5 that ... Viktor Gurov

03/31/2021

07:58 AM Bug #11763 (New): Traffic graphs refresh issue

Using Windows 10 20H2 and Chrome 89.
If Main page of pfsense is opened with traffic graphs displayed for a while (... Laurent BONNIN

06:52 AM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash

Thanks @BBcan177, that was exactly it. Leave it to us dumb users to break stuff. lol. Jeff Strand

03:39 AM Bug #11756: HaProxy does not transfer backend states during reload

Hi Viktor, I do not think that the ticket you linked is correct. I am specifically talking about the config option "l... Florian Apolloner

03:11 AM Bug #11756: HaProxy does not transfer backend states during reload

fixed in haproxy-devel: #10599 Viktor Gurov

03/30/2021

08:47 PM Bug #11753: Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash

When you enable Doh/DoT Blocking, you must select atleast one of the lists below. I will add some input validation an... BBcan177 .

04:33 AM Bug #11756 (Feedback): HaProxy does not transfer backend states during reload

When reloading Haproxy (due to config changes for instance) the newly started process does not seem to remember the e... Florian Apolloner

03/29/2021

05:41 PM Bug #11753 (Resolved): Enabling DNS over HTTPS/TLS Blocking in pfBlockerNG Causes Crash

Enabling the "DoH/DoT Blocking" option in "Firewall/pfBlockerNG/DNSBL/DNSBL SafeSearch" menu causes pfSense to crash.... Jeff Strand

01:54 PM Regression #11738 (Feedback): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode

Merged Renato Botelho

08:47 AM Regression #11738 (Pull Request Review): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode

Jim Pingle

08:53 AM Bug #11746 (Pull Request Review): Second LDAP server configuration misses the ipaNThash control attribute

Jim Pingle

08:52 AM Bug #11745 (Pull Request Review): Incorrect compress options in exported configuration when server is set to refuse compression

Jim Pingle

08:12 AM Feature #11719: ACME - Create script for DNSExit API

Netgate maintains the pfSense package for acme.sh (pfSense GUI, code to setup and invoke acme.sh, etc) but we do not ... Jim Pingle

07:55 AM Feature #10859 (Pull Request Review): Add avahi filtering feature to pfSense

Jim Pingle

05:24 AM Feature #11749 (New): Option to disable NAT rule creation

I'd like to have an option to disable the automatic NAT rule creation of DNSBL.
First I'd like to have full manual... Frank Gouton

03/28/2021

06:51 AM Bug #11746: Second LDAP server configuration misses the ipaNThash control attribute

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/79 Viktor Gurov

06:49 AM Bug #11746 (Resolved): Second LDAP server configuration misses the ipaNThash control attribute

Only the first LDAP server configuration contains the ipaNThash control attribute:
https://github.com/pfsense/FreeBS... Viktor Gurov

04:47 AM Bug #11745: Incorrect compress options in exported configuration when server is set to refuse compression

fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/78 Viktor Gurov

04:16 AM Bug #11745 (Resolved): Incorrect compress options in exported configuration when server is set to refuse compression

I create ovpn server. I use it with some options, one of them is "refuse any non-stub compression". Then I use client... Viktor Gurov

12:06 AM Regression #11738: SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/77 Viktor Gurov

03/27/2021

03:39 PM Bug #11742 (Not a Bug): Blocking / Unblocking is not working correctly.

If you turn on blocking for a port via the GUI and then turn the blocking back off. Gui indicates that it is off, but... Ian Mitchell

08:24 AM Regression #11738 (Resolved): SquidGuard 1.16.18_17 Not Filtering Blacklist No-Transparent Mode

Hello.
We found some strange behavior, after upgrade to this version 1.16.18_17
SG stop filtering our blacklist a... Peter Moreno

03/26/2021

11:43 AM Bug #10187: Insertion of ZERO_WIDTH_SPACE into IPv6 addresses make it impossible to use browser find functionality

If this is waiting for me to submit a patch: it ain't coming. Izaac Falken

03/24/2021

08:37 PM Feature #11719: ACME - Create script for DNSExit API

I must be misinterpreting the Netgate Package docs.
Reading from the page https://docs.netgate.com/pfsense/en/late... Mike McV

04:45 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API

We don't write custom scripts at pfSense. Please open a ticket on ACME project for that Renato Botelho

03/23/2021

09:00 PM Bug #11632: unbound service not restarted on pfBlocker-devel install/reinstall

Duplicate issue:
https://redmine.pfsense.org/issues/11398 BBcan177 .

11:18 AM Feature #10859: Add avahi filtering feature to pfSense

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/76 Viktor Gurov

03/22/2021

10:48 PM Feature #11719 (Rejected): ACME - Create script for DNSExit API

Link to tech docs.
https://www.dnsexit.com/dns/dns-api/
This is out of my wheelhouse so any assistance would be... Mike McV