Activity
From 02/20/2022 to 03/21/2022
03/21/2022
-
11:59 PM Feature #10809 (Resolved): IDS/IPS - Notifications when new rule categories are released
-
05:26 PM Feature #10809: IDS/IPS - Notifications when new rule categories are released
- Chiming in to note all is good, notifications are sent when new rule categories appear.
Can be closed. -
04:55 PM Feature #12963: Run nmap scans in the background
- Phil Wardt wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > Add a working test patch that can be copied into Sy... -
- Phil Wardt wrote in #note-2:
> Add a working test patch that can be copied into System Patches package:
Added opt... -
03:35 PM Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month
- In the GUI for version 2.3.2_2, the Interactive Graph and Date Summary are both showing the current data under the wr...
-
- fixes:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/199
03/20/2022
-
-
04:04 PM Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases
- To summarize:
* load the saved @Profile@ value on BFD peer edit
* allow the selection of VIPs for @Local Source Add... -
- Saving the following BFD peer configuration results in no configuration change (checked by looking at @FRR / Status /...
-
- Add a working test patch that can be copied into System Patches package:
-
- Github commit, tested with screen shots:
https://github.com/pfsense/FreeBSD-ports/pull/1148
Note: it properly sup... -
- NMap package cannot actually run from gui because of nginx timeout
This patch adds the following features:
- run ... -
06:14 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
- Also see:
https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting_on_system/
Can also con...
03/19/2022
-
03:21 PM Bug #12917: LoopiaAPI changed
- Jim Pingle wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > acme.sh updated to v3.0.2 in #12886
> >
> > Lo... -
01:37 PM Feature #12718: add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
- was able to start suricata inline mode on igc interface (6100) running 22.01 v6.0.4_1
-
09:11 AM Bug #12951: FRR cannot remove IPv6 routes
- https://github.com/FRRouting/frr/issues/10827
-
- 2022/03/19 02:16:50 BGP: can't connect to 2604:8800:60:240::100 fd 34 : Permission denied
2022/03/19 02:16:50 BGP: c... -
06:31 AM Bug #12777 (Resolved): STunnel writes config.xml on each start
- Tested with Stunnel 5.50_10
It writes to config.xml only after config changes. Ticket resoloved.
03/18/2022
-
12:38 AM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
- Indeed, I've found the commit that caused the regression:
https://github.com/pfsense/FreeBSD-ports/commit/9d8801b498... -
- In suricata/suricata.inc, under "Test the SID token for the PCRE: keyword", the match for the regular expression will...
03/17/2022
-
08:01 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working
- I cannot reproduce any issues with views in the DNS resolver as described. It's possible there is a local issue in pf...
-
03:45 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working
Immediately after updating PfSense+ on Netgate 7100 from v. 21.05.2 to 22.01 the bypass setting for PfBlockerNG sto...-
pfsense 2.6 system
frr log show:
2022/03/16 21:46:42 ZEBRA: [EC 100663303] kernel_rtm: 2606:2800:e004::/48: r...
03/16/2022
-
- When mixing AE ciphers in a P2 with AEAD ciphers (e.g. AES with AES128-GCM), the wizard will generate a script with t...
03/14/2022
-
08:55 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
- I have the same issue. One side of the Wireguard VPN is disabled after reboot. Both sides of the VPN appear to have t...
03/13/2022
-
08:17 PM Feature #9833: ACME: add ability to use custom ACME server
- +1 for this as well.
Just started looking into sorting out the self-signed cert and thought there would be a better ... -
- This works again on 0.7_4.
03/12/2022
-
- Installed HAproxy on the:...
03/11/2022
-
06:51 PM Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid
- https://www.tenable.com/plugins/nessus/156698
pfSense CE 2.6 and pfSense Plus 22.01 use ClamAV 0.104.1,1, which is... -
11:42 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency
- Christian McDonald wrote in #note-2:
> Hi Kevin,
>
> I am having a hard time replicating this based on your initi... -
09:20 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency
- Hi Kevin,
I am having a hard time replicating this based on your initial issue description. Can you please outline... -
11:08 AM Feature #12932 (New): pfblockerng per user whitelist
- Have the ability to not have DNS blocking applied to certain IPs. Right now this can be written into Unbound using cu...
03/10/2022
-
03:42 PM Bug #12623: acme.sh package | DNS-ISPConfig settings
- This one fixes the issue: https://github.com/acmesh-official/acme.sh/commit/01ace11293f4cf27f8e761114f48148bbcbad063
-
- Leaving the Allow Insecure blank, results in a different error:...
-
- I should add, I tested the script and it is placing the correct variables into the environment and the script does se...
-
- The upstream code still has a problem. If you leave "Allow Insecure" blank now it should at least get past that part,...
-
- I'm on 0.7_4 now and still see the exact same error - so no, still not fixed
-
- Viktor Gurov wrote in #note-1:
> acme.sh updated to v3.0.2 in #12886
>
> Looks like we need to update acme.sh mon... -
- acme.sh updated to v3.0.2 in #12886
Looks like we need to update acme.sh monthly/quarterly. -
- This is correct behavior.
The "Raw Config" tab is used for custom configuration:
https://docs.netgate.com/pfsense... -
- about FRR,When using vtysh to save the configuration, any changes to the webgui are invalid.
Because there are man...
03/09/2022
-
- Merged to devel and 22.01/2.6
-
-
- regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar...
-
- Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ...
-
- FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 -
- Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed.
03/07/2022
-
03:51 PM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
- I faced an issue similar to this with the Snort and Suricata packages some time back. I handled it there by always ch...
-
- The base system has no way to scan/inform packages about an interface being removed, it's up to the admin to maintain...
-
09:30 AM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
- Jim Pingle wrote in #note-1:
> PIMD has options to not behave that way.
>
> Sounds like what you really want is t... -
- PIMD has options to not behave that way.
Sounds like what you really want is to have PIMD set to "Bind to None" an... -
- When pfBlockerNG-devel syncs its settings (e.g. custom IPv4 list) to a secondary firewall, the settings on the second...
-
01:54 PM Bug #12917 (Resolved): LoopiaAPI changed
- Any users using LoopiaAPI can't issue or renew certificates. This has been fixed upstream at the below link.
https... -
- Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
pfBlockerNG-devel option "Enable Sync" with "Sync to host(s) d... -
- Fix merged, will be in ACME pkg v 0.7_4.
In the meantime, check the debug option on a certificate and it should wo... -
- Creating a new certificate in ACME is not working properly. The GUI output only shows that it generates the private k...
-
- If we try this again as a debug option we must test this better, at a minimum:
* Creating a new account key should... -
- The debug option added broke several things. It broke the ability to create account keys, and it is breaking new ACME...
-
- Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database...
-
- They are still putting out 2.2.x releases and it's a smaller and therefore safer jump. If that is OK then after a whi...
03/06/2022
-
05:41 PM Feature #9833: ACME: add ability to use custom ACME server
- Manny Tew wrote in #note-5:
> + 1 for this as well. This is critical for proper security in a homelab in 2021+ Inval... -
- At this point, pimd is unaware of nonexistent interfaces. This can lead to a kernel panic.
(My case: I removed newly... -
04:31 AM Feature #11827: Please include acme deploy folder/scripts
- +1 for this as well. Note, the certs seem to be stored in a non-standard acme.sh way under /conf/acme, so more work m...
-
- Kris Phillips wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > HAProxy-devel is already 2.4 (2026-Q2 (LTS))
...
03/05/2022
-
-
- Patch works to correct Apcupsd widget link to status page - applied to 22.01 and 22.05.a.20220305.0600
-
- Sish Kitane wrote in #note-4:
> I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 packag... -
- Viktor Gurov wrote in #note-1:
> HAProxy-devel is already 2.4 (2026-Q2 (LTS))
>
> HAProxy-stable update to 2.2 ve... -
- HAProxy-devel is already 2.4 (2026-Q2 (LTS))
HAProxy-stable update to 2.2 version (2025-Q2 (LTS)):
https://gitlab...
03/04/2022
-
- It sometimes blocks the hosts defined in the selected Pass List. No matter whether you used IP subnet or Alias under ...
-
- The version of HAProxy in stable is very old and due to be unsupported at the end of the year. We should really move...
-
- cherry-picked to 22.01/2.6
-
- Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/fb702643e590f7545cbbaf5bd4e5060f9ab293cc -
- cherry-picked to 22.01/2.6
-
- Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/a6943737bb6b2df2dcc050bd0db5ebf127be2df4
03/03/2022
-
11:16 PM Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk
- This bug causes a delay in boot processing when the ramdisk option is enabled. If the option is disabled, no delay i...
-
02:29 PM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
- >Thanks for the contribution! Its appreciated!
Sure thing! This solves a big problem for me :-)
Your revisions ... -
02:03 PM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
- Great Thanks.
I have done some limited testing and it seems to be ok.
I made some minor formatting changes in ... -
- Ok, all done! https://github.com/pfsense/FreeBSD-ports/pull/1146
-
- Commit: https://github.com/pfsense/FreeBSD-ports/commit/29bab84437fcdde206f205610d341302093fa4f3
Package update is... -
- Fix merged.
-
- This approach is a more comprehensive fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/193
-
-
- fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/192 -
- Merged
03/02/2022
-
04:56 PM Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions
- If any ACME account key is entered into the UI with a trailing space in the name, the pfSense UI becomes unable to ha...
-
-
-
- The latest version of the ACME package now includes the new CAs.
-
- The fix for this is now in the latest ACME package. Please update and test it again to see if it works.
-
- No problems I can find so far. I picked it back to 22.01/2.6.0 for wider testing. Can tackle new issues as they come.
-
- Sure thing! I'll close the other pull request, thanks!
-
- i need setup this. but frr webgui cant add
https://team-cymru.com/community-services/bogon-reference/bogon-refer...
03/01/2022
-
- Thanks for the PR!
There isn't much development in "pfBlockerNG" as everything is taking place in "pfBlockerNG-devel... -
- Merged to devel and plus-devel for testing in snapshots. If it's OK there, can pick back to 22.01/2.6.0
-
- It's been a while since the last upstream sync of acme.sh code and bringing in new providers. Need to sync up the for...
-
- Thank You!
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/4497706f404be238cdfc41dacc00678ab329e575
http... -
- For future reference:
https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/antora/modules/raddb/pages/m... -
- Merged:
https://github.com/pfsense/FreeBSD-ports/commit/086e17ae29cf61d1c09e88167ae73df7877fcae4
02/28/2022
-
- Sometimes it is desirable to tell cURL to use a specific interface when downloading IPv4/IPv6 pass/block lists. For e...
02/27/2022
-
10:47 PM Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details
- I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 package for ntopng solved this and I th...
02/25/2022
-
- Tested on the:...
-
- Works well, closing.
-
-
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188
02/24/2022
-
10:58 AM Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs
- Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
-
10:06 AM Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs
- Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... -
-
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187
-
- 1) Wrong period, mirror date displayed:...
-
- We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ...
02/23/2022
-
05:35 PM Feature #12860: add mmc-utils package to all images
- This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r...
-
04:44 PM Feature #12860 (New): add mmc-utils package to all images
- Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... -
11:51 AM Feature #12658: Adding prometheus metrics to darkstat
- I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... -
07:11 AM Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages
- New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ...
02/22/2022
-
02/21/2022
-
- similar to #9486
-
10:13 AM Bug #12845 (New): softflowd wrong vlan tag
- When I try to send information about the vlan through IPFIX or Netflow v9, the vlan tag is incorrectly entered in the...
-
- Still an issue after updating to Acme 0.6.10_1
-
- fix:
https://github.com/pfsense/FreeBSD-ports/pull/1110 -
- clicking on the widget title results in an error:
https://192.168.1.1/apcupsd.widget.php - 404 not found
Also available in: Atom