Project

General

Profile

Activity

From 03/08/2022 to 04/06/2022

04/06/2022

12:55 PM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
Hi, I have entered the line and received the following antowrt:... Anonymous
10:33 AM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
Shared frontends certificates are saved to the @/var/etc/haproxy/<frontend>.crt_list@
for example:... Viktor Gurov
11:59 AM Bug #13034 (Feedback): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/93b8b43ec23cbe6ae71ad2a792ced07d60589db6 Viktor Gurov
11:34 AM Bug #13034 (Pull Request Review): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Jim Pingle
11:30 AM Bug #13034: Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/209 Viktor Gurov
10:58 AM Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
The Zabbix 6 agent and proxy running on pfSense 2.6.0 fails to set the PSK values from the web GUI in the zabbix conf... Mat Clarke
11:34 AM Bug #13032 (Feedback): openvpn-client-import PHP warning
Merged Viktor Gurov
10:18 AM Bug #13032 (Pull Request Review): openvpn-client-import PHP warning
Jim Pingle
09:31 AM Bug #13032: openvpn-client-import PHP warning
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/50 Viktor Gurov
06:27 AM Bug #13032 (Resolved): openvpn-client-import PHP warning
Crash report shows:... Steve Wheeler

04/05/2022

12:52 PM Bug #12956 (Confirmed): suricata fails to use pcre in SID management (e.g. dropsid.conf)
I'm reopening this issue, as the function @preg_quote@ escapes all special characters, rather than just delimiters.
h... Marcos M
08:12 AM Bug #11343 (Feedback): Invalid link to pfSense-pkg-bind changelog
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a3bbd61e6a0376f80674a83b6bf99e74cb013bc5 Viktor Gurov
07:32 AM Bug #11343 (Pull Request Review): Invalid link to pfSense-pkg-bind changelog
Jim Pingle
01:40 AM Bug #11343: Invalid link to pfSense-pkg-bind changelog
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/206 Viktor Gurov
01:51 AM Bug #10900 (Feedback): /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz
Should be fixed in #11098.
Please re-test. Viktor Gurov

04/04/2022

12:14 PM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
I have taken screenshots of my settings. In principle, the Main Frontent is almost empty, since all settings are cove... Anonymous
07:02 AM Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates
Unable to reproduce with pfSense-pkg-haproxy-devel 0.62_9
Could you provide detailed step-by-step instructions to ... Viktor Gurov
08:17 AM Feature #12963 (Feedback): Run nmap scans in the background
Merged to devel for testing in snapshots. Jim Pingle

04/03/2022

08:29 PM Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Tested on @22.05.a.20220403.0600@; works as expected. Marcos M
06:50 AM Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates
I noticed that when I create sub frontends in HAProxa and enable the "Client verification CA certificates" in them (e... Anonymous

04/02/2022

04:03 AM Feature #12963: Run nmap scans in the background
I squashed commits since the last review
I reviewed and cleaned up some code readability
Updated the attached patch... Phil Wardt

04/01/2022

05:59 PM Bug #13018 (New): TLD and DNSBL Safesearch DOH conflict disables TLD block when conflicting DOH FQDN is deselected or whitelisted
pfBlockerNG-devel 3.1.0_4
If a TLD (example .cn) is blacklisted and conflicts with DNSBL Safesearch DOH blocking (ex... James Wilson
04:27 PM Feature #12963: Run nmap scans in the background
Add No DNS Resolution option for faster scans
Should be completed
Attached patch for pfsense 2.6.0 Phil Wardt
09:53 AM Feature #12963: Run nmap scans in the background
Updated patch to fix this:
- only kill nmap process using the output file created in GUI
- code formatting Phil Wardt
01:36 AM Bug #12814 (Feedback): OpenVPN Client Import does not populate 'remote_cert_tls' option
Merged Viktor Gurov

03/31/2022

04:04 PM Feature #12963: Run nmap scans in the background
I modified the code to disable any custom commands.
This is safer since nmap already changed in the past the -o opti... Phil Wardt
12:22 PM Bug #12818 (Resolved): IP block logging not working
Christopher Cope
12:21 PM Bug #12818: IP block logging not working
Tested and working in... Christopher Cope
12:14 PM Regression #13002 (Feedback): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1a4f1fdbd14484e4ea4630fe4cd16ac777a32f5a Viktor Gurov
07:43 AM Regression #13002 (Pull Request Review): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Jim Pingle
04:59 AM Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/205 Viktor Gurov
11:51 AM Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync
Marcos Mendoza wrote:
> Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
> pfBlockerNG-devel option "Enable Sy... Israel Goldstein

03/30/2022

10:19 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-are-written-to... Viktor Gurov

03/29/2022

02:31 PM Feature #12963 (Pull Request Review): Run nmap scans in the background
Jim Pingle
01:12 PM Bug #12992 (Pull Request Review): error: nbproc is not supported any more since HAProxy 2.5
Jim Pingle
10:13 AM Bug #12995 (Feedback): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/c1a98faf91dee2303b83b9e1f29500241b2700c5 Viktor Gurov
07:40 AM Bug #12995 (Pull Request Review): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Jim Pingle
04:57 AM Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/203 Viktor Gurov
09:42 AM Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade
Duplicate of #11398 Viktor Gurov
08:19 AM Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade
Running system - PfSense Plus 22.01 x64
After upgrading pfBlockerNG-devel from 3.1.0.1 to 3.1.0.2 and from 3.1.0.... Alex BJ

03/28/2022

11:17 PM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I found this bug after having WireGuard stop passing traffic after a WAN GW went down and came back up. Upon restorat... Scott Lykens
09:34 PM Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues
After the nodes are in sync, xmlrpc syn completes successfully. Marcos M
08:52 PM Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Tested on @22.05.a.20220328.0600@.
# Install stunnel on primary node
# Force xmlrpc sync
sync fails and the se... Marcos M
08:16 AM Bug #12992 (Resolved): error: nbproc is not supported any more since HAProxy 2.5
On latest 22.05 snaps, HAProxy-devel 0.62_8 pkg will not start, gives the following error "config : parsing [/var/etc... → luckman212
05:13 AM Feature #12963: Run nmap scans in the background
To disable any code injection risks:
- input is matched against a white list allowing only alphanumeric, spaces (excl... Phil Wardt
05:09 AM Feature #12963: Run nmap scans in the background
After the last nmap changes, I wanted to harmonize the package with "Packet Capture"
https://github.com/pfsense/Free... Phil Wardt

03/27/2022

11:15 AM Bug #12956 (Closed): suricata fails to use pcre in SID management (e.g. dropsid.conf)
The commit says it resolves issue #10244. The reasoning given there is:
> The chosen solution was to mimic the curre... Marcos M

03/25/2022

08:49 AM Bug #12818 (Feedback): IP block logging not working
Should be fixed in pfBlockerNG-devel_3.1.0_3 Viktor Gurov

03/24/2022

02:21 PM Feature #12963: Run nmap scans in the background
Again, noticed the delete icon resource
https://github.com/pfsense/FreeBSD-ports/pull/1152
 Phil Wardt
10:20 AM Feature #12963: Run nmap scans in the background
The Makefile needed an additional fix or it wouldn't compile: https://github.com/pfsense/FreeBSD-ports/commit/d34af18... Jim Pingle
10:05 AM Feature #12963 (Feedback): Run nmap scans in the background
PR merged, thanks! Jim Pingle
11:16 AM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Sure thing, happy to contribute! Charles Hamilton
10:53 AM Feature #12882 (Feedback): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
PR merged, thanks!
https://github.com/pfsense/commit/9e7c6e33857e42fa97ae04e57285ee180643440d
https://github.com... Viktor Gurov
10:48 AM Feature #12795 (Feedback): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/b7a4f7d12cc68460d75ae7204d0e4f8381d6d162
 Viktor Gurov
10:47 AM Bug #12706 (Feedback): pfBlockerNG and unbound does not work after switching /var to RAM disk
Merged:
https://github.com/pfsense/commit/dc4f288b66af9b0ffc6dded8fe128aaeca0a9ac6 Viktor Gurov
10:16 AM Bug #12772 (Resolved): Syslog-ng writes config.xml on each start
Tested against:... Danilo Zrenjanin
09:02 AM Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
*Updated Info:* a decision was made to simply cherry-pick the DEVEL change into the RELENG_2_6_0 branch because the S... Bill Meeks
07:22 AM Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
devel PR merged, left a note on the RELENG_2_6_0 PR as there is an issue there that needs resolved first. Jim Pingle

03/23/2022

03:53 PM Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
A fix for this issue has been posted in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1149 for RELEASE ... Bill Meeks
02:23 PM Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory ... Bill Meeks
09:29 AM Feature #12963: Run nmap scans in the background
Standardize nmap text in description: NMap -> Nmap
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
07:28 AM Feature #12963 (Pull Request Review): Run nmap scans in the background
Jim Pingle
07:41 AM Bug #12917 (Resolved): LoopiaAPI changed
Loopia is working again, based on a comment left on the Github commit: https://github.com/pfsense/FreeBSD-ports/commi... Jim Pingle

03/22/2022

09:24 PM Bug #12951 (Feedback): FRR cannot remove IPv6 routes
There really isn't enough info to determine what may be happening. The error itself can be normal in some cases.
S... Marcos M
03:27 PM Feature #12963: Run nmap scans in the background
Updated TAB and Button names from ...log to "View Results"
Patch attached above
https://github.com/pfsense/FreeBSD-p... Phil Wardt
01:29 AM Feature #12963: Run nmap scans in the background
Github link again
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
01:09 PM Bug #12917 (Feedback): LoopiaAPI changed
The acme.sh project made a new release with the fix, I've updated the ACME package with the new files, should be buil... Jim Pingle
08:14 AM Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month
Duplicate of #9537 -- This is due to Daylight Saving Time and is a known issue in graphs made from vnstat data. Jim Pingle
08:04 AM Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases
Jim Pingle
06:22 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Here are some screenshots for reference.
Note: Disabling Gateway Monitoring and Using Non-local Gateway or using a /... Waqas Khan
06:07 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I am the original author of this post https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting... Waqas Khan

03/21/2022

11:59 PM Feature #10809 (Resolved): IDS/IPS - Notifications when new rule categories are released
Viktor Gurov
05:26 PM Feature #10809: IDS/IPS - Notifications when new rule categories are released
Chiming in to note all is good, notifications are sent when new rule categories appear.
Can be closed. e 1/1
04:55 PM Feature #12963: Run nmap scans in the background
Phil Wardt wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > Add a working test patch that can be copied into Sy... Phil Wardt
07:51 AM Feature #12963: Run nmap scans in the background
Phil Wardt wrote in #note-2:
> Add a working test patch that can be copied into System Patches package:
Added opt... Phil Wardt
03:35 PM Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month
In the GUI for version 2.3.2_2, the Interactive Graph and Date Summary are both showing the current data under the wr... Oren Jellow
08:39 AM Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases
fixes:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/199 Viktor Gurov

03/20/2022

11:56 PM Feature #12718 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
Viktor Gurov
04:04 PM Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases
To summarize:
* load the saved @Profile@ value on BFD peer edit
* allow the selection of VIPs for @Local Source Add... Marcos M
03:58 PM Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases
Saving the following BFD peer configuration results in no configuration change (checked by looking at @FRR / Status /... Marcos M
08:48 AM Feature #12963: Run nmap scans in the background
Add a working test patch that can be copied into System Patches package:
 Phil Wardt
08:23 AM Feature #12963: Run nmap scans in the background
Github commit, tested with screen shots:
https://github.com/pfsense/FreeBSD-ports/pull/1148
Note: it properly sup... Phil Wardt
08:19 AM Feature #12963 (Feedback): Run nmap scans in the background
NMap package cannot actually run from gui because of nginx timeout
This patch adds the following features:
- run ... Phil Wardt
06:14 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Also see:
https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting_on_system/
Can also con... Zep Man

03/19/2022

03:21 PM Bug #12917: LoopiaAPI changed
Jim Pingle wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > acme.sh updated to v3.0.2 in #12886
> >
> > Lo... Nim Djid
01:37 PM Feature #12718: add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
was able to start suricata inline mode on igc interface (6100) running 22.01 v6.0.4_1 Jordan G
09:11 AM Bug #12951: FRR cannot remove IPv6 routes
https://github.com/FRRouting/frr/issues/10827 yon Liu
05:32 AM Bug #12951: FRR cannot remove IPv6 routes
2022/03/19 02:16:50 BGP: can't connect to 2604:8800:60:240::100 fd 34 : Permission denied
2022/03/19 02:16:50 BGP: c... yon Liu
06:31 AM Bug #12777 (Resolved): STunnel writes config.xml on each start
Tested with Stunnel 5.50_10
It writes to config.xml only after config changes. Ticket resoloved. Danilo Zrenjanin

03/18/2022

12:38 AM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
Indeed, I've found the commit that caused the regression:
https://github.com/pfsense/FreeBSD-ports/commit/9d8801b498... Adam CM
12:31 AM Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf)
In suricata/suricata.inc, under "Test the SID token for the PCRE: keyword", the match for the regular expression will... Adam CM

03/17/2022

08:01 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working
I cannot reproduce any issues with views in the DNS resolver as described. It's possible there is a local issue in pf... Jim Pingle
03:45 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working

Immediately after updating PfSense+ on Netgate 7100 from v. 21.05.2 to 22.01 the bypass setting for PfBlockerNG sto... Thomas Kauders
12:52 AM Bug #12951 (Feedback): FRR cannot remove IPv6 routes

pfsense 2.6 system
frr log show:
2022/03/16 21:46:42 ZEBRA: [EC 100663303] kernel_rtm: 2606:2800:e004::/48: r... yon Liu

03/16/2022

11:38 AM Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration
When mixing AE ciphers in a P2 with AEAD ciphers (e.g. AES with AES128-GCM), the wizard will generate a script with t... Marcos M

03/14/2022

08:55 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I have the same issue. One side of the Wireguard VPN is disabled after reboot. Both sides of the VPN appear to have t... B P

03/13/2022

08:17 PM Feature #9833: ACME: add ability to use custom ACME server
+1 for this as well.
Just started looking into sorting out the self-signed cert and thought there would be a better ... David Kemp
11:46 AM Bug #12912 (Resolved): ACME is failing to fully issue a new certificate
This works again on 0.7_4. Marcos M

03/12/2022

02:55 AM Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS
Installed HAproxy on the:... Danilo Zrenjanin

03/11/2022

06:51 PM Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid
https://www.tenable.com/plugins/nessus/156698
pfSense CE 2.6 and pfSense Plus 22.01 use ClamAV 0.104.1,1, which is... Kris Phillips
11:42 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency
Christian McDonald wrote in #note-2:
> Hi Kevin,
>
> I am having a hard time replicating this based on your initi... Kevin Mychal Ong
09:20 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency
Hi Kevin,
I am having a hard time replicating this based on your initial issue description. Can you please outline... Christian McDonald
11:08 AM Feature #12932 (New): pfblockerng per user whitelist
Have the ability to not have DNS blocking applied to certain IPs. Right now this can be written into Unbound using cu... Mike Moore

03/10/2022

03:42 PM Bug #12623: acme.sh package | DNS-ISPConfig settings
This one fixes the issue: https://github.com/acmesh-official/acme.sh/commit/01ace11293f4cf27f8e761114f48148bbcbad063 Morten Trab
03:05 PM Bug #12623: acme.sh package | DNS-ISPConfig settings
Leaving the Allow Insecure blank, results in a different error:... Morten Trab
02:37 PM Bug #12623: acme.sh package | DNS-ISPConfig settings
I should add, I tested the script and it is placing the correct variables into the environment and the script does se... Jim Pingle
02:32 PM Bug #12623 (New): acme.sh package | DNS-ISPConfig settings
The upstream code still has a problem. If you leave "Allow Insecure" blank now it should at least get past that part,... Jim Pingle
06:35 AM Bug #12623: acme.sh package | DNS-ISPConfig settings
I'm on 0.7_4 now and still see the exact same error - so no, still not fixed Morten Trab
06:45 AM Bug #12917: LoopiaAPI changed
Viktor Gurov wrote in #note-1:
> acme.sh updated to v3.0.2 in #12886
>
> Looks like we need to update acme.sh mon... Jim Pingle
02:07 AM Bug #12917: LoopiaAPI changed
acme.sh updated to v3.0.2 in #12886
Looks like we need to update acme.sh monthly/quarterly. Viktor Gurov
06:10 AM Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid
This is correct behavior.
The "Raw Config" tab is used for custom configuration:
https://docs.netgate.com/pfsense... Viktor Gurov
05:45 AM Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid
about FRR,When using vtysh to save the configuration, any changes to the webgui are invalid.
Because there are man... yon Liu

03/09/2022

12:38 PM Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Merged to devel and 22.01/2.6 Viktor Gurov
07:34 AM Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs
Jim Pingle
07:10 AM Bug #12869 (New): Bind DNS Package AAAA filtering Broken on new ZFS Installs
regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar... Viktor Gurov
10:59 AM Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistency
Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ... Kevin Mychal Ong
10:57 AM Bug #12898: Update HAProxy Backend to Latest LTS
FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 Viktor Gurov
08:05 AM Bug #12898 (Feedback): Update HAProxy Backend to Latest LTS
Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed. Viktor Gurov
 

Also available in: Atom