Project

General

Profile

Activity

From 03/17/2022 to 04/15/2022

04/15/2022

06:03 PM Bug #10426: Filer must validate that File name is uniq
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/214 Christopher Cope
02:54 PM Bug #12338: RRD Summary does not report data on 3100
Same issue on a 3100 Alan Wilson
11:16 AM Feature #12795 (Resolved): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist
Tested on 3.1.0_4
in... Christopher Cope

04/12/2022

11:49 AM Bug #13053 (Closed): LoopiaAPI error handling
In the latest package for ACME the update for LoopiaAPI introduced some code that is incompatible with FreeBSD. This ... Christopher Cope
07:41 AM Bug #13050 (Feedback): ACME update EasyDNS inline api sign-up link
PR merged, thanks! Jim Pingle
02:39 AM Bug #13050: ACME update EasyDNS inline api sign-up link
Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1156 Rowan Moul
02:37 AM Bug #13050 (Resolved): ACME update EasyDNS inline api sign-up link
The inline api key sign-up link for EasyDNS points to a legacy page, giving the impression that the integration is ou... Rowan Moul

04/11/2022

01:20 PM Bug #12948 (Feedback): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration
Merged Viktor Gurov
10:28 AM Bug #12948 (Pull Request Review): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration
Jim Pingle
09:55 AM Bug #12948: IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/51 Viktor Gurov
12:55 PM Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync
fix:
https://github.com/pfsense/FreeBSD-ports/pull/1158 Viktor Gurov
11:58 AM Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0
Thanks, just tested on snapshots and I can confirm this works as expected on 22.05 snapshots. It does not appear to w... Adam Goldberg
11:54 AM Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0
I can't reproduce that here on snapshots. I have no group rules, only rules on assigned WG interfaces. Traffic passes... Jim Pingle
11:50 AM Bug #13047: Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0
This likely needs to be re-opened. Even with the group rule removed and also disabled, interface rules are ignored.
Adam Goldberg
10:22 AM Bug #13047 (Not a Bug): Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0
Group rules (such as the WireGuard tab) are processed before per-interface rules. Assigned WireGuard interfaces are s... Jim Pingle
10:08 AM Bug #13047 (Not a Bug): Firewall rules on WireGuard interfaces ignored, state counters not updating and always show 0/0
Firewall rules added to "WireGuard" are processed, but rules added to specific interfaces are ignored.
This issue... Adam Goldberg
09:40 AM Bug #13045 (New): Firewall floating rules ignore WireGuard traffic
When adding a floating rule to apply a limiter targeting traffic on a WireGuard interface, the rule is ignored.
Ad... Adam Goldberg
09:19 AM Feature #13044 (New): Customized reporting
Status >> Email Reports
Request: The ability to create custom reporting so that columns and headers can be part of... Mike Moore
09:15 AM Bug #13043 (New): OSPF over Wireguard interface doesn't populate neighbors after reboot
Running pfSense Plus 22.02 and the latest Wireguard (0.1.6_1) and FRR (1.1.1_6 / 7.5.1_3) packages. OSPF works as exp... Adam Goldberg

04/10/2022

11:03 AM Feature #13039 (New): Handle transit gateway VPNs in the AWS VPN wizard
I think the AWS VPN Wizard should not only handle VPC VPN connections, but also attachements to a transit gateway, fr... Soeren Malchow
10:36 AM Bug #12924: DNS Resolver WireGuard ACL Inconsistency
Hey Christian. Were you able to recreate this problem already? Kevin Mychal Ong

04/09/2022

01:11 PM Bug #13032 (Resolved): openvpn-client-import PHP warning
Tested on the:... Danilo Zrenjanin
01:08 PM Bug #12814 (Resolved): OpenVPN Client Import does not populate 'remote_cert_tls' option
Tested on the:... Danilo Zrenjanin

04/08/2022

12:22 PM Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync
I can confirm this issue also on a HA pair running 22.01. We have had this issue since switching to pfBlockerNG-devel... Alexander Lindqvist

04/07/2022

11:31 AM Feature #9833: ACME: add ability to use custom ACME server
+1 for this! Just set up step-ca and would love having this functionality too. Connor McBrine-Ellis

04/06/2022

12:55 PM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
Hi, I have entered the line and received the following antowrt:... Anonymous
10:33 AM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
Shared frontends certificates are saved to the @/var/etc/haproxy/<frontend>.crt_list@
for example:... Viktor Gurov
11:59 AM Bug #13034 (Feedback): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/93b8b43ec23cbe6ae71ad2a792ced07d60589db6 Viktor Gurov
11:34 AM Bug #13034 (Pull Request Review): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
Jim Pingle
11:30 AM Bug #13034: Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/209 Viktor Gurov
10:58 AM Bug #13034 (Resolved): Zabbix6 Agent and Proxy fail to set the PSK from the web GUI in its conf files
The Zabbix 6 agent and proxy running on pfSense 2.6.0 fails to set the PSK values from the web GUI in the zabbix conf... Mat Clarke
11:34 AM Bug #13032 (Feedback): openvpn-client-import PHP warning
Merged Viktor Gurov
10:18 AM Bug #13032 (Pull Request Review): openvpn-client-import PHP warning
Jim Pingle
09:31 AM Bug #13032: openvpn-client-import PHP warning
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/50 Viktor Gurov
06:27 AM Bug #13032 (Resolved): openvpn-client-import PHP warning
Crash report shows:... Steve Wheeler

04/05/2022

12:52 PM Bug #12956 (Confirmed): suricata fails to use pcre in SID management (e.g. dropsid.conf)
I'm reopening this issue, as the function @preg_quote@ escapes all special characters, rather than just delimiters.
h... Marcos M
08:12 AM Bug #11343 (Feedback): Invalid link to pfSense-pkg-bind changelog
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/a3bbd61e6a0376f80674a83b6bf99e74cb013bc5 Viktor Gurov
07:32 AM Bug #11343 (Pull Request Review): Invalid link to pfSense-pkg-bind changelog
Jim Pingle
01:40 AM Bug #11343: Invalid link to pfSense-pkg-bind changelog
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/206 Viktor Gurov
01:51 AM Bug #10900 (Feedback): /packages/backup/backup.php?a=download&t=backup HTTP 504, or Sends PHP Error Message as ASCII/Text file Named pfsense.bak.tgz
Should be fixed in #11098.
Please re-test. Viktor Gurov

04/04/2022

12:14 PM Bug #13022: HAProxy - Sub Frontends ignore Client verification CA certificates
I have taken screenshots of my settings. In principle, the Main Frontent is almost empty, since all settings are cove... Anonymous
07:02 AM Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates
Unable to reproduce with pfSense-pkg-haproxy-devel 0.62_9
Could you provide detailed step-by-step instructions to ... Viktor Gurov
08:17 AM Feature #12963 (Feedback): Run nmap scans in the background
Merged to devel for testing in snapshots. Jim Pingle

04/03/2022

08:29 PM Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Tested on @22.05.a.20220403.0600@; works as expected. Marcos M
06:50 AM Bug #13022 (Feedback): HAProxy - Sub Frontends ignore Client verification CA certificates
I noticed that when I create sub frontends in HAProxa and enable the "Client verification CA certificates" in them (e... Anonymous

04/02/2022

04:03 AM Feature #12963: Run nmap scans in the background
I squashed commits since the last review
I reviewed and cleaned up some code readability
Updated the attached patch... Phil Wardt

04/01/2022

05:59 PM Bug #13018 (New): TLD and DNSBL Safesearch DOH conflict disables TLD block when conflicting DOH FQDN is deselected or whitelisted
pfBlockerNG-devel 3.1.0_4
If a TLD (example .cn) is blacklisted and conflicts with DNSBL Safesearch DOH blocking (ex... James Wilson
04:27 PM Feature #12963: Run nmap scans in the background
Add No DNS Resolution option for faster scans
Should be completed
Attached patch for pfsense 2.6.0 Phil Wardt
09:53 AM Feature #12963: Run nmap scans in the background
Updated patch to fix this:
- only kill nmap process using the output file created in GUI
- code formatting Phil Wardt
01:36 AM Bug #12814 (Feedback): OpenVPN Client Import does not populate 'remote_cert_tls' option
Merged Viktor Gurov

03/31/2022

04:04 PM Feature #12963: Run nmap scans in the background
I modified the code to disable any custom commands.
This is safer since nmap already changed in the past the -o opti... Phil Wardt
12:22 PM Bug #12818 (Resolved): IP block logging not working
Christopher Cope
12:21 PM Bug #12818: IP block logging not working
Tested and working in... Christopher Cope
12:14 PM Regression #13002 (Feedback): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/1a4f1fdbd14484e4ea4630fe4cd16ac777a32f5a Viktor Gurov
07:43 AM Regression #13002 (Pull Request Review): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
Jim Pingle
04:59 AM Regression #13002: BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/205 Viktor Gurov
11:51 AM Bug #12916: pfBlockerNG-devel cron job does not trigger xmlrpc sync
Marcos Mendoza wrote:
> Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
> pfBlockerNG-devel option "Enable Sy... Israel Goldstein

03/30/2022

10:19 AM Regression #13002 (Resolved): BIND 9.16_13 could not find existing DNSSEC keys at /cf/named/etc/namedb/keys due to directory change
https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-are-written-to... Viktor Gurov

03/29/2022

02:31 PM Feature #12963 (Pull Request Review): Run nmap scans in the background
Jim Pingle
01:12 PM Bug #12992 (Pull Request Review): error: nbproc is not supported any more since HAProxy 2.5
Jim Pingle
10:13 AM Bug #12995 (Feedback): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/c1a98faf91dee2303b83b9e1f29500241b2700c5 Viktor Gurov
07:40 AM Bug #12995 (Pull Request Review): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Jim Pingle
04:57 AM Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/203 Viktor Gurov
09:42 AM Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade
Duplicate of #11398 Viktor Gurov
08:19 AM Bug #12996 (Duplicate): DNS Resolver needs to run manually after pfBlockerNG-devel package upgrade
Running system - PfSense Plus 22.01 x64
After upgrading pfBlockerNG-devel from 3.1.0.1 to 3.1.0.2 and from 3.1.0.... Alex BJ

03/28/2022

11:17 PM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I found this bug after having WireGuard stop passing traffic after a WAN GW went down and came back up. Upon restorat... Scott Lykens
09:34 PM Bug #12995: Installing stunnel only on the primary HA node leads to php crashes and sync issues
After the nodes are in sync, xmlrpc syn completes successfully. Marcos M
08:52 PM Bug #12995 (Resolved): Installing stunnel only on the primary HA node leads to php crashes and sync issues
Tested on @22.05.a.20220328.0600@.
# Install stunnel on primary node
# Force xmlrpc sync
sync fails and the se... Marcos M
08:16 AM Bug #12992 (Resolved): error: nbproc is not supported any more since HAProxy 2.5
On latest 22.05 snaps, HAProxy-devel 0.62_8 pkg will not start, gives the following error "config : parsing [/var/etc... → luckman212
05:13 AM Feature #12963: Run nmap scans in the background
To disable any code injection risks:
- input is matched against a white list allowing only alphanumeric, spaces (excl... Phil Wardt
05:09 AM Feature #12963: Run nmap scans in the background
After the last nmap changes, I wanted to harmonize the package with "Packet Capture"
https://github.com/pfsense/Free... Phil Wardt

03/27/2022

11:15 AM Bug #12956 (Closed): suricata fails to use pcre in SID management (e.g. dropsid.conf)
The commit says it resolves issue #10244. The reasoning given there is:
> The chosen solution was to mimic the curre... Marcos M

03/25/2022

08:49 AM Bug #12818 (Feedback): IP block logging not working
Should be fixed in pfBlockerNG-devel_3.1.0_3 Viktor Gurov

03/24/2022

02:21 PM Feature #12963: Run nmap scans in the background
Again, noticed the delete icon resource
https://github.com/pfsense/FreeBSD-ports/pull/1152
 Phil Wardt
10:20 AM Feature #12963: Run nmap scans in the background
The Makefile needed an additional fix or it wouldn't compile: https://github.com/pfsense/FreeBSD-ports/commit/d34af18... Jim Pingle
10:05 AM Feature #12963 (Feedback): Run nmap scans in the background
PR merged, thanks! Jim Pingle
11:16 AM Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
Sure thing, happy to contribute! Charles Hamilton
10:53 AM Feature #12882 (Feedback): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists
PR merged, thanks!
https://github.com/pfsense/commit/9e7c6e33857e42fa97ae04e57285ee180643440d
https://github.com... Viktor Gurov
10:48 AM Feature #12795 (Feedback): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/b7a4f7d12cc68460d75ae7204d0e4f8381d6d162
 Viktor Gurov
10:47 AM Bug #12706 (Feedback): pfBlockerNG and unbound does not work after switching /var to RAM disk
Merged:
https://github.com/pfsense/commit/dc4f288b66af9b0ffc6dded8fe128aaeca0a9ac6 Viktor Gurov
10:16 AM Bug #12772 (Resolved): Syslog-ng writes config.xml on each start
Tested against:... Danilo Zrenjanin
09:02 AM Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
*Updated Info:* a decision was made to simply cherry-pick the DEVEL change into the RELENG_2_6_0 branch because the S... Bill Meeks
07:22 AM Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
devel PR merged, left a note on the RELENG_2_6_0 PR as there is an issue there that needs resolved first. Jim Pingle

03/23/2022

03:53 PM Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
A fix for this issue has been posted in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1149 for RELEASE ... Bill Meeks
02:23 PM Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name
Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory ... Bill Meeks
09:29 AM Feature #12963: Run nmap scans in the background
Standardize nmap text in description: NMap -> Nmap
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
07:28 AM Feature #12963 (Pull Request Review): Run nmap scans in the background
Jim Pingle
07:41 AM Bug #12917 (Resolved): LoopiaAPI changed
Loopia is working again, based on a comment left on the Github commit: https://github.com/pfsense/FreeBSD-ports/commi... Jim Pingle

03/22/2022

09:24 PM Bug #12951 (Feedback): FRR cannot remove IPv6 routes
There really isn't enough info to determine what may be happening. The error itself can be normal in some cases.
S... Marcos M
03:27 PM Feature #12963: Run nmap scans in the background
Updated TAB and Button names from ...log to "View Results"
Patch attached above
https://github.com/pfsense/FreeBSD-p... Phil Wardt
01:29 AM Feature #12963: Run nmap scans in the background
Github link again
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
01:09 PM Bug #12917 (Feedback): LoopiaAPI changed
The acme.sh project made a new release with the fix, I've updated the ACME package with the new files, should be buil... Jim Pingle
08:14 AM Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month
Duplicate of #9537 -- This is due to Daylight Saving Time and is a known issue in graphs made from vnstat data. Jim Pingle
08:04 AM Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases
Jim Pingle
06:22 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Here are some screenshots for reference.
Note: Disabling Gateway Monitoring and Using Non-local Gateway or using a /... Waqas Khan
06:07 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
I am the original author of this post https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting... Waqas Khan

03/21/2022

11:59 PM Feature #10809 (Resolved): IDS/IPS - Notifications when new rule categories are released
Viktor Gurov
05:26 PM Feature #10809: IDS/IPS - Notifications when new rule categories are released
Chiming in to note all is good, notifications are sent when new rule categories appear.
Can be closed. e 1/1
04:55 PM Feature #12963: Run nmap scans in the background
Phil Wardt wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > Add a working test patch that can be copied into Sy... Phil Wardt
07:51 AM Feature #12963: Run nmap scans in the background
Phil Wardt wrote in #note-2:
> Add a working test patch that can be copied into System Patches package:
Added opt... Phil Wardt
03:35 PM Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month
In the GUI for version 2.3.2_2, the Interactive Graph and Date Summary are both showing the current data under the wr... Oren Jellow
08:39 AM Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases
fixes:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/199 Viktor Gurov

03/20/2022

11:56 PM Feature #12718 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
Viktor Gurov
04:04 PM Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases
To summarize:
* load the saved @Profile@ value on BFD peer edit
* allow the selection of VIPs for @Local Source Add... Marcos M
03:58 PM Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases
Saving the following BFD peer configuration results in no configuration change (checked by looking at @FRR / Status /... Marcos M
08:48 AM Feature #12963: Run nmap scans in the background
Add a working test patch that can be copied into System Patches package:
 Phil Wardt
08:23 AM Feature #12963: Run nmap scans in the background
Github commit, tested with screen shots:
https://github.com/pfsense/FreeBSD-ports/pull/1148
Note: it properly sup... Phil Wardt
08:19 AM Feature #12963 (Feedback): Run nmap scans in the background
NMap package cannot actually run from gui because of nginx timeout
This patch adds the following features:
- run ... Phil Wardt
06:14 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted
Also see:
https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting_on_system/
Can also con... Zep Man

03/19/2022

03:21 PM Bug #12917: LoopiaAPI changed
Jim Pingle wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > acme.sh updated to v3.0.2 in #12886
> >
> > Lo... Nim Djid
01:37 PM Feature #12718: add igc(4) to the list of INLINE mode (iflib/netmap) supported cards
was able to start suricata inline mode on igc interface (6100) running 22.01 v6.0.4_1 Jordan G
09:11 AM Bug #12951: FRR cannot remove IPv6 routes
https://github.com/FRRouting/frr/issues/10827 yon Liu
05:32 AM Bug #12951: FRR cannot remove IPv6 routes
2022/03/19 02:16:50 BGP: can't connect to 2604:8800:60:240::100 fd 34 : Permission denied
2022/03/19 02:16:50 BGP: c... yon Liu
06:31 AM Bug #12777 (Resolved): STunnel writes config.xml on each start
Tested with Stunnel 5.50_10
It writes to config.xml only after config changes. Ticket resoloved. Danilo Zrenjanin

03/18/2022

12:38 AM Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf)
Indeed, I've found the commit that caused the regression:
https://github.com/pfsense/FreeBSD-ports/commit/9d8801b498... Adam CM
12:31 AM Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf)
In suricata/suricata.inc, under "Test the SID token for the PCRE: keyword", the match for the regular expression will... Adam CM

03/17/2022

08:01 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working
I cannot reproduce any issues with views in the DNS resolver as described. It's possible there is a local issue in pf... Jim Pingle
03:45 AM Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working

Immediately after updating PfSense+ on Netgate 7100 from v. 21.05.2 to 22.01 the bypass setting for PfBlockerNG sto... Thomas Kauders
12:52 AM Bug #12951 (Feedback): FRR cannot remove IPv6 routes

pfsense 2.6 system
frr log show:
2022/03/16 21:46:42 ZEBRA: [EC 100663303] kernel_rtm: 2606:2800:e004::/48: r... yon Liu
 

Also available in: Atom