Project

General

Profile

Activity

From 04/26/2022 to 05/25/2022

05/25/2022

04:03 PM Todo #13190: Update System_Patches package for pfSense+ 22.05
Tested on... Christopher Cope
08:20 AM Bug #13214 (Pull Request Review): AttributeError: 'NoneType' object has no attribute 'text'
Jim Pingle
02:57 AM Bug #13214: AttributeError: 'NoneType' object has no attribute 'text'
Updated pull request [[https://github.com/pfsense/FreeBSD-ports/pull/1168]] Ian Grindley
02:51 AM Bug #13214 (Resolved): AttributeError: 'NoneType' object has no attribute 'text'
After installing Prometheus node_exporter error messages appeared containing the following:
Arpwatch Notification ... Ian Grindley
03:50 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Azamat Khakimyanov wrote:
> I think parsing function pfb_daemon_filterlog from https://gist.githubusercontent.com/BB... Djerk Geurts

05/24/2022

12:44 PM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Happy to provide more detail if needed.
Regarding the interfaces, we actually have 4 wan interfaces and all internal... Djerk Geurts
07:50 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
Customer created this topic on forum: https://forum.netgate.com/topic/172322/ip_block-log-entry-query-direction Azamat Khakimyanov
07:38 AM Bug #13209 (New): Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion
According to our customer he got weird pfBlockeNG log in 'ip_block.log' file.
For example
_May 20 16:23:12,16530438... Azamat Khakimyanov
04:56 AM Feature #13207 (New): The feed column on the Alerts page is confusing
When you look at your alerts in the feed column, and per row, there are 2 records present, the current detection and ... Jon Brown

05/23/2022

08:58 AM Bug #13202 (New): Missing Protocols on IP Feed Groups Advanced Inbound/Outbound Firewall Rule settings
While messing around with IP Block list feeds, I found a feed that was very restrictive but it only seemed to block u... Jon Brown
08:04 AM Todo #13190 (Feedback): Update System_Patches package for pfSense+ 22.05
Merged. Jim Pingle
12:35 AM Todo #13190 (Pull Request Review): Update System_Patches package for pfSense+ 22.05
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/240 Marcos M
06:34 AM Feature #13201 (New): Add FireHol Security IP Feeds
I have found an excellent repository of automatically created IP security feeds that should be added to pfBlockerNG f... Jon Brown
06:16 AM Feature #13200 (New): Custom DNS Servers for Alert settings
I am running DNS Hijacking so all DNS/DoT/DoH is run through pfSense and then forwarded securley to Quad9 using DoT.
... Jon Brown
06:05 AM Feature #13196: remove NoVirusThanks feed
Cannot edit issue, this should be a BUG Jon Brown
05:28 AM Feature #13196 (New): remove NoVirusThanks feed
NoVirusThanks / NVT_BL / http://www.ipspamlist.com/public_feeds.csv
This is a dead feed, although it is a valid li... Jon Brown
06:05 AM Feature #13198: Dark Theme Styling issues - Alerts White bar
Cannot edit issue, this should be a BUG Jon Brown
05:56 AM Feature #13198 (New): Dark Theme Styling issues - Alerts White bar
When running the Dark Theme there are information bars that are white (not styled properly) that are hard to read unl... Jon Brown
06:03 AM Feature #13199 (New): Feed groups should not have the first listing in the group bar
Currently when a new group is created with a single or multiple feeds in it, the first row is always grey with the fi... Jon Brown
05:35 AM Feature #13197 (New): Put a Single donation link and a proper patreon lin in the pfBlocker Support Banner / Widget
On the pfBlockerNG support banner I would like the ability to make a single donation, PayPal maybe.
I think that i... Jon Brown
05:22 AM Feature #13195 (New): Dedicated website for Feed mangement - Community Driven
What would be useful is a website where end users could submit new feeds, flag dead ones, and rate current feeds.
... Jon Brown
05:16 AM Bug #13194 (New): Remove dead Malc0de feed
the following feeds need removing because they are dead:
* PRI4 / Malc0de / https://malc0de.com/bl/BOOT
the websi... Jon Brown

05/21/2022

05:57 PM Todo #13190: Update System_Patches package for pfSense+ 22.05
That's expected with those patches in 22.05. The system patches package should be updated for 22.05. Steve Wheeler
04:40 PM Todo #13190: Update System_Patches package for pfSense+ 22.05
Fixed subject spelling error. Kris Phillips
04:38 PM Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05
The System_Patches package shows patches "pre-applied" that are fixes from 22.01 going into 22.05. It also recommend... Kris Phillips
05:24 PM Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration
Now works correctly. Marcos M

05/18/2022

12:51 AM Bug #13180: High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4
not sure why there is strike-through and cannot edit original but this is line of significance in OP:
root 12912 2... RED SKULL
12:48 AM Bug #13180 (Duplicate): High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4
SPECS:
-----
4 core Broadwell Xeon with SMT disabled in BIOS (0 logical cores)
32 GB DDR4 RAM
Powerd set to Maxi... RED SKULL

05/17/2022

09:45 AM Feature #13179 (New): Search based on CIDR
Search in Alerts for IPs that fall within a range instead of searching for a /32 source address
For example, if I se... Mike Moore

05/16/2022

08:00 AM Bug #13166 (Pull Request Review): IPsec Export: Apple Profile generates invalid configuration
Jim Pingle
02:53 AM Bug #13166: IPsec Export: Apple Profile generates invalid configuration
fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/56 Viktor Gurov

05/15/2022

02:43 PM Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration
Using 3DES for IPsec P1 and P2, the exported apple profile shows @DES3@ instead of @3DES@. This prevented a MacOS lap... Marcos M
02:33 PM Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration
Now works. Marcos M
10:47 AM Bug #13115: WireGuard panic due to KBI changes in ```udp_tun_func_t()```
@cmcdonald looks like John/Trond worked up a patch and it's been committed, see https://cgit.freebsd.org/ports/commit... → luckman212

05/13/2022

12:06 PM Feature #13160 (Pull Request Review): Option to sort monitoring graph views
Jim Pingle
10:24 AM Feature #13160: Option to sort monitoring graph views
updated PR: https://github.com/pfsense/FreeBSD-ports/pull/1167
I reworked this so everything is self-contained in ... → luckman212
12:06 AM Feature #13160 (Pull Request Review): Option to sort monitoring graph views
By default, RRD (Status -> Monitoring) tabs are just displayed in order of creation. This can get a bit messy. This s... → luckman212
09:01 AM Bug #13153 (Feedback): Static routes bound to WireGuard interfaces are not restored after down / up events
Merged https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/152 and synced upstream. Look for v0.1.6_2 of the... Christian McDonald

05/12/2022

08:30 PM Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events
I also played around with @devd@, adding something like this to @/usr/local/etc/devd/custom.conf@:... → luckman212
08:12 PM Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events
I found what appears to be the cause, and submitted a small PR:
https://github.com/theonemcdonald/pfSense-pkg-Wire... → luckman212
08:24 AM Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events
h5. This was tested on today's 22.05 snap: 22.05.b.20220512.0600 using WG package 0.1.6_1 / kmod-0.0.20211105_1 
h... → luckman212
11:18 AM Regression #13156: pfBlockerNG IP block stats do not work
pfBlockerNG page shows:
> When manually creating 'Alias' type firewall rules; Prefix the Firewall rule Description wi... Marcos M
11:16 AM Regression #13156 (Resolved): pfBlockerNG IP block stats do not work
On 22.01, the filter log rules description includes the rule id in parenthesis. This breaks the IP block tracking for... Marcos M
08:50 AM Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/8e2872d9734568b53d87285de1c50a21f0560551 Viktor Gurov
08:14 AM Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346
Jim Pingle
12:58 AM Todo #12354 (New): Update haproxy-devel to mitigate CVE-2021-40346
revert:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/237 Viktor Gurov
08:46 AM Bug #13154: pfBlocker causing excessive CPU load
I'm also the OP for that ticket, too. Michael Novotny
08:44 AM Bug #13154 (Duplicate): pfBlocker causing excessive CPU load
Almost certainly a duplicate of #12827 and not a unique issue. Jim Pingle
08:42 AM Bug #13154 (Resolved): pfBlocker causing excessive CPU load
After killing that process (/usr/local/bin/php_pfb), my bandwidth & CPU usage was back to normal.
I'm running this o... Michael Novotny

05/11/2022

11:18 AM Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346
Want to tell again on version of haproxy that now this actions not needed, please remove them DRago_Angel [InV@DER]
10:14 AM Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346
This patch seems to conflict with http-request redirect action:... Micha Kersloot

05/10/2022

07:25 PM Bug #13115 (Feedback): WireGuard panic due to KBI changes in ```udp_tun_func_t()```
Christian McDonald

05/09/2022

05:33 PM Bug #13141 (New): wrong page squidguard block
when i using squid+squidguard, a few versions before I could use redirect mode external url move.
So there i was put... Robson Ferreira

05/08/2022

01:50 AM Feature #13135: Add dibdot DoH-IP-blocklists feeds
https://github.com/pfsense/FreeBSD-ports/pull/1165 Viktor Gurov

05/07/2022

02:52 AM Feature #13138 (New): DNS over HTTPS/TLS Blocking should be removed from SafeSearch
Currently there is an option for DNS over HTTPS/TLS Blocking located
Firewall --> pfBlockerNG --> DNSBL --> DNSBL ... Jon Brown
02:39 AM Feature #13137 (New): ckuethe/doh-blocklist.txt add to DoH feeds
This Gist is a list of DoH servers scraped from https://github.com/curl/curl/wiki/DNS-over-HTTPS which is referenced ... Jon Brown
02:27 AM Feature #13136 (New): Add crypt0rr DNS-over-HTTPS (DOH) provider list feeds
A simple list with public DNS-over-HTTPS (DOH) providers so you can easily block them.
* The list is based on DNS ... Jon Brown
02:18 AM Feature #13135 (Resolved): Add dibdot DoH-IP-blocklists feeds
This is a large list of DoH servers and the list has been recently updated.
GitHub Repo: https://github.com/dibdo... Jon Brown

05/06/2022

02:38 PM Feature #13063 (Pull Request Review): Improve modem support
Jim Pingle
02:59 AM Feature #13063: Improve modem support
One more update to provide full support for Quectel EC25 and ensure compatibility with more candidate modems by utili... Konstantinos Kondylis

05/05/2022

04:39 AM Bug #13113 (Resolved): BIND widget uses old/bad path to .conf file
Tested:... Danilo Zrenjanin
04:34 AM Bug #13104 (Resolved): BIND: Unable to fetch namd root file
Tested:... Danilo Zrenjanin
01:55 AM Bug #13128: Zabbix Agent 6: HA Server Setup
The "Correct Place" in Zabbix Agent 6.0 to configure would be "ServerActive" (https://github.com/zabbix/zabbix/blob/m... Christian Bönning

05/04/2022

02:31 PM Bug #13128 (Confirmed): Zabbix Agent 6: HA Server Setup
It seems not to be possible to setup Zabbix Agent 6.0 on pfSense 2.6 to talk to a HA Zabbix Server Installation.
Z... Christian Bönning
12:41 PM Bug #13113 (Feedback): BIND widget uses old/bad path to .conf file
PR merged, thanks! Viktor Gurov
12:41 PM Bug #13114 (Feedback): BIND calls rndc in rc_stop when named is not running
PR merged, thanks! Viktor Gurov

05/03/2022

12:54 PM Bug #13114 (Pull Request Review): BIND calls rndc in rc_stop when named is not running
Jim Pingle
12:54 PM Bug #13113 (Pull Request Review): BIND widget uses old/bad path to .conf file
Jim Pingle
07:59 AM Bug #13119 (Not a Bug): Problem with the visibility of the Squid Proxy Server submenu
Uninstall and reinstall the package and the menu entries will be added back again. Most likely the installation wasn'... Jim Pingle

05/02/2022

03:44 PM Bug #13119: Problem with the visibility of the Squid Proxy Server submenu
I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:41 PM Bug #13119 (Not a Bug): Problem with the visibility of the Squid Proxy Server submenu
I have the squid package installed, but Squid Proxy Server does not appear in my Services menu
How can i solve this ... Jorge Fernando Valdes
03:38 PM Bug #13114: BIND calls rndc in rc_stop when named is not running
https://github.com/pfsense/FreeBSD-ports/pull/1163 Stuart Wyatt
03:38 PM Bug #13113: BIND widget uses old/bad path to .conf file
https://github.com/pfsense/FreeBSD-ports/pull/1163
 Stuart Wyatt
09:45 AM Bug #13115 (Resolved): WireGuard panic due to KBI changes in ```udp_tun_func_t()```
Reference: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263297
We will need to cherry pick whatever solution ... Christian McDonald

05/01/2022

09:48 PM Bug #13114 (Resolved): BIND calls rndc in rc_stop when named is not running
rc_stop does not check for named running before calling rndc. rndc will timeout/fail if named is not running. Stuart Wyatt
09:47 PM Bug #13113 (Resolved): BIND widget uses old/bad path to .conf file
The BIND widget uses the old/bad path to the .conf file.
/cf/ should be /var/etc/
 Stuart Wyatt
03:36 PM Bug #11575 (Resolved): OpenVPN clients cannot pass traffic when reconnecting using the same source port
Viktor Gurov
01:19 AM Bug #11575: OpenVPN clients cannot pass traffic when reconnecting using the same source port
Checked on 22.01 release and openvpn-client-export 1.6_4 version. The nobind is presented in exported config by default. aleksei prokofiev

04/28/2022

08:29 AM Bug #13104 (Feedback): BIND: Unable to fetch namd root file
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/3bc9ac8e64ba744212eda05ba190e544ef6d2d40 Viktor Gurov
07:13 AM Bug #13104 (Pull Request Review): BIND: Unable to fetch namd root file
Jim Pingle
07:08 AM Bug #13104: BIND: Unable to fetch namd root file
This corrects it in my test box. named starts at boot without error with that patch applied.
 Steve Wheeler
03:37 AM Bug #13104: BIND: Unable to fetch namd root file
fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/224 Viktor Gurov

04/27/2022

03:57 PM Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid
pfSense 22.05 and pfSense-pkg-squid-0.4.45_8 uses clamav @0.104.2,1@ which is not affected. Marcos M
08:35 AM Bug #13098 (Feedback): HAProxy Virtual IP broken link under Frontend setup
PR has been merged.
Thank You!
https://github.com/pfsense/FreeBSD-ports/pull/1160/commits/d32312de35cecd94a77295... Viktor Gurov
07:33 AM Bug #13098: HAProxy Virtual IP broken link under Frontend setup
Pull Request: https://github.com/pfsense/FreeBSD-ports/pull/1160 Chris Gunther
04:46 AM Feature #12963: Run nmap scans in the background
Tested the package against:... Danilo Zrenjanin
04:07 AM Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions
I tested against the 0.7.1_1 Acme version. It works as expected. I could edit, remove, and copy the account key with ... Danilo Zrenjanin

04/26/2022

06:52 PM Bug #13104 (Resolved): BIND: Unable to fetch namd root file
Throws php error:... Steve Wheeler
08:50 AM Bug #11693 (Feedback): IPv6 static routing fails
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/095720f390905d462ce94dbb59af405da779acb1 Viktor Gurov
07:26 AM Bug #11693 (Pull Request Review): IPv6 static routing fails
Jim Pingle
05:49 AM Bug #11693: IPv6 static routing fails
correct syntax is @ipv6 route fc00:aaaa:bbbb::/64 fe80::290:bff:fe7c:5bb vtnet1@, not @ipv6 route fc00:aaaa:bbbb::/64... Viktor Gurov
 

Also available in: Atom