pfSense » pfSense Packages

06/11/2022

02:17 PM Regression #13156: pfBlockerNG IP block stats do not work

BBcan177 . wrote in #note-3:
> There seems to have been a change in the pfctl -vvsr output.
>
> The patch below seem... B. B.

09:11 AM Regression #13156: pfBlockerNG IP block stats do not work

Is there a particular reason for that? I'm using a custom alias to keep rule management easier, and to avoid filter l... Marcos M

09:02 AM Regression #13156: pfBlockerNG IP block stats do not work

Marcos Mendoza wrote in #note-7:
> > @256 block drop in log quick on ixv5 inet from any to <h_blocklist:19320> label... BBcan177 .

06/10/2022

10:47 PM Regression #13156: pfBlockerNG IP block stats do not work

> @256 block drop in log quick on ixv5 inet from any to <h_blocklist:19320> label "USER_RULE: pfb_blocklist" label "i... Marcos M

07:49 PM Regression #13156: pfBlockerNG IP block stats do not work

Marcos Mendoza wrote in #note-4:
> Tested change on @22.05@ RC with pfBlockerNG-devel @3.1.0_4@; floating block rule... BBcan177 .

03:39 AM Bug #13261 (Resolved): Input validation rejects empty ``sudo`` command list, but GUI text says it can be empty

The help text says, " By default the command is "ALL" meaning the user can run any commands. Leaving the commands fi... Danilo Zrenjanin

06/09/2022

11:20 PM Regression #13156: pfBlockerNG IP block stats do not work

The patch works for me on LAN and WAN rules on 22.05 RC using pfBlockerNG-devel 3.1.0_4. I don't have floating rules ... Glenn Hall

11:08 PM Regression #13156: pfBlockerNG IP block stats do not work

Tested change on @22.05@ RC with pfBlockerNG-devel @3.1.0_4@; floating block rule on tagged traffic with description ... Marcos M

09:58 PM Regression #13156: pfBlockerNG IP block stats do not work

There seems to have been a change in the pfctl -vvsr output.
The patch below seems to fix the issue, but would be ... BBcan177 .

01:42 AM Bug #12765 (Resolved): AutoConfigBackup should ignore Lightsquid/lightparser cron changes

I tested with Lightsquid version 3.0.6_9.
It works fine.
I am marking this ticket resolved. Danilo Zrenjanin

06/08/2022

05:02 PM Bug #13259 (Not a Bug): Reply-to rules are not created with wireguard 0.1.6_1

Jim Pingle

04:57 PM Bug #13259: Reply-to rules are not created with wireguard 0.1.6_1

Sorry, stupid mistake on my side, it is required to set an upstream gateway on the interface config in order for the ... JB Fuzier

04:53 PM Bug #13259 (Not a Bug): Reply-to rules are not created with wireguard 0.1.6_1

Hello,
I have noticed that reply-to rules are not created for rules in a wireguard interface even if it is assigne... JB Fuzier

01:35 PM Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted

Christian McDonald

10:02 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

Cherry picked this commit to RELENG_2_6_0 ports tree. Look for a package update.
Edit: v0.1.6_2 is available in CE 2... Christian McDonald

09:31 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

→ luckman212 wrote in #note-13:
> @Valmor if you add the System Patches package and then add a patch using this url:... Val Mor

07:54 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

@Valmor if you add the System Patches package and then add a patch using this url:
https://github.com/theonemcdona... → luckman212

07:46 AM Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted

I have similar issue on pfSense 2.6.0-RELEASE.
Configured WireGuard tunnel and set a static route.
After reboot of ... Val Mor

12:40 PM Bug #13050 (Resolved): ACME update EasyDNS inline api sign-up link

It looks fine on Acme package version 0.7.1_1.
I am marking this ticket resolved. Danilo Zrenjanin

08:36 AM Todo #13255 (Resolved): Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles

Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a specific encryption algori... Jim Pingle

06/07/2022

12:25 AM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)

I'm starting down a path that involves softflowd. Does anyone know if this issue persists with the latest snaps? → luckman212

06/06/2022

06:55 PM Feature #12963: Run nmap scans in the background

I can't think of a privacy issue for either - both locations are readable by everyone. The Packet Capture page is in ... Marcos M

02:55 PM Feature #12963: Run nmap scans in the background

Marcos Mendoza wrote in #note-24:
> Looks good from the testing I've done. Only suggestion I have is that the result... Phil Wardt

06/05/2022

07:09 PM Bug #13247 (Confirmed): Open-VM-Tools service actions do not work

Installing the package @Open-VM-Tools@ creates two entries under @Status / Services@: @vmware-guestid@ and @vmware-km... Marcos M

06:51 PM Feature #13246 (New): iperf3 service controls do not work

After installing the @iperf3@ package, an entry is created under @Status / Services@ which includes @Start@, @Stop@, ... Marcos M

06:17 PM Feature #12963: Run nmap scans in the background

Looks good from the testing I've done. Only suggestion I have is that the results file may be best placed in @/tmp@. Marcos M

06/02/2022

09:10 PM Regression #13156: pfBlockerNG IP block stats do not work

I saw this bug on 22.05-Devel and now on 22.05-Beta. The rules are working, but are not logged. Glenn Hall

05/31/2022

02:13 AM Feature #10818: UDP Broadcast Relay

Hey guys thanks for the shout out, but I have NO clue how to make this a package.
All I was able to do was build a... Garth Kirkwood

02:02 AM Feature #10818: UDP Broadcast Relay

Thank you for the information.
Let's hope @Garth Kirkwood sees this then Øystein Gåsdal

05/30/2022

10:56 AM Regression #12140 (Closed): DNSBL https webserver not working

Could not reproduce on 22.05 with pfBlockerNG-devel 3.1.0_4. The no logging of IP addresses has already been resolved... Marcos M

10:40 AM Feature #10242 (New): E2guardian Web filtering package

Viktor Gurov

10:29 AM Regression #12476 (Resolved): Suricata 6.0.3_3 Pass List ignores all single IPs

Marcos M

03:30 AM Feature #11385 (Resolved): Add WireGuard tunneled networks to vpnaddresses list

Tested on 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
When I created Pass List with 'VPN Addre... Azamat Khakimyanov

02:00 AM Bug #11892 (Resolved): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot

Tested on 21.05_2, 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
I saw no issue with dpinger and... Azamat Khakimyanov

05/29/2022

12:09 PM Feature #10818: UDP Broadcast Relay

There's no GUI for it, but it can be installed on 22.05/2.7:... Marcos M

11:21 AM Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events

Tested on 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
I wasn't able to reproduce this issue. A... Azamat Khakimyanov

06:38 AM Bug #12251 (Resolved): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling)

Tested on 22.01
When I used empty 'Keep Alive' field, I got in config: _*PersistentKeepalive = 0*_
When I tried... Azamat Khakimyanov

03:49 AM Feature #12719 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards

Tested on 22.01
Interface *igc* was added into 'Supported drivers' list: _Supported drivers: bnxt, cc, cxgbe, cxl, e... Azamat Khakimyanov

03:48 AM Feature #11560 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards

Tested on 22.01
Interface *ena* was added into 'Supported drivers' list: _Supported drivers: bnxt, cc, cxgbe, cxl, e... Azamat Khakimyanov

05/28/2022

06:03 AM Feature #10818: UDP Broadcast Relay

Hi.
Any news on this?
Eagerly awaiting this one Øystein Gåsdal

05/27/2022

09:44 PM Feature #12658: Adding prometheus metrics to darkstat

I think the package is in the FreeBSD ports:... Karim Elatov

05/26/2022

08:19 AM Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05

Jim Pingle

05/25/2022

04:03 PM Todo #13190: Update System_Patches package for pfSense+ 22.05

Tested on... Christopher Cope

08:20 AM Bug #13214 (Pull Request Review): AttributeError: 'NoneType' object has no attribute 'text'

Jim Pingle

02:57 AM Bug #13214: AttributeError: 'NoneType' object has no attribute 'text'

Updated pull request [[https://github.com/pfsense/FreeBSD-ports/pull/1168]] Ian Grindley

02:51 AM Bug #13214 (Resolved): AttributeError: 'NoneType' object has no attribute 'text'

After installing Prometheus node_exporter error messages appeared containing the following:
Arpwatch Notification ... Ian Grindley

03:50 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

Azamat Khakimyanov wrote:
> I think parsing function pfb_daemon_filterlog from https://gist.githubusercontent.com/BB... Djerk Geurts

05/24/2022

12:44 PM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

Happy to provide more detail if needed.
Regarding the interfaces, we actually have 4 wan interfaces and all internal... Djerk Geurts

07:50 AM Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

Customer created this topic on forum: https://forum.netgate.com/topic/172322/ip_block-log-entry-query-direction Azamat Khakimyanov

07:38 AM Bug #13209 (New): Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion

According to our customer he got weird pfBlockeNG log in 'ip_block.log' file.
For example
_May 20 16:23:12,16530438... Azamat Khakimyanov

04:56 AM Feature #13207 (New): The feed column on the Alerts page is confusing

When you look at your alerts in the feed column, and per row, there are 2 records present, the current detection and ... Jon Brown

05/23/2022

08:58 AM Bug #13202 (New): Missing Protocols on IP Feed Groups Advanced Inbound/Outbound Firewall Rule settings

While messing around with IP Block list feeds, I found a feed that was very restrictive but it only seemed to block u... Jon Brown

08:04 AM Todo #13190 (Feedback): Update System_Patches package for pfSense+ 22.05

Merged. Jim Pingle

12:35 AM Todo #13190 (Pull Request Review): Update System_Patches package for pfSense+ 22.05

https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/240 Marcos M

06:34 AM Feature #13201 (New): Add FireHol Security IP Feeds

I have found an excellent repository of automatically created IP security feeds that should be added to pfBlockerNG f... Jon Brown

06:16 AM Feature #13200 (New): Custom DNS Servers for Alert settings

I am running DNS Hijacking so all DNS/DoT/DoH is run through pfSense and then forwarded securley to Quad9 using DoT.
... Jon Brown

06:05 AM Feature #13196: remove NoVirusThanks feed

Cannot edit issue, this should be a BUG Jon Brown

05:28 AM Feature #13196 (New): remove NoVirusThanks feed

NoVirusThanks / NVT_BL / http://www.ipspamlist.com/public_feeds.csv
This is a dead feed, although it is a valid li... Jon Brown

06:05 AM Feature #13198: Dark Theme Styling issues - Alerts White bar

Cannot edit issue, this should be a BUG Jon Brown

05:56 AM Feature #13198 (New): Dark Theme Styling issues - Alerts White bar

When running the Dark Theme there are information bars that are white (not styled properly) that are hard to read unl... Jon Brown

06:03 AM Feature #13199 (New): Feed groups should not have the first listing in the group bar

Currently when a new group is created with a single or multiple feeds in it, the first row is always grey with the fi... Jon Brown

05:35 AM Feature #13197 (New): Put a Single donation link and a proper patreon lin in the pfBlocker Support Banner / Widget

On the pfBlockerNG support banner I would like the ability to make a single donation, PayPal maybe.
I think that i... Jon Brown

05:22 AM Feature #13195 (New): Dedicated website for Feed mangement - Community Driven

What would be useful is a website where end users could submit new feeds, flag dead ones, and rate current feeds.
... Jon Brown

05:16 AM Bug #13194 (New): Remove dead Malc0de feed

the following feeds need removing because they are dead:
* PRI4 / Malc0de / https://malc0de.com/bl/BOOT
the websi... Jon Brown

05/21/2022

05:57 PM Todo #13190: Update System_Patches package for pfSense+ 22.05

That's expected with those patches in 22.05. The system patches package should be updated for 22.05. Steve Wheeler

04:40 PM Todo #13190: Update System_Patches package for pfSense+ 22.05

Fixed subject spelling error. Kris Phillips

04:38 PM Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05

The System_Patches package shows patches "pre-applied" that are fixes from 22.01 going into 22.05. It also recommend... Kris Phillips

05:24 PM Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration

Now works correctly. Marcos M

05/18/2022

12:51 AM Bug #13180: High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4

not sure why there is strike-through and cannot edit original but this is line of significance in OP:
root 12912 2... RED SKULL

12:48 AM Bug #13180 (Duplicate): High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4

SPECS:
-----
4 core Broadwell Xeon with SMT disabled in BIOS (0 logical cores)
32 GB DDR4 RAM
Powerd set to Maxi... RED SKULL

05/17/2022

09:45 AM Feature #13179 (New): Search based on CIDR

Search in Alerts for IPs that fall within a range instead of searching for a /32 source address
For example, if I se... Mike Moore

05/16/2022

08:00 AM Bug #13166 (Pull Request Review): IPsec Export: Apple Profile generates invalid configuration

Jim Pingle

02:53 AM Bug #13166: IPsec Export: Apple Profile generates invalid configuration

fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/56 Viktor Gurov

05/15/2022

02:43 PM Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration

Using 3DES for IPsec P1 and P2, the exported apple profile shows @DES3@ instead of @3DES@. This prevented a MacOS lap... Marcos M

02:33 PM Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration

Now works. Marcos M

10:47 AM Bug #13115: WireGuard panic due to KBI changes in ```udp_tun_func_t()```

@cmcdonald looks like John/Trond worked up a patch and it's been committed, see https://cgit.freebsd.org/ports/commit... → luckman212

05/13/2022

12:06 PM Feature #13160 (Pull Request Review): Option to sort monitoring graph views

Jim Pingle

10:24 AM Feature #13160: Option to sort monitoring graph views

updated PR: https://github.com/pfsense/FreeBSD-ports/pull/1167
I reworked this so everything is self-contained in ... → luckman212

12:06 AM Feature #13160 (Pull Request Review): Option to sort monitoring graph views

By default, RRD (Status -> Monitoring) tabs are just displayed in order of creation. This can get a bit messy. This s... → luckman212

09:01 AM Bug #13153 (Feedback): Static routes bound to WireGuard interfaces are not restored after down / up events

Merged https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/152 and synced upstream. Look for v0.1.6_2 of the... Christian McDonald