pfSense » pfSense Packages

06/27/2023

10:22 PM Bug #14514 (Duplicate): SNORT randomly starts blocking the IP address on the interface that it is residing on

Hello fellow pfsense Redmine team members,
I have found an issue where SNORT starts to block out my ip address th... Jonathan Lee

03:01 PM Feature #14512 (New): Basic Auth through GUI

Add the ability through the GUI to provide basic authentication for either frontend or backend pools
You can hack ... Mike Moore

06/26/2023

10:03 PM Bug #14510 (New): match rpki invalid What is actually executed is match rpki valid

when i setup match rpki invalid for deny, then actually executed is match rpki valid for deny.
please your check a... yon Liu

06:50 PM Bug #14509 (Not a Bug): PHP Error in ``vpn_openvpn_export.php``

When clicking 'VPN >> OpenVPN >> Client Export' the following issue occurs (Intel Celeron 1005M):
----------------... Ivo Gurp

12:27 PM Feature #12502 (Resolved): Option to include Syslog-ng Configuration Library (scl)

Jim Pingle

06/25/2023

04:48 AM Todo #12351: Remove non-functional feeds

https://cybercrime-tracker.net/fuckerz.php - 500 server error
https://cybercrime-tracker.net/all.php - 500 server er... Jordan G

04:32 AM Feature #12502: Option to include Syslog-ng Configuration Library (scl)

Looks good in syslog-ng v1.16, radio box is present at bottom of config
!clipboard-202306242332-gmfwm.png!
Jordan G

06/24/2023

06:25 PM Bug #14364: APCUPSD unable to process date string

Kris Phillips wrote in #note-1:
> Tested with an APC UPS on 23.05 with the latest apcupsd package. Unable to reprod... Lloyd Collins

06/23/2023

05:15 PM Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

Thanks for all you do, I appreciate you. Jonathan Lee

03:33 PM Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

PR Merged Jim Pingle

01:55 PM Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks

03:32 PM Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries

PR Merged Jim Pingle

01:55 PM Bug #14469: Snort Advanced config pass-through encodes entries

A fix for this issue has been submitted in Pull Request 1269: https://github.com/pfsense/FreeBSD-ports/pull/1269. Thi... Bill Meeks

03:32 PM Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820

PR Merged Jim Pingle

01:53 PM Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820

A fix for this has been submitted in Pull Request 1271: https://github.com/pfsense/FreeBSD-ports/pull/1271. This issu... Bill Meeks

08:23 AM Bug #14504 (Incomplete): FTP_Client_Proxy package doesn't create firewall rule

I've installed FTP_Client_Proxy 0.3_8 on pfSense plus 23.05. I enabled the FTP client proxy services, but it doesn't ... Stefano Ceccherini

06/22/2023

11:17 PM Bug #14469: Snort Advanced config pass-through encodes entries

I was able to replicate this issue. It is caused by a misplaced early Base64 decode of a config parameter. A fix will... Bill Meeks

10:24 PM Bug #14475: PHP Error: suricata_check_for_rule_updates.php:820

Not sure exactly why the input string is too long in this case, but I did find in the PHP interpreter source code tha... Bill Meeks

12:46 PM Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

The code used to generate the @snort.conf@ file for an interface should validate one of the ARP preprocessor options ... Bill Meeks

06/21/2023

11:56 PM Bug #14498 (New): php errors when looking at snort active rules

Hello Fellow Redmine community members,
I found another php error when I go to look at active rules with Snort fo... Jonathan Lee

09:57 PM Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function

Marcos M

07:53 PM Bug #14495: Snort does not contain DetectorFini() function

I did not know this. Thanks for the reply. I have attached this for future reference should someone search for the sa... Jonathan Lee

07:11 PM Bug #14495: Snort does not contain DetectorFini() function

This is not a bug. This is due to having incorrect user-supplied text rules for the current version of the OpenAppID ... Bill Meeks

04:06 PM Bug #14495 (Not a Bug): Snort does not contain DetectorFini() function

Detector cisco_content_group_dummy_detectors.lua: does not contain DetectorFini() function
I have been getting t... Jonathan Lee

07:35 PM Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

I had to enable unicast Arp checks for the error to stop. After that it never returned. I was under the impression th... Jonathan Lee

07:28 PM Bug #14496: FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

I am unable to replicate this issue. I installed the latest 2.7.0-BETA of CE on a virtual machine, enabled the ARP Sp... Bill Meeks

04:54 PM Bug #14496 (Resolved): FATAL ERROR: /usr/local/etc/snort/snort_11005_mvneta1/snort.conf(405) Please activate arpspoof before trying to use arpspoof_detect_host.

Hello fellow redmine team can you please help I am getting some weird bug errors. I have apr spoof detection enabled ... Jonathan Lee

12:07 PM Regression #14493: FRR,PHP errors when deleting neighbor

Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev

06:47 AM Regression #14493: FRR,PHP errors when deleting neighbor

I can confirm that error
Tested on... aleksei prokofiev

06:11 AM Regression #14493 (Resolved): FRR,PHP errors when deleting neighbor

Steps to reproduce:
Go to Services=>FRR=>BGP=>Neighbors
1)Add new neighbor
2)Set IP\name
3)Set remote AS
4)S... Lev Prokofev

12:07 PM Regression #14494: FRR,PHP errors when deleting AS-path

Additional note.
If you disable the FRR service - you can delete anything without errors. Lev Prokofev

11:59 AM Regression #14494 (Resolved): FRR,PHP errors when deleting AS-path

Steps to reproduce:
1)Create AS-path list
2)Delete As-path list
Looks like related to https://redmine.pfsense.... Lev Prokofev

11:39 AM Bug #13873: PHP Errors on FRR Global Settings

I get this error on 23.05, without any config except enabling the service and setting the password. PHP error log att... Lev Prokofev

12:33 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

side note: I think found out why my codespaces environment won't run, I have the free account. It is similar to https... Jonathan Lee

06/20/2023

06:43 PM Bug #14491 (Confirmed): FRR not starting with AgentX enabled

After upgrading to pfSense 2.7.0 Beta, FRR wont't start with AgentX enabled in the configuration.
Syslog... beermount beermount

06/19/2023

09:06 AM Bug #14489 (New): FRR needs delayed startup

Hi,
FRR is currently started before completing Wireguard tunnels initialization:
[FRR startup]
*2023-06-17 18... Spike R.D.

05:24 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

I have attached a very simple example of a Java version of try catch. I am positive you know try catch very well. My ... Jonathan Lee

04:35 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

https://github.com/pfsense/FreeBSD-ports/tree/devel/security/snort
Thanks for the reply again,
I wanted to as... Jonathan Lee

06/18/2023

09:43 PM Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers

Marcos M

09:13 PM Bug #14486 (Duplicate): FRR - Changes to VTI tunnels bounce all eBGP peers

Please reference Bug #14483
I have the option "Ignore IPsec Restart" enabled under Global Settings in FRR.
Any... Mike Moore

06:29 PM Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting

Marcos M

05:32 PM Bug #14480: Faulty IDS rules can prevent Snort from starting

The Snort package on pfSense is an open source volunteer maintained contribution. The source code for both the GUI an... Bill Meeks

02:35 AM Bug #14484 (Resolved): lldpd php error on saving with no interface selected

use ctrl + click and deselect any interface (previously) highlighted and attempt to save lldpd settings... Jordan G

06/17/2023

11:59 PM Bug #14284 (Incomplete): Wen changing frontend type, there will be invissible leftovers, disturbing defining the new type

Hello,
What "leftovers" are you referring to? Please provide reproduction step-by-step with what you expect and w... Kris Phillips

03:25 PM Bug #14480: Faulty IDS rules can prevent Snort from starting

I'll chime in with another view point that I find disturbing. Not classifying this as a bug, or at the least a securi... the root

05:14 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

Thanks for the reply Bill Meeks,
Please let me attempt to pitch this one more time as a bug and not a feature to y... Jonathan Lee

02:53 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

This is not a bug. The problem described here was caused by a faulty rules update file produced and distributed by a ... Bill Meeks

12:58 AM Bug #14480: Faulty IDS rules can prevent Snort from starting

Main issue: Snort fails completely open within this situation. Snort does not function at all during this. Jonathan Lee

05:16 AM Feature #14481: Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering"

Note: some of the regex expressions were mixed up when posting this please ref the screen shots. Jonathan Lee

01:43 AM Feature #14481 (New): Add Smartphone Base Splice Support Groups Radio Button in "SSL Man In the Middle Filtering"

https://support.google.com/work/android/answer/10513641?hl=en
https://support.apple.com/en-gb/HT210060
Each of ... Jonathan Lee

06/16/2023

09:26 PM Bug #14480: Faulty IDS rules can prevent Snort from starting

To quote bemeeks,
" _This will have to be fixed by the Emerging Threats rule writers. They will release an updated... Jonathan Lee

09:17 PM Bug #14480: Faulty IDS rules can prevent Snort from starting

To quote valete3. . .
_"Emerging threats released out of band rules update to resolve.
https://community.emergi... Jonathan Lee

09:13 PM Bug #14480 (Not a Bug): Faulty IDS rules can prevent Snort from starting

FATAL ERROR: /usr/local/etc/snort/snort_4851_ix0/rules/snort.rules:19567: Can't use flow: stateless option with other... Jonathan Lee

06:20 PM Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)

fyi.. after upgrading to pfsense 23.05 & softflowd 1.2.6_1, stability has returned.. two weeks of uptime so far. Mark Hassman

09:11 AM Regression #14441: Zabbix Proxy package version 6.0.15 doesn't work in 23.05

Can confirm, the service is running but there is no traffic sent to the Zabbix server. Works fine on 23.01
Tested ... Lev Prokofev

06/14/2023

10:08 PM Bug #14475 (Resolved): PHP Error: suricata_check_for_rule_updates.php:820

PHP Error from Suricata when updating:... Steve Wheeler

06/13/2023

07:16 AM Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158

Thanks for creating this issue.
Could it be that the lua-script used in the HAproxy-config triggers these errors?
... Stefan Weichinger

06/12/2023

09:18 PM Bug #14469 (Resolved): Snort Advanced config pass-through encodes entries

When attempting to add a custom snort.conf config line using the Snort Advanced Configuration Pass-Through feature, t... Alex Tatistcheff

11:59 AM Todo #9200 (Resolved): Add DNS support for Google domain to Acme manager

Jim Pingle

06/11/2023

10:50 PM Feature #14468 (Rejected): pass along ntopng professional license key

Provide a way through the ntop settings GUI to pass along the ability to upgrade to the Pro version. Perhaps have an ... Mike Moore

04:24 PM Feature #13863: squidguard auto update blacklist

Hello,
will the function be built in?
The function is already available in other Firewalls.
It would be really ... Thomas Schäfer

04:23 PM Regression #13984: PHP errors with squid

+https://redmine.pfsense.org/issues/14426+
Hello Marcos I found you some more PHP issues with this under Squid rep... Jonathan Lee

01:14 AM Todo #9200: Add DNS support for Google domain to Acme manager

I just created a cert using this earlier today, works like a charm! Thank you! Matt D

06/10/2023

08:48 PM Todo #9200: Add DNS support for Google domain to Acme manager

the drop down and token field for Google Domains (DNS API) is present in ACME 0.7.4 - don't have valid credentials I ... Jordan G

05:56 PM Bug #14364 (Incomplete): APCUPSD unable to process date string

Tested with an APC UPS on 23.05 with the latest apcupsd package. Unable to reproduce this error. Can you please pro... Kris Phillips

06/09/2023

05:27 PM Bug #14199 (Feedback): ACME - Issue with corrupted cert

Fixed in ACME pkg v0.7.4 Jim Pingle

05:10 PM Bug #14199 (In Progress): ACME - Issue with corrupted cert

Jim Pingle

05:27 PM Todo #9200 (Feedback): Add DNS support for Google domain to Acme manager

Added in ACME pkg v0.7.4 Jim Pingle

05:10 PM Todo #9200 (In Progress): Add DNS support for Google domain to Acme manager

Jim Pingle

05:08 PM Feature #13608 (Not a Bug): ACME Not Recognizing new .au domain on wildcard

There is *no special handling* of anything under "*.au" in this package or in @acme.sh@. Looking at the error in the ... Jim Pingle

01:16 PM Feature #14464 (Duplicate): BGP ECMP

Duplicate of #9545
Jim Pingle

03:43 AM Feature #14464 (Duplicate): BGP ECMP

Enable the ability to have bgp perform ECMP (multipath).
I see it as possible in the frr documentation. Would be gre... Mike Moore

06/08/2023

08:44 PM Bug #14426: PHP errors in Lightsquid

2100-MAX
Crash report begins. Anonymous machine information:
arm64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus... Jonathan Lee

12:29 PM Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158

Here is the configuration that triggers PHP errors.... Danilo Zrenjanin

12:18 PM Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158

Here is the forum thread https://forum.netgate.com/post/1109155 Danilo Zrenjanin

11:31 AM Bug #14460 (Resolved): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158

... Danilo Zrenjanin

06/07/2023

04:54 AM Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.

Jonathan Lee wrote in #note-5:
> Hi Marcos, I wanted to confirm that this issue was not present until inplace upgrad... Pete Wright

06/06/2023

06:09 PM Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.

Hi Marcos, I wanted to confirm that this issue was not present until inplace upgrade to 23.05 Jonathan Lee

06/05/2023

03:13 PM Feature #14453 (New): Expand prefix list entry window

Within FRR configuration, to add a prefix list entries, the windows are too small to see if you are typing in the cor... Mike Moore

01:59 PM Regression #14452: Prometheus node_exporter generates errors with the default config

Full metrics output attached.
Note that both 'uname' and 'os' report failure:... Steve Wheeler

01:58 PM Regression #14452 (Resolved): Prometheus node_exporter generates errors with the default config

Installing and enabling the node exporter generates errors whenever it is queried. ... Steve Wheeler

06/04/2023

04:20 PM Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.

The issue is likely caused by https://redmine.pfsense.org/issues/13776 Marcos M

05:38 AM Bug #14406: Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.

Thank you for taking the time to look into this Jonathan Lee

03:39 PM Feature #10818 (Resolved): UDP Broadcast Relay

Marcos M

06/03/2023

10:25 PM Bug #14406 (Confirmed): Squid Proxy version 0.4.46 Missing Error subfolder and files for "en" or "en-usa" and all other languages.

Can confirm on both a fresh installation of 23.05 with Squid 0.4.46, and one which was upgraded from 23.01 with Squid... Chris W

10:09 PM Bug #14287: pfBlockerNG does not uninstall cleanly when using RAM disks

Loh Phat wrote in #note-10:
> No joy with the new 2.2.2 system patches:
>
> [...]
Please retest this on 23.05 ... Kris Phillips

09:59 PM Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021

Tested on 23.05-RELEASE and this issue is still present. Kris Phillips

09:56 PM Bug #14021 (Not a Bug): Squid ClamAV showing bytecode errors for version 334

Closing as Not a Bug Kris Phillips

08:55 PM Feature #14447 (Resolved): Update haproxy from 2.6 to 2.8 lts

A few days ago, haproxy 2.8 was released. It is an LTS release with support until Q2 2028.
Its a pretty useful rel... Jens Frankfurter

08:03 PM Feature #10818: UDP Broadcast Relay

installed the package on 2.7 and the service is working
2.7.0-DEVELOPMENT (amd64)
built on Fri May 26 06:04:59... Alhusein Zawi

11:07 AM Regression #14445 (Resolved): HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138

On upgrade from 23.01 to 23.05... Lev Prokofev

02:45 AM Todo #9200: Add DNS support for Google domain to Acme manager

Upstream support has been merged and released: https://github.com/acmesh-official/acme.sh/pull/4542
There is a PR at... Jonathan Moscardini

06/02/2023

02:29 PM Bug #14405: PHP Crash report

It returned. Let me know what you need. Jens Kristensen

01:41 PM Feature #9833: ACME: add ability to use custom ACME server

+1 here as well. I also have set up Step CA as an internal CA with ACME. I want to be able to set up a custom ACME se... Jeremy Reichman

06/01/2023

12:00 PM Regression #14441 (New): Zabbix Proxy package version 6.0.15 doesn't work in 23.05

All the items in the package are impacted.
It seems to be a regression. It worked fine in the 23.01 Danilo Zrenjanin

05/31/2023

12:27 PM Bug #14438 (Not a Bug): The db5 port currently does not have a maintainer

That is a message from the FreeBSD ports system about the state of that dependency port in the FreeBSD ports system. ... Jim Pingle

01:22 AM Bug #14438 (Not a Bug): The db5 port currently does not have a maintainer

When reinstalling or installing Squidguard URL blocker I just started to see this today. Is this of concern for using... Jonathan Lee

01:53 AM Regression #13984: PHP errors with squid

If this is fixed can this be closed?
Jonathan Lee

05/30/2023

12:50 PM Todo #9200: Add DNS support for Google domain to Acme manager

Nathan Stansell wrote in #note-11:
> Can this be reopened as google now has api access?
> https://domains.google/le... Jim Pingle

12:49 PM Bug #14369 (Closed): DNSBL Parsing error when DNSBL Mode "Unbound python mode".

Jim Pingle

12:18 PM Feature #14101: Add Zabbix 6.4 packages

Zabbix 6.2 is not supported anymore... So can you add FreshPort 6.4 packages ? Stephane HOFMAN

05/29/2023

11:07 AM Bug #14369: DNSBL Parsing error when DNSBL Mode "Unbound python mode".

It seems to be fixed in 23.05. Please close or delete it. Thank you. Jens Kristensen