Activity
From 08/01/2023 to 08/30/2023
08/30/2023
-
09:01 PM Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
- Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the... -
02:12 PM Feature #8547: fwknop Port Knocking Package
- I'm willing to chip in, help code this myself or hire someone to develop this. Either way I'd like to see this packa...
-
- I really want to see this as well. I'll explain why people want fwknop or at the minimum knockd support...
Fwknop... -
12:49 PM Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
-
- PR merged, thanks!
-
- PR merged, thanks!
-
11:14 AM Bug #14730 (New): FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
- When backing up with package info included:...
08/29/2023
-
- 2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... -
06:40 PM Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
- From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... -
- https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... -
01:54 PM Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows
- OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i...
-
- https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility -
- https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility.
08/28/2023
-
05:15 PM Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times
- This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss...
-
04:37 PM Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
- What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create...
-
- Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This...
-
- The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user...
-
- Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... -
- The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au...
-
04:01 PM Bug #13432: ups driver will not start
- I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... -
- The PR was merged.
08/27/2023
-
08:05 AM Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
- Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... -
Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t...
08/26/2023
-
11:57 PM Regression #13817: pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
- on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p...
-
- Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... -
- This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t...
-
07:08 AM Bug #14711 (Confirmed): pfBlocker ASN to IP Address option doesn't work
- Tested on pfBlocker 3.2.0_6
It failed to load list.... -
07:06 AM Bug #14718 (New): pfBlocker DNSBL IPs list action is wrongly named
- !clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... -
- Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
...
08/25/2023
-
08:56 PM Bug #14426 (Pull Request Review): PHP errors in Lightsquid
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353
-
-
04:13 PM Bug #14714: HAProxy Agent Check
- Bug No 2 is now described in Bug #14715
-
- Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... -
- Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... -
- Please create a separate issue entry for each problem, even if they appear to be related.
-
- For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... -
- Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro...
-
- If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day -
- Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... -
- I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i...
-
- I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... -
- Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu...
-
- pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... -
- The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us...
-
- Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... -
01:17 PM Feature #14712: CrowdSec package
- e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... -
12:32 PM Feature #14712 (New): CrowdSec package
- I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or...
-
- pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th...
-
- I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does...
08/24/2023
-
02:29 PM Feature #14706 (New): Add Cloudflare tunnel pkg
- Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p...
08/23/2023
-
- Duplicate of #14654
It's already fixed in the most recent version of the package. -
05:10 PM Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
- Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD...
08/22/2023
-
- It's already fixed in dev snaps, it'll come back naturally with the next release.
08/21/2023
-
- Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th...
-
- That action is just echoing back the input to the user but as it passes through a query string and so on, the content...
08/19/2023
-
05:47 PM Bug #14683: PHP error on ``status_frr.php`` from using too much memory
- Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense...
-
-
- /usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... -
- In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%...
-
- sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google...
08/18/2023
-
- I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some...
-
- if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ...
-
- Hello fellow pfSense Redmine team,
I seem to have found an issue with sgerror.php allowing a user to adapt the ph... -
- I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... -
05:02 AM Bug #14694 (Not a Bug): HAProcy
- After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat...
08/17/2023
-
08:10 AM Bug #14683: PHP error on ``status_frr.php`` from using too much memory
and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ...-
- i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch...
08/16/2023
-
- There are already warnings in place in various locations about this.
For example: https://www.netgate.com/supporte...
08/15/2023
-
09:30 PM Feature #14689 (Rejected): Warn users about the risks of using snort in a netgate pfsense device
- Hello
I installed pfsense in a computer, running snort, protecting my network, it was awesome.... I decided to purch...
08/14/2023
-
- Probably too much data for that page to deal with (e.g. route table is gigantic).
It already tries to limit how th...
08/13/2023
-
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 plus-RELENG_23_05_1-n256108-459fc493a87: Wed Jun 28 04:26:04 UTC 202...
08/12/2023
-
- That is expected as the system upgrades the packages. Since it is working correctly after the upgrade, I'm marking th...
-
- e 1/1 wrote in #note-2:
> Kris Phillips wrote in #note-1:
> > Do any issues occur with the package post-upgrade or ...
08/11/2023
-
07:44 PM Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
- Kris Phillips wrote in #note-1:
> Do any issues occur with the package post-upgrade or is just the upgrade PHP errors... -
- I pushed this change on Wednesday:
https://github.com/pfsense/FreeBSD-ports/commit/f61ca6b81bab553e94046b1e6c5811a... -
03:52 PM Feature #14423: haproxy 2.7 QUIC support (+ maybe LUA 5.4?)
- Pawel Piaskowy wrote:
> Hello,
>
> I appreciate all pfSense+ updates and efforts Team is doing (I am relatively new ... -
-
- Another pass at resolving this long standing, but random, issue is in the code of Pull Request 1284 (https://github.c...
-
-
- This issue is resolved by Pull Request 1285 https://github.com/pfsense/FreeBSD-ports/pull/1285 merged on August 10, 2...
08/10/2023
-
06:08 PM Bug #14676 (Confirmed): Listening Port option in the Tailscale configurator is not respected
-
05:37 PM Bug #14676: Listening Port option in the Tailscale configurator is not respected
- David G wrote in #note-7:
> Christian McDonald wrote in #note-5:
> > I bet something else is already listening on 1... -
- Christian McDonald wrote in #note-5:
> I bet something else is already listening on 11111, forcing tailscaled to cho... -
-
- I bet something else is already listening on 11111, forcing tailscaled to choose another port to bind.
-
- David G wrote in #note-3:
> Christian McDonald wrote in #note-2:
> > I'm not able to replicate this report myself.
... -
- Christian McDonald wrote in #note-2:
> I'm not able to replicate this report myself.
Here are some screenshots of... -
- I'm not able to replicate this report myself.
-
10:32 AM Bug #14676: Listening Port option in the Tailscale configurator is not respected
- Tested on 2.7.0 and 23.05.1 , Tailscale 0.1.4
Can not reproduce, if I change listen port it always changed appropria... -
- The tailscaled process starts and listens on a random port, instead of the one specified. This causes things like dir...
-
-
02:08 PM Bug #14674: Error after upgrade to HAProxy 0.62_1
- It works for me too, thank you so much
-
02:00 PM Bug #14674: Error after upgrade to HAProxy 0.62_1
- It seems to be working properly now with the new build no errors. Thanks
-
- I updated the non-devel version of the package with the code from -devel. The underlying versions of haproxy updated ...
-
-
- I had the same issue, Im using the Dev PKG but the Dev PKG has a lot of issue about SSL, in the past they fixed the s...
-
- I had the same issue. Luckily the develop version was working. I didn't make a new boot environment to restore from.
... -
02:37 AM Bug #14674: Error after upgrade to HAProxy 0.62_1
- Can confirm. Manually editing the file doesn't work.
-
12:48 AM Bug #14674 (Resolved): Error after upgrade to HAProxy 0.62_1
- Looks like nbproc is no long supported in the config file and needs to be removed in order to start the service.
E... -
- Duplicate of #14674 (it has the full non-cropped error message)
-
01:40 AM Regression #14675 (Duplicate): HA Proxy can’t commit changes
- There seems to an issue with commiting any changes in HA Proxy after a recent (today) package update.
There are foru...
08/09/2023
-
- I don't believe it has anything to do with the configuration, but some sort of timing issue on when the package is st...
-
04:03 PM Bug #14671 (New): LCDproc package does not automatically restart after upgrade
- When upgrading LCDproc, the lcdproc daemon does not automatically restart.
One must re-save the LCDproc service se... -
- I've noticed that as well sometimes but haven't yet been able to track it down. That would belong in its own separate...
-
@jimp
23.05.1 I think there might a lingering bug with the package installer for LCDProc
After updating, LCDProc...-
- Elvis Impersonator wrote in #note-3:
> @jimp will it take a few days before the updated package is released?
It ... -
- PR merged
-
- PR: https://github.com/pfsense/FreeBSD-ports/pull/1283
-
- PR merged -- also the same edit was made to the -devel package.
08/08/2023
-
- @jimp will it take a few days before the updated package is released?
-
08:41 PM Bug #14670 (Resolved): net-snmp does not ignore /var/unbound/dev
- Net-snmp has ignoreDisk directives for devfs mount points /dev and /var/dhcpd/dev, but is missing an ignoreDIsk direc...
-
- The block list [if done by IP] offers the option to create an ALIAS which is more flexible then sink holing. I would ...
-
- Ive ran into a similar issue as well. The routes will appear in FRR but you check the pfsense route table the routes ...
-
04:22 PM Bug #14668 (New): FRR BGP route is not making into kernel route table after WireGuard's peer change is applied
- I was able to reproduce this behavior in clear PfSense 2.7 setup with frr 1.3_1 and WireGuard 0.2.0_2, not sure which...
-
- Allow the option to set logroate option (daily,weekly,monthly)
Im using pfBlocker stats to fill in a report and beca...
08/07/2023
-
- Hard to say if this is a bug per se but its a reproducible problem.
1. create a LAGG with assigned VLANs and those... -
-
- Jim Pingle wrote in #note-4:
> Corrected packages are building now.
Updated, configured and checked on 2.7 - work... -
- It doesn't appear that I introduced an error in the behavior of the function that gathers BFD peers but I did spot an...
-
- I probably made an error when updating all the FRR code for the new config access functions. I'll look into it today.
-
- PR merged
-
- This error has returned for some reason
08/06/2023
-
09:14 AM Feature #14652: FRR OSPF6 not working over wireguard
- Correct, I am relying on neighbor discovery. But even if I wanted to define a static neighbor, there would not be any...
-
03:02 AM Regression #14445: HAProxy PHP error /usr/local/www/haproxy/haproxy_global.php:138
- Please see this pull request: https://github.com/pfsense/FreeBSD-ports/pull/1282
08/05/2023
-
11:13 PM Bug #14654: Can't select BFD Peer for BGP Neighbor in GUI, Route Maps are shown instead
confirmed.
BFD option(in BGP Neighbors) does not list BFD peers , it shows Route Map lists.
tested on 2.7 and...-
- FRR package version is 1.3, if that does matter.
It was working in FRR 1.1.1_7 (which is still installed in my 2.6 i... -
- To reproduce:
1. Install FRR
2. Create Route Map
3. Try to select a BFD Peer for BGP Neighbor
!bfd.png!
The se... -
- This has proven to be a very hard bug to find and fix. The problem is random. I have thus far been unable to reproduc...
-
10:45 PM Bug #14644: Zeek PHP error after upgrade to CE 2.7.0
- Do any issues occur with the package post-upgrade or is just the upgrade PHP errors the only issue?
-
- Hello,
Are you relying on neighbor discovery or do you have neighbors manually programmed in across the link? Typ... -
- Also see https://redmine.pfsense.org/issues/12760
-
- FRR OSPF6 is unable to form neighborship without adding link-local alias to wireguard interface.
Unless i perform:... -
- Update LCDPROC NTP Screen
* Add time zone
* Improved selection between GPS and PPS
* Add stability parameter for P... -
- Update to LCDPROC NTP Screen
* Add time zone
* Add local PPS stability pps
https://github.com/pfsense/FreeBSD-po... -
- I'm seeing this on 23.05.1 pfBlockerNG 3.2.0_5 across multiple devices. Perhaps you need an existing pfBlockerNG sect...
-
- No PHP errors on 23.05.1 when deleting 3.2.0_5 package with unchecked "keep config"...
-
09:41 AM Regression #14189: pfBlocker-NG: HA-Sync is not working
- the typo fix patch from the forum thread does fix the Sync functional for pfBlockerNG
tested on
Version 23.05.1-RE...
08/04/2023
-
- [04-Aug-2023 09:30:42 US/Pacific] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering d...
-
- @Christopher Cope
I have tested your patch attached here. Strip level 2
set to 512mb
Hover I am still getting... -
- Amazing, thanks for sharing I appreciate you.
-
- This appears to be functioning OK for the most part but it isn't building with the SNMP option enabled yet. There is ...
-
03:16 PM Bug #12899: Suricata doesn't honor Pass List
- I've also experienced this for quite awhile. I created an alias for a vendor and added all IP addresses and ranges kn...
-
06:23 AM Feature #14032: Neighbor Discovery Proxy (NDproxy)
- NDProxy is the only way we have been able to get IPv6 working for our company network, and that have been possible on...
08/03/2023
-
10:05 PM Regression #14189: pfBlocker-NG: HA-Sync is not working
- Related: "Sync to configured backup server" option does not allow to Save without an IP address in the target below.
... -
08:09 PM Regression #14189: pfBlocker-NG: HA-Sync is not working
- Patch to fix the typo was posted at https://forum.netgate.com/post/1108304
-
- Merged https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/350
-
- The installed packages Widget did not show there was a new package. Package manage did, but that was when it failed....
-
- Probably best to move it to the forum then, there may be something that needs fixed on your system, but it's not a ge...
-
- checked branch and it set correctly
-
- No issues installing or upgrading it here. Make sure the update branch is set to the appropriate version that matches...
-
- @jimp
new LCDPROC package will not install
WARNING: Current pkg repository has a new PHP major
version. pfSens... -
- Merged in LCDProc package version 0.11.5
-
11:31 AM Feature #9141: FRR xmlrpc
- In simple setups like mine I believe having the same BGP configuration on both Primary and Secondary members is what ...
08/02/2023
-
06:28 PM Bug #14645 (Resolved): Snort interface "External Net" (EXTERNAL_NET) custom IP list should have negation when expanded
- Hello,
I'm not really good with Snort but all my search results confirm that it is common to have @EXTERNAL_NET@ c... -
- First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Zeek:
@PHP E... -
- First login after upgrading to 2.7.0, a couple of PHP error notices are shown, one of them related to Suricata:
@P...
08/01/2023
-
- Tested in 23.09 by running:...
-
- Can we get nfdump/nfsen package integrated within pfsense? Have sflow send data to nfsen. The built-in collector woul...
-
- Round 3
https://github.com/pfsense/FreeBSD-ports/pull/1278
-
04:54 AM Bug #14638 (Closed): Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
- After upgrading Tailscale from 0.1.3.1 to 0.1.4, Tailscale was not running according to the status page.
I was abl...
Also available in: Atom