Activity
From 08/17/2023 to 09/15/2023
09/15/2023
-
08:05 PM Feature #14786: Add GUI option for host_verify_strict
- Keep in mind my concern is not of Apple's use of UPP rather for, when UPP Get requests are used invasively. How can a...
-
- Ref for research of UPP get requests:
https://forum.netgate.com/topic/182866/universal-procedure-pointers-upp-mzstat... -
12:17 PM Regression #14024 (Resolved): PHP error in HAProxy Widget with Show Client Traffic enabled
- I couldn't reproduce this issue.
Tested against:... -
- I can not reproduce this issue.
Tested on packages:
HAproxy 0.63_1
haproxy-devel 0.63_1
I am marking this cas...
09/14/2023
-
01:03 PM Bug #14748: FRR reload script is not executed properly
i using frr webgui setup Route Handling not normal work also.-
12:57 PM Regression #14774: Lightsquid won't allow change the password.
- Hello Jim.
Other thing, there is a way to create users with lightsquid?
If I type newuser + password and save, ... -
12:55 PM Bug #14780 (Not a Bug): The assigned Tailscale interface causes the "Network interface mismatch" on booting
-
12:17 PM Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting
- That is expected, users should not assign the Tailscale interface, it isn't meant to be used that way.
There may n... -
- I can confirm this behavior on the: ...
-
07:16 AM Bug #14780: The assigned Tailscale interface causes the "Network interface mismatch" on booting
- Tested on ...
-
- If you assign the tailscale0 as the interface, it will cause "Network interface mismatch" during the boot and prevent...
-
- I am marking this case resolved.
-
- Yes, I can confirm it works again. ...
-
05:21 AM Feature #14779 (New): dynamic dns for wireguard peer
- Dear team;
we have multiple business with many branches the have smb internet with no static ip address assigned t...
09/13/2023
-
- See #14777 for implementation details once that is complete.
09/12/2023
-
05:45 PM Regression #14739 (Resolved): PHP error with lightsquid when generating an SSL certificate
- Resolved with 3.0.7_1.
-
-
- frr8-8.5.2
Because some upstream routes show that LocPrf and Weight are 0. FRR LocPrf and Weight is forced to 0
... -
- I pushed a fix for this, it will be available shortly.
-
- I had the latest version of lightsquid 1.8.5 3.0.7_2.
Is not accepting new password for the user 'admin'.
It wo...
09/11/2023
-
- Fixed in commit @9be9459ba796313087ca34b63c3deee7f181faea@ it will be in the next snapshot builds.
-
- The new fix wasn't quite right (has a couple incorrect variable references. New fix coming momentarily.
-
- I pushed a fix for this ( @52f6d98647b961eefa693ca3ab793785befd3a5d@ ), it should be available soon.
The fix could... -
- I take that back, it's not related, but I fixed it when I fixed the other issue. Though when I fixed that, I used fun...
-
- This is from the change in #14739 -- that one is still open (in feedback state) so I'm closing this and noting the fi...
-
- Hello we update lightsquid the latest version and we found that stop working.
Every time we try to access the repo... -
03:14 AM Feature #14770: Search for addresses and ports optimization
- I understand there is a note for admins to use regex style but there really should be a simplier way....
a seperate ... -
- The search field for source IP addresses requires a bit of optimization.
If you search for source IP 192.168.3.3 the...
09/10/2023
-
- yes, Now any changes need to restart the frr service to take effect.
-
- Hello.
Does this bug is related to the error about lightsquid creating certs each we try to access the reports and w...
09/09/2023
-
07:08 PM Regression #14764 (Confirmed): HAProxy local syslog not working
- HAProxy package v0.63_1
Setting the syslog host to @/var/run/log@ in the HAProxy settings doesn't produce any entr...
09/08/2023
-
09:11 PM Bug #14711: pfBlocker ASN to IP Address option doesn't work
- It seems to be working again for me!
-
07:49 PM Feature #9833: ACME: add ability to use custom ACME server
- +1 for me too. I'd like to set it up with FreeIPA 4.9 as it starts to support the ACME protocol for certificates.
-
- I can confirm this behavior, the Frr keeps the neighbor config until the restart of the service
tested on
<pre... -
02:05 AM Feature #14539: Add support for Oracle Cloud Infrastructure (OCI) vNIC management to work with unicast CARP
- Package PR: https://github.com/pfsense/FreeBSD-ports/pull/1291
With initial commit to introduce this capability.
09/07/2023
-
- When RPKI is enabled for filtering, no upstream routes are received.
route-map RPKI deny 20
match rpki invalid
... -
12:54 PM Bug #14460: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158
- Will open issue in TAC asap.
Currently I don't have a GUI ... because the LE-Cert-Renewal fails because of the non-wo... -
- Stefan Weichinger wrote in #note-12:
> I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
> Should I... -
- I have a 2nd pfSense (SG1100) that also has HAproxy not starting.
Should I open a new issue in TAC, may I post the r...
09/06/2023
-
- The port does not currently build on FreeBSD 14 according to:
https://gitlab.com/FreeBSD/freebsd-ports/-/commit/d738... -
- Please Note:
bugs@snort.org does not respond to any emails with the report listed above. If you are reading this ... -
- Per Netgate Security Team on August 25, 2023 at 5:17:05 AM PDT:
Hello,
The Snort package for pfSense software i... -
- *Version:*
Snort 4.1.6_8 built on pfSense plus Netgate 2100 appliance running an ARM processor. Package is prebuilt... -
01:58 PM Bug #14753: pfBlockerNG sync issues
- Tested on pfSense 23.05.1 and pfBlocker 3.2.0_6 and can confirm such issue.
-
01:50 PM Bug #14753 (New): pfBlockerNG sync issues
- pfBlockerNG sync user's password may cause sync issues and be recognised as an attacker by sshguard if it's password ...
09/05/2023
-
- please upgrade pf23.09 and frr 8.5.2 for test
-
https://github.com/FRRouting/frr/issues/14205
23.09-DEVELOPMENT (amd64)
built on Tue Sep 05 05:55:55 UTC 2023...-
- I deleted frr Neighbors through webgui, but it was not deleted in frr.
That is, the deletion operation through pf... -
- For those looking for a workaround for now I found this. Can use it to pull a JSON.
https://github.com/ipverse/asn-ip -
- I can confirm this is an issue. ASN lookup no longer working for me.
-
- That looks like something specific to the behavior of the daemon which is out of our control (unless there is a CLI/c...
09/04/2023
-
11:36 PM Bug #14747: softflowd sending same data with different snmp versions
- It seems that the problem is related to VLAN interfaces.
I've been doing some tests and if you set softflowd to coll... -
- upstream bug reported:
https://github.com/irino/softflowd/issues/51 -
- My environment:
SG-4100 23.05.1, packages up to date and System patches applied.
sotflowd running on LAN, WIFI an... -
12:40 PM Feature #14712: CrowdSec package
- Hi!
The package is ready for public testing.
Three things to read:
- the short repository readme - https://... -
05:56 AM Bug #14745 (New): haproxy: backend, SSL health check
- During testing with a backend HTTPS server, I wanted to test if the SSL health check would work; it did not.
So, I d... -
01:33 AM Feature #14468: pass along ntopng professional license key
- Just an update to say I have now successfully installed NTOPNG Pro version, via console, and licensed it on latest ve...
09/02/2023
-
- This is still an issue but I have a feeling it’s related to 14484
Edit any interface will lead to a reconfiguration ... -
05:33 PM Bug #14659: vlan (add/modify/delete) with pfblockerNG installed - all interfaces flap
- do you still see this flapping issue after removing or correcting the unresolvable source/destination alias messages ...
-
- Tested the package version:...
09/01/2023
-
- Should be fixed in commit @11ed1711e84357241c044c82e7f2be7186375e75@ (https://github.com/pfsense/FreeBSD-ports/commit...
-
- ...
-
- I tested this on 23.09 dev snapshots and I'm not able to replicate the issue. The files are in the directory:
{{co... -
09:08 AM Bug #14730: FreeRADIUS package has wrong/old internal_name specified in backup xml causing package reinstall failure on backup restore
- Let me try give you more info to reproduce. We have the issue on many devices not just one. We also had this issue on...
-
06:54 AM Bug #14733: CARP Master before HA Proxy is started
- Hi Jim,
Thanks for the quick response and suggestion. Changing the WebUI port makes sense to get rid of the confli... -
06:48 AM Bug #13405: Wireguard: The webgui becomes excessively slow to respond with a large number of peers
- I can also confirm this, but its happening to me with only some Peers (exactly, 4 tunnels, about 10 peers in total) I...
08/31/2023
-
- "2Amos Jeffries 2023-08-29 18:26:02 UTC
AFAICT "0.4.46" is the version number of the pfsense plugin used to integra... -
- Sounds like you have something misconfigured. You are trying to bind two things to the same port on the same address ...
-
- Pfsense becomes CARP master before HA proxy is started. This is a significant problem and causes unneeded outages. Wh...
-
- Just checked on pfSense 2.7.0
Backup version is the same as yours.
internal_name is still there as before.
Not sure ... -
- I couldn't reproduce this issue on the:...
-
- The latest release 0.1.5_11 contains the ignoreDisk directive for /var/unbound/dev ...
08/30/2023
-
- Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the... -
02:12 PM Feature #8547: fwknop Port Knocking Package
- I'm willing to chip in, help code this myself or hire someone to develop this. Either way I'd like to see this packa...
-
- I really want to see this as well. I'll explain why people want fwknop or at the minimum knockd support...
Fwknop... -
-
- PR merged, thanks!
-
- PR merged, thanks!
-
- When backing up with package info included:...
08/29/2023
-
- 2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
F... -
06:40 PM Bug #14108: Antivirus Bases showing outdated main.cvd with a version dated year 2021
- From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV dat... -
- https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of... -
01:54 PM Feature #14729 (New): OpenVPN Client Export - Support PLAP on Windows
- OpenVPN 2.6 for Windows introduced support for PLAP (Pre-Logon Access Provider). With this support, users get a new i...
-
- https://bugs.squid-cache.org/show_bug.cgi?id=5298
Added to bugzilla for Squid for more support visibility -
- https://bugs.squid-cache.org/show_bug.cgi?id=5296
Bugzilla Squid ticket now open for more Squid support visibility.
08/28/2023
-
05:15 PM Bug #14722: Snort Rule Update time settings does not create cron job correctly with certain times
- This is a duplicate of bug 14723. My report of the user-identified issue and the acutal user's report of the same iss...
-
04:37 PM Bug #14722 (Duplicate): Snort Rule Update time settings does not create cron job correctly with certain times
- What happens is that when a combination of update interval and hour is set that adds up to 24, the script that create...
-
- Pull Request 1289 (https://github.com/pfsense/FreeBSD-ports/pull/1289) has been submitted to correct this issue. This...
-
- The Suricata package GUI incorrectly adjusts the starting hour for the automated rules update cron task when the user...
-
- Pull Request 1288 (https://github.com/pfsense/FreeBSD-ports/pull/1288) has been submitted to resolve this issue.
T... -
- The Snort package incorrectly adjusts the rollover from 23:xx hours to 00:xx hours when creating the cron task for au...
-
04:01 PM Bug #13432: ups driver will not start
- I started having similar issue after upgrade to 2.7.0 (was working before)
got notices and saw "upsmon" giving "fail... -
- The PR was merged.
08/27/2023
-
08:05 AM Feature #9916 (Resolved): Check allow-transfer in custom option when the zone is slave
- Tested on 23.05_1
Allow-transfer option check was added and there wasn't any bind error if I add this option into Cu... -
Different way to iterate the variable for multiple cases
You can also use the the case command to iterate over t...
08/26/2023
-
- on 23.05.1 and pfB 3.2.0_6 after working through getting the package to uninstall successfully (see https://redmine.p...
-
- Kris Phillips wrote in #note-1:
> Hello,
>
> Is this with the devel or stable branch of pfBlockerNG?
devel and... -
- This is still happening with pfBlockerNG 3.2.0_6. I believe I've found a workaround for this after chasing a few of t...
-
- Tested on pfBlocker 3.2.0_6
It failed to load list.... -
- !clipboard-202308260857-oz2vd.png!
Under *Firewall/pfBlockerNG/DNSBL* there is *DNSBL IPs* section.
The *Alias ... -
- Non standard colours also
@#!/bin/sh
pfctl -vvss | grep ', rule 79' >/dev/null
res=$?
if [ $res = 0 ];
then
...
08/25/2023
-
- https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/353
-
-
04:13 PM Bug #14714: HAProxy Agent Check
- Bug No 2 is now described in Bug #14715
-
- Jacques Bourdeau wrote in #note-2:
> Jim Pingle wrote in #note-1:
> > Please create a separate issue entry for each... -
- Jim Pingle wrote in #note-1:
> Please create a separate issue entry for each problem, even if they appear to be rela... -
- Please create a separate issue entry for each problem, even if they appear to be related.
-
- For my load balancing, I ended up needing to use Agent-based checks in HAProxy.
I configured it in my pfSense+ (23... -
- Related to Bug #14714 which also does not populate the config file properly for agent-check based monitoring in HAPro...
-
- If anyone knows of a more efficient want to poll the state table, please let me know.
Have a good day -
- Here is a photo of testing with the three LEDs enabled when rule 79 went active.
Does the state table counters als... -
- I wonder if there is another way to do it maybe with the active state tables counters. Thanks for looking into this i...
-
- I don't see anything like that being added to the base system, but maybe someone might design a package around it.
... -
- Side note, I recently learned "The Air force one Executive Phone has a light on the back that lights up red when secu...
-
- pfctl -vvss| grep '192.168.1.11' would work great too as it would be IP address based not rule based
also
pfctl -vv... -
- The capability is you can take any rule ID you have that establishes a connection and you could configure it to be us...
-
- Hello fellow Netgate pfSense Redmine community members,
I wanted to share this with you all to see if this is any... -
- e ok wrote:
> I think is not necessary another IPS, but I leave here If something consider that is more robust or go... -
12:32 PM Feature #14712 (New): CrowdSec package
- I think is not necessary another IPS, but I leave here If something consider that is more robust or good tan Snort or...
-
- pfBlocker relies on Team Cymru IP to ASN Lookup v1.0 to get the list of prefixes for the defined ASN. But it seems th...
-
- I have tried to define the ASN format and it appears that it is still not working consistently. Occasionally, it does...
08/24/2023
-
02:29 PM Feature #14706 (New): Add Cloudflare tunnel pkg
- Hello everybody,
I've been using Cloudflare tunnel for more than an year as I'm now behind CGNAT so no more open p...
08/23/2023
-
- Duplicate of #14654
It's already fixed in the most recent version of the package. -
05:10 PM Bug #14704 (Duplicate): FRR BGP Neighbor configuration page no longer displays BFD Peer(s) in the BFD section
- Hello,
I can no longer select a BFD Peer when creating a FRR BGP neighbor.
As an example.
I have two (2) BFD...
08/22/2023
-
- It's already fixed in dev snaps, it'll come back naturally with the next release.
08/21/2023
-
- Thanks for looking at this and testing the various inputs. I did not know about the other reporting URL I will use th...
-
- That action is just echoing back the input to the user but as it passes through a query string and so on, the content...
08/19/2023
-
05:47 PM Bug #14683: PHP error on ``status_frr.php`` from using too much memory
- Since this is the same base issue solved by the PHP patch, I'm marking this as a duplicate of https://redmine.pfsense...
-
-
- /usr/local/www/sgerror.php
has no ability to disable internal error redirect functionality when utilizing externa... -
- In my case https://192.168.1.1:8080/sgerror.php?url=403%20Blocked%20by%20Mom%20and%20Dad&a=%a&n=%n&i=%i&s=%s&t=%t&u=%...
-
- sgerror.php is also still accessible even with the internal error redirector redirecting to external site like Google...
08/18/2023
-
- I wonder if there is any php injection vulnerabilities here. I did get it to say hello world. I noticed there is some...
-
- if I can force it to say hello world, you could force it to say it a million times and do a denial of service attack ...
-
- Hello fellow pfSense Redmine team,
I seem to have found an issue with sgerror.php allowing a user to adapt the ph... -
- I'm using ACME certs with HAProxy and it works fine here, so it's not clear why yours might be failing.
This site ... -
05:02 AM Bug #14694 (Not a Bug): HAProcy
- After the latest update I can no longer assign an ACME certificate to a HAProxy Frontend, not matter which certificat...
08/17/2023
-
and changed config.inc
// Set memory limit to 512M on amd64.
if ($ARCH == "amd64") {
ini_set("memory_limit", ...-
- i have changed php tomemory_limit = 1200M now,it is ok.
and if run frr bgp route, the kern.ipc.maxsockbuf must be ch...
Also available in: Atom