Activity
From 09/15/2023 to 10/14/2023
10/14/2023
-
06:36 PM Feature #13575: Update to frr 9.0.1
FRR 9.0.1 is added and working
23.09-BETA (amd64)
built on Thu Oct 12 23:00:00 PDT 2023
FreeBSD 14.0-CURRENT-
02:37 PM Feature #14875: Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
- I see a potential issue here. Careful reading of the API overview at the link provided yields an important piece of i...
-
04:08 AM Feature #14875 (New): Snort + VirusTotal could analyse suspicious domains, IPs and URLs to detect malware and other breaches, automatically
- Hello fellow pfSense Redmine members,
I noticed in Snort we have a resolve IP address option however, time and tim... -
11:37 AM Feature #14878 (New): Integrated syslog support
- Requesting the integrated support to be able to ship pfblockerng logs to a syslog server. This is crucial for organi...
-
09:30 AM Feature #12179: QEMU package
- > It would be more convenient to have it as a package that can be installed/configured from the GUI.
I really woul...
10/13/2023
-
07:57 AM Bug #14841 (Resolved): IPsec Profile Export for Apple is using incorrect encryption on PKCS#12 data, cannot import into macOS
- Tested against:...
-
02:31 AM Feature #14868 (Pull Request Review): FRR - Support multiple OSPF instances
- https://github.com/pfsense/FreeBSD-ports/pull/1293
10/11/2023
-
07:33 PM Todo #14795: Transition to nut-devel
- The upstream issue is resolved.
-
07:01 PM Bug #14865 (New): Saving TINC VPN settings on a CARP Primary causes TINC to start on the Secondary
- When anything triggers a configuration save or if the TINC VPN configuration is saved on the CARP Primary Firewall, t...
-
- Allow to use aliases in "Allowed IPs" in the WireGuard Peer config. That would match with the general ability to use ...
-
12:43 AM Documentation #14842: Update Squid troubleshooting
- Can an update be made in the netgate documentation or a fix for this issue be investigated?
Its very odd that ticket...
10/10/2023
-
09:05 PM Bug #14861 (Resolved): PHP error when pings are enabled but no ping hosts are defined
- i was directed to report this issue here
https://forum.netgate.com/topic/183151/telegraf-stopped-working-after-upd... -
07:52 PM Bug #14554 (Duplicate): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
-
- The pfSense-pkg-nut build appears to be failing due to an issue upstream in the FreeBSD nut-devel package. I have fil...
-
- Sorry I had it set to never to help with my AppID text file I made. I had a huge amount of entries I was making a a g...
-
- I'm not following the problem description in this ticket at all. There is no relationship between the @virusprot@ tab...
-
- Hello fellow Redmine community members,
I am having an issue with my Snort �Remove blocked host interval changing ...
10/09/2023
-
08:56 PM Bug #14200: WireGuard reply-to without NAT
- Confirmed for 2.7.0 and described here:
https://forum.netgate.com/topic/183278/port-forwarding-through-wg-tunnel-mis... -
- Updated to frr 9.0.1 in 23.09 dev branch.
-
12:38 PM Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards
- There is no limit on shellcmd tags, they are all executed by the system in the same manner one after another. If ther...
-
12:20 PM Bug #14855 (Resolved): suricata_Getdirsize issue after PHP 8
- Found an issue with suricata_Getdirsize in suricata.inc
Since PHP 8 an Integer needle is no longer treated as a char...
10/08/2023
-
05:06 PM Regression #14452: Prometheus node_exporter generates errors with the default config
- A fix for this issue appears to have been merged upstream:
https://github.com/prometheus/node_exporter/issues/2593
... -
05:03 PM Bug #14230: PHP error with pfBlockerNG
- Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305
-
- Pull request sent: https://github.com/pfsense/FreeBSD-ports/pull/1305
10/07/2023
-
- Kris Phillips wrote in #note-2:
> I'm not seeing any PHP errors in 3.2.0_4 of pfBlockerNG. Was there any particular... -
- GitHub Pull Request here: https://github.com/pfsense/FreeBSD-ports/pull/1304
-
- In Python mode, when a domain is blacklisted, the result gets cached in the dnsblDB dictionary for caching and faster...
-
- Error:
Fatal error: Uncaught TypeError: fgetcsv(): Argument #1 ($stream) must be of type resource, bool given in /us...
10/06/2023
-
09:21 PM Bug #14846 (Rejected): shellcmd Can't be executed from order 7 onwards
shellcmd Can't be executed from order 7 onwards
The last two commands in the screenshot cannot be executed aut...
10/05/2023
-
05:10 PM Feature #14729: OpenVPN Client Export - Support PLAP on Windows
- Kris Phillips wrote in #note-1:
> Assigning to Jim P since he typically maintains this package.
Thank you. I'm wi... -
- The area where the update is needed:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/squid.html#sites-no... -
- https://gitlab.netgate.com/pfSense/factory-ports/-/commit/50536bbbe13da52c01bfeb77e6f40370844b9659
-
- Since the change to OpenSSL 3.0 on development snapshots, IPsec Profiles exported for Apple cannot be read.
Simila... -
- Jonathan Lee wrote in #note-6:
> I don't know if this is of concern also. My Lan interface assignment to snort only ... -
- I don't know if this is of concern also. My Lan interface assignment to snort only detects the destination as the fir...
10/04/2023
-
- The AdBlock syntax allows for both blacklisting and whitelisting, as well as using wildcards and sometimes plain regu...
-
- The errors are from a file packaged with squid, not captive portal, so moving this to squid.
-
11:58 AM Bug #14836 (New): squid and capitive portal integration bug
- When activating capitive portal authentication mode in squid, errors start to appear and the squid service does not r...
-
- Thanks for looking at this. I found a work around. I disabled the keep config, deleted the package, reinstalled and h...
10/03/2023
-
- PR merged, it's building now
-
- I introduced this bug by way of a typo in my last package fix. The fix for this is posted and awaiting merge and subs...
-
- Steps to create:
Change alert tab length of logs display from 1000 back to 500 after apply
ERROR:
Fatal error:... -
- PR merged and picked back, thanks!
10/02/2023
-
- The fix for the issues in this ticket has been submitted to the DEVEL branch in pull request 1300 here: https://githu...
-
- This was functionality inadvertently broken during the PHP 8.1 updates back in early 2023 and was not detected during...
-
- Duplicate of #13575
-
- It's an issue in your pfBlocker config. You'll have to manually clean up those log files, it's too late for the packa...
10/01/2023
-
01:52 PM Bug #14827: file space error with unbound: 103% used
- When trying to install any packet now the following error occurs:
pkg-static: Not enough space in /var/cache/pkg, ne... -
- Hi Kris,
thank you for your input on this.
I removed pfBlockerNG including its configuration which gives the follow... -
02:22 AM Bug #14827: file space error with unbound: 103% used
- Based on the files, this looks more like an issue with pfBlockerNG than a problem with unbound. All of the files con...
-
10:14 AM Bug #10436 (Feedback): softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
- My fault - I tested it on KVM with vtnet NICs. I'm afraid I don't have SG-3100.
If anyone can run this test on SG-... -
07:01 AM Bug #14638: Upgrading from Tailscale 0.1.3.1 to 0.1.4 does not start tailscale after upgrading
- Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
Tailscale 0.1.4
... -
- Plus should be updated with this as well. It is still on 2.8.0.
-
- Checked current snapshots of 23.09 and 8.5.2 is the current version in the Plus repo.
09/30/2023
-
- pfSense
2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
df -lh output:
Files... -
- Tested on 23.05_1 with SoftFlowD 1.2.6_1
I run SoftFlowd on different interfaces (WAN, LAN and Bridge) and generat... -
11:22 AM Feature #14826 (New): Add package pfSense-pkg-corosync-qnetd
- This package should provide "corosync-qnetd":https://github.com/corosync/corosync-qdevice, a daemon providing an addi...
-
08:08 AM Feature #8547: fwknop Port Knocking Package
- Jim Pingle wrote in #note-1:
> If you want secure remote access, use a VPN.
I understand that censorship circumve... -
- sorry, this is 8.5.3
Bug Fixes
bgpd
Add peers back to peer hash when peer_xfer_conn fails
Do not explicitly p... -
- Because I keep encountering IPV6 bgp sessions in Idle and Connect status, I hope to upgrade to the latest version and...
-
- Feature Request for a pre configured packet crafted response for specific IP addresses such that the reply would auto...
09/29/2023
-
- Sorry this was supposed to be under Snort not nmap. I will fix that.
-
- The purpose of the nmap package is to provide a simple GUI for quick scans. I don't think this request is appropriate...
-
- this still causes event
-
- Ref:
https://www.snort.org/faq/readme-sfportscan -
- Relates to:
https://redmine.pfsense.org/issues/14754
https://redmine.pfsense.org/issues/14514 -
- Attached is a example of detection and block of a standard non decoy nmap scan.
Kali OS has decoy/spoofing port sc... -
- It may be this gets resolved once the package is updated:
https://redmine.pfsense.org/issues/14795 -
- This now functions as expected with the created rules
If other admins use this firewall in a very large environmen... -
- Thanks for the reply.
I have added this to always allow. I did not know if others have noticed this. -
- This type of issue is better handled outside of the firewall software itself (e.g. by creating your own rules).
-
- Done per request
https://forum.netgate.com/topic/183128/services-snort-pass-list-edit-auto-generated-ip-addresses-... -
- > I have spoof rules enabled they are still blocking the passlist addresses seen below.
This has been an issue in th... -
- I have learned that Snort's GUI Passlist Auto-Generated IP addresses area is not 100% passing and still blocking whe...
-
- I opened a new bug for that I forgot that I have that already set as pass listed
-
- @Marcos M
They are automatically added to pass list and this still occurs.
Unless this was changed recently.
... -
- Related Feature Request
https://redmine.pfsense.org/issues/14821 -
- Thanks Marcos I am aware of the passlist area this would resolve this. Again, that would allow backdoor conditional p...
-
- This isn't a bug. To avoid the issue, relevant IP addresses can be added to a passlist. There also likely exist rules...
-
- Please let me know if that helps with the logic if not I can boot up Kali to offline my system again. That is already...
-
- Example of detection and block of standard nmap scan.
Kali OS has decoy scanning abilities for lan tests that are ... -
- Thus this is what is occuring for my system and creates the DoS event.
Nmap -sS -D 8.8.8.8 64.113.111.129
Resul... -
- Durring testing this condition with Palo Alto
Command used was
Nmap -sS -D decoyIP targetIP
This will send th... -
- This denial of service attack occurs only when
P: snort is on wan and has port scan detection and blocking enable... -
- 64.113.111.129 is my IP this block occurs when this IP is used by an invasive actor to perform a port scan of my netw...
-
- P: pfSense is forwarding it's DNS to 8.8.8.8 and Snort is set to block port scans seen on the WAN interface.
Q: th... -
- This bug report makes absolutely no sense to me. I can't follow the logic trail here. All of the blocks shown in the ...
-
- https://github.com/pfsense/FreeBSD-ports/pull/1296
-
- https://redmine.pfsense.org/issues/14821
Related Feature Request -
-
- For what it's worth, I just restored a backup on 23.09 which had FreeRADIUS3 installed and it restored fine and reins...
09/28/2023
-
- Thank you!!!
-
- Thank you !!
-
- Again this is another example where the DNS resolver IP address that is set on the firewall is being used as a decoy ...
-
- Does anyone know if this has this been resolved? I noticed I had to reapply the fix last update.
-
-
08:25 AM Bug #14498: php errors when looking at snort active rules
- The crash was produced in an attempt to grab the status output file, ticket #1936290053 there are no other PHP errors...
09/27/2023
-
04:59 PM Feature #9833: ACME: add ability to use custom ACME server
- +1 as well. Many of the other servers running on-premises use the Step CA that is hosted internally. Allowing pfsense...
-
04:02 PM Bug #14815 (Resolved): ACME.sh ingnores Certificates in Trust Store
- ACME.sh does not trust the certificates in /etc/ssl/certs. This a problem when you add a custom ACME provider.
Curl... -
-
- Tested on
23.05.1-RELEASE (amd64)
built on Wed Jun 28 03:57:27 UTC 2023
FreeBSD 14.0-CURRENT
freeradius3 0.15.... -
11:11 AM Bug #14554: PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string
- Alex Kolesnik wrote:
> https://forum.netgate.com/topic/180950/error-on-pfblockerng-inc-5310-pfblockerng-devel-3-2-0_...
09/26/2023
-
- Or….
We could have a proper fix for this issue then the workarounds that aren’t scalable -
03:14 PM Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
- Simon Byrnand wrote in #note-10:
> Could you not just use "Bypass Proxy for These Destination IPs" under "Transpar... -
01:32 PM Bug #14390: Squid: SECURITY ALERT: Host header forgery detected
- Denis Roy wrote in #note-9:
> I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely o... -
- Paolo Rosso wrote in #note-7:
> I confirm that the <keep_settings> tag is not present in my config.xml.
> After ent... -
08:19 AM Bug #14806: Freeradius configuration lost when you reinstall package
- I confirm that the <keep_settings> tag is not present in my config.xml.
After entering settings and saving, the <kee...
09/25/2023
-
- I have a transparent deployment with pfSense 2.7.0, and a mitigation has been to rely on pfBlockerNG and custom NAT r...
-
- Fix committed and picked back to CE 2.7.0 and Plus 23.05.1
https://github.com/pfsense/FreeBSD-ports/commit/0048927... -
-
- I can't replicate this here but I can see how it might have happened.
If you never went to the Settings tab and cl... -
- Duplicate of #14806 but I already started working on that issue even though this one was older.
-
- That line was put in to help with #11888 so if it gets removed or changed that will need to be reopened or at least t...
-
- If it works on 23.09 then it seems like an issue in FRR with that particular configuration that's been fixed, and whe...
-
12:23 PM Feature #14793: Package: sfpnfo, SFP Information
- This reason is valid and true. I will think about starting a suggestion on how to improve the interface list.
Thank... -
- If status_interfaces.php is insufficient in some way, the correct thing to do would be to fix or otherwise improve th...
-
- Jim Pingle wrote in #note-1:
> This is not needed. SFP information is already printed on Status > Interfaces. If mor...
09/24/2023
-
- I have just created a corresponding "pull request":https://github.com/pfsense/FreeBSD-ports/pull/1298.
09/23/2023
-
- Assigning to Jim P since he typically maintains this package.
-
-
- Tested this on the latest 23.09 builds. Even with "Save settings after deletion" checked, all settings are erased on...
-
- I did a simple freeradius configuration and entered a user.
If I reinstall freeradius from the package manager I los... -
enabling RPKI option breaks BGP.
rpki
rpki cache 10.100.100.134 9400 test preference 1
!
pfSense.home....-
- Tested on 23.05_1
After adding ldapusersearch option into Group ACL... -
- Tested on 23.05_1
Ecosia and Onesearch safesearch are available for SquidGuard 1.16_19... -
- Tested on 23.05_1
Option 'HAProxy SSL/TLS Compatibility Mode' is available now (HAproxy 0.63_1).
Choosing differe... -
- Tested installing/uninstalling squid 0.4.46 and squidGuard 1.16.19.
There were no PHP errors.
I am marking thi... -
- tested on
23.09-DEVELOPMENT (amd64)
built on 20230922-1539
FreeBSD 14.0-CURRENT -
- when I changed Endpoint ip via webgui, but the wiregaurd still using old Endpoint ip ruuning.
09/22/2023
-
- Works as desired on dev snapshots. We can tweak the output as needed over time if necessary.
09/21/2023
-
- Marcos, the problem is that the squid package is not respecting the host strict setting. The package is broken in tha...
09/20/2023
-
- Hi Mike, (and others)
Thanks for commenting and having a look at this - I agree, with "host_verify_strict off", whic... -
- host verify strict is set to OFF by default so technically we souldnt be having these /409 errors.
My suspicion is t... -
- https://github.com/rudiservo/pfsense_storeid
This program was made for CDN maybe it can be expanded -
Could Squids storeID help resolve this?
https://wiki.squid-cache.org/Features/StoreID
https://forum.netgate...-
- https://redmine.pfsense.org/issues/14786
I have also seen "UPP" utilizing this to get around non transparent mode ... -
- I wish it did resolve this. Thanks for the information. I will keep researching.
-
- This seems related:
https://redmine.pfsense.org/issues/14390
Keep in mind that a report on the forum mentions tha... -
-
- This is most likely a problem in your configuration, or maybe an upstream bug in FRR on FreeBSD. Either way there isn...
09/19/2023
-
- host_verify_strict on
host_verify_strict off -
- Ref:
http://www.squid-cache.org/Doc/config/host_verify_strict/
This option could be built into the GUI to bring m... -
10:42 PM Bug #14797 (Not a Bug): FRR not propagating some kernel routes to Zebra table, breaking OSPF redistribution
- I recently upgraded a pfSense VM from 2.6.x to 2.7.0, and the FRR package was also updated from _something_ to 1.3_1
... -
10:15 PM Bug #14796 (Resolved): ACME for domain registrar INWX in Germany
- I am using ACME with INWX in Germany and automatic renewal has worked up to (at least) 11 July 2023. The latest renew...
-
- The current NUT package is based upon the 2.8.0 distribution of NUT. Unfortunately, since its release in April of 202...
-
- Since frr9 has been released, we can upgrade to that instead. Ideally, it will be merged upstream first:
https://bug... -
- And just double checked @jimp in scenarios like having a LAG the Mentioned Interface Status is not displaying any SFP...
-
- I have a totally different opinion on this, the existing interface output is cluttered and not showing all needed inf...
-
- This is not needed. SFP information is already printed on Status > Interfaces. If more detail is needed the additiona...
-
- Submitted a PR for a Package displaying Information about inserted SFP / SFP+ Modules in a easy to access way in the ...
-
- Works as expected on current dev snapshots with the most recent export package.
09/18/2023
-
- This is committed and will be in FRR pkg version 2.0.1 when it builds. Only in dev snapshots for now as it depends on...
-
-
-
- (a) Not all swap usage is bad: https://docs.netgate.com/pfsense/en/latest/hardware/memory.html#not-all-swap-usage-is-...
09/17/2023
-
09:56 PM Feature #9238: Add support for Zerotier
- This is still a hope and a dream for me. Seems like a great way to add SD-WAN features to pfS.
-
08:14 PM Regression #14774: Lightsquid won't allow change the password.
- I update the package and now I can add user and change password, thanks team!!!
-
- Tested on 2.7.0-RELEASE (amd64)
built on Wed Jun 28 03:53:34 UTC 2023
FreeBSD 14.0-CURRENT
Lightsquid 3.0.7_3 Th... -
12:56 AM Bug #14788 (Not a Bug): NtopNG high swap usage
- +*Issue:*+
100% SWAP usage on pfSense+ 23.05.1-RELEASE after a number of days of uptime when the package NtopNG 0.8....
09/16/2023
-
02:34 PM Feature #14787 (New): Feature request - Freeradius post-auth custom options
- I would like to check if it is possible to add a custom options field for post-auth in Freeradius package.
This woul...
09/15/2023
-
- Keep in mind my concern is not of Apple's use of UPP rather for, when UPP Get requests are used invasively. How can a...
-
- Ref for research of UPP get requests:
https://forum.netgate.com/topic/182866/universal-procedure-pointers-upp-mzstat... -
- I couldn't reproduce this issue.
Tested against:... -
- I can not reproduce this issue.
Tested on packages:
HAproxy 0.63_1
haproxy-devel 0.63_1
I am marking this cas...
Also available in: Atom