pfSense » pfSense Packages

04/01/2024

11:34 PM Feature #14712: CrowdSec package

I have been testing this for several months now and like it as another layer of security that uses very little resour... Glenn Hall

11:25 PM Bug #15365: pfBlockerNG PHP error when editing a list

I can also confirm this behavior. I corrected it in my setup by editing line 391 of /usr/local/www/pfblockerng/pfbloc... Glenn Hall

10:07 PM Feature #15374: Use of cachemgr.cgi within secure lightsquid access

Of course you can't access it with a GUI login session to light squid, is this something anyone wants to research at ... Jonathan Lee

10:05 PM Feature #15374 (New): Use of cachemgr.cgi within secure lightsquid access

Hello fellow pfSense redline members,
Can we please add Squid's cachemgr.cgi to the lightsquid package.
Please... Jonathan Lee

05:29 PM Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12

Zabbix server 6.4.13 is out now and I have confirmed that it works correctly with older proxies, including 6.4.1 that... Andrew Almond

08:47 AM Feature #8547: fwknop Port Knocking Package

Also upvote.
Because *bruteforcing by thousands of IoT devices* (fridges, smart bulbs, smart locks, smart tvs, Al... Sergei Shablovsky

03/31/2024

06:59 AM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

https://forum.netgate.com/topic/185475/new-bogon-hitting-the-openvpn-port-1194 Jonathan Lee

06:59 AM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

Unrelated but if you’re not logging and locking down your VPN use make sure you do. Jonathan Lee

06:53 AM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

remote f.q.d.n 1194 udp4
to
remote f.q.d.n 1194 udp
I am opening a redmine for this as the iPhone uses ipv6 an... Jonathan Lee

06:48 AM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

My original test was from a cellphone iOS iPhone SE latest SE from cell network remote connection to DSL IPv4 only IS... Jonathan Lee

04:00 AM Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service

0.0.3_6 pimd on 24.03 beta seems to function correctly with regards to bindings and interface selection and the statu... Jordan G

03/30/2024

11:32 PM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

Just tested a config with udp4 in the remote host line on OpenVPN Connect on Android. The config imported just fine.... Kris Phillips

11:31 PM Bug #15131: OpenVPN client export issues with iPhone and IPV6 connections

I tested this on 24.03 and am unable to reproduce this. The config file on a new multihome config spits out with udp... Kris Phillips

11:20 PM Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12

Checked on the latest 24.03 BETA builds. This is still on the older version: zabbix64-proxy-6.4.10_1  Kris Phillips

03/29/2024

01:08 AM Feature #14032: Neighbor Discovery Proxy (NDproxy)

Bump! ndproxy has been patched and now builds on FreeBSD 14 - see commit history:
https://www.freshports.org/net/ndp... Firstname Surname

03/28/2024

08:51 AM Bug #15365 (Confirmed): pfBlockerNG PHP error when editing a list

I can confirm this behavior.
!clipboard-202403280951-tqfxp.png!... Danilo Zrenjanin

03/27/2024

09:45 PM Regression #14189: pfBlocker-NG: HA-Sync is not working

Linking in https://forum.netgate.com/topic/179060/pfblockerng-sync-not-working/54 which says in part:
"All you nee... Steve Y

03:47 PM Bug #15365 (Resolved): pfBlockerNG PHP error when editing a list

When editing an IPv4 list item I hit:... Steve Wheeler

03/23/2024

07:55 PM Bug #13654: Wireguard does not fail back failover WAN setup.

Tested/confirmed on 4100 hardware, pfSense Plus 23.09.1.
Dual ISP in gateway group with tier 1/2.
Wireguard traffic... Craig Coonrad

03:42 PM Bug #11614: ACME certificate renewal/creation fails with multiple DNS providers

3 years later and I ran into the same issue and the fix is actually extremely simple.
The logic in the function <c... Sherif Fanous

12:08 AM Todo #15270 (Closed): ENUMER STUN

That feed isn't enabled by default and we don't maintain it. The pfBlockerNG developer includes the ability to one-cl... Chris W

03/22/2024

03:30 PM Todo #15281 (Confirmed): Upgrade Tailscale to 1.6.0

This is not currently available in the 24.03-BETA. We're still on 1.56. Kris Phillips

03/21/2024

06:03 PM Bug #15334 (Resolved): Interface Description not updated properly when add/creating new interface in Snort

PR merged, thanks! Jim Pingle

06:02 PM Bug #15351 (Resolved): Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB

PR merged, thanks! Jim Pingle

06:02 PM Bug #15333 (Resolved): Interface Description not updated properly when add/creating new interface in Suricata

PR merged, thanks! Jim Pingle

06:02 PM Bug #15350 (Resolved): Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB

PR merged, thanks! Jim Pingle

06:00 PM Feature #15355 (New): Logging Verbosity Change via patch for miniupnpd

Please see https://forum.netgate.com/post/1158297
For those that wish to ingest miniupnpd (UPNP) firewall and nat ... Jeff Lewis

03/20/2024

07:12 PM Bug #15334: Interface Description not updated properly when add/creating new interface in Snort

A pull request has been submitted against the RELENG_2_7_2 branch of pfSense CE to correct this issue: https://github... Bill Meeks

07:12 PM Bug #15351: Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB

A pull request has been submitted against the RELENG_2_7_2 branch of pfSense CE to correct this issue: https://github... Bill Meeks

06:46 PM Bug #15351 (Resolved): Snort does not honor user-specified PHP memory limit setting if user specifies a value greater than 384 MB

Recently pfSense added a new PHP Memory Limit parameter in the *Advanced Settings* tab under the SYSTEM menu. Prior t... Bill Meeks

06:32 PM Bug #15333: Interface Description not updated properly when add/creating new interface in Suricata

A pull request containing the fix for this issue has been posted against the RELENG_2_7_2 pfSense CE branch here: htt... Bill Meeks

06:31 PM Bug #15350: Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB

A pull request containing the fix for this issue has been posted against the RELENG_2_7_2 pfSense CE branch here: htt... Bill Meeks

02:18 PM Bug #15350 (Resolved): Suricata does not honor user-specified PHP memory limit setting if user specifies a value greater than 512 MB

Recently pfSense added a new PHP Memory Limit parameter in the *Advanced Settings* tab under the SYSTEM menu. Prior t... Bill Meeks

03/17/2024

06:21 PM Todo #14073: Shalla block list is offline but still available in pfBlocker

Kris we know what the issue is but how does it get cleaned up?
Seems like something someone internal can push the m... Mike Moore

02:53 AM Todo #14073: Shalla block list is offline but still available in pfBlocker

This still affects 23.09.1 and 24.03's builds of pfBlockerNG as of today. This source should be removed as soon as p... Kris Phillips

02:58 AM Bug #15296: WAN Interface cannot added to ntopng if offline-packet loss

Sergei Shablovsky wrote in #note-1:
> Sergei Shablovsky wrote:
> >
> >
> > But LAN interfaces ALL would be ADDED as... Kris Phillips

03/16/2024

09:43 PM Bug #15333 (Confirmed): Interface Description not updated properly when add/creating new interface in Suricata

Similar behavior as seen with Snort (#15334). Differences are:
- When you change the dropdown selection of an inte... Chris W

05:53 PM Bug #15334 (Confirmed): Interface Description not updated properly when add/creating new interface in Snort

To be clear, what you're looking for is to select any interface in Snort (and Suricata) and have the Description form... Chris W

03/15/2024

03:18 PM Bug #15313: Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12

Zabbix has now added a note to the upgrade notes and release notes that warns of the issue with 6.4.12:
https://www.... Andrew Almond

02:52 PM Feature #15340 (New): provide the ability to deactivate actions in Gui

When using the webUI to push changes there are times when i need to deactivate a portion of the config. For example, ... Mike Moore

07:22 AM Bug #14460 (Resolved): PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in /usr/local/pkg/haproxy/haproxy.inc:2158

I am closing this case because it appears to be more of a configuration issue rather than a bug. Danilo Zrenjanin

03/14/2024

09:13 PM Bug #15313 (Confirmed): Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12

Chris W

01:35 PM Bug #15100: Tailscale IPv6 Exit Node uses first LAN interface when WAN is set to Only Request Prefix

There is a feature request:
https://redmine.pfsense.org/issues/15177 Danilo Zrenjanin

03/12/2024

03:37 PM Bug #15334 (Resolved): Interface Description not updated properly when add/creating new interface in Snort

*Brilliant pfSense DevTeam!*
*WHERE*
in *Services / Suricata* package
on *Interfaces*
*ISSUE*
Interface ... Sergei Shablovsky

03:30 PM Bug #15333 (Resolved): Interface Description not updated properly when add/creating new interface in Suricata

*Brilliant pfSense DevTeam!*
*WHERE*
in *Services / Suricata* package
on *Interfaces*
*ISSUE*
Interface *De... Sergei Shablovsky

01:06 PM Bug #14556: Tailscale dropping routes from FIB

Chris Linstruth wrote:
> Attempted to duplicate this by adding a tailnet to 4 pfSense nodes with routes and two devic... Matt Keys

03:05 AM Regression #15158: XMLRPC Timeout won't save if over 150

I was able to replicate this on 24.03.b.20240311.0600, pfBlockerNG 3.2.0_8 dylan mendez

03/11/2024

03:53 PM Feature #15243: CARP causes tinc termination

I have only one tincd process (which is in no way related to any VIP managed by CARP) and it is "stopped" (i.e. event... Michael Lipp

02:39 PM Feature #15243: CARP causes tinc termination

By "kills tinc" it means tinc stops functioning completely or just on the CARP interface?
If you have the Local IP... dylan mendez

12:58 PM Bug #15250 (Resolved): Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.

That is the latest version for 23.09.1. The version on dev snaps had already had a port revision bump for a change th... Jim Pingle

04:48 AM Feature #8547: fwknop Port Knocking Package

There are vpn technologies now using crypto based port knocking for just this reason. In my view it’s a reasonable fe... Robert Fulmer

03/10/2024

01:35 AM Bug #13409 (Pull Request Review): Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only

Still an issue on... Christopher Cope

01:03 AM Bug #14995 (Resolved): SID Management List Actions download leads to 502 Bad Gateway

Closing this one out as Resolved since this has been merged and the package is available. Kris Phillips

12:59 AM Bug #15250: Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.

Updated 0.63_3 package is available in 24.03 repos, but has not yet been merged into 23.09.1. Package 0.63_2 is stil... Kris Phillips

12:47 AM Bug #14934 (Resolved): haproxy-devel: "Warning: process cannot be trusted anymore!" since pfSense Plus Upgrade to

Testing this on 23.09.1, I'm not able to reproduce this. Since 23.09.1 is release and 23.05.X is no longer supported... Kris Phillips

03/09/2024

09:10 PM Regression #14452: Prometheus node_exporter generates errors with the default config

The FreeBSD repos contain a newer version of node_exporter: node_exporter-1.6.1_2
I downloaded this pkg copied it to... Craig Coonrad

09:02 PM Feature #12711: Add InfluxDB V2 support

*pfSense* : 23.09.1-RELEASE
*Telegraf* : 0.9_6
Telegraf can be configured to provide influxdb v2 metrics. Under ... Craig Coonrad

03/08/2024

06:50 PM Bug #15182 (Confirmed): Changing backend port - status remains down

I can confirm this behaviour. ... Danilo Zrenjanin

12:54 AM Bug #15319: TailScale widget shows wrong status (green instead of red)

Open a feature request for a Tailscale widget.
This issue as reported is not a bug, this is just how pfSense servic... Christian McDonald

12:49 AM Bug #15319: TailScale widget shows wrong status (green instead of red)

Not a bug?!
It’s useless if it actually does not reflect the real TS status 😕 Yuri Weinstein

12:45 AM Bug #15319 (Not a Bug): TailScale widget shows wrong status (green instead of red)

The service status checks if the tailscaled process is running, not if it's actually logged in and connected. This is... Christian McDonald

03/07/2024

08:38 PM Bug #15319 (Not a Bug): TailScale widget shows wrong status (green instead of red)

Please see this thread for details: https://forum.netgate.com/topic/177265/tailscale-is-not-online-problem?_=17098346... Yuri Weinstein

03/05/2024

09:01 PM Bug #15312 (Resolved): Unable to load rules page with no categories selected

PR merged, thanks! Jim Pingle

05:09 PM Bug #15312: Unable to load rules page with no categories selected

A pull request against the RELENG_2_7_2 branch of pfSense CE to correct this bug has been posted here: https://githu... Bill Meeks

03:09 PM Bug #15312 (Resolved): Unable to load rules page with no categories selected

details here: https://forum.netgate.com/topic/186537/unable-to-load-rules-page-if-no-category-is-selected/4?_=170965... Mike Moore

07:53 PM Bug #15313 (Resolved): Zabbix server 6.4.12 requires Zabbix proxies to be version 6.4.12

There seems to be a bug/change with Zabbix server and Zabbix proxy where both need to be running 6.4.12.
If the vers... Andrew Almond