pfSense » pfSense Packages

07/02/2025

06:15 PM Bug #16288: pfblockerng.inc filterlog process is consuming large amounts of cpu

I'm happy to provide more information, but I'm not really sure what would be useful. Orion Poplawski

06:12 PM Bug #16288 (Incomplete): pfblockerng.inc filterlog process is consuming large amounts of cpu

Marcos M

09:57 AM Feature #16295 (New): [FEATURE] Set ecdh_curve

Hello,

We would like to be able to configure the "ecdh_curve" parameter of Freeradius (for IPSec VPN use), but ... Stéphane CHAMLEY

07:50 AM Bug #16294 (New): Cert Creation/Renewal DNS-Gandi LiveDNS not working with PAT Token

*Version:* 25.03-BETA (amd64) built on Tue Jun 10 18:59:00 CEST 2025
*Script affected:* usr/local/pkg/acme/dnsapi/d... ITS GS

01:28 AM Feature #16089: Add packages for Zabbix 7.2 agent and proxy

Zabbix 7.4 got released today. Maxime Haché

06/30/2025

05:53 PM Feature #16089: Add packages for Zabbix 7.2 agent and proxy

@kphillips What can be done to decrease the time for accepting routine package updates? In the past, there was some... Andrew Almond

03:55 PM Bug #16288: pfblockerng.inc filterlog process is consuming large amounts of cpu

3.2.0_16, which appears to be the latest. Orion Poplawski

06/28/2025

11:17 PM Feature #16089: Add packages for Zabbix 7.2 agent and proxy

Checked 25.07 builds. Package is not present still. Kris Phillips

11:15 PM Bug #16288: pfblockerng.inc filterlog process is consuming large amounts of cpu

What version of pfBlockerNG are you using on 24.11? Kris Phillips

11:07 PM Bug #16206 (Confirmed): Package apcupsd starts even when disabled

Tested on 25.07. This issue is still present. Kris Phillips

09:37 PM Regression #15159 (Resolved): XMLRPC Replication Target required even if not using it

Tested on... Christopher Cope

06/27/2025

07:31 PM Bug #16288: pfblockerng.inc filterlog process is consuming large amounts of cpu

Also seem to see it on pfSense 2.7.2 - pfBlockerNG 3.2.0_8 Orion Poplawski

06:38 PM Bug #16288 (Incomplete): pfblockerng.inc filterlog process is consuming large amounts of cpu

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
79068 root 1 128 0 82M... Orion Poplawski

06/26/2025

07:44 AM Regression #16261: RADIUS connection to upstream LDAP server cannot be setup over TLS

After further investigation, it looks like the LDAP TLS configuration gets generated as follows:... Didier Raboud

06/25/2025

05:13 PM Feature #16279: Support for custom DNS API

It can be just as simple as dyndns, as it's basically the same thing.
ACME when doing a dns challenge uses a stati... Bert Smith

06/24/2025

03:11 PM Feature #16284 (New): Add NetBird package

NetBird is an open-source WireGuard-based overlay network combined with Zero Trust Network Access, providing secure a... Bethuel Mmbaga

08:58 AM Bug #16262: Squid "Undefined symbol "_ZTVNSt3__117bad_function_callE" after upgrade to 2.8

So it's still installable, not mentioned in the release notes of 2.7.1, 2.7.2 and 2.8.0, but just fails to start. Mos... Bernhard Schmidt

06/23/2025

04:26 PM Feature #16279: Support for custom DNS API

With certbot there is an option: --manual-auth-hook /usr/local/bin/certbot-auth-hook.sh
does acme.sh have a similar ... Bert Smith

02:01 PM Feature #16279 (Rejected): Support for custom DNS API

There are way too many variable factors involved for that to be viable. If the upstream ACME project adds something l... Jim Pingle

06/22/2025

04:25 PM Bug #16206: Package apcupsd starts even when disabled

still seeing this with 25.03.b.20250610.1659, although it seems re-installing the package with the enable daemon opti... Jordan G

12:10 PM Regression #15159: XMLRPC Replication Target required even if not using it

It's not yet in the 25.11 tree. The patch can be tested individually or wait for the merge to Plus. Marcos M

01:31 AM Regression #15159: XMLRPC Replication Target required even if not using it

Tested on... Christopher Cope

06/21/2025

11:20 PM Feature #16280 (New): HAProxy HTTP3/QUIC support

The current version of haproxy is 3.0 built against openssl 3.0. This version includes limited QUIC support:
https... Bert Smith

11:11 PM Feature #16279 (Rejected): Support for custom DNS API

As in the subject, support specifying a custom DNS API similar to the dyndns system.
For example:
https://dns.myp... Bert Smith

06/19/2025

10:33 PM Bug #16277 (Pull Request Review): Enabling IPv6 support in DNSBL doesn't allow pfb_dnsbl to start

Following up from https://www.reddit.com/r/pfBlockerNG/comments/1jb5rtc/ipv6_woes_wrong_vip/
I created a PR to fix... Wallace Panter

06/18/2025

08:14 AM Todo #16190: Update mDNS-Bridge to 2.0

Please also include this independent PR which fixes a spelling error:
https://github.com/pfsense/FreeBSD-ports/pul... Denny Page

06/14/2025

12:49 PM Bug #14489: FRR needs delayed startup

I can confirm I had this issue on CE 2.7.2, and I still have the issue on CE 2.8.0.
The patch above worked for CE 2.7... Max Pal

10:48 AM Feature #11837: Increase field length of FRR Networks in Access Lists and Prefix Lists

there is actually a pretty simple solution i have found googling "pfsense frr input size" - it's a snippet of javascr... The Coder Admin

02:41 AM Bug #16262 (Rejected): Squid "Undefined symbol "_ZTVNSt3__117bad_function_callE" after upgrade to 2.8

dylan mendez

02:38 AM Bug #16262: Squid "Undefined symbol "_ZTVNSt3__117bad_function_callE" after upgrade to 2.8

Please note Squid is deprecated from pfSense.
https://www.netgate.com/blog/deprecation-of-squid-add-on-package-for-p... dylan mendez

06/13/2025

10:34 PM Todo #16231 (Resolved): Update packages to use the XMLRPC plugins for HA

Marcos M

10:28 PM Regression #14189 (Closed): pfBlocker-NG: HA-Sync is not working

The original report stating "now the firewall rules are synchronized, but not the tables generated by pfBlockerNG" is... Marcos M

10:16 PM Regression #15159 (Feedback): XMLRPC Replication Target required even if not using it

Fixed with "f5c335f9538f190f27557b854f17958519080938":https://github.com/pfsense/FreeBSD-ports/commit/f5c335f9538f190... Marcos M

10:14 PM Bug #14409 (Feedback): pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count

Fixed with "6e558c8679c7cb9048a8c29101cb3158330d6dde":https://github.com/pfsense/FreeBSD-ports/commit/6e558c8679c7cb9... Marcos M

10:11 PM Bug #16254 (Resolved): sudo package may write bogus users and groups to the configuration

Fixed with 9b28db733a4daa98b616e2035077937b598d6a2a. Marcos M

10:10 PM Bug #16267 (Resolved): Zeek package ``configurationfile`` string is not valid

Fixed with 80103b4483e40f1a9855c97262cfb272358e29d9. Marcos M

09:38 PM Bug #16267 (Resolved): Zeek package ``configurationfile`` string is not valid

The info.xml file for zeek begins with a forward-slash which is not valid since this is used for plugin functions. Marcos M

10:10 PM Bug #16268 (Resolved): Snort package ``configurationfile`` string is not valid

Fixed with c5e1630f9cdf9c071a3eef096dddd18798751b3d. Marcos M

09:38 PM Bug #16268 (Resolved): Snort package ``configurationfile`` string is not valid

The info.xml file for Snort begins with a forward-slash which is not valid since this is used for plugin functions. Marcos M

07:23 PM Bug #16211 (Confirmed): Python errors in Cellular

Sayed Mohammad Badiezadegan

12:09 AM Bug #16262 (Rejected): Squid "Undefined symbol "_ZTVNSt3__117bad_function_callE" after upgrade to 2.8

See https://forum.netgate.com/topic/197620/squid-undefined-symbol-_ztvnst3__117bad_function_calle-after-upgrade-to-2-... ageekhere ageekhere

06/12/2025

02:54 PM Regression #16261 (New): RADIUS connection to upstream LDAP server cannot be setup over TLS

After upgrading from 2.7.x to 2.8.0, radiusd did not start with these errors:... Didier Raboud

06/10/2025

07:43 PM Bug #16254 (Resolved): sudo package may write bogus users and groups to the configuration

The sudo package adds extra users and groups to the running config which can potentially be written to config.xml. Th... Marcos M

06/08/2025

01:05 AM Bug #16206: Package apcupsd starts even when disabled

seeing this also on pfSense+ 25.03.b.20250515.1415/apcupsd 0.3.92_9, after unchecking and saving the daemon service o... Jordan G

12:51 AM Bug #16225 (Confirmed): Telegraf service does not restart after change of settings

Bryan Allen

06/07/2025

08:14 PM Bug #16233 (Confirmed): Authentication for LDAP Available without Authorization

I can confirm this behavior on... Christopher Cope

05:09 PM Bug #16225: Telegraf service does not restart after change of settings

Verified this is happening on 25.07-DEVELOPMENT (amd64)
built on Fri Jun 6 1:00:00 CDT 2025
FreeBSD 15.0-CURRENT
... Bryan Allen

06/06/2025

08:09 PM Bug #13898 (Resolved): Issues saving pfBlocker Sync Targets

Marcos M

08:00 PM Bug #15530 (Rejected): pfBlockerNG Sync Tab helptext

Synchronizing from a secondary node to a primary node results in a loop. This is generally true and not necessarily s... Marcos M

06/05/2025

09:32 PM Bug #16185 (Closed): FreeRADIUS HA sync changes may be overwritten by the system config XMLRPC sync

This will be fixed once https://redmine.pfsense.org/issues/16231 is implemented. Marcos M

07:02 PM Regression #14189: pfBlocker-NG: HA-Sync is not working

Since the backup router (for instance) runs its cron job and re-adds a list that was removed on the primary, without ... Steve Y

06:42 PM Bug #16233 (Confirmed): Authentication for LDAP Available without Authorization

The options for defining an LDAP server requires Authorization to be checked, even if Authentication is not checked, ... Kris Phillips

04:25 PM Todo #16231 (Resolved): Update packages to use the XMLRPC plugins for HA

A few new XMLRPC plugins have been introduced which address the race condition and improve maintainability - "see her... Marcos M

02:34 PM Bug #14409: pfBlockerNG Cron Redundantly Updates pfSense Configuration When DNSBL is Disabled Due to Faulty Virtual IP Count

Noting this is still an issue, and also given the bug in Plus 24.03/24.11 where pfSense doesn't prune the configurati... Steve Y

06/04/2025

07:18 PM Bug #16229 (Confirmed): Snort cannot run on if_pppoe interfaces

Sayed Mohammad Badiezadegan

06:31 PM Bug #16229 (Confirmed): Snort cannot run on if_pppoe interfaces

Snort will fail to start if enabled on a PPPoE interfaces using the new if_pppoe module:... Steve Wheeler

06/03/2025

03:05 PM Bug #16225 (Confirmed): Telegraf service does not restart after change of settings

Documented here: https://forum.netgate.com/topic/197682/telegraf-service-not-starting-after-change-of-setting
Th... Patrik Stahlman