Activity

30 days up to

User

Subprojects

Activity

From 02/28/2018 to 03/29/2018

03/29/2018

09:28 PM pfSense Packages Feature #8362: Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: This feature was added in the Suricata GUI package v4.0.4_1 pull request posted on GitHub here: https://github.com/pf... Bill Meeks
08:06 PM Bug #8396 (Not a Bug): Upgrade 2.4.2_1p to 2.4.3 Fails: The gui fails with no real messages, the CLI just freezes, it appears to be failing at:
arj: 3.10.22_5 -> 3.10.22_7... Larry Westfall
07:02 PM Bug #8395: #6677 broke IP Aliases on loopback interfaces: Duplicate of #8393. Anonymous
06:28 PM Bug #8395 (Duplicate): #6677 broke IP Aliases on loopback interfaces: The fix for #6677 broke IP Aliases on loopback interfaces (type "Localhost") in that they no longer come up on reboot... Anonymous
04:55 PM Revision 11522a08: copyright, show only when changed md5 changed: Pi Ba
04:47 PM Bug #8393 (Assigned): IPAlias VIPs on localhost are not applied at boot.: Anonymous
04:39 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: Works fine for me too, no need to go back into the VIPs and resave. Andy Kniveton
04:18 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: That works here. Steve Wheeler
04:16 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: We're testing the patch now.
Patch resolves the issue. Anonymous
04:01 PM Bug #8393: IPAlias VIPs on localhost are not applied at boot.: I've noticed that to, can you try the patch?: https://github.com/pfsense/pfsense/pull/3920 Pi Ba
03:56 PM Bug #8393 (Resolved): IPAlias VIPs on localhost are not applied at boot.: An VIP configured like:... Steve Wheeler
04:31 PM Bug #8247: When in bridge / transparent mode, pfSense blocks UDP/4500 & ESP traffic regardless of origin: Fast Forward to a new pfSense 2.4.3 installation in *routed* mode and the same behavior occurs:
* Only one rule in... Travis McMurry
04:22 PM Todo #8394 (Resolved): status.php - Some package password fields are not redacted: Raised an issue with support to do with 2.4.3 and an issue at boot time https://redmine.pfsense.org/issues/8393
Wa... Andy Kniveton
02:26 PM Bug #8335: System hang with LACP downlink to UniFi switch: I can confirm that this is still an issue on pfSense 2.4.3-RELEASE and UnFi firmware -3.9.21.8191- 3.9.27.8537. Mike Pastore
01:37 PM Bug #8392 (Duplicate): Carp on switch ports: We have previously seen this on VMs when run as HA.
When the on-board switch is segregated using VLANs to provide ... Chris Macmahon
11:40 AM Revision 47d45f69: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:39 AM Revision 6d14fe07: Revert "Add 2.4.3-RC repo conf": This reverts commit 663c7586393c9d4bcd17c3312a24088ee3a3eac9. Renato Botelho
11:39 AM Revision 9ca84c27: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:38 AM Revision cbc1286c: Revert "Add 2.4.3-RC repo conf": This reverts commit 72fcd11a4c5f743990eb2f62789fb292e52bbde5. Renato Botelho
11:38 AM Revision 3c5606c6: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:36 AM Revision 409270dc: Revert "Add 2.4.3-RC repo conf": This reverts commit 5c1132bf0d796295b9b56fd93631c606f8ccd660. Renato Botelho
11:35 AM Revision 76645f89: Prepare repos to point to 2.4.3-RELEASE: Renato Botelho
11:34 AM Revision 78b079ae: Revert "Add 2.4.3-RC repo conf": This reverts commit 29c5272404bdb35a3ac64e6bfcefae02c56e9466. Renato Botelho
07:35 AM Feature #8123 (Resolved): Add GoDaddy as a Dynamic DNS provider: PR was merged months ago, submitter has tested and confirmed it works. Jim Pingle

03/25/2018

08:40 PM Revision ef7e8885: Move copyright notice to /conf: Steve Beaver
11:39 AM Bug #8138: Option <spoofmac> is ignored on interfaces without hwaddr: Confirmed. MAC spoofing is broken on bridge interfaces and still broken in 2.4.4a. Testing on CE amd64.
Initially:... Steve Wheeler

03/24/2018

06:33 PM Revision 1ea2a37e: Fix copyright typo: Steve Beaver
12:49 PM Revision 6fb38a04: Further copyright updates: Steve Beaver
12:44 PM Revision c0debf5b: Revisions to copyright text: Steve Beaver
10:51 AM Bug #8389 (Not a Bug): OpenVPN servise status does not update: On the pfSense Dashboard => Service status, see OpenVPN service status.
Regardless if OpenVPN is on or off, status... Yuri Weinstein
08:22 AM Feature #8388 (Resolved): Add DNS over TLS for upstream forwarders to the DNS Resolver: GUI options to set DNS over TLS.
Currently you can do this by adding a stanza to the custom options on unbound.
... Joe Gassner

03/23/2018

03:33 PM Revision 7b73c8ff: Rename RCC-DFF to SG-2220: Renato Botelho
03:33 PM Revision 6ae6d723: Change reported version to installed version rather than product version for more detail: Steve Beaver
03:32 PM Revision 0a031fc7: Rename RCC-DFF to SG-2220: Renato Botelho
10:40 AM Bug #8387 (Closed): Cannot use large CRLs: Attempting to import CRL data for certificate authorities via the "System > Cert. Manager > Certificate Revocation" w... Anonymous
08:19 AM Bug #7958: Upgrade 2.4.0: IP alias with FQDN doesn't work any more: Edgardo Rodriguez wrote:
> Hi,
> I am also having the same issue, and it's quite annoying...
> In my case, filterd... Edgardo Rodriguez
07:21 AM pfSense Packages Feature #5052: Avahi Proxy Package: Add option to disable/control cache size.: could you please add an option to set cache-entries-max=0 (or other arbitrary avahi config options?) - see below, it ... Roland Kletzing

03/22/2018

05:36 PM Bug #7919: Logging not working: #define ENODEV 19 /* Operation not supported by device */
if (memcmp(&(f-... Jim Thompson
04:53 PM Bug #8386 (Not a Bug): Virtual IPs not considered as part of interface net: Every network interface with ips configured has a variable "INTERFACE net" which can be used in firewall rules to sel... Stefan Kooman
02:56 PM Revision 8062e6a4: Change reported version to installed version rather than product version for more detail: Steve Beaver
02:09 PM Bug #8179: Incorrect reverse DNS zone in DHCP server config for non-octet-aligned subnet mask: Alfred Barnat wrote:
>
> This should have been:
> zone 208-209.24.172.in-addr.arpa {
> primary 127.0.0.1;
>}... Yousif Hassan
01:09 PM Feature #8385 (New): Utilize IP addresses from successfully authenticated OpenVPN endpoints to Update Firewall Rules: OpenVPN is extremely useful for providing authentication and encryption for remote branch locations and individual ro... Kristopher Kolpin
12:12 PM Bug #8355: Upgrades and packages unavailable after upgrade from 2.3.3_1 to 2.3.4_1: 2018-03-22@17:11:25 (Thu) Have encountered exactly the same problem :-( Tim Jones
11:55 AM Revision ae78f278: Simplify copyright notice display: Steve Beaver
05:57 AM Feature #8384 (Rejected): Pushbullet notifications would be nice: Jared Shearer

03/21/2018

07:35 PM Revision a1ec79f3: Simplify copyright notice display: Steve Beaver
03:05 PM Bug #8383 (Duplicate): OpenBGPD not working with MD5 passwords: I am using OpenBGPD on 2.3.5 and am peering using an MD5 password to a Cisco device, when I upgraded to 2.4.2, the MD... Matthew Fields
02:48 PM Bug #7969: md5 bgp sessions fail in 2.4.0: I am using OpenBGPD on 2.3.5 and am peering using an MD5 password to a Cisco device, when I upgraded to 2.4.2, the MD... Matthew Fields
02:28 PM Revision 00a1311e: Update obsoleted files: Steve Beaver
02:28 PM Revision 3a910ee1: Make copyright notice downloadable from server: Trigger cpyright notice on completion of setup wizard Steve Beaver
02:25 PM Revision e84812a1: Update obsoleted files: Steve Beaver
02:11 PM Revision c8c15bf5: Make copyright notice downloadable from server: Trigger cpyright notice on completion of setup wizard Steve Beaver

03/20/2018

10:26 PM Revision cd93132e: Bump up the XML config version.: (cherry picked from commit 45b421561d969e73b7df4ab23a3256acce5929eb) Luiz Souza
10:24 PM Revision 45b42156: Bump up the XML config version.: Luiz Souza

03/19/2018

10:00 PM Bug #8381: Cert manager requires fields that aren't necessary: Clarifying that last line:
RFC 3280 defines how the subject of a certificate or CA must be specified. Ideally, the... Justin Coffman
09:46 PM Bug #8381 (Resolved): Cert manager requires fields that aren't necessary: Attempting to generate a CA or certificate via the cert management tool in the web GUI yields the following error:
... Justin Coffman
05:09 PM Revision 27e5ab7d: Fix pkg repo configs: Renato Botelho
01:28 PM Bug #8380 (New): OpenVPN RADIUS password length is not constant: Hi there,
I've been running a production OpenVPN server on pfSense for the past year and I have recently switched ... James Webb
03:08 AM Bug #8379: rules with DSCP never match: Post removed, apologies, will post in forum.
Edit: Now I understand my mistake, I agree, this is #notabug Anonymous
02:51 AM Bug #8379: rules with DSCP never match: This is not a discussion forum. Please start a topic at https://forum.pfsense.org/
I expect this will be closed as... Chris Linstruth
02:27 AM Bug #8379: rules with DSCP never match: Thanks for the followup Chris.
I will do some more testing - I am using VirtIO/vtnet interfaces, is it possible that... Anonymous
12:44 AM Bug #8379: rules with DSCP never match: Could not duplicate on 2.4.2_1:
Set laptop switchport to set dscp 14
Set floating rule to match AF13 and log
... Chris Linstruth
02:53 AM Todo #765: Patch: Add custom DHCP configuration: It seems this is still not integrated in pfSense 2.4. Stéphane Lapie
12:09 AM Revision 07a84ece: missed a few: robjarsen

03/18/2018

11:02 PM Bug #8379: rules with DSCP never match: erno rubbik wrote:
> Hello
>
> I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/iss... Anonymous
05:03 PM Bug #8379: rules with DSCP never match: Hello
I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/issues/3726 but it's not
... erno rubbik
05:00 PM Bug #8379 (Not a Bug): rules with DSCP never match: Hello
I am aware this looks like a duplicate of bug 3726 https://redmine.pfsense.org/issues/3726 but it's not
I... erno rubbik
08:14 PM Revision c5e1ce90: Change CloudFlare to Cloudflare: This commit also includes misc. whitespace removal on the affected files. robjarsen
03:27 PM Bug #8056: Bridge + CARP crashes/freezes pfSense: I have tested this. I could easily trigger it in 2.4.2_1 but could not in current snaps. It looks to be solved.
An... Steve Wheeler
03:03 PM Feature #8378 (Duplicate): allow webconfigurator to be configured to listen on only specified interface[s]: currently, the webconfigurator listens on all network interfaces. please implement a mechanism to allow this to be c... lists b
02:26 PM Bug #8377 (Duplicate): Traffic graph widget mouse over always shows b/s even when the value is in B/s: As the description, the mouse over display is always shown as b/s regardless on the bits/Bytes setting.
Seen in: p... Steve Wheeler

03/17/2018

09:06 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Ermal says there is code in Darwin that addresses this. Jim Thompson
07:44 PM Feature #8376 (Rejected): please allow dashes in alias names: currently, characters in alias names are restricted to "a-z, A-Z, 0-9 and _". this is annoying because it's common t... lists b
07:22 PM Revision a7e859b8: fixed code style: Benjamin Schweizer
03:46 PM Bug #8375 (Duplicate): email session encryption fails in a private ca environment: when configuring email notifications, and enabling encryption, message notifications fail if the certificate provided... lists b
03:37 PM Todo #8374 (Rejected): email notification settings should not require password confirmation: the email notification settings page [system -> advanced -> notifications -> e-mail], system_advanced_notifications.p... lists b
03:28 PM Feature #8373 (Duplicate): please provide a mechanism to add certificates to the system's root certificate store: the system root certificate store [/usr/local/share/certs/ca-root-nss.crt] includes a default set of certificates, bu... lists b
03:21 PM Feature #8372 (New): add gui setting to adjust refresh rate for dynamic firewall logs: status -> system logs -> firewall -> dynamic view [status_logs_filter_dynamic.php] appears to refresh approximately e... lists b
02:47 PM Revision d038a5dd: Don't read picture file if it does not exist: Steve Beaver

03/16/2018

07:22 PM Revision 12b8f3c9: Don't read picture file if it does not exist: Steve Beaver
04:30 PM Revision 7c0e431a: avoid firwall rules for proxyarp addresses: Benjamin Schweizer
02:07 PM Revision 29c52724: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 727e8b11: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 72fcd11a: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 663c7586: Add 2.4.3-RC repo conf: Renato Botelho
02:07 PM Revision 5c1132bf: Add 2.4.3-RC repo conf: Renato Botelho
02:00 PM Revision 5366c4bc: Initial steps for 2.4.3-RC: Renato Botelho
01:44 PM Revision b6c92510: Bump version to 2.4.4-DEVELOPMENT: Renato Botelho
01:36 PM Feature #8371 (Assigned): Reduce config.xml size by removing picture widget images to file system: Upgraded with a picture in the widget and it was broken after the upgrade. No sign of the image in /conf/
Missing ... Jim Pingle
12:54 PM Feature #8371: Reduce config.xml size by removing picture widget images to file system: new VM, setup picture, downloaded a backup. reset to factory defaults, restored backup, no Image in the widget: Scree... Chris Macmahon
10:51 AM Feature #8371 (Resolved): Reduce config.xml size by removing picture widget images to file system: Images now saved in /conf
Upgrade_config function writes any images out to file system and truncates the config.xml ... Anonymous
01:23 PM Revision 1f0bbb13: Revise picture widget to store image on file system, not in XML config: Steve Beaver
01:20 PM Revision 9099582c: Merge branch 'master' of gitlab.netgate.com:pfsense/pfsense: Steve Beaver
01:08 PM Revision ee28e293: Revise picture widget to store inamge on file system, not in XML config: Steve Beaver
01:05 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: I will but I was hoping that pfSense people would also push FreeBSD on it, since I'm sure they have a much stronger a... Benoit Lelievre
12:46 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Since this is a missing feature in FreeBSD networking, you should lobby there for it to be addressed, not here:
ht... Jim Pingle
12:34 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Now that the Spectre and Meltdown patches are coming out on various OSes this becomes even more critical to fix becau... Benoit Lelievre
10:27 AM Bug #8290 (Resolved): filter.inc, make filter_expand_alias_array() return consistent results between first and second call.: The part of this that was broken in pfSense is OK now, but it looks like haproxy will need to implement its own funct... Jim Pingle
10:26 AM Bug #8333 (Resolved): Dynamic DNS updates may fail when using a gateway group as the interface when the default route is down: Tested and working. Jim Pingle

03/15/2018

06:35 PM Revision feeb0581: Make our rc ready for recently introduced exit code in fsck: Inspired by: https://svnweb.freebsd.org/base?view=revision&revision=331015 Renato Botelho
04:38 PM Revision 1b20a4a6: Apply microcode update on boot: Renato Botelho
11:56 AM Feature #8370 (Closed): Add port number to predefined port drop-down list in NAT Rules: Hi
I'm missing the port numbers for the predefined ports when creating a NAT rule.
When creating a firewall rul... Mischa De Pol
11:55 AM Bug #8364 (Closed): Multiple IPsec child SA entries: This appears to have been triggered by a DNS issue, so if there is any problem it is likely the same as #7413. Jim Pingle
06:58 AM Bug #8208 (Resolved): Restoring a config in 2.4.2 with 2.3.X Security/Errata Only repo selected breaks PHP: Renato Botelho
12:43 AM Revision 0afa4c70: Really fix the typo now.: Luiz Souza
12:38 AM Revision a90f678d: Fix a typo.: Luiz Souza

03/14/2018

11:19 PM Revision 023a911b: Bump up the default config.xml version.: Luiz Souza
11:18 PM Revision f6bf385e: Add a placeholder for a factory update.: Luiz Souza
10:13 PM Bug #8208: Restoring a config in 2.4.2 with 2.3.X Security/Errata Only repo selected breaks PHP: 2.3.4 Config with 2.3.X Errata Repo restored to 2.4 systems will break.
2.3.4 Config with 2.4.X Repo restored to 2.4... Paighton Bisconer
10:08 PM Revision 792b62ec: Add cpuctl module to allow updates to the CPU microcode.: Luiz Souza
10:06 PM Revision 392608c8: Sort the module list.: Luiz Souza
01:50 PM Revision f9b1c128: Fix case where $_POST['if'] == 0 in sprint_info_box(): Steve Beaver
12:51 PM Bug #8056 (Feedback): Bridge + CARP crashes/freezes pfSense: This issue seems to be fixed (again) in my local tests.
Please check with tomorrow's snapshot. Luiz Souza
12:50 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: Until it's proven to be a bug on pfSense (after discussion on the forum, subreddit, etc) then it doesn't belong here.... Jim Pingle
12:38 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: I would agree about this being a client side issue if logins were to fail for every web site I visit. However, this i... Michael von Glasow
12:08 PM Feature #6457: Allow ability to configure AWS EC2 AMI via userdata: A means of running a shell script in some manner as root at first launch would be helpful, a la `fetch -o - $USER_SCR... John Burwell

03/13/2018

11:41 PM Bug #8369 (Rejected): Setting password complexity: This kind of thing should be discussed on the actual forum at https://forum.pfsense.org, on the pfSense subreddit, or... Jim Pingle
11:30 PM Bug #8369 (Rejected): Setting password complexity: Hi All,
This is my first post on this forum, not very sure this is the right page I have to mention this topic.
... Remya Sivan
08:09 PM Bug #8368 (Rejected): Cannot log into webConfigurator from Firefox/Linux after fresh install: There is no such problem with pfSense itself. That is a client side issue. Jim Pingle
07:21 PM Bug #8368: Cannot log into webConfigurator from Firefox/Linux after fresh install: Since this is a live system (on which I rely for Internet access), I cannot easily reproduce the issue with the same ... Michael von Glasow
07:16 PM Bug #8368 (Rejected): Cannot log into webConfigurator from Firefox/Linux after fresh install: To reproduce:
* Install pfSense 2.4.2 from scratch.
* Assign interfaces, configure an IP address and DHCP server ... Michael von Glasow
05:54 PM Bug #8367 (Resolved): Traffic Graph widget shows Inverse view, even when Inverse is set to Off.: Tested in 2.4.3.a.20180313.0000.
When setting the Traffic Graph widget for Inverse=Off, the graph still displays i... George Phillips
01:49 PM pfSense Packages Feature #8203 (Resolved): pfSense-pkg-suricata: extended eve output selectable headers: Jim Pingle
01:46 PM pfSense Packages Feature #8203: pfSense-pkg-suricata: extended eve output selectable headers: This feature has been implemented using code submitted by a package contributer. This issue can be closed.
Bill Bill Meeks
01:35 PM pfSense Packages Bug #7932 (Resolved): 2.4.0 & Snort 3.2.9.5_1 Pass Lists: Jim Pingle
01:31 PM pfSense Packages Bug #7932: 2.4.0 & Snort 3.2.9.5_1 Pass Lists: This issue has been resoved in the 3.2.9.6 Snort package versions. The bogus text was coming from an attempt to use ... Bill Meeks
01:24 PM pfSense Packages Feature #8362: Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: I will look at adding this feature to both packages. It would likely be just a text box where the admin could enter ... Bill Meeks
01:21 PM pfSense Packages Feature #8311 (Rejected): Suricata persistent blocks: Agreed, Bill. It's not worth the trouble to make them persist. Jim Pingle
01:20 PM pfSense Packages Feature #8311: Suricata persistent blocks: This is not going to happen as there is no need for all the necessary overhead persisting blocks would require. If S... Bill Meeks
07:50 AM Bug #8364: Multiple IPsec child SA entries: James Dekker wrote:... Jim Pingle
05:54 AM Bug #8333: Dynamic DNS updates may fail when using a gateway group as the interface when the default route is down: Well. I setup new one 2440 with latest 2.4.3 And 2 GW with Active/Passive GW group. Looks like DDNS should work becau... Constantine Kormashev
05:46 AM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: For reference, the upstream bug opened by Eric: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226411 Daniel Berteaud
01:08 AM Feature #336: Option to create lagg under assign interfaces: +1
Just bumped into the need to do a fresh install of a LAGG+VLAN setup and could not do it via CLI. Stéphane Lapie

03/12/2018

11:44 PM pfSense Packages Bug #8366: Avahi: "Publish DNS Servers" option does nothing: https://github.com/pfsense/FreeBSD-ports/pull/504 Michael Vincent
11:39 PM pfSense Packages Bug #8366 (Resolved): Avahi: "Publish DNS Servers" option does nothing: The "Publish DNS Servers" option is not being used when generating the avahi config which causes the DNS servers to a... Michael Vincent
10:24 PM Revision a55718c8: Fix #8208: When restoring backup, delete packages not present in new config.xml Renato Botelho
10:24 PM Revision 8552be10: Ticket #8208: When restoring backup, set default pkg repository Renato Botelho
10:23 PM Revision 747b31dc: Ticket #8208: When restoring backup, do not call pfSense-upgrade on boot Renato Botelho
10:22 PM Revision 1bedcacc: Do not call get_pkg_info() when it's not going to be used: Renato Botelho
10:22 PM Revision fa5e9db2: Respect default repo: Renato Botelho
10:22 PM Revision b870f03d: Deduplicate build_repo_list() and get_repo_name(): Renato Botelho
07:31 PM Revision e00529a8: Fix miniupnpd build option name for pf.: Jim Pingle
07:30 PM Revision 424a4d37: Fix miniupnpd build option name for pf.: Jim Pingle
05:30 PM Bug #8208 (Feedback): Restoring a config in 2.4.2 with 2.3.X Security/Errata Only repo selected breaks PHP: Applied in changeset commit:a55718c848d8534ba0e0dc87dd50a027aad64512. Renato Botelho
01:49 PM Todo #6647: Enable Additional Security Headers: We have our own internal controls to handle refererring URLS, so that header isn't desirable.
Reading about X-XSS-... Jim Pingle
08:19 AM Bug #6319 (Resolved): DHCP6 DDNS tsig key missing from dhcpv6.conf for reverse zone: Jim Pingle
08:18 AM Feature #6621 (Resolved): Permit DHCP Server Dynamic DNS server key algorithm type selection and use: Jim Pingle
08:18 AM Bug #8106 (Resolved): dhcp6c lock files not removed after unclean shutdown when using "Do not wait for an RA" on IPv6 WAN interface: Jim Pingle
08:08 AM Bug #4310 (Resolved): Limiters + HA results in hangs on secondary: Confirmed working by multiple tests and users. Jim Pingle
08:06 AM Bug #8360 (Resolved): pf rules occasionally contain "!/" where the WAN network/netmask should be: Jim Pingle
06:37 AM Bug #7600: Unable to save DNS Resolver settings: I have also just faced this problem on my 2.3.5-RELEASE-p1 (i386) nanobsd (2g). Interesting is, that adding Host Over... Yaroslav Sokolov

03/11/2018

08:49 AM Feature #8365 (Resolved): Button to copy rules from one interface to another: Hello,
I just wanted to request a feature that i think is very helpful and almost necessary to have. I recently ad... John Amirkhanian

03/10/2018

04:57 PM Bug #8364: Multiple IPsec child SA entries: ... Anonymous
03:30 PM Bug #8364 (Closed): Multiple IPsec child SA entries: Current Base System 2.4.3.a.20180309.1836
Connecting IPSec creates multiple ChildSA's:
Shell Output - ipsec sta... Chris Macmahon
01:02 PM pfSense Packages Bug #8340: Status_Traffic_Totals Error: An update note:
If I go into the package settings and disable graphing, then re-enable it, the problem appears sol... Matthew Drury
04:45 AM Bug #8363 (Closed): OpenVPN Client Has Needs to be restarted after pfsense restart to be connectable: Hi,
This is a weird bug I encountered in last couple of the dev 2.4.3 builds.
The openvpn client interface at b... rub man
12:19 AM Bug #8360: pf rules occasionally contain "!/" where the WAN network/netmask should be: Unable to duplicate after testing most of the day, multiple versions, multiple rule changes and configurations, multi... Paighton Bisconer

03/09/2018

07:30 PM Revision c7500634: Fix one more IGMP ref. Fixes #8356: Jim Pingle
07:15 PM Revision ca5270b6: Correct variable reference for IGMP proxy enable in upgrade code. Fixes #8356: Jim Pingle
01:55 PM Feature #8356 (Resolved): igmp, Add option to disable the igmp service: Jim Pingle
01:54 PM Feature #8356: igmp, Add option to disable the igmp service: Works as expected. With the checkbox unchecked, igmp proxy is disabled and not running. With the checkbox checked, ig... Anonymous
01:30 PM Feature #8356 (Feedback): igmp, Add option to disable the igmp service: Applied in changeset commit:ca5270b6540f374ea63fff912807a07ce2ef99eb. Jim Pingle
01:11 PM Feature #8356 (New): igmp, Add option to disable the igmp service: Jim Pingle
01:06 PM Feature #8356: igmp, Add option to disable the igmp service: With igmp proxy configured on 2.4.2(or p1), upgrade to 2.4.3 (running 2.4.3.a.20180308.1837 here). The config keeps i... Anonymous
11:54 AM Bug #8048: DHCPv6 Configured for LAN without LAN interface: Hit this on 2.4.3.a.20180308.1837. Workaround works. Anonymous
08:51 AM Todo #7762 (Resolved): Add uid check to pfSense-upgrade and exit unless it is run as uid=0: Works Jim Pingle
04:53 AM Todo #7762 (Feedback): Add uid check to pfSense-upgrade and exit unless it is run as uid=0: It was already fixed in commit ee4701adf85a6b5cb2f8d37f5fdeb7a5668eb674 almost a month ago. I forgot to update the ti... Renato Botelho
07:52 AM pfSense Packages Feature #8362 (Closed): Snort and Suricata Package - Allow for changing URLs, Ports, and Protocols to allow for local Repo of Signature Updates: We should have the ability to change the URLs, ports, and protocols used (perhaps even include option for SCP/SFTP) s... Dennis Chow
07:33 AM Feature #8191 (Resolved): IPv6 - Support for configuring multiple DUID types: Jim Pingle
07:31 AM pfSense Packages Bug #8141 (Resolved): ACB uploads a version several times each second/minute when CaptivePortal is active.: Jim Pingle
02:54 AM pfSense Packages Bug #8141: ACB uploads a version several times each second/minute when CaptivePortal is active.: Tested on Current Base System 2.4.3.a.20180308.0950
Confirmed no issues with users in captive portal creating ACB ... Paighton Bisconer
12:50 AM Revision 46ffb68f: Migrate firewall rules to create_interface_list(): Marius Halden
12:31 AM Revision 82f3fd5f: Add support for interface groups in nat rules.: Marius Halden

03/08/2018

06:44 PM Feature #3882: Add OUI database to the base system, remove dependency on nmap: Why not reuse this: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf;hb=HEAD the license... Jon Gerdes
05:49 PM Feature #8191: IPv6 - Support for configuring multiple DUID types: The different DUID types also appear to be formatted and stored in config.xml correctly for each respective option.
... Anonymous
05:04 PM Revision 1dfb84de: Merge pull request #3911 from PiBa-NL/20180304-igmp-disable: Steve Beaver
02:52 PM Bug #7772 (Assigned): Regression of Bug #906: Jim Pingle
02:52 PM Bug #7972 (Resolved): Captive portals do not synchronize voucher data in both directions: Jim Pingle
02:51 PM Bug #8266 (Resolved): Bogus error message occurs on killing OPenVPN connection: Jim Pingle
02:42 PM Todo #6998: Create a port for simplepie to keep it updated and use modular version: This will be a larger factor when it is time for PHP 7 Jim Pingle
02:41 PM Revision 2e08a646: Add sanity check to rule passing out from host to ensure it does not have a blank destination subnet. Fixes #8360: Jim Pingle
02:32 PM Feature #8356 (Feedback): igmp, Add option to disable the igmp service: PR has been merged Jim Pingle
02:26 PM Bug #8302 (Resolved): traffic_graphs.widget.php potential XSS via settings: Jim Pingle
01:45 PM Bug #8302: traffic_graphs.widget.php potential XSS via settings: On 2.4.2 CE, added traffic graph widget to dash, set refresh interval to 1s, saved, backed up config and edited the c... Anonymous
01:13 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: G Black wrote:
> At the moment booting appears to stop with this error, hit Ctrl+C to break out of the process
> ... Adam Piasecki
11:51 AM Bug #8300 (Resolved): diag_system_activity.php: Potential XSS due to encoding of process output: Jim Pingle
11:40 AM Bug #8300: diag_system_activity.php: Potential XSS due to encoding of process output: Running
grep -r '<script>alert(1)</script>' /
from shell on 2.4.2 generated an alert on Diag > System Activity... Anonymous
09:50 AM Bug #8360 (Feedback): pf rules occasionally contain "!/" where the WAN network/netmask should be: Applied in changeset commit:2e08a64666620c8e0dd28eb7c14393bee7b2bfa8. Jim Pingle
08:43 AM Feature #7769: DynDNS: Azure integration, update record in Azure (Dynamic DNS Client): I have a working prototype for Azure DNS in my fork:
The updated files are /etc/inc/dyndns.class, /etc/inc/services.... Martin Grasruck
06:15 AM Bug #7502 (Resolved): Cannot set router lifetime to 0 in radvd: Jim Pingle
05:06 AM Bug #7502: Cannot set router lifetime to 0 in radvd: Tested router lifetime configuration under services_router_advertisements.php
2.4.2_p1 return an error message
2... Denis Karpushin
06:14 AM Bug #8129 (Resolved): NTP Status -> Server time value incorrect for timezone Asia/Kolkata: Jim Pingle
02:19 AM Bug #8129: NTP Status -> Server time value incorrect for timezone Asia/Kolkata: Tested under 2.4.3
Dashboard: Current date/time Thu Mar 8 13:48:09 IST 2018
NTP Status Widget: Server Time 13:48... Denis Karpushin
06:14 AM Bug #8219 (Resolved): No gateway groups on french language: Jim Pingle

03/07/2018

10:37 PM Bug #8219: No gateway groups on french language: Confirmed not working in 2.4.2-p1, confirmed working on Système de base actuel 2.4.3.a.20180224.1931
Can be closed Paighton Bisconer
01:35 PM pfSense Packages Bug #8352 (Resolved): Write certificates to file system after renew not working for ACME v2: Thanks for testing! Jim Pingle
01:34 PM pfSense Packages Bug #8352: Write certificates to file system after renew not working for ACME v2: Jim Pingle wrote:
> Fixed in ACME package version 0.2.3
I updated my package and confirmed this is resolved.
The... tasty ratz
07:57 AM pfSense Packages Bug #8352 (Feedback): Write certificates to file system after renew not working for ACME v2: Fixed in ACME package version 0.2.3 Jim Pingle
07:38 AM pfSense Packages Bug #8352 (Assigned): Write certificates to file system after renew not working for ACME v2: This was a bug upstream in acme.sh that only affects ACME v2. After processing the certificates, the script unintenti... Jim Pingle
12:07 PM Bug #8360 (Assigned): pf rules occasionally contain "!/" where the WAN network/netmask should be: Attached patch should fix it, waiting for confirmation before committing. Jim Pingle
09:40 AM Feature #8361 (Resolved): Add entered name to captive portal status and logs: When using the captive portal with "Authentication: None", it would be useful to log the name the person enters in th... Fredrik Forsell
07:57 AM pfSense Packages Bug #8354 (Feedback): ACME: period at end of key name breaks dns validation method: Fixed in ACME package version 0.2.3 Jim Pingle
07:23 AM Bug #8335: System hang with LACP downlink to UniFi switch: Mike Pastore wrote:
> Jeff Wischkaemper wrote:
> > I have an HP unmanaged switch on the LAN side of the network
> ... Jeff Wischkaemper

03/06/2018

11:40 PM Bug #8335: System hang with LACP downlink to UniFi switch: Jeff Wischkaemper wrote:
> I have an HP unmanaged switch on the LAN side of the network
Can you try a different s... Mike Pastore
07:06 PM Bug #8360 (Resolved): pf rules occasionally contain "!/" where the WAN network/netmask should be: Very similar to #2883
I have been unable to duplicate this but have seen enough tickets/forum posts to warrant a l... Chris Linstruth
03:27 PM Bug #7774: No TCP Reply State Established on GRE in IPsec Transport: For what it is worth, I have reproduced this on stock 12-CURRENT.
-Eric Eric Dombroski
03:26 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: For what it is worth, I have reproduced this on stock 12-CURRENT.
-Eric Eric Dombroski
11:26 AM Revision c99ac306: Sort poudriere_bulk: Renato Botelho
11:25 AM Revision 517c146f: Enable devel/gdb build: Renato Botelho
09:46 AM Feature #7495: Ability to set TTL for local for Unbound host overrides and dhcp leases: Nothing? This came up in a thread again someone asking how to modify this.
https://forum.pfsense.org/index.php?top... JohnPoz _

03/05/2018

11:01 PM Bug #7972: Captive portals do not synchronize voucher data in both directions: Tested on 2.4.3.a.20180305.1550
Was able to sync expired vouchers in both directions, resolved. Paighton Bisconer
07:13 PM Revision 9c9fa4e2: igmp, Add option to disable the igmp service, bump global.inc version: Pi Ba
01:06 PM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Not as of a couple of months ago. I contacted pfSense tech support (since I was using their hardware) and was basica... Scott Baugher
03:56 AM Feature #4821: PPPoE WANs do not take full advantage of NIC driver queues for receiving traffic: Took me a while to land on this issue. I'm facing similar issues not being able to utilize my full PPPoE WAN speed. U... Yorick Gersie
11:30 AM Bug #8359 (Not a Bug): Packets from phase1 bound to CARP VIP do not have the right source address: It is working fine here sourcing from a CARP VIP, you likely have some other configuration error causing this (like u... Jim Pingle
10:33 AM Bug #8359 (Not a Bug): Packets from phase1 bound to CARP VIP do not have the right source address: Hello,
I have a cluster with one member having a wan IP of 192.168.0.1. I have configured a CARP VIP of 192.168.0.10... Louis Sautier
11:09 AM Revision 768fb19e: fix log link: (cherry picked from commit 9aa103bac303899471ac71205f0bc078f0718939) Pi Ba
11:09 AM Revision 7849c2f8: Merge pull request #3910 from PiBa-NL/20180304-fix-log-link: Renato Botelho
11:08 AM Revision 600bb470: Merge pull request #3909 from luckman212/setup-wiz-patch-1: Renato Botelho
02:48 AM Bug #8357 (Resolved): Static mapping of dhcp leases on bridge interfaces links to the real interface.: Hello everyone,
I've just discovered pfsense and it's such a great tool that i decided to replace my old dd-wrt ro... Frederic brugmans

03/04/2018

03:49 PM Revision 6b3e3bc5: igmp, Add option to disable the igmp service: Pi Ba
03:39 PM Revision 9aa103ba: fix log link: Pi Ba
09:47 AM Feature #8356 (Resolved): igmp, Add option to disable the igmp service: Add option to disable the igmp service
https://github.com/pfsense/pfsense/pull/3911 Pi Ba
01:25 AM Bug #8355 (Not a Bug): Upgrades and packages unavailable after upgrade from 2.3.3_1 to 2.3.4_1: I was running PFSense 2.3.2 and via the Dashboard, opted to upgrade to the release presented: 2.3.3_1. It wound up u... Brian Davidson

03/03/2018

09:24 PM pfSense Packages Bug #8354 (Resolved): ACME: period at end of key name breaks dns validation method: If a key name contains a period at the end, the DNS validation method fails with an error. When I looked at the DNS k... Isaac McDonald
03:27 PM Revision 3ef5904e: small addition to augment jim-p's 58a2ba621c390362170aa2e377e4b41c8fdce1c6: → luckman212
02:07 PM Bug #8335: System hang with LACP downlink to UniFi switch: I'm experiencing similar symptoms (pfSense hanging frequently), though with different hardware. My configuration hang... Jeff Wischkaemper

03/02/2018

08:41 PM Revision 58a2ba62: Fix quoting on rc.bootup conf_path changes: Jim Pingle
07:01 PM Revision 3614c7da: Force the configuration reload after the initial interface assignment.: Also, always save the assign_complete status. Luiz Souza
04:04 PM Revision 7ae13d1f: Fix the loader settings for the console on SG-2320 and SG-2340.: Luiz Souza
03:55 PM Bug #7413 (Resolved): status_dhcpv6_leases.php: Some DHCPv6 leases are not displayed in the GUI: Works fine now Jim Pingle
03:42 PM Revision 20f8233d: Replace some hardcoded paths.: Luiz Souza
02:23 PM Bug #7604: Bug #6594 is not resolved: Waiting for Internet connection to update pkg metadata and finish package reinstallation: I didn't realize this was a huge issue, but I have a workaround for this.
At the moment booting appears to stop w... G Black
10:29 AM Bug #7153 (Resolved): pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML: Works great now, thanks! Jim Pingle
07:00 AM Bug #7153 (Feedback): pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML: It was missing to enable install / deinstall scripts, which are responsible to call PHP code that registers it on the... Renato Botelho
09:46 AM Bug #8353 (Resolved): Some automated rules are missing tracking IDs: Works fine Jim Pingle

03/01/2018

03:43 PM Revision 7c1aa62b: Add missing firewall rule tracker info to automatically generated rules. Fixes #8353: Jim Pingle
03:42 PM Revision 74afe67c: Add tracking to enableallowallwan and change to single rule. Ticket #8353: Jim Pingle
02:41 PM Bug #7153 (Assigned): pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML: The files look like they are all there but I am still not getting a @<package>@ tag in config.xml for Status_Traffic_... Jim Pingle
09:50 AM Bug #8353 (Feedback): Some automated rules are missing tracking IDs: Applied in changeset commit:7c1aa62bc3890faa8a617a6ea734c703a088c602. Jim Pingle
09:20 AM Bug #8353 (Resolved): Some automated rules are missing tracking IDs: Rules created or edited by users (and any rule before config rev 10.7) have a tracking ID added for correlating log e... Jim Pingle
07:29 AM pfSense Packages Bug #8351 (Duplicate): cosmetic: populated field entries in challenge method display in expandable preview even when not selected: Duplicate of #7829 Jim Pingle
07:29 AM pfSense Packages Bug #8352 (Not a Bug): Write certificates to file system after renew not working for ACME v2: I have tried it on several systems running 0.2.1 and they all work fine, must be something in your specific setup. Pl... Jim Pingle

02/28/2018

10:36 PM pfSense Packages Bug #8352 (Resolved): Write certificates to file system after renew not working for ACME v2: Using v2 acme servers, acme 0.2.1 package on 2.4.2-RELEASE-p1
Checking the box:
Write ACME certificates to /conf/a... tasty ratz
10:31 PM pfSense Packages Bug #8351 (Duplicate): cosmetic: populated field entries in challenge method display in expandable preview even when not selected: I discovered this by trying to get namecheap to work and seeing if their API address worked in the RFC 2136 challen... tasty ratz
10:19 PM pfSense Packages Feature #7706: Add option to write certificate to the filesystem after renew: Jim Pingle wrote:
> Works fine
This appears to be a regression in 0.2.1
With the box checked, no files are act... tasty ratz
10:10 PM Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel: Can someone confirm whether or not this bug explains the following situation?
I have a GRE tunnel set up between O... Eric Dombroski
10:01 PM Feature #6240: vxlan driver: +1 Matt Granzow
05:27 PM Bug #6186: race conditions in service startup: > The more immediate issue is after removing the "exit if booting" check from rc.newwanip(v6) in 2.3, which fixed a v... Abuzer Rafey
04:51 PM Bug #7153 (Feedback): pkg-utils.inc - register_all_installed_packages() does not handle packages that are missing XML: Raady for testing, fix committed in https://github.com/pfsense/FreeBSD-ports/commit/100f4c861366158d7abfd92e945a7a993... Jared Dillard
02:19 PM Bug #7905: OpenVPN Authentication Against Backend Stalls All Server Traffic: PR is at https://github.com/pfsense/pfsense/pull/3908 Jim Pingle
10:48 AM Feature #8348 (Resolved): Add firewall rule tracker ID display to rule list and rule edit page: Works as expected Jim Pingle
09:02 AM Todo #8350 (Resolved): Remove clog in favor of standard syslogd or syslogd alternative with rotation via newsyslog or logrotate: Maintaining clog patches and dealing with clog file format/output is cumbersome and not a strict requirement now that... Jim Pingle
08:28 AM pfSense Packages Bug #8305 (Resolved): acme: "Key Size" value is not passed to acme.sh: Great, thanks for testing! Jim Pingle
08:22 AM pfSense Packages Bug #8305: acme: "Key Size" value is not passed to acme.sh: Jim Pingle wrote:
> It's available on 2.4.2 right now, in ACME package version 0.2.1.
>
> You will need to create... Idar Lund
07:35 AM pfSense Packages Bug #8305: acme: "Key Size" value is not passed to acme.sh: It's available on 2.4.2 right now, in ACME package version 0.2.1.
You will need to create a new certificate entry ... Jim Pingle
12:30 AM pfSense Packages Bug #8305: acme: "Key Size" value is not passed to acme.sh: Jim Pingle wrote:
> Fix committed, will show up in 2.4.3 snaps first, next time the other branches get an ACME updat... Idar Lund
07:32 AM Bug #7995: pfSense Certificate Manager Issues Blank Certificates: Highly unlikely that it's the same issue. Post on the forum, pfSense subreddit, or mailing list to discuss and diagno... Jim Pingle
04:29 AM Bug #7995: pfSense Certificate Manager Issues Blank Certificates: Hi, sorry to necro but this bug still seems to exist in 2.4.2p1.
User Certifactes meant for OpenVPN I just issued ... Sebastian Billmann
05:19 AM Feature #7275: Add help text for DNS Made Easy: Phillip Davis wrote:
> Mentioning the Pull Request is good enough. I usually paste the whole link to it, like this:
... Jim Thompson

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/29/2018

03/28/2018

03/27/2018

03/26/2018

03/25/2018

03/24/2018

03/23/2018

03/22/2018

03/21/2018

03/20/2018

03/19/2018

03/18/2018

03/17/2018

03/16/2018

03/15/2018

03/14/2018

03/13/2018

03/12/2018

03/11/2018

03/10/2018

03/09/2018

03/08/2018

03/07/2018

03/06/2018

03/05/2018

03/04/2018

03/03/2018

03/02/2018

03/01/2018

02/28/2018