Activity

30 days up to

User

Subprojects

Activity

From 02/23/2022 to 03/24/2022

03/24/2022

10:46 PM pfSense Docs Todo #12983 (Closed): Fix instances of double words: I found some unimportant typos in https://docs.netgate.com/pfsense/en/latest/services/dns/resolution-process.html#d... Tony Chi
10:34 PM Feature #12982 (Rejected): Add support for RFC7499 in RADIUS library.: It seems when there are too many entries (per user) in the Radreply table (using MySQL) of FreeRadius package, pfsens... Frank Lee
07:20 PM Revision 65adb193: Packet Capture: edit delete capure icon: Phil Wardt
02:51 PM Todo #12981 (Resolved): Warn about OpenVPN shared key deprecation: See #12980 for more info. OpenVPN shared key is being deprecated. It isn't being removed yet, but will be in the near... Jim Pingle
02:34 PM Feature #12968: Button to clear previous packet capture data: PR merged
Jim Pingle
01:58 PM Feature #12968: Button to clear previous packet capture data: I just noticed you have a delete icon
I pushed another enhancement with a proper delete icon:
https://github.com/pf... Phil Wardt
02:21 PM pfSense Packages Feature #12963: Run nmap scans in the background: Again, noticed the delete icon resource
https://github.com/pfsense/FreeBSD-ports/pull/1152
Phil Wardt
10:20 AM pfSense Packages Feature #12963: Run nmap scans in the background: The Makefile needed an additional fix or it wouldn't compile: https://github.com/pfsense/FreeBSD-ports/commit/d34af18... Jim Pingle
10:05 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: PR merged, thanks! Jim Pingle
02:11 PM pfSense Docs Todo #12980 (Feedback): Add warnings against OpenVPN Shared Key mode: Warning added and some related refs cleaned up. All committed and deployed:
https://gitlab.netgate.com/docs/pfSens... Jim Pingle
12:47 PM pfSense Docs Todo #12980 (Resolved): Add warnings against OpenVPN Shared Key mode: OpenVPN is deprecating Shared Key mode in OpenVPN 2.6.0 and removing it in a future version (presumably 3.0 or 2.7, w... Jim Pingle
02:05 PM Regression #12977: Rule descriptions in firewall logs show wrong rule label: The rule description for the logs (and perhaps states if that pans out) should always be the last label on the rule. ... Jim Pingle
02:02 PM Regression #12977: Rule descriptions in firewall logs show wrong rule label: I did run into this, and I'm spending some time plumbing things through libpfctl to the pfSense php module. This will... Reid Linnemann
11:16 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sure thing, happy to contribute! Charles Hamilton
10:53 AM pfSense Packages Feature #12882 (Feedback): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: PR merged, thanks!
https://github.com/pfsense/commit/9e7c6e33857e42fa97ae04e57285ee180643440d
https://github.com... Viktor Gurov
10:48 AM pfSense Packages Feature #12795 (Feedback): Add *.pfsense.org and *.netgate.com to the default DNSBL whitelist: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/b7a4f7d12cc68460d75ae7204d0e4f8381d6d162
Viktor Gurov
10:47 AM pfSense Packages Bug #12706 (Feedback): pfBlockerNG and unbound does not work after switching /var to RAM disk: Merged:
https://github.com/pfsense/commit/dc4f288b66af9b0ffc6dded8fe128aaeca0a9ac6 Viktor Gurov
10:16 AM pfSense Packages Bug #12772 (Resolved): Syslog-ng writes config.xml on each start: Tested against:... Danilo Zrenjanin
10:09 AM Todo #12934 (Feedback): Update strongSwan: The update is done in the ports tree. It's in CE snapshots now, will be in the next Plus snapshots shortly.... Jim Pingle
09:49 AM Feature #12702 (Resolved): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Christopher Cope
09:49 AM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Marking resolved. As noted above, everything was good from version... Christopher Cope
09:02 AM pfSense Packages Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: *Updated Info:* a decision was made to simply cherry-pick the DEVEL change into the RELENG_2_6_0 branch because the S... Bill Meeks
07:22 AM pfSense Packages Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: devel PR merged, left a note on the RELENG_2_6_0 PR as there is an issue there that needs resolved first. Jim Pingle
06:46 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Thank you, I've just applied both and have confirmed that it is working as expected now. Adrien Carlyle

03/23/2022

10:10 PM Regression #12827: High latency and packet loss during a filter reload: Have the same issues on our PFSense 2.6.0 cluster (2 members) after upgrading from 2.5.2.
Firewalls have 75 interfac... Kevin Bentlage
07:59 PM Revision b77f85b0: Add upgradeconfig script. Implements #12973: Jim Pingle
07:58 PM Revision f4b777f0: Fix syntax errors. Issue #12940: Jim Pingle
06:26 PM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Yeah this doesn't appear to be CP related. The generated ipfw rules allow access to the CARP VIP on the interface:
<... Steve Wheeler
03:05 PM Bug #12976 (Not a Bug): Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Usually if you select any specific interface it doesn't necessarily include the VIPs, so it's somewhat surprising tha... Jim Pingle
02:49 PM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: It looks like I found the issue. I had to explicitly check the CARP-address on the guest-portal interface for unbound... Alex Boettrich
11:21 AM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Thanks for pointing out #12834 - I missed that.
#12834 is installed now and I rebooted the box - same problem - capt... Alex Boettrich
07:58 AM Bug #12976: Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: Have you applied the workaround from #12834? It's possible this is the same root cause. Jim Pingle
03:53 PM pfSense Packages Bug #12979: Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: A fix for this issue has been posted in Pull Requests https://github.com/pfsense/FreeBSD-ports/pull/1149 for RELEASE ... Bill Meeks
02:23 PM pfSense Packages Bug #12979 (Pull Request Review): Snort Rules Update Process Using Deprecated FreeBSD Subdirectory Name: Beginning around the first of March 2022, the Snort rules update package from the Snort VRT changed the subdirectory ... Bill Meeks
03:02 PM Bug #12940 (Feedback): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Fix was merged + needed a syntax fix. Jim Pingle
08:01 AM Bug #12940 (Pull Request Review): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Jim Pingle
07:03 AM Bug #12940 (New): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Viktor Gurov wrote in #note-6:
> Marcos Mendoza wrote in #note-5:
> > This works if the bug was never hit before. If ... Viktor Gurov
06:20 AM Bug #12940 (Feedback): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Viktor Gurov wrote in #note-2:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/680
Merged:
... Viktor Gurov
04:36 AM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Marcos Mendoza wrote in #note-5:
> This works if the bug was never hit before. If the orphaned directory still exist... Viktor Gurov
03:01 PM Feature #12973 (Feedback): Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: Added script: https://gitlab.netgate.com/pfSense/pfSense/-/commit/b77f85b09f21c84eac8355ca805643eae8547221
Jim Pingle
02:35 PM Revision 97b49080: Always change .ssh directory permission. Issue #12940: Viktor Gurov
12:44 PM Revision 4d99cf21: Merge pull request #4562 from NobleKangaroo/increase-max-firewall-log-entries: Jim Pingle
12:34 PM Revision 5042d9e0: Merge pull request #4564 from PhilZ-cwm6/PhilZ-cwm6-patch-pckcapture: Jim Pingle
11:18 AM pfSense Docs Correction #12978: Correction to iftop section of Monitoring Bandwidth Usage: That whole section needs to be rewritten, iftop is a part of base now, and there is a way to use it in the GUI as well. Jim Pingle
11:01 AM pfSense Docs Correction #12978 (Resolved): Correction to iftop section of Monitoring Bandwidth Usage: https://docs.netgate.com/pfsense/en/latest/monitoring/graphs/bandwidth-usage.html#iftop
The instructions on this p... Max Leighton
09:37 AM Regression #12971: Firewall rule usage counters showing 0/0 after latest pf merge: I see the same issue, but believe the root cause is that we've not re-built the php-pfSense-module after the recent m... Kristof Provost
09:29 AM pfSense Packages Feature #12963: Run nmap scans in the background: Standardize nmap text in description: NMap -> Nmap
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
07:28 AM pfSense Packages Feature #12963 (Pull Request Review): Run nmap scans in the background: Jim Pingle
07:41 AM pfSense Packages Bug #12917 (Resolved): LoopiaAPI changed: Loopia is working again, based on a comment left on the Github commit: https://github.com/pfsense/FreeBSD-ports/commi... Jim Pingle
07:39 AM Regression #12977: Rule descriptions in firewall logs show wrong rule label: This is a known issue at the moment. It's a side effect of #12092 and the fact that the methods we use to get the rul... Jim Pingle
07:35 AM Feature #12968 (Feedback): Button to clear previous packet capture data: PR Merged Jim Pingle
06:22 AM Regression #12949 (Feedback): The ruleset is not regenerated after assigning an interface: Merged:
https://github.com/pfsense/pfsense/commit/d1d1084eb4ebedbcc86cfe13c6d25cf9570646b0 Viktor Gurov

03/22/2022

09:32 PM Regression #12977 (Resolved): Rule descriptions in firewall logs show wrong rule label: This was previously working on March 11th snapshot - now broken on 22.05.a.20220322.0600.
Only the default deny ru... Marcos M
09:24 PM pfSense Packages Bug #12951 (Feedback): FRR cannot remove IPv6 routes: There really isn't enough info to determine what may be happening. The error itself can be normal in some cases.
S... Marcos M
07:07 PM Revision a23b8930: Edit Clear Capture button text: Phil Wardt
07:05 PM Revision e01ea791: Unset the other PCRE options: Brad Davis
06:59 PM Revision 39fb897e: Use unlink_if_exists(): Phil Wardt
06:03 PM Revision 7691f0c7: Delete user home directory on user delete XMLRPC sync. Fixes #12940: Viktor Gurov
04:40 PM Revision 0590dfaa: Deprecate Zabbix 3.x and bring in Zabbix 6.x: Brad Davis
04:09 PM Bug #12976 (Not a Bug): Captive Portal not working with CARP-VIP configured on Captive-Portal-Interface: When Captive Portal is configured with a CARP VIP on the interface the captive portal does not work. DNS traffic to C... Alex Boettrich
03:37 PM Revision d1d1084e: Reload filter rules after reassigning an interface. Fixes #12949: Viktor Gurov
03:27 PM pfSense Packages Feature #12963: Run nmap scans in the background: Updated TAB and Button names from ...log to "View Results"
Patch attached above
https://github.com/pfsense/FreeBSD-p... Phil Wardt
01:29 AM pfSense Packages Feature #12963: Run nmap scans in the background: Github link again
https://github.com/pfsense/FreeBSD-ports/pull/1148 Phil Wardt
02:55 PM Bug #12975 (Resolved): IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute: DNS IP addresses must be supplied to the remote client when a mobile tunnel is created in order to resolve remote (pr... Serge Caron
02:13 PM Feature #12968: Button to clear previous packet capture data: With last changes
https://github.com/pfsense/pfsense/pull/4564 Phil Wardt
08:29 AM Feature #12968 (Pull Request Review): Button to clear previous packet capture data: Jim Pingle
01:27 AM Feature #12968: Button to clear previous packet capture data: Viktor Gurov wrote in #note-1:
> Please create a pull request with your changes:
> https://docs.netgate.com/pfsense... Phil Wardt
12:05 AM Feature #12968: Button to clear previous packet capture data: Please create a pull request with your changes:
https://docs.netgate.com/pfsense/en/latest/development/pull-request.... Viktor Gurov
01:47 PM pfSense Plus Bug #12974 (Closed): Typing anything into 1100/2100 recovery installer causes process to stop: During the installation process the user is prompted to select a filesystem or type enter to install with ZFS.
How... Ryan Coleman
01:36 PM Revision abddfcd2: Toggle Button for NAT Pages. Implements #12879: Viktor Gurov
01:34 PM Revision 065e0508: OpenVPN FQDN in alias netmask fix. Issue #12925: Viktor Gurov
01:25 PM Bug #12942 (New): Code to kill states for old gateway when reconnecting an interface is incorrect: Back burner this for now, can revisit soon. The current gateway behavior appears to be sufficient, this might be nice... Jim Pingle
01:10 PM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: This works if the bug was never hit before. If the orphaned directory still exists, creating or deleting a user with ... Marcos M
08:09 AM Bug #12940 (Pull Request Review): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: Jim Pingle
01:09 PM pfSense Packages Bug #12917 (Feedback): LoopiaAPI changed: The acme.sh project made a new release with the fix, I've updated the ACME package with the new files, should be buil... Jim Pingle
12:33 PM pfSense Docs Correction #12970 (Closed): SG-2220 incorrectly referred to as SG-2200: There were a few bad refs in that doc, though most were in internal labels and not directly visible. All fixed now, w... Jim Pingle
09:29 AM pfSense Docs Correction #12970 (Closed): SG-2220 incorrectly referred to as SG-2200: On https://docs.netgate.com/pfsense/en/latest/solutions/sg-2220/m-2-sata-installation.html
The first note says
<p... Christopher Cope
12:22 PM Feature #12973 (Resolved): Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file: In the spirit of this feature:
pfSsh.php playback cryptconfig decrypt /root/enctest/test.xml /root/enctest/out... Chris Linstruth
12:16 PM Revision 3625ad41: Typo in log widget object name.: Jim Pingle
11:04 AM Bug #12972 (Rejected): After firmware update IPSEC connections to a FortiGate firewall fail.: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
11:03 AM Bug #12972 (Rejected): After firmware update IPSEC connections to a FortiGate firewall fail.: Even the FortiClient VPN client software on our PC's will not connect after update to 22.01.
If we connect our PC to... Henrik Villadsen
10:56 AM Regression #12971 (Resolved): Firewall rule usage counters showing 0/0 after latest pf merge: On the latest Plus (22.05) and CE (2.7.0) snapshots the counters on the firewall rule tabs are showing 0/0 even when ... Jim Pingle
10:04 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Seeing what looks top be related whilst testing: https://redmine.pfsense.org/issues/12949
After the WAN interface ... Steve Wheeler
09:40 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-13:
> Does the original patch get updated or would I need to apply a second or differe... Viktor Gurov
09:16 AM Bug #12925 (Feedback): FQDN in network alias is omitted from OpenVPN networks list: Merged:
https://github.com/pfsense/pfsense/commit/065e050890508ff0c97455a6352cdb914d34ddbd Viktor Gurov
09:13 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Does the original patch get updated or would I need to apply a second or different one to test for you all? Adrien Carlyle
07:46 AM Bug #12925 (Pull Request Review): FQDN in network alias is omitted from OpenVPN networks list: Jim Pingle
09:27 AM Feature #12879 (Feedback): Toggle button to disable/enable multiple entries on NAT pages: Merged:
https://github.com/pfsense/pfsense/commit/abddfcd2d2ff236716002c88c0d045711cb17d7b Viktor Gurov
08:14 AM pfSense Packages Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month: Duplicate of #9537 -- This is due to Daylight Saving Time and is a known issue in graphs made from vnstat data. Jim Pingle
08:04 AM pfSense Packages Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases: Jim Pingle
08:04 AM Regression #12949 (Pull Request Review): The ruleset is not regenerated after assigning an interface: Jim Pingle
07:45 AM Feature #12964 (Closed): Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": This is not possible as the options which allow ALTQ to work on vtnet are compile-time options and not runtime option... Jim Pingle
06:22 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Here are some screenshots for reference.
Note: Disabling Gateway Monitoring and Using Non-local Gateway or using a /... Waqas Khan
06:07 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I am the original author of this post https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting... Waqas Khan

03/21/2022

11:59 PM pfSense Packages Feature #10809 (Resolved): IDS/IPS - Notifications when new rule categories are released: Viktor Gurov
05:26 PM pfSense Packages Feature #10809: IDS/IPS - Notifications when new rule categories are released: Chiming in to note all is good, notifications are sent when new rule categories appear.
Can be closed. e 1/1
10:32 PM Revision ab46a1e2: Merge branch 'master' into mvc_refactor: Trevor Kerr
07:34 PM Revision f9d2c2c3: Packet capture: add clear log button: When there is a log file, show a "Clear Log" button to delete the last log without having to drop to cli Phil Wardt
04:55 PM pfSense Packages Feature #12963: Run nmap scans in the background: Phil Wardt wrote in #note-3:
> Phil Wardt wrote in #note-2:
> > Add a working test patch that can be copied into Sy... Phil Wardt
07:51 AM pfSense Packages Feature #12963: Run nmap scans in the background: Phil Wardt wrote in #note-2:
> Add a working test patch that can be copied into System Patches package:
Added opt... Phil Wardt
03:35 PM pfSense Packages Bug #12969 (Duplicate): Status_Traffic_Totals GUI showing graphical data for the wrong month: In the GUI for version 2.3.2_2, the Interactive Graph and Date Summary are both showing the current data under the wr... Oren Jellow
02:38 PM Feature #12968 (Resolved): Button to clear previous packet capture data: Packet Capture window:
When there is a log file, show a "Clear Log" button to delete the last log without having to ... Phil Wardt
10:59 AM Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/680 Viktor Gurov
10:43 AM Bug #12957 (In Progress): Delete button is always active for NAT rules, even if no rules are selected: Viktor Gurov
10:43 AM Bug #12966 (Duplicate): Some action buttons are always active, even if no NAT rule is selected: Viktor Gurov
03:39 AM Bug #12966 (Duplicate): Some action buttons are always active, even if no NAT rule is selected: The "Delete" and "Toggle" (#12879) buttons at the bottom of the NAT rules page are always active.
All of these butto... Viktor Gurov
08:39 AM pfSense Packages Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases: fixes:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/199 Viktor Gurov
08:17 AM Bug #10513: State issues with policy routing and HA failover: > Tested in 2.5.2. This seems to still be a big issue.
In 2.6.0, too. I'm not sure about the lost states, but the tr... Christian Ullrich
04:32 AM Regression #12949: The ruleset is not regenerated after assigning an interface: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/679 Viktor Gurov
04:11 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Marcos Mendoza wrote in #note-5:
> Tested on @22.05.a.20220311.0600@ with the patch.
>
> The IP @::192.168.10.10@... Viktor Gurov
03:40 AM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Christopher Cope wrote in #note-5:
> Tested on
> [...]
>
> and the buttons are disabled without a selection on t... Viktor Gurov
02:12 AM Feature #12675 (New): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle wrote in #note-8:
> nd now if the user touches the file manually it gets cleared at the next boot, so the... Viktor Gurov
02:10 AM Feature #12675: Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle wrote in #note-10:
> I merged a fix for the option check and also added a GUI option when editing the use... Viktor Gurov
01:14 AM Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN: Tested on 22.05-DEVELOPMENT (built on Sun Mar 20 06:19:27 UTC 2022) with patch from https://gitlab.netgate.com/pfSens... Azamat Khakimyanov

03/20/2022

11:56 PM pfSense Packages Feature #12718 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Viktor Gurov
04:04 PM pfSense Packages Bug #12965: FRR BFD peer configuration is handled incorrectly in some cases: To summarize:
* load the saved @Profile@ value on BFD peer edit
* allow the selection of VIPs for @Local Source Add... Marcos M
03:58 PM pfSense Packages Bug #12965 (Pull Request Review): FRR BFD peer configuration is handled incorrectly in some cases: Saving the following BFD peer configuration results in no configuration change (checked by looking at @FRR / Status /... Marcos M
12:52 PM Feature #12964: Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": Sorry I meant below "hn ALTQ support" Chris Collins
12:50 PM Feature #12964 (Closed): Add toggle for vtnet ALTQ/multiqueue on Advanced - > Networking page below "hn ALTQ Support": The vtnet driver can only support multiqueue or ALTQ, and not both, I held of the feature request, but now I see hype... Chris Collins
08:48 AM pfSense Packages Feature #12963: Run nmap scans in the background: Add a working test patch that can be copied into System Patches package:
Phil Wardt
08:23 AM pfSense Packages Feature #12963: Run nmap scans in the background: Github commit, tested with screen shots:
https://github.com/pfsense/FreeBSD-ports/pull/1148
Note: it properly sup... Phil Wardt
08:19 AM pfSense Packages Feature #12963 (Feedback): Run nmap scans in the background: NMap package cannot actually run from gui because of nginx timeout
This patch adds the following features:
- run ... Phil Wardt
06:14 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Also see:
https://old.reddit.com/r/PFSENSE/comments/tc8zsx/wireguard_service_not_starting_on_system/
Can also con... Zep Man

03/19/2022

10:08 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: I have compiled the igb driver for 12.3 to test this weekend.
Additionally, patches for the VLAN issue should be i... Kris Phillips
10:06 PM Regression #12827: High latency and packet loss during a filter reload: Have run into this bug twice with customers, once with a standalone firewall that had 200+ interfaces and another wit... Kris Phillips
06:23 PM Bug #12728 (Resolved): Cannot remove IPv6 static routes: I was able to add/remove IPv6 static routes without errors.
route is removed.
22.05.a.20220319.0600
Alhusein Zawi
03:21 PM pfSense Packages Bug #12917: LoopiaAPI changed: Jim Pingle wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > acme.sh updated to v3.0.2 in #12886
> >
> > Lo... Nim Djid
01:37 PM pfSense Packages Feature #12718: add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: was able to start suricata inline mode on igc interface (6100) running 22.01 v6.0.4_1 Jordan G
12:53 PM Feature #12863: dynamically tune sha512crypt rounds: Here's a patch that can be applied by copying its contents
Tested with auth on my current system
Rounds could maybe... Phil Wardt
10:16 AM Feature #12863: dynamically tune sha512crypt rounds: Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Phil Wardt
09:27 AM Feature #12962 (Duplicate): Improve default sha512 password hashing rounds: Already covered by multiple other issues.
See: #12855, #12800, #12863
Jim Pingle
09:22 AM Feature #12962: Improve default sha512 password hashing rounds: Here's the commit:
https://github.com/pfsense/pfsense/pull/4563 Phil Wardt
09:18 AM Feature #12962 (Duplicate): Improve default sha512 password hashing rounds: After this change: https://redmine.pfsense.org/issues/10298
The default encryption for passwords is sha512
Howeve... Phil Wardt
09:11 AM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes: https://github.com/FRRouting/frr/issues/10827 yon Liu
05:32 AM pfSense Packages Bug #12951: FRR cannot remove IPv6 routes: 2022/03/19 02:16:50 BGP: can't connect to 2604:8800:60:240::100 fd 34 : Permission denied
2022/03/19 02:16:50 BGP: c... yon Liu
06:31 AM pfSense Packages Bug #12777 (Resolved): STunnel writes config.xml on each start: Tested with Stunnel 5.50_10
It writes to config.xml only after config changes. Ticket resoloved. Danilo Zrenjanin
05:28 AM Bug #12780 (Resolved): L2TP/PPTP interface assignment page loses some values after input validation error: Tested on the:... Danilo Zrenjanin
05:12 AM Bug #12792 (Resolved): Automatic Outbound NAT rules do not include OpenVPN CSO entries: Tested on:... Danilo Zrenjanin
04:59 AM Bug #12887 (Resolved): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Tested against:... Danilo Zrenjanin

03/18/2022

10:45 PM Revision 44c4a509: Increase max firewall log entries: Christopher Embry
02:07 PM Revision 062972b3: pf host ID support. Issue #12702: Jim Pingle
02:01 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: The patch didn't work.
I applied the patch to my 2.5.2 system then enabled DHCP6 client debug mode and saved the i... David Myers
01:16 PM Revision 98ecfb9f: Add user opt to keep history. Implements #12675: Jim Pingle
12:46 PM Regression #12961 (Resolved): CARP event storm when leaving persistent CARP maintenance mode: Hi,
this is a very weird issue so I will try my best to describe it. I think this is a regression that we are seei... Florian Apolloner
12:27 PM Bug #12960 (Resolved): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes: When booting from a VGA installer such as the ISO or VGA USB memstick, the boot menu is set to Serial.
See attache... Jim Pingle
12:16 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: That's from #12703 and is fixed on snapshots later than what you're running. Upgrade and test again. Jim Pingle
12:13 PM Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Tested, from the patch, on both a single system and a HA pair all running... Christopher Cope
09:08 AM Feature #12702 (Feedback): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Changes merged, will be in snapshots soon for testing. Jim Pingle
11:26 AM Bug #12959 (Feedback): dhcplease process wrongly update host file if client-hostname is empty: I've activated "Register DHCP leases in DNS forwarder" option.
I case where one of my device requests an IP without ... Max Bal
10:38 AM pfSense Docs Todo #12958 (Closed): Feedback on Configuration — Advanced Configuration Options — Miscellaneous Tab: It's correct as it is. tmpfs uses regular RAM, space in RAM used by RAM disks means there is less RAM for other progr... Jim Pingle
09:58 AM pfSense Docs Todo #12958 (Closed): Feedback on Configuration — Advanced Configuration Options — Miscellaneous Tab: *Page:* https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html
*Feedback:*
re: https://docs.netgate... Steve Y
09:33 AM Bug #12957 (Resolved): Delete button is always active for NAT rules, even if no rules are selected: This is the same issue as #12871 but on all NAT pages instead of the rules page.
Port Forward, 1:1, Outbound, & NP... Christopher Cope
09:01 AM Feature #12675 (Feedback): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: I merged a fix for the option check and also added a GUI option when editing the user. Will be in snapshots soon. Jim Pingle
07:32 AM Feature #12675 (In Progress): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: Jim Pingle
07:30 AM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected: This issue was just for the firewall rules page which is good now. The other pages should get a fresh Redmine issue i... Jim Pingle
05:28 AM Bug #12953 (Resolved): ESP description in IPsec phase 2 proposal help text is ambiguous: Tested against:... Danilo Zrenjanin
12:38 AM pfSense Packages Bug #12956: suricata fails to use pcre in SID management (e.g. dropsid.conf): Indeed, I've found the commit that caused the regression:
https://github.com/pfsense/FreeBSD-ports/commit/9d8801b498... Adam CM
12:31 AM pfSense Packages Bug #12956 (Resolved): suricata fails to use pcre in SID management (e.g. dropsid.conf): In suricata/suricata.inc, under "Test the SID token for the PCRE: keyword", the match for the regular expression will... Adam CM

03/17/2022

04:28 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: Tested on... Christopher Cope
02:03 PM Feature #12675 (New): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: The MR implemented the config setting/backend part but not the GUI option. And now if the user touches the file manua... Jim Pingle
01:06 PM Revision f14a50f8: Clarify ESP help text. Fixes #12953: Jim Pingle
12:38 PM Feature #12702 (Pull Request Review): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/675 Jim Pingle
10:00 AM Feature #12702 (In Progress): Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings: Jim Pingle
11:05 AM Bug #12955 (Not a Bug): DHCP Leases not loading: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:36 AM Bug #12955 (Not a Bug): DHCP Leases not loading: al cargar la pagina DHCP leases ipv4 y tras el minuto de espera del navegador sale el error de la imagen que adjunto
... Nicolas Torres Andrades
09:26 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: See #12954 for Limiters failing to pass traffic.
That is not related to the dummynet kernel module being unavailab... Steve Wheeler
09:22 AM Bug #12830 (Closed): Traffic Shaper (Limiters) broken: This is now better understood. See: #12954 Steve Wheeler
09:19 AM Regression #12954 (Resolved): Traffic routed through DUMMYNET by PF fails when IPFW is enabled: If you have Limiters configured and are sending traffic through then using pf firewall rules that traffic can fail if... Steve Wheeler
08:10 AM Bug #12953 (Feedback): ESP description in IPsec phase 2 proposal help text is ambiguous: Changed wording to "Encapsulating Security Payload (ESP) performs encryption and authentication [...]"
Jim Pingle
05:43 AM Bug #12953 (Resolved): ESP description in IPsec phase 2 proposal help text is ambiguous: Under VPN>IPsec>Tunnels>Edit Phase 2 - Phase 2 Proposal (SA/Key Exchange), help text says:
"Encapsulating Security ... Danilo Zrenjanin
08:01 AM pfSense Packages Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working: I cannot reproduce any issues with views in the DNS resolver as described. It's possible there is a local issue in pf... Jim Pingle
03:45 AM pfSense Packages Bug #12952 (Closed): After update to v. 22.01 DNS Resolver Custom Options for bypassing PfBlockerNG not working: Immediately after updating PfSense+ on Netgate 7100 from v. 21.05.2 to 22.01 the bypass setting for PfBlockerNG sto... Thomas Kauders
07:57 AM Bug #12950: OpenVPN as default gateway does not get set at boot time: I can reproduce this on snapshots if I set an OpenVPN gateway as default directly, but there is a workaround.
Crea... Jim Pingle
07:32 AM Bug #12703 (Resolved): pf ``hostid`` value is handled inconsistently: This is good on the latest snapshot which was built after our recent upstream merge.... Jim Pingle
12:52 AM pfSense Packages Bug #12951 (Feedback): FRR cannot remove IPv6 routes: pfsense 2.6 system
frr log show:
2022/03/16 21:46:42 ZEBRA: [EC 100663303] kernel_rtm: 2606:2800:e004::/48: r... yon Liu

03/16/2022

06:39 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Also seeing this in:... Steve Wheeler
06:17 PM Regression #12949: The ruleset is not regenerated after assigning an interface: I was able to reproduce this on 2.6 with a default config. Marcos M
06:14 PM Regression #12949: The ruleset is not regenerated after assigning an interface: Logs from a 2.5.2 VM where I reassigned WAN from em0 to vtnet0 and am able to login at the new IP imediately:... Steve Wheeler
05:44 PM Regression #12949 (Resolved): The ruleset is not regenerated after assigning an interface: In some circumstances the ruleset is not reloaded or regenerated after re-assigning an interface.
For example afte... Steve Wheeler
06:32 PM Bug #12950 (New): OpenVPN as default gateway does not get set at boot time: I have an OpenVPN gateway configured as my default gateway with a static route in place to ensure the VPN connects vi... James Chambers
02:37 PM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: I tried altering the script so it would fire during a renew with mixed success. Though I found another odd behavior. ... Jim Pingle
07:58 AM Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes: For that to trigger the client would have to fire the script during an event when the change occurs. It may not, but ... Jim Pingle
07:39 AM Bug #12947 (Resolved): Old IPv6 addresses may continue to be used after DHCP or RA changes: I recently started using T-Mobile 5G Home Internet. The gateway device you're required to use is almost completely un... David Myers
12:13 PM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address: Thilo Gass wrote in #note-39:
> In https://redmine.pfsense.org/issues/12190 you find the information:
>
> Forma... Thilo Gass
11:38 AM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: When mixing AE ciphers in a P2 with AEAD ciphers (e.g. AES with AES128-GCM), the wizard will generate a script with t... Marcos M
07:41 AM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: Duplicate of #11595
We can't take on the technical debt that would come with carrying custom patches for this fore... Jim Pingle

03/15/2022

08:16 PM Revision 719da3ee: Remember dyn GW when if is down. Issue #12931: * When a dynamic interface goes down, retain its old gateway address in
a place we can read if if necessary
* When ... Jim Pingle
06:06 PM Bug #12946 (Duplicate): Unbound will not resolve long CNAME chains: This is relates to Bug #11595. Also documented with the Unbound team, https://github.com/NLnetLabs/unbound/issues/43... Steve Boyle
03:42 PM Feature #12945 (Resolved): Implement missing ipfw equivalents in libpfctl necessary for captiveportal: As indicated by Viktor Gurov:
> pfSense_ipfw_*() functions have been rewritten to use shell scripts, which is slow, ... Reid Linnemann
03:28 PM Feature #12931 (Feedback): Retain knowledge of previous dynamic gateway IP address when interface is down: Changes merged. Jim Pingle
03:23 PM Bug #12942 (In Progress): Code to kill states for old gateway when reconnecting an interface is incorrect: While this does work, it can be harsh and should be made optional if possible. A global option similar to the option ... Jim Pingle
02:57 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: Replaced HashTab with OpenHashTab: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/9246ff1a5ea5df1b56186f1e3133... Jim Pingle
02:50 PM pfSense Docs Correction #12944 (In Progress): Hashtab no longer avaliable: Jim Pingle
02:49 PM pfSense Docs Correction #12944 (Closed): Hashtab no longer avaliable: At the following link we recommend Hashtab for Windows users, but they went out of business and for now it isn't avai... Christopher Cope
02:38 PM Revision 2e326e19: Enable /etc/rc.d/zfsbe support in pfSense-rc: Christian McDonald
10:12 AM pfSense Docs Todo #12158 (Closed): Feedback on Installing and Upgrading — Prepare Installation Media — Prepare a USB Memstick: This was fixed a while back, the linked page is just Etcher now. The page linked at the end with alternate techniques... Jim Pingle
10:04 AM pfSense Docs Todo #12704 (Closed): Add more HA DHCP troubleshooting info: Jim Pingle
07:32 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Lewis Smith wrote in #note-14:
> Luca De Andreis wrote in #note-13:
> > Hello everybody,
> >
> > I can confirm t... Luca De Andreis
07:14 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Luca De Andreis wrote in #note-13:
> Hello everybody,
>
> I can confirm that there are problems with PfSense 2.6.... Lewis Smith
07:18 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: I think there's a similar issue "here":https://github.com/pfsense/pfsense/blob/07fe3d3d60a61621171fbc0a1a5e42c1462fb5... David Myers
07:17 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: Duplicate of #12727 Jim Pingle
01:16 AM Bug #12943 (Duplicate): Routing bad if rename Alias destination network: pfsense 2.5.2
Routing bad if rename Alias destination network
Create Alias for network destination routing
Creat... Aleks Bug
03:14 AM Bug #12941: Captive Portal on specific VLAN prevents routing to other networks (since 22.01): @jimp The suggested system patch successfully fixed the issue! Thank you. Lorenzo Marroccoli
02:35 AM pfSense Plus Feature #11732: Add VXLAN Support to pfSense Plus: Understand that VXLAN was supported but removed some time ago for not being enterprise ready.
From my understanding ... Reine Hålldin

03/14/2022

04:33 PM Revision 4cd703e9: Add bhyve config package: Brad Davis
03:11 PM Revision d250c083: Revert "Skip gateway if interface is down. Fixes #12920": This breaks some gateway operations because the gateways disappear
entirely when the interface loses link.
This reve... Jim Pingle
02:24 PM Bug #12942 (Pull Request Review): Code to kill states for old gateway when reconnecting an interface is incorrect: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/673
Might be too aggressive, also might need to cove... Jim Pingle
10:45 AM Bug #12942 (Resolved): Code to kill states for old gateway when reconnecting an interface is incorrect: There are a few places where we may want to clear states using an old gateway when it's no longer valid, and there is... Jim Pingle
01:07 PM Feature #12931 (Pull Request Review): Retain knowledge of previous dynamic gateway IP address when interface is down: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/672
Jim Pingle
08:35 AM Feature #12931 (In Progress): Retain knowledge of previous dynamic gateway IP address when interface is down: Jim Pingle
10:22 AM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
10:20 AM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:d250c083dffa1e1d429f871f2081644dfa9d2f62. Jim Pingle
10:19 AM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: With this in place it removes dynamic gateway entries for interfaces such as DHCP entirely when they are down, which ... Jim Pingle
08:55 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I have the same issue. One side of the Wireguard VPN is disabled after reboot. Both sides of the VPN appear to have t... B P
08:02 AM Bug #12941: Captive Portal on specific VLAN prevents routing to other networks (since 22.01): @jimp thank you for your quick reply.
That would explain why I can RDP into devices on other VLAN and load a page... Lorenzo Marroccoli
07:28 AM Bug #12941 (Duplicate): Captive Portal on specific VLAN prevents routing to other networks (since 22.01): This is almost certainly a duplicate of #12834 or at least the same root cause. First thing to try is the patch in th... Jim Pingle
06:08 AM Bug #12941 (Duplicate): Captive Portal on specific VLAN prevents routing to other networks (since 22.01): Hello there,
this weekend I updated my 1537 to 22.01-RELEASE from the previous latest stable version.
The update ... Lorenzo Marroccoli
07:54 AM pfSense Docs Correction #12936 (Closed): HAproxy current versions: I removed all of the version-specific information from the doc as there wasn't a good reason to keep it.
I also cl... Jim Pingle
07:38 AM Feature #12939 (Rejected): Extend DNS query log: A client would never tell the DNS server the whole URL it is querying, only the address of the server which is what g... Jim Pingle
07:33 AM Regression #12904 (Not a Bug): Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: That's what I expected given the behavior. It's just more accurate than it was in the past, so there isn't a bug here... Jim Pingle
07:28 AM Bug #11764 (New): IPv6 link local gateway default status not indicated in GUI: Jim Pingle

03/13/2022

10:04 PM Bug #11764: IPv6 link local gateway default status not indicated in GUI: I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.6.0 release candidate and release... Daryl Morse
08:17 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: +1 for this as well.
Just started looking into sorting out the self-signed cert and thought there would be a better ... David Kemp
07:50 PM Bug #12940 (Resolved): Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync: In an HA configuration, deleting a user (System / User Manager) will only delete the user home directory on the prima... Marcos M
12:53 PM pfSense Docs Correction #12400: NAT 1:1 documentation - multi-wan information: May be better to say
> All traffic originating from that private IPv4 address leaving the selected interface will be... Marcos M
12:42 PM pfSense Docs Correction #11085 (Closed): Feedback on System Monitoring — CARP Status: Documentation now includes details on each mode/button. Marcos M
12:17 PM Bug #9358 (Closed): Lost default gateway after recover from failover with CARP VIP and HA: Tested on 22.01. This is no longer an issue. Marcos M
11:46 AM pfSense Packages Bug #12912 (Resolved): ACME is failing to fully issue a new certificate: This works again on 0.7_4. Marcos M
11:33 AM Bug #12440: Zero-value prefix IPv6 addresses are mishandled: Tested on @22.05.a.20220311.0600@ with the patch.
The IP @::192.168.10.10@ and @::ffff:192.168.10.10@ is being con... Marcos M
03:41 AM Feature #8173: dhcp6c - RAW Options: Is there any workaround for this? I'm experiencing problems because this isn't implemented - with Orange in FR. I've ... Nigel Smith

03/12/2022

02:08 PM Bug #12877: Cloudflare DynDNS fails to update more than two addresses: As a follow-up, I changed my DNS servers and my dynamic control of the domain back to Google. I stopped using Cloudfl... Bob Carpenter
01:56 PM Bug #12902 (Resolved): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Tested against:... Danilo Zrenjanin
11:42 AM Bug #12536 (Resolved): Setting a default gateway of "None" does not remove the default gateway from the routing table: fixed
Mark Gateway as Down/Disable this gateway removes the default GW from the routing table.
22.05.a.202203... Alhusein Zawi
10:18 AM Feature #12939: Extend DNS query log: Note that the problem is related to the redirect with as consequence that everything is referring to 127.0.0.1 . So a... Louis B
10:01 AM Feature #12939 (Rejected): Extend DNS query log: Hello,
I would like to monitor which computer is trying to reach which URL. I also like to block certain URL's. Fo... Louis B
09:37 AM Bug #12938 (Resolved): Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value: Hello,
I now this is not the first time that this issue pops up, however never the less it is not ok. (refer to e.... Louis B
08:23 AM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: This looks almost certainly because of a driver change in 22.01/2.6:
https://github.com/pfsense/FreeBSD-src/commit/5... Steve Wheeler
07:10 AM Regression #12937 (Resolved): Traffic Shaper wizard can produce an invalid ruleset when configured with an IPv4 upstream SIP server: After running the traffic shaper wizard and defining an Upstream SIP server IP address under the VOIP specific settin... Danilo Zrenjanin
03:33 AM pfSense Docs Correction #12936 (Closed): HAproxy current versions: ... Danilo Zrenjanin
02:55 AM pfSense Packages Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS: Installed HAproxy on the:... Danilo Zrenjanin

03/11/2022

08:33 PM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: That was in a lagg of ix0+1 but as a single interface it's no different:... Steve Wheeler
04:22 PM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: I'm unable to replicate this using an x520 NIC in an XG-7100:... Steve Wheeler
07:14 PM pfSense Docs Todo #12935 (Duplicate): Update ClamAV to 0.104.2 or latest non-release candidate (CVE-2022-20698): Duplicate of #12933 Jim Pingle
07:11 PM pfSense Docs Todo #12935 (Duplicate): Update ClamAV to 0.104.2 or latest non-release candidate (CVE-2022-20698): Currently ClamAV 0.104.1 is packaged in 22.01/2.6 and contains this vulnerability which was fixed in version 0.104.2.... Chris W
07:13 PM Todo #12934: Update strongSwan: That vulnerability is not relevant to pfSense. It affects EAP clients, and pfSense can only act as an EAP server.
... Jim Pingle
07:11 PM Todo #12934 (Resolved): Update strongSwan: Currently StrongSwan 5.9.4 is packaged in 22.01/2.6, and contains this vulnerability which was fixed in version 5.9.5... Chris W
06:51 PM pfSense Packages Bug #12933 (Resolved): Vulnerability in ClamAV Engine Used by Squid: https://www.tenable.com/plugins/nessus/156698
pfSense CE 2.6 and pfSense Plus 22.01 use ClamAV 0.104.1,1, which is... Kris Phillips
03:59 PM Revision 64b2a187: Disable buttons on the firewall_rules.php page if no rules selected. Fixes #12871: Viktor Gurov
01:19 PM Revision c5d0d75d: New methods for killing states. Implements #12092: Jim Pingle
11:42 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Christian McDonald wrote in #note-2:
> Hi Kevin,
>
> I am having a hard time replicating this based on your initi... Kevin Mychal Ong
09:20 AM pfSense Packages Bug #12924: DNS Resolver WireGuard ACL Inconsistency: Hi Kevin,
I am having a hard time replicating this based on your initial issue description. Can you please outline... Christian McDonald
11:08 AM pfSense Packages Feature #12932 (New): pfblockerng per user whitelist: Have the ability to not have DNS blocking applied to certain IPs. Right now this can be written into Unbound using cu... Mike Moore
10:42 AM pfSense Docs Todo #12910 (Closed): Add warning to VTI and OpenVPN assignment docs about automatic default gateway: Another place the warning was needed: https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/assign.html#assign-a-w... Jim Pingle
10:15 AM pfSense Docs Todo #12908 (Closed): Add notes to e-mail notification docs about Gmail App Passwords: Note added & deployed
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/45d235f0274f0686b00ea5a57975227e3b216066 Jim Pingle
10:05 AM Bug #12871 (Feedback): Some action buttons are always active for firewall rules, even if no rules are selected: Applied in changeset commit:64b2a18796fbdb36123c117bb2463f9501a43b36. Viktor Gurov
08:24 AM Feature #855: Ability to selectively kill states on gateway recovery: Updating subject. Many scenarios are now possible with #12092 and also some more will be covered by #12931 so this ca... Jim Pingle
08:14 AM Feature #12807 (Duplicate): Clear Active Secondary WAN Connections: Jim Pingle
08:13 AM Bug #8555 (Duplicate): Selectively killing states on WAN failure: Closing as this is solved by #12092 which ended up covering what is currently possible in this kind of case. Jim Pingle
08:11 AM Feature #12931 (Resolved): Retain knowledge of previous dynamic gateway IP address when interface is down: Our current methods for determining a gateway IP address only work while an interface with a dynamic address is up (e... Jim Pingle
08:00 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: These changes will be available in snapshots soon. It grew a little bit since the initial description but it ended up... Jim Pingle
07:25 AM Feature #12092 (Feedback): Utilize new ``pfctl`` abilities to kill states: Applied in changeset commit:c5d0d75dbdb11753fb95b3ffb933e546d49924ca. Jim Pingle
07:39 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Thanks for the quick fix. Let me know when the patch is updated and I'll re-apply and verify. Adrien Carlyle
06:15 AM Bug #12925 (New): FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-9:
> I tracked this down, the FQDN entry isn't being resolved and passed to openvpn wit... Viktor Gurov

03/10/2022

09:12 PM Revision 87b9ecff: Add rule ID text input to state dump page. Issue #12616: Reid Linnemann
05:09 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Thanks, the combination of @5f3aa9464e9b9b8062faa47e7552552ff3841d92@ then @9be20fdf57fe9c9c17aa16542189854dbf1cbebd@... Evan Pearce
03:42 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: This one fixes the issue: https://github.com/acmesh-official/acme.sh/commit/01ace11293f4cf27f8e761114f48148bbcbad063 Morten Trab
03:05 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: Leaving the Allow Insecure blank, results in a different error:... Morten Trab
02:37 PM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: I should add, I tested the script and it is placing the correct variables into the environment and the script does se... Jim Pingle
02:32 PM pfSense Packages Bug #12623 (New): acme.sh package | DNS-ISPConfig settings: The upstream code still has a problem. If you leave "Allow Insecure" blank now it should at least get past that part,... Jim Pingle
06:35 AM pfSense Packages Bug #12623: acme.sh package | DNS-ISPConfig settings: I'm on 0.7_4 now and still see the exact same error - so no, still not fixed Morten Trab
03:23 PM Feature #12616 (Feedback): Option to filter state table contents by rule ID: Reid Linnemann
03:20 PM Feature #12616 (Resolved): Option to filter state table contents by rule ID: Input field added in 87b9ecff572e364f58b36293981b4c9b9ae20683
Mapping states to rules by rule id to get descriptio... Reid Linnemann
02:55 PM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge: Tested on... Christopher Cope
02:55 PM Revision 60c0b333: OpenVPN FQDN in alias support. Fixes #12925: Viktor Gurov
02:51 PM Revision 773902ef: DHCPD: deny MAC Deny entries instead of ignore. Fixes #12923: Viktor Gurov
01:34 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I tracked this down, the FQDN entry isn't being resolved and passed to openvpn with a /32 mask
This is an FQDN/32 ... Adrien Carlyle
01:13 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I just noticed that this now shows in my OpenVPN client log when I try to connect while an FQDN entry is present in t... Adrien Carlyle
12:25 PM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-6:
> I applied the patch and rebooted the system. There is no change in behavior.
>... Viktor Gurov
11:53 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: I applied the patch and rebooted the system. There is no change in behavior.
Is there anything I can run on the ap... Adrien Carlyle
09:31 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Adrien Carlyle wrote in #note-3:
> Viktor Gurov wrote in #note-1:
> > fix:
> > https://gitlab.netgate.com/pfSense/... Viktor Gurov
09:05 AM Bug #12925 (Feedback): FQDN in network alias is omitted from OpenVPN networks list: Applied in changeset commit:60c0b333c7ee5b951ad659a42693a1070a762ec1. Viktor Gurov
07:16 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: Viktor Gurov wrote in #note-1:
> fix:
> https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667
That was... Adrien Carlyle
07:04 AM Bug #12925 (Pull Request Review): FQDN in network alias is omitted from OpenVPN networks list: Jim Pingle
01:38 AM Bug #12925: FQDN in network alias is omitted from OpenVPN networks list: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/667 Viktor Gurov
12:55 PM Bug #12871 (Pull Request Review): Some action buttons are always active for firewall rules, even if no rules are selected: Jim Pingle
10:31 AM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/670 Viktor Gurov
12:52 PM pfSense Docs Todo #12930 (Closed): HA Proxy package support: Fixed and deployed. Jim Pingle
12:20 PM pfSense Docs Todo #12930 (Closed): HA Proxy package support: HA Proxy is not on the list of officially supported packages:
https://www.netgate.com/supported-pfsense-plus-package... Danilo Zrenjanin
11:58 AM Regression #12817 (Resolved): PHP error when terminating OpenVPN sessions via the dashboard widget: Tested on... Christopher Cope
11:52 AM Bug #12929 (Closed): pfSense Does Not Properly Boot on UEFI in KVM: No problems here with e1000 or virtio NICs, or virtio disk controller. Might be specific to that version of KVM/qemu ... Jim Pingle
11:48 AM Bug #12929: pfSense Does Not Properly Boot on UEFI in KVM: Jim Pingle wrote in #note-1:
> I can't reproduce this, at least with KVM through Proxmox. It boots the ISO fine UEFI... Kris Phillips
11:16 AM Bug #12929 (Feedback): pfSense Does Not Properly Boot on UEFI in KVM: I can't reproduce this, at least with KVM through Proxmox. It boots the ISO fine UEFI, installs fine, and boots up an... Jim Pingle
10:45 AM Bug #12929 (Closed): pfSense Does Not Properly Boot on UEFI in KVM: It appears that pfSense is unable to boot in KVM on UEFI. It will only boot with BIOS mode. When selecting the Free... Kris Phillips
10:52 AM Bug #12926: Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Viktor Gurov wrote in #note-1:
> Unable to reproduce:
> [...]
>
> after changing the LAGG mode from LACP to ROUN... Kris Phillips
02:02 AM Bug #12926 (Feedback): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: Unable to reproduce:... Viktor Gurov
10:07 AM Feature #12741 (Resolved): Eliminate duplicate shell commands from history file: Tested on... Christopher Cope
09:43 AM Bug #12892 (Feedback): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Merged:
https://github.com/pfsense/pfsense/commit/b68d8fe695bb0b03bef9d4d8a0e70ca238303e35 Viktor Gurov
07:08 AM Bug #12892 (Pull Request Review): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Jim Pingle
03:28 AM Bug #12892 (New): ``HTTPClient`` option not sent when using UEFI HTTP Boot: small fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/669 Viktor Gurov
09:26 AM Revision b68d8fe6: Do not add HTTPClient entries if netboot is disabled. Issue #12892: Viktor Gurov
09:18 AM Bug #12923: DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Patch works for me, thanks! Steve Y
09:05 AM Bug #12923 (Feedback): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Applied in changeset commit:773902efa92299d35b4b77bd6af1cba24cb65dba. Viktor Gurov
07:07 AM Bug #12923 (Pull Request Review): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Jim Pingle
03:08 AM Bug #12923: DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/668 Viktor Gurov
06:45 AM pfSense Packages Bug #12917: LoopiaAPI changed: Viktor Gurov wrote in #note-1:
> acme.sh updated to v3.0.2 in #12886
>
> Looks like we need to update acme.sh mon... Jim Pingle
02:07 AM pfSense Packages Bug #12917: LoopiaAPI changed: acme.sh updated to v3.0.2 in #12886
Looks like we need to update acme.sh monthly/quarterly. Viktor Gurov
06:10 AM pfSense Packages Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid: This is correct behavior.
The "Raw Config" tab is used for custom configuration:
https://docs.netgate.com/pfsense... Viktor Gurov
05:45 AM pfSense Packages Bug #12928 (Not a Bug): FRR When using vtysh to save the configuration, any changes to the webgui are invalid: about FRR，When using vtysh to save the configuration, any changes to the webgui are invalid.
Because there are man... yon Liu
05:30 AM Revision c07c5cf5: Skip gateway if interface is down. Fixes #12920: Viktor Gurov
04:20 AM Bug #12927 (Incomplete): OpenVPN with OCSP enabled allows connections with revoked certificates: OpenVPN doesn't honor certificate validity status against the site listed in the OCSP URL field.
See:
https://red... Danilo Zrenjanin

03/09/2022

11:40 PM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:c07c5cf5f2387cb2b9efdf25545bafebfa414f00. Viktor Gurov
05:33 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Tested fixes on current 22.05 snap on an 1100 and 5100.
The gateway status / dpinger behavior is now the same:
Gatew... Marcos M
01:56 PM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
12:08 PM Bug #12920 (New): Gateway behavior differs when the gateway does not exist in the configuration: extra fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/666 Viktor Gurov
08:00 AM Bug #12920 (Feedback): Gateway behavior differs when the gateway does not exist in the configuration: Applied in changeset commit:e7954a79ce0d386706dcde2e039ef57875ecee0a. Viktor Gurov
07:34 AM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
06:21 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: related to https://github.com/pfsense/pfsense/commit/da836151dbd6dff0f8759ef165b24e0e173b078e
improvement:
https:... Viktor Gurov
05:55 PM Bug #12926 (Duplicate): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State: When changing a LAGG from any mode to another mode while it has child interfaces that are something like VLANs and CA... Kris Phillips
02:42 PM Bug #12925 (Resolved): FQDN in network alias is omitted from OpenVPN networks list: I implemented this new feature (https://redmine.pfsense.org/issues/2668) on our OpenVPN server but have noticed some ... Adrien Carlyle
01:57 PM Revision 07fe3d3d: Update HAProxy-stable to version 2.2. Implements #12898: Viktor Gurov
01:54 PM Revision 9be20fdf: OpenVPN status TAP mode double entries fix. Issue #12884: Viktor Gurov
01:49 PM Revision e7954a79: Restart gateways monitor on dynamic interface down. Fixes #12920: Viktor Gurov
12:38 PM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Merged to devel and 22.01/2.6 Viktor Gurov
07:34 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Jim Pingle
07:10 AM pfSense Packages Bug #12869 (New): Bind DNS Package AAAA filtering Broken on new ZFS Installs: regression: https://forum.netgate.com/topic/170558/bind-package-9-16_12-reads-from-cf-named-but-changes-in-the-gui-ar... Viktor Gurov
10:59 AM pfSense Packages Bug #12924 (New): DNS Resolver WireGuard ACL Inconsistency: Initially, I had two pfsense nodes connected via the WireGuard package. My tunnel network was 10.0.3.0/30 for p2p. I ... Kevin Mychal Ong
10:57 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: FreeBSD-ports merge:
https://github.com/pfsense/FreeBSD-ports/commit/da9ed529f30212fd826aebc3b7e896fce7a15217 Viktor Gurov
08:05 AM pfSense Packages Bug #12898 (Feedback): Update HAProxy Backend to Latest LTS: Applied in changeset pfsense:commit:07fe3d3d60a61621171fbc0a1a5e42c1462fb5ed. Viktor Gurov
10:52 AM Bug #12922: Classless static routes received on DHCP WAN can override chosen default gateway: Rewording the subject to be more precise.
It's unusual to get classless static routes from DHCP in most cases so the... Jim Pingle
10:30 AM Bug #12922 (Confirmed): Classless static routes received on DHCP WAN can override chosen default gateway: Although I'm still running 2.5.2 I believe this bug is also in 2.6.0 based on a diff of the file in question.
I ha... David Myers
10:44 AM Feature #8861: Show SFP module details on ``status_interfaces.php``: I just applied this patch and it fixed the issue. Thanks! Glenn Hall
10:42 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Merged:
https://github.com/pfsense/pfsense/commit/e4b4c3d2f919621eb7c684c0ed5d7593f255349f Viktor Gurov
07:11 AM Feature #8861 (Pull Request Review): Show SFP module details on ``status_interfaces.php``: Jim Pingle
02:21 AM Feature #8861 (New): Show SFP module details on ``status_interfaces.php``: Glenn Hall wrote in #note-9:
> I am now receiving the following PHP errors when I view the Status-->Interfaces page ... Viktor Gurov
10:41 AM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Merged:
https://github.com/pfsense/pfsense/commit/9be20fdf57fe9c9c17aa16542189854dbf1cbebd Viktor Gurov
07:37 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Jim Pingle
07:17 AM Regression #12884 (New): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Evan Pearce wrote in #note-9:
> The patch above resolves my issue -- once applied, the user remote access service di... Viktor Gurov
05:07 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: The patch above resolves my issue -- once applied, the user remote access service displays client connections.
How... Evan Pearce
10:40 AM Bug #12923 (Resolved): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Scenario:
* in DHCP server config, MAC Deny option is set with a MAC address
* user wants to not log that every few... Steve Y
10:36 AM Regression #11545: Primary interface address is not always used when VIPs are present: I have this exact issue on 22.01. It manifests on reboot with OpenVPN server start binding to wrong IP. Note that o... Jeff Quasarano
08:20 AM Revision e4b4c3d2: Status Interfaces SPF details fix. Feature #8861: Viktor Gurov
08:06 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Updating subject as this has evolved a bit to encompass both killing by label for rule IDs and killing by gateway. Jim Pingle
07:15 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario: The symptoms sound similar to #12827 -- it might be worth trying the workaround which is available in the recommended... Jim Pingle
03:25 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: The issue issue is resolved, or rather is not an issue / not an accurate description. The same latency increase to >1... Ash Morris
05:51 AM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface: This is the correct behavior - if you manually execute @ifconfig eth0 up@, it will not restart DHCPd using the servic... Viktor Gurov

03/08/2022

09:36 PM Feature #8861: Show SFP module details on ``status_interfaces.php``: I am now receiving the following PHP errors when I view the Status-->Interfaces page while running 2.7.0.a.20220308.0... Glenn Hall
07:21 PM Bug #12921 (Not a Bug): Interface status shows DHCP down after bouncing interface: Tested on 22.01 and 21.05. Issue can be reproduced on ESXi with pass-through NIC, and on an @1100@; unable to reprodu... Marcos M
06:59 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Some notes:
It shouldn't be an issue for WAN failover on 22.05 given that @dpinger@ starts back up. However, it's ... Marcos M
06:56 PM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration: The gateway status and @dpinger@ behave differently when the respective gateway entry does not exist in the @config.x... Marcos M
03:24 PM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: Apologies, affected version should read 22.01. Ash Morris
11:53 AM pfSense Plus Bug #12919: Enabling gateway failover introduces latency increase and causes artificial failover scenario: Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
... Ash Morris
11:45 AM pfSense Plus Bug #12919 (Not a Bug): Enabling gateway failover introduces latency increase and causes artificial failover scenario: Forum post: https://forum.netgate.com/topic/170595/sg-5100-wan-failover-at-gigabit-saturation?_=1646751316923
Issu... Ash Morris
01:49 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-10:
> I took a slightly different approach since I wasn't a fan of the repetition of the c... Phil Wardt
09:32 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: Kristof let me know that we do also have @pfctl -k gateway -k x.x.x.x@ which would fill the missing pieces in here. I... Jim Pingle
07:40 AM Feature #12092: Utilize new ``pfctl`` abilities to kill states: The more I consider how this might work the less sure I am that the gateway part would be useful in a way most users ... Jim Pingle

03/07/2022

09:32 PM Revision 2404ca68: Encrypt/Decrypt Robustness & Testing. Issue #12897: * Move cleanup to separate function.
* Be more aggressive with cleanup when performing multiple crypto
attempts.
* ... Jim Pingle
07:03 PM Revision 5f3aa946: OpenVPN status incorrect TAP mode RA server+empty tunnel. Fixes #12884: Viktor Gurov
05:59 PM Revision 0d186018: Encode pftop output. Fixes #12915: Jim Pingle
04:50 PM Revision 9a36d901: Define dnsmasq upstream DNS via --server option. Fixes #12902: Viktor Gurov
04:49 PM Revision fc455333: Show SFP module details on status_interfaces.php. Implements #8861: Viktor Gurov
03:51 PM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: I faced an issue similar to this with the Snort and Suricata packages some time back. I handled it there by always ch... Bill Meeks
10:02 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: The base system has no way to scan/inform packages about an interface being removed, it's up to the admin to maintain... Jim Pingle
09:30 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: Jim Pingle wrote in #note-1:
> PIMD has options to not behave that way.
>
> Sounds like what you really want is t... Pete Holzmann
08:26 AM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: PIMD has options to not behave that way.
Sounds like what you really want is to have PIMD set to "Bind to None" an... Jim Pingle
03:40 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: I took a slightly different approach since I wasn't a fan of the repetition of the cleanup code.
I also added a PHP ... Jim Pingle
03:27 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: the clean of temp files lines are also maybe excessive. This can only occur if at the end, the GUI times out
Maybe I... Phil Wardt
03:17 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-5:
>
> I did, and it worked as expected. It failed in a timely manner with the correct e... Phil Wardt
02:34 PM Feature #12092 (In Progress): Utilize new ``pfctl`` abilities to kill states: Adding basic functions here is pretty straightforward. It's easy enough to add a means to kill states created by a ru... Jim Pingle
02:29 PM pfSense Packages Feature #12918 (New): pfBlockerNG-devel changes from xmlrpc sync do not take effect immediately: When pfBlockerNG-devel syncs its settings (e.g. custom IPv4 list) to a secondary firewall, the settings on the second... Marcos M
01:54 PM pfSense Packages Bug #12917 (Resolved): LoopiaAPI changed: Any users using LoopiaAPI can't issue or renew certificates. This has been fixed upstream at the below link.
https... Christopher Cope
01:34 PM pfSense Packages Bug #12916 (New): pfBlockerNG-devel cron job does not trigger xmlrpc sync: Tested on pfSense 2.6.0 and pfBlockerNG-devel 3.1.0_1
pfBlockerNG-devel option "Enable Sync" with "Sync to host(s) d... Marcos M
01:10 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Applied in changeset commit:5f3aa9464e9b9b8062faa47e7552552ff3841d92. Viktor Gurov
11:05 AM Regression #12884 (Pull Request Review): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Jim Pingle
12:10 PM Regression #12915 (Feedback): ``diag_pftop.php`` does not fully encode output: Applied in changeset commit:0d1860181f0660704b3e749bbb0a4c207ad68925. Jim Pingle
11:58 AM Regression #12915 (Confirmed): ``diag_pftop.php`` does not fully encode output: Jim Pingle
11:54 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output: diag_pftop.php shows rules without quoting "<>".... Grischa Zengel
11:01 AM pfSense Packages Bug #12912 (Feedback): ACME is failing to fully issue a new certificate: Fix merged, will be in ACME pkg v 0.7_4.
In the meantime, check the debug option on a certificate and it should wo... Jim Pingle
10:44 AM pfSense Packages Bug #12912 (Resolved): ACME is failing to fully issue a new certificate: Creating a new certificate in ACME is not working properly. The GUI output only shows that it generates the private k... Jim Pingle
11:00 AM Bug #12902 (Feedback): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Applied in changeset commit:9a36d90138b5230abeacd80162fca7c4937263de. Viktor Gurov
07:42 AM Bug #12902 (Pull Request Review): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Jim Pingle
11:00 AM Feature #8861 (Feedback): Show SFP module details on ``status_interfaces.php``: Applied in changeset commit:fc455333eedb53ce6fcad1db01d5a736467c997b. Viktor Gurov
10:58 AM pfSense Packages Bug #12670: ACME package writes credentials to system log: If we try this again as a debug option we must test this better, at a minimum:
* Creating a new account key should... Jim Pingle
10:44 AM pfSense Packages Bug #12670 (New): ACME package writes credentials to system log: The debug option added broke several things. It broke the ability to create account keys, and it is breaking new ACME... Jim Pingle
10:21 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Flole Systems wrote in #note-16:
> Uhm, this PR gets rid of the entries in the routing table. If that's a problem th... Jim Pingle
10:16 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Uhm, this PR gets rid of the entries in the routing table. If that's a problem then this shouldn't have been merged.
... Flole Systems
09:01 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Flole Systems wrote in #note-14:
> dpinger binds itself to an interface, the routing table is never used since dping... Jim Pingle
08:55 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: dpinger binds itself to an interface, the routing table is never used since dpinger makes that decision. I am sometim... Flole Systems
08:45 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: #1 should definitely be in its own separate PR with its own feature request. I'm not sure that's viable even without ... Jim Pingle
07:53 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: @jimp I was going to open a new PR for the additional 2 changes:
1) allow same monitor IP to be used across multi... → luckman212
07:41 AM Feature #12687 (Pull Request Review): Option to disable auto-addition of static routes for ``dpinger``: Adding cleanup for routes when activating the option should probably get filed under a separate request, since this i... Jim Pingle
10:10 AM pfSense Docs Todo #12910 (Closed): Add warning to VTI and OpenVPN assignment docs about automatic default gateway: The docs for assigning VTI and OpenVPN interfaces could use a warning about automatic default gateway behavior, simil... Jim Pingle
08:28 AM pfSense Packages Feature #12909 (New): Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database: Convert the GeoIP lookup feature available on the ALERTS tab in the Suricata package to use the local GeoIP2 database... Bill Meeks
08:13 AM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error: That isn't invalid syntax. It's OK to have a trailing comma on an array entry, and in some cases encouraged as it mak... Jim Pingle
08:05 AM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard: There is no "interface mismatch wizard" all it does is present the existing interface assignment screen. So however t... Jim Pingle
07:56 AM pfSense Docs Todo #12908 (Closed): Add notes to e-mail notification docs about Gmail App Passwords: Google is shutting down access to e-mail services with traditional username/password authentication for security reas... Jim Pingle
07:52 AM Feature #12903: alternative authentication methods for email notifications?: I can add a note in the documentation but adding a provider-specific note in the GUI doesn't seem like a good trend t... Jim Pingle
07:49 AM Regression #12904: Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: On the thread the person reporting it says the value of @dev.ix.0.mac_stats.checksum_errs@ correlates to the very low... Jim Pingle
07:35 AM pfSense Packages Bug #12898 (Pull Request Review): Update HAProxy Backend to Latest LTS: They are still putting out 2.2.x releases and it's a smaller and therefore safer jump. If that is OK then after a whi... Jim Pingle
07:32 AM Bug #12901 (Needs Patch): DNS Forwarder refuses valid retries from clients in certain cases: That does sound like a problem inside dnsmasq itself. When they put that into a release and that release gets into po... Jim Pingle

03/06/2022

08:14 PM Bug #7347 (Closed): Config Sync - Breaks on null value: Tested on 22.01 and could not reproduce issue - likely already resolved; closing due to lack of feedback and age. Marcos M
06:37 PM Bug #11864 (Resolved): OpenVPN stays bound to previous IP address after interface changes: Tested on @22.05.a.20220227.0100@; working correctly now. Marcos M
05:41 PM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server: Manny Tew wrote in #note-5:
> + 1 for this as well. This is critical for proper security in a homelab in 2021+ Inval... Manny Tew
05:30 PM pfSense Packages Bug #12907 (Feedback): PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service: At this point, pimd is unaware of nonexistent interfaces. This can lead to a kernel panic.
(My case: I removed newly... Pete Holzmann
05:18 PM Regression #12884 (Feedback): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Feel free to test the following patch and let us know if it resolves your issue:... Marcos M
01:03 PM Bug #12906 (Rejected): services_dyndns_edit.php - syntax error: Syntax error:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/services_dyndns_edit.php#L505 BBcan177 .
04:31 AM pfSense Packages Feature #11827: Please include acme deploy folder/scripts: +1 for this as well. Note, the certs seem to be stored in a non-standard acme.sh way under /conf/acme, so more work m... Simon Cosyd
02:16 AM Bug #12895: pfSense single interface upload speed bug: After testing for few days, finally got what is wrong with it. I have to run "pfctl -d" to disable pfsense firewall f... pf bug
01:28 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: Kris Phillips wrote in #note-2:
> Viktor Gurov wrote in #note-1:
> > HAProxy-devel is already 2.4 (2026-Q2 (LTS))
... Viktor Gurov

03/05/2022

11:47 PM pfSense Packages Bug #12844 (Resolved): Invalid title link in the apcupsd package dashboard widget: Viktor Gurov
02:47 PM pfSense Packages Bug #12844: Invalid title link in the apcupsd package dashboard widget: Patch works to correct Apcupsd widget link to status page - applied to 22.01 and 22.05.a.20220305.0600 Jordan G
08:46 PM Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected: The delete button being always available even without selection is present in 2.6/22.01 and 21.05.X/2.5.X. It does t... Kris Phillips
08:38 PM Bug #12905: Add VLAN Re-assignment to Import Interface Mismatch Wizard: Also important to note that this would greatly improve the current situation with importing configs with discrete int... Kris Phillips
08:31 PM Bug #12905 (New): Add VLAN Re-assignment to Import Interface Mismatch Wizard: Currently if an interface is assigned to an interface in an imported config, there is no way to re-assign the interfa... Kris Phillips
08:35 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: Sish Kitane wrote in #note-4:
> I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 packag... Kris Phillips
08:27 PM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: Viktor Gurov wrote in #note-1:
> HAProxy-devel is already 2.4 (2026-Q2 (LTS))
>
> HAProxy-stable update to 2.2 ve... Kris Phillips
01:10 AM pfSense Packages Bug #12898: Update HAProxy Backend to Latest LTS: HAProxy-devel is already 2.4 (2026-Q2 (LTS))
HAProxy-stable update to 2.2 version (2025-Q2 (LTS)):
https://gitlab... Viktor Gurov
04:11 PM Bug #10784 (Closed): HA-sync with ssh keys: Unable to reproduce - tested on 22.01 by checking @/home/<user>/.ssh@ after:
* using default admin account to sync
... Marcos M
03:25 PM Bug #7841 (Closed): CARP Sync Issue - when no internet on standby: Tested on 22.01 following the same steps (blocked secondary node's IP address on upstream firewall). Config sync work... Marcos M
01:51 PM Revision 99196f13: Gateways edit page double content fix. Issue #12687: Viktor Gurov
01:34 PM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Tested against:... Danilo Zrenjanin
01:28 PM Feature #12392 (Resolved): Allow the selection of "any" interface in floating rules: tested 2.7.0.a.20220305.0600 (interface: any) no php error.
Alhusein Zawi
12:50 PM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot: Tested against:... Danilo Zrenjanin
11:50 AM Feature #12903: alternative authentication methods for email notifications?: Jim Pingle wrote in #note-2:
> We can look into other ways to authenticate, but in the Gmail case it should still wo... gavin penney
09:43 AM Feature #12903: alternative authentication methods for email notifications?: We can look into other ways to authenticate, but in the Gmail case it should still work with App Passwords: https://s... Jim Pingle
01:15 AM Feature #12903: alternative authentication methods for email notifications?: oops, i meant to add the email from google, not that it matters that much.... gavin penney
10:48 AM Regression #12904 (Not a Bug): Intel X500 series interfaces (ixgbe) show incoming errors in 2.6/22.01, whereas they did not in 2.5.2: Notes as of the time of filing:
- Errors are only on incoming packets, not outgoing.
- All users reporting so far a... Chris W
10:43 AM Bug #12902 (New): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Confirmed
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/657 Viktor Gurov
09:17 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: No.... Can you please just leave issues that you don't understand for someone else to take care of? Thanks. Or at lea... Flole Systems
09:09 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Flole Systems wrote in #note-2:
> Why should this be related to DNS rebind protection? It happens for any query. Also... Viktor Gurov
04:58 AM Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Why should this be related to DNS rebind protection? It happens for any query. Also on my system DNS rebind protectio... Flole Systems
03:40 AM Bug #12902 (Not a Bug): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: Your issue is related to DNS rebind protection,
please read https://docs.netgate.com/pfsense/en/latest/services/dns/... Viktor Gurov
10:42 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Wow thanks, that was a fast response! I think you simply need to check if the option is set for the current gateway o... Flole Systems
10:23 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: @Flole Systems you're right that in theory you should be able to use the same monitor IP for multiple gateways after ... → luckman212
10:11 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Also I tried to enable this option for all my Gateways now but the static routes are still there. So it looks like th... Flole Systems
10:02 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: With this change it should be possible to set the same monitor IP on multiple different gateways, right? The GUI isn'... Flole Systems
09:13 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: → luckman212 wrote in #note-5:
> Thanks Viktor! Ouch, I don't know how I missed that.
>
> I can't see the private... Viktor Gurov
09:03 AM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Thanks Viktor! Ouch, I don't know how I missed that.
I can't see the private gitlab but I assume you just removed th... → luckman212
07:54 AM Feature #12687 (New): Option to disable auto-addition of static routes for ``dpinger``: after this merge, the "Gateway Edit Page" has double content
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/me... Viktor Gurov
10:18 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads: Maybe the UI is just misleading here: There is an option to disable the gateway monitoring action (which states that ... Flole Systems
09:52 AM Bug #12852: Gateway which is forced as inactive does still trigger filter reloads: I don't need support. I have fixed the issue for me by modifying /etc/rc.gateway_alarm (which by the way unconditiona... Flole Systems
09:07 AM Bug #12852 (Rejected): Gateway which is forced as inactive does still trigger filter reloads: Unable to reproduce this issue - "forced down" gate doesn't trigger filter reload (tested on 22.01/2.6/2.7)
Th... Viktor Gurov
08:19 AM Regression #12827: High latency and packet loss during a filter reload: Why is there any need for hashing? You want to compare rules if I understand that correctly, there's no need to hash ... Flole Systems
06:46 AM Regression #12827: High latency and packet loss during a filter reload: As a status update I added a red-black tree so that rules can be looked up cheaper. Pre-computed md5 hash is used as ... Mateusz Guzik
05:45 AM Feature #8365 (Resolved): Button to copy rules from one interface to another: Tested on the:... Danilo Zrenjanin
05:42 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: And a full patch attached that I properly tested
It should be applied in place of https://redmine.pfsense.org/issues... Phil Wardt
03:50 AM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-5:
> Phil Wardt wrote in #note-4:
> > please test it before merging, even if it looks prope... Phil Wardt
05:35 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings: Tested aginst:... Danilo Zrenjanin

03/04/2022

11:25 PM Feature #12903 (New): alternative authentication methods for email notifications?: i have been using gmail for years but they are disabling password only access to accounts.
since pfsense has only pa... gavin penney
08:40 PM Bug #12901: DNS Forwarder refuses valid retries from clients in certain cases: I believe the fix for this could be this patch which seems to be already merged upstream: https://thekelleys.org.uk/g... Flole Systems
06:44 PM Bug #12901 (Resolved): DNS Forwarder refuses valid retries from clients in certain cases: Since upgrading to 22.02 I noticed that some Windows clients are sometimes refusing to load websites. Looking at the ... Flole Systems
08:17 PM Revision dde642ca: Fix infinite CPU loop on failed restore: When restoring a backup with wrong password or a user custom iterations count different than 10k or 500k, GUI timed o... Phil Wardt
06:48 PM Bug #12902 (Resolved): DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected: I am using the DNS Forwarder, I set up a few DNS Servers in System->General Settings. Also I selected "Use local DNS,... Flole Systems
02:46 PM Feature #2505 (Resolved): Toggle button to disable/enable multiple firewall rules: Tested successfully on... Christopher Cope
02:37 PM Revision bf9d32bf: Revert "captiveportal: fix ipfw rules": This reverts commit 9dac41af43a5b977a604098688776987c4f76722. Kristof Provost
02:34 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Phil Wardt wrote in #note-4:
> please test it before merging, even if it looks proper to me
I did, and it worked ... Jim Pingle
02:20 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote in #note-3:
> Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next ... Phil Wardt
02:18 PM Regression #12897 (Feedback): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Yep, I see it now, too. Good catch, thanks! I merged your PR, it will be in the next snapshot. Jim Pingle
02:11 PM Regression #12897: Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Jim Pingle wrote:
> Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password... Phil Wardt
11:21 AM Regression #12897 (Resolved): Attempting to decrypt an encrypted backup with the wrong password makes the GUI timeout: Following the changes in #12556 attempting to decrypt an encrypted backup with the wrong password makes the GUI timeo... Jim Pingle
02:19 PM Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: It's not just CloudFlare, I'm seeing this on Namecheap as well. Jim Pingle
02:12 PM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: When creating a new Cloudflare Dynamic DNS entry or saving and forcing an update nginx will timeout with 504. The upd... Max Leighton
02:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-18:
> Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negat... Phil Wardt
11:22 AM Todo #12556 (Resolved): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
11:14 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Seems to OK here as well for backup/restore in the regular GUI page and ACB. A negative side effect seems to be that ... Jim Pingle
09:36 AM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
01:46 PM Revision 5c5a7bc8: DHCPD HTTPClient option for static mappings. Fixes #12896: Viktor Gurov
01:29 PM Revision ed58094b: Merge pull request #4551 from luckman212/dpinger_dont_add_static_routes: Jim Pingle
01:28 PM Revision be33dc43: Merge pull request #4553 from luckman212/dashboard-hw-crypto-patch-1: Jim Pingle
01:25 PM Bug #12895: pfSense single interface upload speed bug: Just had more tests, tried the same setup with opnsense, which is also freebsd based is also facing the same issue. H... pf bug
08:03 AM Bug #12895: pfSense single interface upload speed bug: Thanks. If you are confirming this is working for everyone then it is good to know, this is because I was doing this ... pf bug
07:51 AM Bug #12895: pfSense single interface upload speed bug: It's not happening to anyone else but you. It's working fine for thousands of other people. If it's not a configurati... Jim Pingle
07:46 AM Bug #12895: pfSense single interface upload speed bug: I can't confirm if this is configuration problem but I don't think it is, this is because I have tried to mess around... pf bug
07:21 AM Bug #12895 (Rejected): pfSense single interface upload speed bug: Sounds like you have a configuration problem (like needing a lower MTU on WAN).
This site is not for support or di... Jim Pingle
01:22 PM pfSense Packages Bug #12899 (Resolved): Suricata doesn't honor Pass List: It sometimes blocks the hosts defined in the selected Pass List. No matter whether you used IP subnet or Alias under ... Danilo Zrenjanin
01:19 PM pfSense Packages Bug #12898 (Resolved): Update HAProxy Backend to Latest LTS: The version of HAProxy in stable is very old and due to be unsupported at the end of the year. We should really move... Kris Phillips
12:20 PM pfSense Packages Todo #12865: RRD Summary improvements: cherry-picked to 22.01/2.6 Viktor Gurov
07:51 AM pfSense Packages Todo #12865 (Feedback): RRD Summary improvements: Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/fb702643e590f7545cbbaf5bd4e5060f9ab293cc Viktor Gurov
12:20 PM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: cherry-picked to 22.01/2.6 Viktor Gurov
08:04 AM pfSense Packages Bug #12869 (Feedback): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Merged to 2.7/22.05:
https://github.com/pfsense/FreeBSD-ports/commit/a6943737bb6b2df2dcc050bd0db5ebf127be2df4 Viktor Gurov
11:08 AM Feature #12842 (Resolved): Retain descriptions when exporting and importing aliases: Tested successfully on... Christopher Cope
10:56 AM Feature #12773 (Closed): Ability to sort AutoConfigBackup entries: That's not possible because by default the list is sorted "naturally" and no arrow would indicate a valid state since... Jim Pingle
10:51 AM Feature #12773: Ability to sort AutoConfigBackup entries: Tested on... Christopher Cope
08:48 AM Bug #12579 (New): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: PHP changes:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/654 Viktor Gurov
05:01 AM Bug #12579 (Feedback): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 has been merged. Kristof Provost
08:27 AM Regression #11316: Unbound crashes with signal 11 when reloading: I hate to bring up a sore point especially in a closed ticket, but this is _still_ happening for me on two up-to-date... Kevin Grelling
07:55 AM Bug #12896 (Feedback): ``HTTPClient`` option does not work for static mappings: Applied in changeset commit:5c5a7bc874be8228aceffae0b2436a2358aea577. Viktor Gurov
07:37 AM Bug #12896 (Pull Request Review): ``HTTPClient`` option does not work for static mappings: Jim Pingle
01:37 AM Bug #12896: ``HTTPClient`` option does not work for static mappings: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/652 Viktor Gurov
01:15 AM Bug #12896 (Resolved): ``HTTPClient`` option does not work for static mappings: The HTTPClient option works fine for interfaces and pools, but not for static mappings. Viktor Gurov
07:30 AM Feature #12687 (Feedback): Option to disable auto-addition of static routes for ``dpinger``: PR merged, thanks! Jim Pingle
07:30 AM Feature #12714 (Feedback): Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated: PR merged, thanks! Jim Pingle
03:40 AM Revision dd965531: adds option to not auto-create static routes for dpinger (squashed): → luckman212
02:55 AM Revision 5cc9c9ed: minor display change, redmine #12714 (updated & squashed): → luckman212

03/03/2022

11:16 PM pfSense Packages Bug #12706: pfBlockerNG and unbound does not work after switching /var to RAM disk: This bug causes a delay in boot processing when the ramdisk option is enabled. If the option is disabled, no delay i... Loh Phat
10:17 PM Bug #12895: pfSense single interface upload speed bug: One more thing to mention, if I run OpenVPN on my PC and connect with some vpn services provider. The upload speed be... pf bug
10:11 PM Bug #12895 (Rejected): pfSense single interface upload speed bug: Reporting a very straightforward bug and it is easy to reproduce.
Tested on 2.4.X 2.5.X 2.6.0, I believe it is also ... pf bug
09:04 PM Revision 284878d7: DHCPD HTTPClient custom option. Fixes #12892: Viktor Gurov
08:27 PM Revision 225f86af: Modify CP rules to work on 22.01/2.6.0. Fixes #12834: Reid Linnemann
06:38 PM Revision dd9b24e9: Increase OpenSSL iterations. Issue #12556: When encrypting and decrypting content such as config.xml backups,
increase the default number of iterations used by ... Jim Pingle
04:19 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Excellent! I'm glad to know you are back up and running again. Thank you for the confirmation! Reid Linnemann
04:17 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Okay thats completely right. After rebooting everything works as expected. Thank you a lot for fixing this!
B P
04:01 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: You will need to reboot so that all of the ipfw rules are reloaded, have you done so? Reid Linnemann
03:56 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: Maybe i miss something, but after applying the patch i have no connectivity (from captive portal enabled interfaces) ... B P
03:18 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: You can install the "System Patches package":https://docs.netgate.com/pfsense/en/latest/development/system-patches.ht... Jim Pingle
02:35 PM Regression #12834 (Feedback): Only TCP traffic is passed outbound through IPFW: Applied in changeset commit:225f86af947822e6bd6f816f6b8fa926c34fe857. Reid Linnemann
04:19 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-15:
> Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in sna... Phil Wardt
12:51 PM Todo #12556 (Feedback): Comply with current iteration standards when encrypting and decrypting configuration files: Changes merged. See commit:dd9b24e95cf90bb5d1c61a693aea3b98b746d539 . Will be in snapshots tomorrow for testing. Jim Pingle
03:10 PM Bug #12892 (Feedback): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Applied in changeset commit:284878d7d0a82503cf34c6a8983eaecb9e742769. Viktor Gurov
02:41 PM Bug #12892 (Pull Request Review): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Jim Pingle
01:27 PM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/650 Viktor Gurov
07:49 AM Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot: Related forum thread: https://forum.netgate.com/post/1029319 Jim Pingle
07:47 AM Bug #12892 (Resolved): ``HTTPClient`` option not sent when using UEFI HTTP Boot: Hey thanks for adding support HTTP Boot from issue 11659. I couldn't make it work w/ my systems and notice from a pac... Ben Breard
02:51 PM Revision 15ae0ea0: Rename Copy to Paste. Implements #8365: Viktor Gurov
02:35 PM pfSense Plus Bug #12894: duplicating freshly created certificates through refreshing: You have to force your browser to resubmit the form when in that state. I'm not sure I'd classify that as a bug since... Jim Pingle
02:30 PM pfSense Plus Bug #12894 (New): duplicating freshly created certificates through refreshing: Version 22.01-Release FreeBSD 12.3-Stable
Bug: After successfully creating a certificate. The certificate gets dup... Van Quach
02:29 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: >Thanks for the contribution! Its appreciated!
Sure thing! This solves a big problem for me :-)
Your revisions ... Charles Hamilton
02:03 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Great Thanks.
I have done some limited testing and it seems to be ok.
I made some minor formatting changes in ... BBcan177 .
07:46 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Ok, all done! https://github.com/pfsense/FreeBSD-ports/pull/1146 Charles Hamilton
02:24 PM Revision 60c2ff12: Reboot prompt on RAM disk size change. Fixes #12876: Viktor Gurov
12:25 PM Bug #12893 (Not a Bug): Invalid source address of Unbound: It's not a bug, that traffic is being blocked outbound. Unbound sent a RST+ACK packet after the state from a previous... Jim Pingle
11:56 AM Bug #12893 (Not a Bug): Invalid source address of Unbound: I have noticed some bad traffic leaving with invalid source IP address, which i think it belongs to Unbound traffic.
... Samuel Hanna
09:01 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions: Commit: https://github.com/pfsense/FreeBSD-ports/commit/29bab84437fcdde206f205610d341302093fa4f3
Package update is... Jim Pingle
08:47 AM pfSense Packages Bug #12891 (Feedback): Trailing space in Acme Account Keys "name" breaks UI functions: Fix merged. Jim Pingle
08:39 AM pfSense Packages Bug #12891 (Pull Request Review): Trailing space in Acme Account Keys "name" breaks UI functions: This approach is a more comprehensive fix: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/193
Jim Pingle
08:25 AM pfSense Packages Bug #12891 (In Progress): Trailing space in Acme Account Keys "name" breaks UI functions: Jim Pingle
12:50 AM pfSense Packages Bug #12891: Trailing space in Acme Account Keys "name" breaks UI functions: fix:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/192 Viktor Gurov
09:00 AM Feature #8365 (Feedback): Button to copy rules from one interface to another: Applied in changeset commit:15ae0ea0c037af7f2667fc004d2696352a2ad97c. Viktor Gurov
08:26 AM Feature #8365 (Pull Request Review): Button to copy rules from one interface to another: Jim Pingle
03:33 AM Feature #8365 (New): Button to copy rules from one interface to another: Danilo Zrenjanin wrote in #note-8:
> Tested on the:
> [...]
>
> I can confirm that the functionality works as ex... Viktor Gurov
08:30 AM Bug #12876 (Feedback): Changing RAM disk size does not prompt to reboot: Applied in changeset commit:60c2ff124e5e547d110a99a14b5c920c0310634a. Viktor Gurov
12:53 AM pfSense Packages Feature #11531 (Feedback): Show netmap compatible cards in IPS Mode note: Merged Viktor Gurov
12:52 AM Feature #9877: QEMU Guest Agent: There is a feature request for the QEMU package:
https://redmine.pfsense.org/issues/12179 Viktor Gurov

03/02/2022

04:56 PM pfSense Packages Bug #12891 (Resolved): Trailing space in Acme Account Keys "name" breaks UI functions: If any ACME account key is entered into the UI with a trailing space in the name, the pfSense UI becomes unable to ha... Karl Fife
04:11 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: ipfw is now active on layer 3 where it was not previously on 2.5.2. As a result, there are now additional passes of t... Reid Linnemann
02:05 PM pfSense Packages Bug #10656 (Closed): Acme letsencrypt doesn't change private key type: Jim Pingle
02:05 PM pfSense Packages Feature #11948 (Closed): ACME: Support specifying non-default port for nsupdate DNS validation method: Jim Pingle
02:03 PM pfSense Packages Feature #11879 (Feedback): Add support for SSL.com ACME server: The latest version of the ACME package now includes the new CAs.
Jim Pingle
02:02 PM pfSense Packages Bug #12623 (Feedback): acme.sh package | DNS-ISPConfig settings: The fix for this is now in the latest ACME package. Please update and test it again to see if it works. Jim Pingle
02:01 PM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream: No problems I can find so far. I picked it back to 22.01/2.6.0 for wider testing. Can tackle new issues as they come. Jim Pingle
12:11 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution: Jim Pingle
12:09 PM Feature #12890 (Rejected): Remove Alias FQDN Resolution: Allowing DNS resolution in aliases creates an unpredictable firewall.
This feature should be removed. Brendon Baumgartner
11:48 AM Feature #8365: Button to copy rules from one interface to another: Tested on the:... Danilo Zrenjanin
11:08 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: As a Sidenote: after updating to 2.6.0 a once working ruleset completely broke. I have now restored the backup and ag... Chris K
09:53 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Can you guys try out below workaround for max threads per process? I have been suffering now for weeks with this issu... Chris K
08:37 AM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sure thing! I'll close the other pull request, thanks! Charles Hamilton
07:02 AM Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: With https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/57 (a cherry pick of an upstream main commit) dn... Kristof Provost
06:10 AM pfSense Packages Feature #12889 (New): FRR GUI add set ipv6 next-hop global: i need setup this. but frr webgui cant add
https://team-cymru.com/community-services/bogon-reference/bogon-refer... yon Liu
02:30 AM Bug #12887 (Feedback): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Applied in changeset commit:16acbb346bb4b92f02ca33120b99e5507fab60fa. Viktor Gurov

03/01/2022

09:50 PM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: I've been able to reproduce it with a configuration that only uses the GUI options and no custom options, attached.
... Evan Pearce
07:37 AM Regression #12884 (Not a Bug): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: The status logic relies on the settings in the GUI fields to determine how to query the OpenVPN management interface.... Jim Pingle
04:49 AM Regression #12884: OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/646 Viktor Gurov
12:28 AM Regression #12884 (Resolved): OpenVPN status display for TAP mode services shows peer-to-peer instead of client list in certain cases: Problem: The webConfigurator OpenVPN status shows our TAP-mode "Remote Access (SSL/TLS + User Auth)" VPNs as peer-to-... Evan Pearce
08:56 PM pfSense Packages Feature #12882: Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Thanks for the PR!
There isn't much development in "pfBlockerNG" as everything is taking place in "pfBlockerNG-devel... BBcan177 .
06:31 PM Revision 16acbb34: OpenVPN TAP mode tunnel network / bridge interface check. Fixes #12887: Viktor Gurov
04:19 PM pfSense Packages Todo #12886 (Feedback): Update acme.sh from upstream: Merged to devel and plus-devel for testing in snapshots. If it's OK there, can pick back to 22.01/2.6.0 Jim Pingle
09:58 AM pfSense Packages Todo #12886 (Closed): Update acme.sh from upstream: It's been a while since the last upstream sync of acme.sh code and bringing in new providers. Need to sync up the for... Jim Pingle
03:13 PM Bug #12888 (New): pfSense sends un-NATed packets during OpenVPN startup: pfSense sometimes fails to NAT the LAN source address for packets sent to the WAN while an OpenVPN tunnel is initiali... b b
03:03 PM Bug #12887 (Pull Request Review): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: Jim Pingle
12:33 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/647 Viktor Gurov
10:42 AM Bug #12887 (Resolved): GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled: If both "tunnel network" and "Bridge DHCP" options are disabled, an error occurs:... Viktor Gurov
12:45 PM pfSense Packages Bug #12742 (Feedback): freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: Thank You!
Merged:
https://github.com/pfsense/FreeBSD-ports/commit/4497706f404be238cdfc41dacc00678ab329e575
http... Viktor Gurov
07:20 AM pfSense Packages Bug #12742: freeRADIUS virtual-server-default: modules dailycounter, monthlycounter, noresetcounter, expire_on_login in authorize section prevent virtual server from loading: For future reference:
https://github.com/FreeRADIUS/freeradius-server/blob/master/doc/antora/modules/raddb/pages/m... Jim Pingle
07:42 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: That method involves making changes that I wouldn't recommend making to a firewall, especially not in official docume... Jim Pingle
04:56 AM pfSense Docs Todo #12885 (Closed): Feedback on pfSense® software Configuration Recipes — Virtualizing with Proxmox® VE: *Page:* https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html
*Feedback:*
Greetings!
The... Lucky Green
07:39 AM Feature #9877: QEMU Guest Agent: This feature request was only for the binary -- making a pfSense package wrapper for it would be a separate feature r... Jim Pingle
05:54 AM Feature #9877: QEMU Guest Agent: Jim Pingle wrote in #note-9:
> Excluding from release notes since it's only being built and there is no package for ... Lucky Green
07:24 AM Feature #12879 (Pull Request Review): Toggle button to disable/enable multiple entries on NAT pages: Jim Pingle
01:53 AM Feature #12879: Toggle button to disable/enable multiple entries on NAT pages: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/645 Viktor Gurov
05:39 AM Feature #4632: Support for Multipath TCP (MPTCP): I just increased the bounty for adding *OpenMPTCProuter -like Functionality* in pfSense to *$2,000* . Any takers?
ht... Lucky Green
02:42 AM pfSense Packages Bug #12844 (Feedback): Invalid title link in the apcupsd package dashboard widget: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/086e17ae29cf61d1c09e88167ae73df7877fcae4 Viktor Gurov
02:05 AM Bug #12829: Dummynet kernel module fails to load after upgrade.: Hello everybody,
I can confirm that there are problems with PfSense 2.6.0 release.
I use more than 20 PfSense (some... Luca De Andreis

02/28/2022

07:54 PM pfSense Docs New Content #12883 (Resolved): Add note to DNS Resolver/Forwarder Host Overrides docs about client DNS bypassing the firewall (e.g. DoH): *Page:* https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-host-overrides.html
*Feedback:*
I have... Walt Stoneburner
05:46 PM Revision 7692bda6: syslog: Update filters now that the rule format has changed: We no longer have '@1(0)' but '@1' at the start of rules. This used to
be where we kept the trackerid, but that's now... Kristof Provost
02:23 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: I used the SG-1000 as a worst case as it's the slowest CPU I had on hand that might still be in general use. For that... Jim Pingle
01:41 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle wrote in #note-11:
> Based on the information in the link I posted previously, I tested iteration values o... Phil Wardt
01:20 PM Todo #12556 (Pull Request Review): Comply with current iteration standards when encrypting and decrypting configuration files: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/644
Jim Pingle
01:14 PM Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files: Based on the information in the link I posted previously, I tested iteration values of 310000 and 500000. At 310000 i... Jim Pingle
10:58 AM Todo #12556 (In Progress): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
01:53 PM pfSense Packages Feature #12882 (Resolved): Add the option to specify CURLOPT_INTERFACE in pfBlockerNG IPv4/IPv6 lists: Sometimes it is desirable to tell cURL to use a specific interface when downloading IPv4/IPv6 pass/block lists. For e... Charles Hamilton
01:31 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2: Done on both CE and Plus Renato Botelho
01:30 PM Todo #12881 (Resolved): Update ``dpinger`` to 3.2: Denny Page asked us to update dpinger to 3.2. This version adds some logging of the signal number on exit and would ... Renato Botelho
10:30 AM Bug #12536 (Feedback): Setting a default gateway of "None" does not remove the default gateway from the routing table: Applied in changeset commit:aa159178950af447aeb463a5159f4d7ed467eb18. Viktor Gurov
07:13 AM Bug #12536 (Pull Request Review): Setting a default gateway of "None" does not remove the default gateway from the routing table: Jim Pingle
03:58 AM Bug #12536 (New): Setting a default gateway of "None" does not remove the default gateway from the routing table: Alhusein Zawi wrote in #note-7:
> making default GW as "NONE" removes the default GW routing table.
>
> But Mark ... Viktor Gurov
10:18 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields: Added and deployed. Jim Pingle
08:41 AM pfSense Docs Todo #12880 (Closed): Update remote backup wget/curl examples to include new form fields: There have been recent additions to so the backup/restore page that are not mentioned on https://docs.netgate.com/pfs... Jim Pingle
09:56 AM Revision aa159178: Remove default gateway if Mark Gateway is set. Fixes #12536: Viktor Gurov
07:38 AM Bug #11778: OpenVPN uses 100% CPU after experiencing packet loss: Troy Emmerson wrote in #note-8:
> OpenVPN is historically notorious for high CPU usage to the extent that it can clo... Gavin Owen
07:34 AM Feature #12879 (Resolved): Toggle button to disable/enable multiple entries on NAT pages: This is a request for a toggle button for the NAT rules (Port Forwards, 1:1, Outbound NAT, Npt) that functions the sa... Matthew Drury
07:15 AM Bug #12876 (Pull Request Review): Changing RAM disk size does not prompt to reboot: Jim Pingle
04:30 AM Bug #12876: Changing RAM disk size does not prompt to reboot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/643 Viktor Gurov
06:03 AM Feature #4881: Allow NPt to use dynamic IPv6 networks: Hi,
If you want to play with this further, I changed a the wide-dhcpv6 client a bit: https://github.com/csobankesmar... Csoban Kesmarki
03:10 AM Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Since upgrading to pfSense Plus 22.01 from the latest community edition, my by interface priority queue bandwidth has... Blake Drayson
02:47 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Alhusein Zawi wrote in #note-8:
> GW is waiting for a packet loss threshold, it does not go to offline immediately.
... Viktor Gurov

02/27/2022

10:47 PM pfSense Packages Bug #11530: ntopng 4.2 needs to be updated to 4.3, Bug when accessing a host for details: I can reproduce this in VMs for both 2.5.2 and 2.6. I don't think the new 5.0 package for ntopng solved this and I th... Sish Kitane
07:41 PM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: Fixed for me thank you Sish Kitane
02:22 PM Bug #12877 (Closed): Cloudflare DynDNS fails to update more than two addresses: This issue may be related to [[https://redmine.pfsense.org/issues/12870]]
This issue also occurs on 2.6.0.
pfSens... Bob Carpenter
11:20 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device: After re-saving bridge configuration, default gateway is removed from routing table:... Marcos M
01:50 AM Revision 662693da: Attempt to clear the ZFS label off the end of the disk before expanding: This prevents hangs when importing the pool due to garbage on the end of
the disk Brad Davis

02/26/2022

01:43 PM Feature #8365: Button to copy rules from one interface to another: copy option is shown up.
it will be better if "copy" is changed to be "Paste or apply" in pop up window (attache... Alhusein Zawi
01:04 PM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: GW is waiting for a packet loss threshold, it does not go to offline immediately.
tested by disabling PPPoE serv... Alhusein Zawi
12:27 PM Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table: making default GW as "NONE" removes the default GW routing table.
But Mark Gateway as Down does not remove the... Alhusein Zawi
10:57 AM Bug #12876 (Resolved): Changing RAM disk size does not prompt to reboot: On 2.6 and 22.01 if one changes either RAM Disk Size setting, and saves, the page says "The changes have been applied... Steve Y

02/25/2022

09:28 PM Bug #12259: Intel em NICs Suffering Performance Degradation on FreeBSD12: This can safely be closed since TCP Offload should never be enabled on a Netgate appliance.
However, we should t... Kris Phillips
09:24 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: I can confirm the iflib driver issue as well. I may spin up a FreeBSD 12.3 install to compile the newer driver as we... Kris Phillips
07:13 PM Revision f53fe980: Use http_build_query() for Google Domains DDNS post data. Fixes #12754: Viktor Gurov
04:42 PM Regression #12827: High latency and packet loss during a filter reload: I don't even fully understand why there's hashing going on instead of comparing directly, that doesn't really make an... Flole Systems
10:05 AM Regression #12827: High latency and packet loss during a filter reload: I had a look at the issue with a profiler. While the loop you are mentioning is a problem to some extent, the real is... Mateusz Guzik
04:03 PM Bug #12875 (Resolved): Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: Zabbix 5.4 is being deprecated and Zabbix 6 has been released. We should pull these over from FreeBSD ports.
ht... Kris Phillips
03:55 PM Feature #12855 (Resolved): GUI option to select the user password hashing algorithm: This is working well. I've also added it as a recommended patch option in the new system patches package, so people o... Jim Pingle
03:43 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The pkg upgrade and restart resolved the issue.
Thank you Julian Kahumana
03:07 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Thank you Julian Kahumana
02:58 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: From that pkg output I'm fairly certain your system was interrupted mid-upgrade and is not running a consistent state... Jim Pingle
02:54 PM Bug #12872: Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: Sorry, I'm not familiar with the process. I was pointed here by BBcan177. I can move this all to the negate forum.
T... Julian Kahumana
02:21 PM Bug #12872 (Incomplete): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: We still need more information here since we have not yet been able to reproduce this behavior. I've checked over 20 ... Jim Pingle
02:02 PM Bug #12872 (Not a Bug): Firewall log tracker ID always returns "4294967295" regardless of rule triggered.: The issue only showed up after upgrading from 2.5 to to 2.6.
The following is an example from the firewall log. Lo... Julian Kahumana
03:24 PM Revision 2e3018c5: Rules copy feature. Implements #8365: Viktor Gurov
02:24 PM Feature #12874 (New): OpenVPN RADIUS Framed-Pool: Allow group mappings within OpenVPN via RADIUS server. Each OpenVPN user group would have a unique subnet associated ... Ryan Whitlock
02:10 PM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: RSC support was added to FreeBSD in 12.3 and is included in pfSense 22.01/2.6.
When run in Hyper-V it can create v... Steve Wheeler
12:59 PM pfSense Packages Bug #12802 (Resolved): OpenVPN client imported using Client Import works until first time editing and saving settings (SHA1 replaced with SHA256): Tested on the:... Danilo Zrenjanin
12:10 PM Bug #12871 (Resolved): Some action buttons are always active for firewall rules, even if no rules are selected: "Delete", "Toggle" (#2505), and "Copy rule" (#8365) buttons at the bottom of the rules page are always active.
All o... Viktor Gurov
10:49 AM pfSense Packages Feature #12246 (Closed): Load a file into patch textarea: Works well, closing. Jim Pingle
09:52 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/55
https://gitlab.netgate.com/pfSense/pfSense/-/merg... Kristof Provost
09:47 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: That is unlikely to be related to this. The code that parses the rules for the GUI already catches the proper rtracke... Jim Pingle
09:44 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: There are some users who are experiencing issues with pfSense recording the Tracker ID as "4294967295" which accordin... BBcan177 .
07:16 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: If it's just a leftover remnant then I agree we should remove it. The ridentifier is already visible on the line and ... Jim Pingle
04:00 AM Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: What depends on this?
It's trivial to fix this, but it deviates from upstream. In upstream the rule output always ... Kristof Provost
09:35 AM Feature #8365 (Feedback): Button to copy rules from one interface to another: Applied in changeset commit:2e3018c565c71b8ef44205e4f07080713a564af3. Viktor Gurov
08:58 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Matthew Drury wrote in #note-10:
> Could this feature also be added to the NAT config pages? (Port Forwards and Outb... Viktor Gurov
08:39 AM Feature #2505: Toggle button to disable/enable multiple firewall rules: Could this feature also be added to the NAT config pages? (Port Forwards and Outbound NAT) Matthew Drury
07:43 AM pfSense Packages Bug #12869 (Pull Request Review): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Jim Pingle
05:52 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/188 Viktor Gurov
04:41 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: But when you disconnect the converter or renew the public IP, the IP was not updated to clodflare. It just only updat... Hong Duong Pham
04:36 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Here are related logs:... Danilo Zrenjanin
04:18 AM Bug #12870 (New): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Danilo Zrenjanin
04:17 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Tested on the:... Danilo Zrenjanin
03:07 AM Bug #12870 (Rejected): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Viktor Gurov
01:48 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: The dynamic DNS on Pfsense was not automatically update the IP Address from the network to Cloudflare or any service ... Hong Duong Pham
03:06 AM Bug #12803 (Resolved): Error loading ruleset due to illegal TOS value: Replicated the issue on the:... Danilo Zrenjanin

02/24/2022

08:03 PM Revision 6739d001: Bridge interface input validation fix. Issue #12866: Viktor Gurov
03:05 PM Regression #12866 (Feedback): Disabled Captive Portal configuration prevents adding an interface to a bridge: Merged:
https://github.com/pfsense/pfsense/commit/6739d0014695a1fdba77d8c36b6a89ba7252b021 Viktor Gurov
07:37 AM Regression #12866 (Pull Request Review): Disabled Captive Portal configuration prevents adding an interface to a bridge: Jim Pingle
03:33 AM Regression #12866: Disabled Captive Portal configuration prevents adding an interface to a bridge: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/638 Viktor Gurov
03:26 AM Regression #12866 (Resolved): Disabled Captive Portal configuration prevents adding an interface to a bridge: How to reproduce:
1) Create a Captive Portal on the OPT1 interface
2) Disable Captive Portal
3) Try to create a br... Viktor Gurov
01:04 PM Revision c2bb9552: Do not remove net.link.ifqmaxlen from /boot/loader.conf.local. Fixes #12862: Viktor Gurov
12:38 PM Todo #12556 (New): Comply with current iteration standards when encrypting and decrypting configuration files: Jim Pingle
12:33 PM Bug #12621 (Closed): Fix rare case where /getstats.php might be called without valid post data.: Jim Pingle
10:58 AM pfSense Packages Bug #12869: Bind DNS Package AAAA filtering Broken on new ZFS Installs: Thread that discusses this is here
https://forum.netgate.com/topic/169742/bind-dns-package-aaaa-filtering-problem
JohnPoz _
10:06 AM pfSense Packages Bug #12869 (Resolved): Bind DNS Package AAAA filtering Broken on new ZFS Installs: Reference this older bug for some background (#10413)
This breaks again in newer installs with zfs file systems du... Dean Weimer
10:35 AM Bug #12800: Suboptimal Password Hashing: In #12863, I propose a (surprisingly simple) solution that dramatically increases the strength of the sha512crypt has... Royce Williams
10:30 AM Feature #12863: dynamically tune sha512crypt rounds: Jim Pingle wrote in #note-2:
> Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and ca... Royce Williams
09:27 AM Feature #12863: dynamically tune sha512crypt rounds: Dynamic tuning sounds like more trouble than it's worth, IMO. We'd have to test and cache the value or test each time... Jim Pingle
12:37 AM Feature #12863: dynamically tune sha512crypt rounds: > and to match the sha512crypt
*match the salts in the various sha512crypt @mkpasswd@ implementations. Royce Williams
12:16 AM Feature #12863 (New): dynamically tune sha512crypt rounds: As touched on in #12800 and #12855, sha512crypt's default number of rounds (5000) can be cracked relatively quickly b... Royce Williams
09:15 AM Bug #12868 (Resolved): Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location: On 22.01/2.6.0 when looking at the ruleset with @pfctl -vvsr@ the tracker/ridentifier ID should be in parenthesis af... Jim Pingle
08:52 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: The primary use case for L2TP is for L3 connectivity to an ISP, not as an L2TP VPN. For those using it as an ISP auth... Jim Pingle
08:42 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-4:
> I tried to recreate the problem and could not. My subnet mask was always applied corr... RUI YUAN
08:09 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: I tried to recreate the problem and could not. My subnet mask was always applied correctly. There must be something e... Jim Pingle
07:55 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:53 AM Bug #12867: In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: Jim Pingle wrote in #note-1:
> There isn't enough information here. You haven't clearly defined the actual problem o... RUI YUAN
07:32 AM Bug #12867 (Incomplete): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: There isn't enough information here. You haven't clearly defined the actual problem or the steps to reproduce it, onl... Jim Pingle
07:28 AM Bug #12867 (Not a Bug): In some cases, incorrect subnet settings prevent static routes from being set correctly after a system restart.: After a simple analysis, it seems that the problem is in the following code range. I suspect it is pfSense_interface_... RUI YUAN
08:10 AM Regression #12862 (Feedback): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: Applied in changeset commit:c2bb95522780cbeffd1bca97c44c673ec7f973f1. Viktor Gurov
07:51 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: > 2. In the case of kern.ipc.nmbclusters the default is too high for low end platforms such as uFW / SG-1100.
> (eg.... Jim Pingle
07:09 AM Regression #12862: Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: David Burns wrote:
> 1. Removal of the oid net.link.ifqmaxlen (and resetting it to 128) is particularly problematic ... Viktor Gurov
08:06 AM Bug #12864: Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: Still, I'd expect if I set up new interface assignments at bootup, and then reboot the router, for pfSense to reboot ... Jernej Simončič
07:22 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: It's not a bug, it's intended behavior, see #12170
You had leftover configuration in your VLANs that referenced t... Jim Pingle
12:21 AM Bug #12864 (Not a Bug): Interface mismatch after upgrade to 2.6.0, possibly due to old VLANs: I migrated my pfSense config from a different computer around version 2.4.5. The old one had bge and em NICs, and I h... Jernej Simončič
07:34 AM pfSense Packages Todo #12865 (Pull Request Review): RRD Summary improvements: Jim Pingle
03:14 AM pfSense Packages Todo #12865: RRD Summary improvements: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/187 Viktor Gurov
03:01 AM pfSense Packages Todo #12865 (Resolved): RRD Summary improvements: 1) Wrong period, mirror date displayed:... Viktor Gurov
07:18 AM pfSense Packages Feature #12860: add mmc-utils package to all images: We already build @mmc-utils@ for Plus and it can be installed manually from the CLI. Trying to build a GUI around it ... Jim Pingle
06:51 AM Revision 52bdee22: fix issues with updating firewall rules: Trevor Kerr
06:46 AM Regression #12827: High latency and packet loss during a filter reload: Flole Systems wrote in #note-8:
> To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc see... Michael Novotny
04:08 AM Bug #12857: Firewall gateway goes away when making changes to Bridge0 device: Can't reproduce this on pfSense CE 2.7.0 (2.7.0.a.20220224.0600)
Not tested on 22.01/2.6, but it may be related to h... Viktor Gurov

02/23/2022

07:19 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: And maybe another problem: it seems to me that the states from the firewall are not recognized for NPT-conntections:
... L J
06:35 PM Feature #4881: Allow NPt to use dynamic IPv6 networks: Hi Viktor,
awesome, thank you for this patch. I've trired this on our test system:
From my understanding it is ... L J
06:20 PM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages: I am seeing this as well. In my case it seems to be every 2 minutes-- quite a lot of log noise! On pfSense 2.6.0.
... Todd Marimon
06:17 PM Regression #12862 (Resolved): Some ``sysctl`` OIDs in ``loader.conf.local`` are silently removed: It is common for advanced pfSense users to make use of FreeBSD /boot/loader.conf.local.
Since release of pfSense C... David Burns
06:08 PM Revision e92dded8: Correct Namecheap username handling. Fixes #12761: Jim Pingle
05:35 PM pfSense Packages Feature #12860: add mmc-utils package to all images: This would be helpful/useful now that ZFS is the new default, and/or for folks who don't realize some packages are "r... Steve Y
04:44 PM pfSense Packages Feature #12860 (New): add mmc-utils package to all images: Both Netgate & 3rd party hardware integrators are increasingly using eMMC components.
SATA (& historically SCSI) d... David Burns
05:31 PM pfSense Docs Correction #12861 (Resolved): pfSense hardware tuning guide references obsolete interface loader variable & buffer limits: Some quick feedback on the online doc @https://docs.netgate.com/pfsense/en/latest/hardware/tune.html@
1. There is... David Burns
04:50 PM Revision 8ddf2b5a: Add option for pw hash algo. Implements #12855: Jim Pingle
04:25 PM Revision 46127218: Namecheap DDNS response parse change. Fixes #12816: If the first attempt to parse the response fails, try again without the
XML declaration. The server may not be sendin... Jim Pingle
04:00 PM Regression #11316: Unbound crashes with signal 11 when reloading: @jimp, this is still an open issue. BBcan177 .
03:13 PM Regression #12827: High latency and packet loss during a filter reload: To add to this: Removing the "set keepcounters" option from /etc/inc/filter.inc seems to fix it. So if someone doesn'... Flole Systems
12:05 PM Regression #12827: High latency and packet loss during a filter reload: The current approach of the code mentioned by Kristof is bad in so many ways: There is a lock and within that lock th... Flole Systems
01:39 AM Regression #12827: High latency and packet loss during a filter reload: I can confirm that any rules roload introduces high latency. Even the shutdown of the sync interface (that as far as ... Fabio Giudici
12:15 PM Bug #12761 (Feedback): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Applied in changeset commit:e92dded8cbe2e1eb8037b4156255bd603d82958e. Jim Pingle
12:09 PM Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Looks like it was only the Namecheap username that was the problem. The definition in the new code was wrong. I pushe... Jim Pingle
10:30 AM Bug #12761 (New): Input validation prevents configuring wildcard Dynamic DNS records on Google Domains: Something in that commit has broken Namecheap DDNS and likely others. For Namecheap it fails to load the password pro... Jim Pingle
11:51 AM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat: I see that the package made it to FreeBSD version 13:
https://freebsd.pkgs.org/13/freebsd-amd64/darkstat-3.0.721.p... Karim Elatov
11:04 AM Feature #12855: GUI option to select the user password hashing algorithm: This has been merged and will be in snapshots soon.
For those who would like to try it out, even on 22.01/2.6.0, i... Jim Pingle
11:00 AM Feature #12855 (Feedback): GUI option to select the user password hashing algorithm: Applied in changeset commit:8ddf2b5a999772754080825f07acf9b6326f1f04. Jim Pingle
10:35 AM Regression #12816 (Feedback): Namecheap Dynamic DNS responses are not parsed properly: Applied in changeset commit:4612721800a1b25bb1fb2d4d7c4ceea6f44f208e. Jim Pingle
10:27 AM Regression #12816: Namecheap Dynamic DNS responses are not parsed properly: The MR should be good enough for now, I've tested it on a few more Namecheap DDNS entries on multiple systems and it ... Jim Pingle
07:11 AM pfSense Packages Feature #12859 (Resolved): Add Zabbix 6.0 LTS (agent and proxy) packages: New LTS release from zabbix. Please add this new version.
https://www.zabbix.com/rn/rn6.0.0
Zabbix 3.0 is out of ... Pim Janssen
07:08 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Duplicate of #12817 Jim Pingle
04:02 AM Bug #12858 (Duplicate): OpenVPN bug, close connection error: Dear, If I try to force and close an OpenVPN Client connection an error will be displayed. This happend in the Dashbo... Marco B
03:45 AM Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107: A few remarks:
- I think this issue could have been detected relatively easy quality check, so a nightly build with ... Louis B

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

03/24/2022

03/23/2022

03/22/2022

03/21/2022

03/20/2022

03/19/2022

03/18/2022

03/17/2022

03/16/2022

03/15/2022

03/14/2022

03/13/2022

03/12/2022

03/11/2022

03/10/2022

03/09/2022

03/08/2022

03/07/2022

03/06/2022

03/05/2022

03/04/2022

03/03/2022

03/02/2022

03/01/2022

02/28/2022

02/27/2022

02/26/2022

02/25/2022

02/24/2022

02/23/2022