Activity

30 days up to

User

Subprojects

Activity

From 05/11/2022 to 06/09/2022

06/09/2022

11:20 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: The patch works for me on LAN and WAN rules on 22.05 RC using pfBlockerNG-devel 3.1.0_4. I don't have floating rules ... Glenn Hall
11:08 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: Tested change on @22.05@ RC with pfBlockerNG-devel @3.1.0_4@; floating block rule on tagged traffic with description ... Marcos M
09:58 PM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: There seems to have been a change in the pfctl -vvsr output.
The patch below seems to fix the issue, but would be ... BBcan177 .
02:51 PM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: Ok I updated the PR to bring back the hidden option 100 / links browser. I think this is good. Unfortunately when I t... → luckman212
01:31 PM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: I haven't used @links@ against in the GUI in quite some time so I'm not sure if it still works. If it does we may as ... Jim Pingle
01:28 PM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: PR: https://github.com/pfsense/pfsense/pull/4596 → luckman212
11:44 AM Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection: I can't think of any benefit from fixing it; better to remove it. Marcos M
02:07 PM Feature #10446: VIP address is not shown in firewall rules: Marcos Mendoza wrote in #note-5:
> Better to stick with using aliases. VIPs are more for service bindings.
This wil... Silmor Senedlen
11:38 AM Feature #10446: VIP address is not shown in firewall rules: Silmor Senedlen wrote in #note-4:
> Silmor Senedlen wrote in #note-2:
> > I think it would be nice to be able to ... Marcos M
02:04 PM Feature #13260 (New): Add support for OpenVPN static-challenge: When using Multi Factor authentication most OpenVPN clients offer a static-challenge option to make the client ask fo... Diego Cortassa
01:32 PM Feature #13256: Better handling of duplicate IP addresses in static DHCP assignments: I wanted to make the warning display in a "Yellow Box" too but I looked through the code and couldn't see an easy way... → luckman212
12:41 PM Feature #13256: Better handling of duplicate IP addresses in static DHCP assignments: I don't think we should change the default behavior/add extra steps to reach the current behavior.
Something that ... Jim Pingle
12:36 PM Feature #13256: Better handling of duplicate IP addresses in static DHCP assignments: Thank you for the contributions!
In general, it's best to avoid first/second person perspective. A yellowish warni... Marcos M
07:07 AM Regression #11570 (Pull Request Review): Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Jim Pingle
01:42 AM pfSense Packages Bug #12765 (Resolved): AutoConfigBackup should ignore Lightsquid/lightparser cron changes: I tested with Lightsquid version 3.0.6_9.
It works fine.
I am marking this ticket resolved. Danilo Zrenjanin

06/08/2022

11:17 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I submitted a PR: https://github.com/pfsense/pfsense/pull/4595 that may help some of the cases being hit here. → luckman212
05:02 PM pfSense Packages Bug #13259 (Not a Bug): Reply-to rules are not created with wireguard 0.1.6_1: Jim Pingle
04:57 PM pfSense Packages Bug #13259: Reply-to rules are not created with wireguard 0.1.6_1: Sorry, stupid mistake on my side, it is required to set an upstream gateway on the interface config in order for the ... JB Fuzier
04:53 PM pfSense Packages Bug #13259 (Not a Bug): Reply-to rules are not created with wireguard 0.1.6_1: Hello,
I have noticed that reply-to rules are not created for rules in a wireguard interface even if it is assigne... JB Fuzier
03:33 PM Feature #10446: VIP address is not shown in firewall rules: Silmor Senedlen wrote in #note-2:
> I think it would be nice to be able to select VIP address from list(which autom... Silmor Senedlen
01:35 PM pfSense Packages Bug #12808 (Resolved): Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Christian McDonald
10:02 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: Cherry picked this commit to RELENG_2_6_0 ports tree. Look for a package update.
Edit: v0.1.6_2 is available in CE 2... Christian McDonald
09:31 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: → luckman212 wrote in #note-13:
> @Valmor if you add the System Patches package and then add a patch using this url:... Val Mor
07:54 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: @Valmor if you add the System Patches package and then add a patch using this url:
https://github.com/theonemcdona... → luckman212
07:46 AM pfSense Packages Bug #12808: Wireguard Gateways disabled when Wireguard Service is Manually Restarted: I have similar issue on pfSense 2.6.0-RELEASE.
Configured WireGuard tunnel and set a static route.
After reboot of ... Val Mor
12:40 PM pfSense Packages Bug #13050 (Resolved): ACME update EasyDNS inline api sign-up link: It looks fine on Acme package version 0.7.1_1.
I am marking this ticket resolved. Danilo Zrenjanin
12:04 PM Bug #13258 (Resolved): Hidden menu option ``100`` incorrectly handles HTTPS detection: I was poking around in @/etc/rc.initial@ to try to fix something else and I noticed a hidden menu item 100
This op... → luckman212
10:38 AM Bug #13257: Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm: See also: #13255 Jim Pingle
10:35 AM Bug #13257 (Resolved): Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm: In source:src/usr/local/www/system_certmanager.php#L198 or thereabouts it sets a parameter @encrypt_key_cipher@ inten... Jim Pingle
09:54 AM Feature #13256 (Resolved): Better handling of duplicate IP addresses in static DHCP assignments: summary:
In 2018 code that prevented duplicate IPs from being used as static DHCP mappings was removed. There are ... → luckman212
09:15 AM Bug #13088: Rapidly clicking certain options on OpenVPN Client Overrides can cause hide/show field behavior to invert: I replicated the issue with inverted results when repeating clicks too quickly on 22.05.r.20220604.1403.
After app... Danilo Zrenjanin
08:52 AM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: I reproduced the issue on 22.01 and 22.05.r.20220604.1403 with the same logs. Danilo Zrenjanin
08:36 AM pfSense Packages Todo #13255 (Resolved): Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles: Currently when crafting a PKCS#12 archive the OpenVPN Client Export package does not set a specific encryption algori... Jim Pingle
07:48 AM Bug #13254 (Resolved): DNS resolver does not update its configuration or reload during link down events: How to reproduce:
1) Configure the interface with Static IPv4
2) Select this interface in the "Network Interfaces... Danilo Zrenjanin

06/07/2022

08:55 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: Tested on 22.05 RC.
I was not able to replicate this initially with WAN1 as DHCP and WAN2 as static. After testing a... Marcos M
10:00 AM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I experienced this this morning, on 22.05.b.20220531.0600
- dpinger showed my DHCP6 gateway as "down"
- I ran @pgre... → luckman212
01:04 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: +1 Having this issue since 16th May on two separate boxes CE. Upgraded to 2.6 and still the same. switch to DynDns an... r a
08:50 AM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: +1 Also having this problem David Grenier
12:25 AM pfSense Packages Bug #10436: softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0): I'm starting down a path that involves softflowd. Does anyone know if this issue persists with the latest snaps? → luckman212

06/06/2022

11:17 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: any updates on this? I am getting the same error too Pan Teparak
06:55 PM pfSense Packages Feature #12963: Run nmap scans in the background: I can't think of a privacy issue for either - both locations are readable by everyone. The Packet Capture page is in ... Marcos M
02:55 PM pfSense Packages Feature #12963: Run nmap scans in the background: Marcos Mendoza wrote in #note-24:
> Looks good from the testing I've done. Only suggestion I have is that the result... Phil Wardt
02:58 PM Bug #13253 (Resolved): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6: After #6880 it seems that when applying settings on multiple WANs, @dhcp6c@ is not restarted so the new configuration... Jim Pingle
02:55 PM Bug #13061 (Resolved): Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa: Seems to be doing the right thing. IPv6 OpenVPN tunnel kept going when the IPv4 gateway went down and back up. We can... Jim Pingle
02:35 PM Bug #12733 (Resolved): Value of ``net.inet.ip.dummynet.*`` OIDs in ``sysctl`` are ignored: The code for @dummynet_load_module()@ in source:src/etc/inc/util.inc#L3937 ensures the module is loaded before popula... Jim Pingle
01:06 PM Bug #13252 (New): reduce frequency of php-fpm socket connection attempts from check_reload_status: When troubleshooting an issue, I discovered that my system logs were rotating every couple of minutes, due to many of... Royce Williams
12:45 PM Bug #13251: pfTop bugs - backspace key vs CTRL_H, states column, rnr not functional: Ok, fair enough but I do wonder - does backspace work for _anyone_ in this case? Because it appears undefined or at l... → luckman212
12:37 PM Bug #13251 (Not a Bug): pfTop bugs - backspace key vs CTRL_H, states column, rnr not functional: backspace vs ^H is almost always a terminal issue with your client and what it sends. Some things send ^H for backspa... Jim Pingle
12:32 PM Bug #13251 (Not a Bug): pfTop bugs - backspace key vs CTRL_H, states column, rnr not functional: I am not 100% sure but I believe there are bugs in the currently bundled version of pfTop. I opened a thread about th... → luckman212
07:32 AM Todo #13250 (Resolved): Clean up DHCP Server option language: Several options on the page have awkward or inconsistent wording
* "Denied clients will be ignored rather than rej... Jim Pingle
07:03 AM Bug #12878 (Incomplete): Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Jim Pingle
07:02 AM Bug #13249: Running playback comands multiple times results in PHP error: That is known and expected, they aren't designed to run more than once in the same session the way you are doing it. ... Jim Pingle
05:41 AM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: It's under IKE Endpoint Configuration ----> Remote Gateway (IPV6), to check if FQDN for AAAA record can be used to es... Alex Zaykov
04:17 AM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes: Tested on 22.05-RC (built on Sat Jun 04 14:22:59 UTC 2022)
I'm not sure what to test here but there is no *add_hos... Azamat Khakimyanov

06/05/2022

08:10 PM Bug #13249 (New): Running playback comands multiple times results in PHP error: Using the console, enter option 12 then run @playback svc restart unbound@ twice. On the second run, the following is... Marcos M
07:38 PM Regression #13248 (New): IPv6 Router Advertisements runs when config.xml does not contain an entry for the interface: After installing @22.05.b.20220531.0600@, I noticed that the @System / Routing@ logs showed the following:
* @2001... Marcos M
07:09 PM pfSense Packages Bug #13247 (Confirmed): Open-VM-Tools service actions do not work: Installing the package @Open-VM-Tools@ creates two entries under @Status / Services@: @vmware-guestid@ and @vmware-km... Marcos M
06:51 PM pfSense Packages Feature #13246 (New): iperf3 service controls do not work: After installing the @iperf3@ package, an entry is created under @Status / Services@ which includes @Start@, @Stop@, ... Marcos M
06:17 PM pfSense Packages Feature #12963: Run nmap scans in the background: Looks good from the testing I've done. Only suggestion I have is that the results file may be best placed in @/tmp@. Marcos M
04:10 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: Marcos Mendoza wrote in #note-6:
> The wording has been addressed with NG 7431. This issue can be left open to track... Ryan Coleman
08:23 AM Regression #12821 (Confirmed): Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Steve Wheeler

06/04/2022

08:15 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested ix interfaces as well. They are not subject to this bug. Based on the fact that Broadcom NICs and Intel ix/i... Kris Phillips
07:54 PM Regression #11545: Primary interface address is not always used when VIPs are present: This bug definitely doesn't just happen with PPPoE interfaces. It is also not consistent and seems to be an "orderin... Kris Phillips
07:50 PM Bug #12878: Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Unless further feedback is provided on this redmine, it can likely be closed due to lack of information in Rejected s... Kris Phillips
09:21 AM Feature #13245 (Resolved): Type column on Alias lists: Small QoL addition that adds a Type column to the Alias list views. I was recently cleaning up my aliases and being a... → luckman212

05/30/2022

04:59 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: Extended query works.
RFC2307 groups work.
Authentication fails when both are enabled.
The site I'm testing ... Chris Linstruth
04:57 PM Bug #13093: LDAP authentication fails with extended query and RFC2307 group lookups enabled: I think this is probably still not right. Chris Linstruth
04:02 PM Bug #12923 (Resolved): DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start: Working correctly on... Christopher Cope
03:54 PM pfSense Plus Bug #13233: OpenVPN DCO connection fails with Auth Digest Algorithm set to SHA512: Thanks for pointing out the RA-only restriction. I see that stephenw10 has replied in the original forum string that... Steve Wilson
09:32 AM pfSense Plus Bug #13233: OpenVPN DCO connection fails with Auth Digest Algorithm set to SHA512: Try to reproduce it with OpenVPN Server in Remote Access mode, Peer-to-Peer is not supported - see https://redmine.pf... Marcos M
12:28 PM pfSense Plus Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: I mean to say it's not a SafeXcel issue specifically. Thank you for confirming it's only on the 2100 (ARM) platform. Marcos M
12:15 PM pfSense Plus Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Marcos Mendoza wrote in #note-3:
> Note that the issue may not be specific to SafeXcel - e.g. it could happen with In... Chris S
11:06 AM pfSense Plus Bug #13074: AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload: Note that the issue may not be specific to SafeXcel - e.g. it could happen with Intel QAT as well. Marcos M
12:25 PM Feature #12982: Add support for RFC7499 in RADIUS library.: The issue needs to be narrowed down further. Apply the following patch, reproduce the issue, then submit the /tmp/_DE... Marcos M
10:56 AM pfSense Packages Regression #12140 (Closed): DNSBL https webserver not working: Could not reproduce on 22.05 with pfBlockerNG-devel 3.1.0_4. The no logging of IP addresses has already been resolved... Marcos M
10:40 AM pfSense Packages Feature #10242 (New): E2guardian Web filtering package: Viktor Gurov
10:29 AM pfSense Packages Regression #12476 (Resolved): Suricata 6.0.3_3 Pass List ignores all single IPs: Marcos M
03:30 AM pfSense Packages Feature #11385 (Resolved): Add WireGuard tunneled networks to vpnaddresses list: Tested on 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
When I created Pass List with 'VPN Addre... Azamat Khakimyanov
02:00 AM pfSense Packages Bug #11892 (Resolved): WireGuard: dpinger does not start correctly on a WireGuard gateway at boot: Tested on 21.05_2, 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
I saw no issue with dpinger and... Azamat Khakimyanov

05/29/2022

10:57 PM Feature #12982: Add support for RFC7499 in RADIUS library.: Any new update? Frank Lee
08:31 PM Bug #13230 (Feedback): Floating rules on VPN interfaces: More information is needed to understand the issue. Is this occurring with an OpenVPN Server or Client configuration ... Marcos M
07:56 PM pfSense Plus Bug #13233: OpenVPN DCO connection fails with Auth Digest Algorithm set to SHA512: Hopefully this will be reproducible:
1. Set up Non-DCO OpenVPN server and client with follwing config options: pe... Steve Wilson
06:31 PM pfSense Plus Bug #13233 (Feedback): OpenVPN DCO connection fails with Auth Digest Algorithm set to SHA512: Tested on @22.05.b.20220524.0600@.
I was unable to reproduce this issue using OpenVPN RA TLS+User auth. Taking an ... Marcos M
07:00 PM Bug #12878 (Feedback): Traffic shaping by interface, route queue bandwidth inbound, out by a large factor.: Please test 22.05 BETA when possible and let us know if the issue persists. Details on the Traffic Shaping config and... Marcos M
06:56 PM Bug #12877 (Feedback): Cloudflare DynDNS fails to update more than two addresses: If possible, please re-test after applying the available patch found with the System_Patches package. Marcos M
06:49 PM pfSense Plus Bug #13041 (Closed): DNS resolution of internal network names when logged in via OpenVPN requires workaround: Marcos M
06:38 PM pfSense Plus Bug #13232 (Duplicate): Restoring Config with OpenVPN Custom Options Removes Carriage Returns: This seems more like a feature than a bug, considering that the description and documentation both say to separate wi... Marcos M
06:17 PM Bug #13234 (Not a Bug): Separator locations pushed down when pfSense is rebooted: pfBlockerNG's auto rule creation will affect the placement of separators - this is likely what's happening. If you di... Marcos M
10:29 AM Bug #13234 (Not a Bug): Separator locations pushed down when pfSense is rebooted: This happens when I place a separator at the top of the floating rules and reboot the router. I have not checked othe... Jon Brown
05:34 PM Feature #8173: dhcp6c - RAW Options: Please let us have these features added to pfSense. Half of france is using OPNsense because nothing happens on this ... Tue Madsen
02:09 PM pfSense Docs Todo #13236 (Resolved): Document link speed limitations with igc and ix on 6100/4100: > The I225 built-in phy doesn't support fixed operation, so a speed/duplex setting is emulated by selecting that sing... Marcos M
12:09 PM pfSense Packages Feature #10818: UDP Broadcast Relay: There's no GUI for it, but it can be installed on 22.05/2.7:... Marcos M
11:21 AM pfSense Packages Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events: Tested on 22.01 and on 22.05-BETA (built on Fri May 27 06:21:09 UTC 2022)
I wasn't able to reproduce this issue. A... Azamat Khakimyanov
11:07 AM Bug #13235 (Not a Bug): URL in firewall rule hover does nothing: There is URL present in the modal box you get when you hover over a rule. This URL does nothing.
* Should this URL... Jon Brown
06:38 AM pfSense Packages Bug #12251 (Resolved): Wireguard 0.1.5 - ignores "KeepAlive" parameter if empty (instead of disabling): Tested on 22.01
When I used empty 'Keep Alive' field, I got in config: _*PersistentKeepalive = 0*_
When I tried... Azamat Khakimyanov
03:49 AM pfSense Packages Feature #12719 (Resolved): add igc(4) to the list of INLINE mode (iflib/netmap) supported cards: Tested on 22.01
Interface *igc* was added into 'Supported drivers' list: _Supported drivers: bnxt, cc, cxgbe, cxl, e... Azamat Khakimyanov
03:48 AM pfSense Packages Feature #11560 (Resolved): add ena(4) to the list of INLINE mode (netmap) supported cards: Tested on 22.01
Interface *ena* was added into 'Supported drivers' list: _Supported drivers: bnxt, cc, cxgbe, cxl, e... Azamat Khakimyanov

05/28/2022

07:16 PM pfSense Plus Bug #13233 (Feedback): OpenVPN DCO connection fails with Auth Digest Algorithm set to SHA512: OpenVPN DCO configurations specifying an auth digest algorithm of SHA512 fail to connect. Changing the algorithm to ... Steve Wilson
06:50 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: Discussed with engineering. This will get brought over in the next repo sync. Kris Phillips
03:19 PM pfSense Plus Bug #13232 (Duplicate): Restoring Config with OpenVPN Custom Options Removes Carriage Returns: If you back up a config on one device and then restore it in another, if you have an OpenVPN client (potentially serv... Kris Phillips
03:06 PM Regression #12821: Intel e1000 driver (``em``, ``igb``) cannot pass packets tagged with VLAN ``0``: Tested this on igc interfaces and it appears this only affects e1000-based NICs. Other Intel NICs would seem to be f... Kris Phillips
02:13 PM pfSense Docs New Content #13211: OpenVPN DCO Documentation: Much more clear to me, thanks! Marcos M
02:10 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I cannot test 22.05, I'm on community edition. Sage Badolato
01:13 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I suggest testing on 22.05 BETA if possible. If the issue persists there, it may be related to https://redmine.pfsens... Marcos M
02:01 PM Regression #13203 (Resolved): Floating rules without an interface are not loaded: Marcos M
01:47 PM pfSense Plus Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop: The wording has been addressed with NG 7431. This issue can be left open to track the behavior issue itself, as it sh... Marcos M
01:14 PM Bug #13228: Recovering interface gateway may not be added back into gateway groups and rules when expected: May be related to https://redmine.pfsense.org/issues/12920. Marcos M
12:59 PM Bug #13231 (Not a Bug): OpenVPN custom options may fail after save/restore: Sometimes after restoring a backup XML file, custom options get formatted improperly. That prevents the OpenVPN servi... Danilo Zrenjanin
12:45 PM Feature #4259 (Resolved): Port forward NAT rules with "any" protocol: Danilo Zrenjanin
12:45 PM Feature #4259: Port forward NAT rules with "any" protocol: Tested:... Danilo Zrenjanin
06:03 AM pfSense Packages Feature #10818: UDP Broadcast Relay: Hi.
Any news on this?
Eagerly awaiting this one Øystein Gåsdal

05/27/2022

11:54 PM Bug #13230 (Not a Bug): Floating rules on VPN interfaces: With floating rules on OpenVPN and WireGuard interfaces, matching traffic doesn’t seem to return with rules that pass... James Chambers
09:44 PM pfSense Packages Feature #12658: Adding prometheus metrics to darkstat: I think the package is in the FreeBSD ports:... Karim Elatov
07:31 PM Regression #11570: Gateway monitoring services is not always restarted on interface events, which may prevent a WAN from recovering back to an online state: I can also confirm that I can replicate this exact issue on my PFSense. Both as a VM and as bare metal.
Using a H... Sage Badolato
03:04 PM pfSense Docs Todo #13229 (Feedback): Update documentation for IPFW to PF transition for Limiters and Captive Portal: Relevant commits:
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/47dd08cc24bb4ffbd476b2d4aebacdb6ccbce895
... Jim Pingle
02:59 PM pfSense Docs Todo #13229 (Resolved): Update documentation for IPFW to PF transition for Limiters and Captive Portal: Adding for tracking.
Docs are updated to reflect that IPFW is no longer used, it's all in PF now. Jim Pingle
01:59 PM pfSense Docs New Content #13223 (Feedback): Document new gateway state killing behavior: This should complete the relevant updates (and then some):
https://gitlab.netgate.com/docs/pfSense-docs/-/commit/7... Jim Pingle
01:15 PM Revision e5d97d7c: Update CARP status state sync note. Fixes #12701: Jim Pingle
10:58 AM Bug #13228 (Resolved): Recovering interface gateway may not be added back into gateway groups and rules when expected: When an interface/gateway recovers and rc.newwanip runs, the gateway may not end up in the ruleset in groups or rules... Jim Pingle
10:15 AM pfSense Plus Feature #13227: Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS: I Should mention you can use my modifcation afterwards by creating the groups identifier and IP pool needed, by creat... Tue Madsen
10:09 AM pfSense Plus Feature #13227 (Resolved): Group-based Mobile IPsec Virtual Address Pool assignment via RADIUS: Currently you cannot create additional Virtual IP Pools to assign mobile users IP addresses from, if you are using EA... Tue Madsen
08:55 AM Todo #12701 (Feedback): Reorganize CARP status page: Applied in changeset commit:e5d97d7ce8bd3346ef8fa6f5477182331d2174b4. Jim Pingle
08:03 AM Todo #12701 (In Progress): Reorganize CARP status page: This could use one small change, to add a note/link in the info block saying the user can set a custom filter host ID... Jim Pingle
08:01 AM Todo #12701 (Resolved): Reorganize CARP status page: Jim Pingle
05:12 AM Todo #12701: Reorganize CARP status page: Tested.... Danilo Zrenjanin
08:00 AM Regression #11545 (New): Primary interface address is not always used when VIPs are present: That other issue could solve it for PPP type interfaces but it's happening on systems without PPP interfaces and thos... Jim Pingle
02:53 AM Regression #11545 (Feedback): Primary interface address is not always used when VIPs are present: Viktor Gurov
02:52 AM Regression #11545: Primary interface address is not always used when VIPs are present: Should be fixed in #11629
Please re-test on the latest 22.05/2.7 snapshots. Viktor Gurov
06:29 AM Bug #13226 (Confirmed): Disconnecting a user from Captive Portal may allow previously established connections to continue: Able to reproduce.
It looks like @pfSense_kill_status()@ and @pfSense_kill_src states()@ are successfully kill TCP... Viktor Gurov
05:11 AM Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue: It looks like @pfSense_kill_states()@ and @pfSense_kill_srcstates()@ does not work properly:
https://github.com/pfse... Viktor Gurov
05:02 AM Bug #13226 (Resolved): Disconnecting a user from Captive Portal may allow previously established connections to continue: Steps to reproduce:
1. Connect to the network through the CP portal.
2. Establish OpenVPN forcing all traffic thr... Danilo Zrenjanin
05:25 AM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: I've applied it and it looks to do the job. I will keep an eye on it and throw in a couple of reboots over the weeken... Graeme Bragg
02:59 AM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Graeme Bragg wrote in #note-3:
> Thanks for looking at this so quickly. Please let me know if you need/want me to te... Viktor Gurov
05:21 AM Bug #13225: Bridges with QinQ interfaces not properly set up at boot: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/810 Viktor Gurov
03:14 AM Bug #13225 (Resolved): Bridges with QinQ interfaces not properly set up at boot: We have a setup that includes several OpenVPN tunnels, some of them using QinQ. When system is configured using WebUI... Lauri Liuhto
01:58 AM Bug #13224 (Duplicate): Email notification flood when UPS (NUT) and WAN send notifications: When my UPS (monitored with NUT) and one of my WAN (PPPoE) both send email notifications close to each other, it star... Riccardo Ambrosi

05/26/2022

04:29 PM Regression #13182 (Resolved): Enabling /var as a RAM disks conflicts with ZFS: Working as expected on... Christopher Cope
03:33 PM pfSense Docs New Content #13223: Document new gateway state killing behavior: Partial progress: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/a77fae599dcfe8b103cc594bb0164f90723af877 Jim Pingle
03:31 PM pfSense Docs New Content #13223 (In Progress): Document new gateway state killing behavior: Jim Pingle
03:31 PM pfSense Docs New Content #13223 (Resolved): Document new gateway state killing behavior: Add docs for the new gateway state killing behavior, including:
* New choices for the option on System > Advanced,... Jim Pingle
03:05 PM Revision ce541827: Change Captive Portal anchors order and remove tagged option from L2 rules.: Viktor Gurov
02:28 PM Bug #13222 (New): CARP IP does not listen for NAT-PMP packets: If a client is using a CARP IP for the Network's Gateway address and sends a [x0x0] packet along UDP port 5351 on the... Gavin Greenwalt
01:46 PM Regression #11545: Primary interface address is not always used when VIPs are present: When dynamic interface addresses change, say via DHCP, the common mechanism for handling the address transition is no... Reid Linnemann
01:07 PM Revision 899e2b10: Do not duplicate Captive Portal passthru rule if HTTPS login is enabled: Viktor Gurov
12:54 PM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Thanks for looking at this so quickly. Please let me know if you need/want me to test anything. Graeme Bragg
07:21 AM Bug #13218 (Pull Request Review): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Jim Pingle
04:19 AM Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/806 Viktor Gurov
11:19 AM Bug #13185 (Resolved): LDAP setup does not display 'Global Root CA List' option unless another CA also exists: Tested:... Danilo Zrenjanin
10:51 AM Regression #12827: High latency and packet loss during a filter reload: Updating subject for release notes. Jim Pingle
10:49 AM Regression #13212: Captive Portal redirect not working if HTTPS login is enabled: Not a problem in a release, excluding from release notes. Jim Pingle
10:49 AM Regression #13192: Default pipe rate limits are applied to allowed mac/ip/host entries: Not a problem in a release, excluding from release notes. Jim Pingle
10:48 AM Regression #13191: Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: Not a problem in a release, excluding from release notes. Jim Pingle
10:48 AM Todo #13100: Transition Captive Portal from IPFW to PF: Updating subject for release notes. Jim Pingle
10:46 AM Bug #12733: Value of ``net.inet.ip.dummynet.*`` OIDs in ``sysctl`` are ignored: Updating subject for release notes. Jim Pingle
09:59 AM Feature #13221: Simple View Expired Vouchers Bandwidth History.: Because people says they were not using the data while they did.
I was thinking it is a good idea because that inf... Raymond Chauke
08:25 AM Feature #13221 (Rejected): Simple View Expired Vouchers Bandwidth History.: Keeping that kind of data for vouchers isn't viable. Jim Pingle
08:23 AM Feature #13221 (Rejected): Simple View Expired Vouchers Bandwidth History.: In the upcoming Latest development 2.8.0-RELEASE i hope to see the sixth tab under the STATUS/CAPTIVE PORTAL MENU tha... Raymond Chauke
08:19 AM pfSense Packages Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05: Jim Pingle
08:09 AM Bug #13217: dhclient using default pid file location which does not exist: I checked several systems here and most of them had @/var/run/dhclient/@ as expected with proper PID files inside, bu... Jim Pingle
04:29 AM Bug #13217: dhclient using default pid file location which does not exist: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/807 Viktor Gurov
08:08 AM Feature #13220 (New): Voucher per-roll bandwidth restrictions and traffic quotas: I hope PFSENSE can Enable per-voucher roll bandwidth restriction. where during the vouchers roll creation i can b... Raymond Chauke
08:05 AM Feature #13219 (New): Enable/Disable single voucher roll: Dear PfSense Team.
I have a voucher roll that is lost, All i want is to disable only that specific lost roll until... Raymond Chauke

05/25/2022

08:52 PM Bug #13218 (Resolved): GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG: Minimal reproducible configuration:
round-robin LAGG pair assigned as the WAN interface with either an MTU of 1... Graeme Bragg
08:27 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: Updating original post with results from 22.05 BETA.
Now the gateway returns to online in every case. However, there... Marcos M
08:37 AM Bug #12920 (Pull Request Review): Gateway behavior differs when the gateway does not exist in the configuration: Jim Pingle
07:54 AM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/804 Viktor Gurov
04:03 PM pfSense Packages Todo #13190: Update System_Patches package for pfSense+ 22.05: Tested on... Christopher Cope
02:23 PM pfSense Docs New Content #13205: ZFS Boot Environment documentation: Added examples for space usage plus a screenshot of the BE list in the GUI:
https://gitlab.netgate.com/docs/pfSense-... Jim Pingle
12:46 PM pfSense Docs New Content #13205: ZFS Boot Environment documentation: Additional updates: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/89bec80995d33e551bac302b97cdb0ede8192b0e Jim Pingle
02:02 PM Revision 16a6bf51: Always display Global Root CA List. Fixes #13185: Viktor Gurov
02:01 PM Revision 937b2a59: Reload Captive Portal rules on nomacfilter or per-user bandwidth change. Fixes #13216: Viktor Gurov
01:47 PM Revision e65783ae: Check CP rules tag on all steps. Fixes #13215: Viktor Gurov
01:00 PM Revision af54e92e: Get all nested anchors when drilling. Fixes #13142: Jim Pingle
12:25 PM pfSense Docs New Content #13211: OpenVPN DCO Documentation: Fixed: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/c57402fb16d3519d4394697a36c99c7f2fbc2b9b Jim Pingle
11:36 AM Bug #13217 (New): dhclient using default pid file location which does not exist: The dhclient by default uses the location of /var/run/dhclient/dhclient.interface.pid to store the PID for the client... Paul Arbour
09:10 AM Bug #13185 (Feedback): LDAP setup does not display 'Global Root CA List' option unless another CA also exists: Applied in changeset commit:16a6bf51901960c81b1a36c908b6df750456f476. Viktor Gurov
08:36 AM Bug #13185 (Pull Request Review): LDAP setup does not display 'Global Root CA List' option unless another CA also exists: Jim Pingle
04:14 AM Bug #13185: LDAP setup does not display 'Global Root CA List' option unless another CA also exists: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/803 Viktor Gurov
09:10 AM Bug #13216 (Feedback): Switching nomacfilter option does not change autorized users rule format: Applied in changeset commit:937b2a59a2c4a5c88df30835dc3f86901a91e257. Viktor Gurov
08:35 AM Bug #13216 (Pull Request Review): Switching nomacfilter option does not change autorized users rule format: Jim Pingle
03:46 AM Bug #13216: Switching nomacfilter option does not change autorized users rule format: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/802 Viktor Gurov
03:15 AM Bug #13216 (Resolved): Switching nomacfilter option does not change autorized users rule format: Authorized CP users rules format is not changed after switching the @nomacfilter@ option,
workaround - disable/enabl... Viktor Gurov
09:10 AM Bug #13215 (Feedback): Allowed MAC/IP/Hostname traffic counts for authorized users: Applied in changeset commit:e65783ae7ec9aa7234e6cde61d2f73cd927080fa. Viktor Gurov
08:34 AM Bug #13215 (Pull Request Review): Allowed MAC/IP/Hostname traffic counts for authorized users: Jim Pingle
03:06 AM Bug #13215: Allowed MAC/IP/Hostname traffic counts for authorized users: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/801 Viktor Gurov
03:03 AM Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized users: This is due to rewriting pf tags.
CP rules must check @tagged@ value on all steps. Viktor Gurov
08:20 AM pfSense Packages Bug #13214 (Pull Request Review): AttributeError: 'NoneType' object has no attribute 'text': Jim Pingle
02:57 AM pfSense Packages Bug #13214: AttributeError: 'NoneType' object has no attribute 'text': Updated pull request [[https://github.com/pfsense/FreeBSD-ports/pull/1168]] Ian Grindley
02:51 AM pfSense Packages Bug #13214 (Resolved): AttributeError: 'NoneType' object has no attribute 'text': After installing Prometheus node_exporter error messages appeared containing the following:
Arpwatch Notification ... Ian Grindley
08:19 AM Bug #13213 (Not a Bug): allow no-lan configurations: That is just the default interface label. You can rename that to whatever you want. Anything else it triggers you can... Jim Pingle
02:16 AM Bug #13213 (Not a Bug): allow no-lan configurations: The scenario:
pfSense is launched in a cloud provider (like AWS or Hetzner). By default there's only one interface ... Alex Kolesnik
08:10 AM Regression #13142 (Feedback): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: Applied in changeset commit:af54e92e65495d8ad76eb9698d5ae6b709504c0b. Jim Pingle
08:02 AM Regression #13142 (In Progress): PHP shell ``pfanchordrill`` script produces errors on captive portal tables: This needs one more small fix as pfanchordrill is not catching the new captive portal nested anchors. Jim Pingle
07:57 AM Feature #1831: Captive portal IPv6 support: Now that Captive Portal has been migrated to pf this may be possible with some effort. If not we can always re-evalua... Jim Pingle
07:41 AM Regression #13212 (Resolved): Captive Portal redirect not working if HTTPS login is enabled: This is working for me as well on the latest snapshot. User gets appropriately redirected to the portal page using th... Jim Pingle
06:11 AM Regression #13212: Captive Portal redirect not working if HTTPS login is enabled: Tested the patch on the:... Danilo Zrenjanin
04:27 AM Feature #9536: Support dynamic prefix in DHCPv6 Server: This ticket is already open for years now.
Any chance to get dynamic prefix delegation to downstream router work ?
Manuel Wagner
03:50 AM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion: Azamat Khakimyanov wrote:
> I think parsing function pfb_daemon_filterlog from https://gist.githubusercontent.com/BB... Djerk Geurts
03:10 AM Bug #12733 (Feedback): Value of ``net.inet.ip.dummynet.*`` OIDs in ``sysctl`` are ignored: Implemented: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L495 Viktor Gurov
01:54 AM Revision fee50323: captiveportal: Add both https/http rules for cps with https. Fixes #13212: Alter captiveportal_zone_portalports to return an array of alias/port pairs
rather than a single pair. If https is en... Reid Linnemann

05/24/2022

09:05 PM Regression #13212 (Feedback): Captive Portal redirect not working if HTTPS login is enabled: Applied in changeset commit:fee503237a77916b6b9d2fdc3c61ecb7b3d8fcc8. Reid Linnemann
03:17 PM Regression #13212 (Resolved): Captive Portal redirect not working if HTTPS login is enabled: With "Enable HTTPS login" checked and a proper (trusted, via LE/ACME) cert in place, captive portal clients do not de... Jim Pingle
08:28 PM Revision 514441c6: Fix CP pipe function call. Fixes #13204: Jim Pingle
08:09 PM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: Hi Jim,
Thanks for the update.
As this issue is already being tracked internally, would you happen to know if t... Daniel Subert
07:23 AM pfSense Plus Bug #13206: SG-3100 LED GPIO hangs: We're already tracking this internally (NG 5882) but have yet to reliably reproduce it. We've only encountered it a v... Jim Pingle
01:12 AM pfSense Plus Bug #13206 (New): SG-3100 LED GPIO hangs: Hi,
https://forum.netgate.com/topic/165566/number-of-running-processes-increasing
We seem to be experiencing th... Daniel Subert
07:53 PM Revision b4a6c702: Remount ZFS datasets after configuring RAM disks to ensure they are used. For #13182: Christian McDonald
06:37 PM Bug #11764: IPv6 link local gateway default status not indicated in GUI: Hayden Hill wrote in #note-12:
> I might be having the same issue here. 22.05/2.07 Beta, IPV6 is "working" but gatew... Hayden Hill
12:53 PM Bug #11764: IPv6 link local gateway default status not indicated in GUI: I might be having the same issue here. 22.05/2.07 Beta, IPV6 is "working" but gateway monitor always shows "pending".... Hayden Hill
05:04 PM Bug #13014: Deadlock in Charon VICI interface: No, this is not fixed. However, chances are excellent this is an old & known bug: use-after-free in key-related state... Mateusz Guzik
04:50 PM Bug #13014: Deadlock in Charon VICI interface: We think this is fixed, but need additional testing to know for sure. Brad Davis
04:29 PM Revision 262e6900: Fix RAM disk handling in pfSense-rc on ZFS: Christian McDonald
04:22 PM pfSense Docs New Content #13211: OpenVPN DCO Documentation: > OpenVPN DCO is available exclusively on pfSense® Plus software
May be misinterpreted to mean DCO is only available... Marcos M
02:10 PM pfSense Docs New Content #13211 (Feedback): OpenVPN DCO Documentation: Added DCO to the docs: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/dbef94227eb26be4be76655fedc0f8aa3df9bc43... Jim Pingle
09:50 AM pfSense Docs New Content #13211 (In Progress): OpenVPN DCO Documentation: Jim Pingle
09:50 AM pfSense Docs New Content #13211 (Resolved): OpenVPN DCO Documentation: Add documentation for OpenVPN DCO including:
* Similar content to the recent blog post summarizing what it is/how ... Jim Pingle
03:56 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I added the setting from https://docs.netgate.com/pfsense/en/latest/troubleshooting/filterdns-thread-errors.html and ... Eduard Rozenberg
02:34 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: I was able to (unreliably) reproduce this on latest 22.05 snapshot. I then exited filterdns and started it with verbo... Marcos M
03:31 PM Bug #13204: Captive Portal reserves four (instead of two) pipes for client: One function call was missed when making this change, I fixed it: https://gitlab.netgate.com/pfSense/pfSense/-/commit... Jim Pingle
02:37 PM pfSense Docs New Content #13205: ZFS Boot Environment documentation: Looks good! Marcos M
02:34 PM pfSense Docs New Content #13205 (Feedback): ZFS Boot Environment documentation: Updates based on feedback: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/ad9ef24ac5101c5bd253c24df338bb4b8453... Jim Pingle
02:14 PM pfSense Docs New Content #13205 (In Progress): ZFS Boot Environment documentation: Jim Pingle
11:43 AM pfSense Docs New Content #13205: ZFS Boot Environment documentation: Feedback:
h3. Managing Boot Environments in the GUI
> Indicates the current next ZFS Boot Environment
italicize "nex... Marcos M
02:24 PM Revision a1ccf0db: Improvements to ramdisk functions for improved handling on ZFS: Christian McDonald
01:14 PM Revision ff72903f: PKG_DBDIR/CACHEDIR should be accessed at /var/db/pkg and /var/cache/pkg in all cases: Christian McDonald
12:44 PM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion: Happy to provide more detail if needed.
Regarding the interfaces, we actually have 4 wan interfaces and all internal... Djerk Geurts
07:50 AM pfSense Packages Bug #13209: Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion: Customer created this topic on forum: https://forum.netgate.com/topic/172322/ip_block-log-entry-query-direction Azamat Khakimyanov
07:38 AM pfSense Packages Bug #13209 (New): Parsing Filter log by pfBlockerNG creates IP Block log with Source/Destination mixed up or wrong Direcion: According to our customer he got weird pfBlockeNG log in 'ip_block.log' file.
For example
_May 20 16:23:12,16530438... Azamat Khakimyanov
11:53 AM Todo #13100 (Feedback): Transition Captive Portal from IPFW to PF: Jim Pingle
11:46 AM Feature #12945 (Feedback): Implement missing ipfw equivalents in libpfctl necessary for captiveportal: Reid Linnemann
09:33 AM Bug #13210 (Resolved): PPPoE server panics with multiple client connections: When using the PPPoE server it's possible to trigger a kernel panic if enough clients attempt to connect. It appears ... Steve Wheeler
07:43 AM Bug #12796: 2.5.2 -> 2.6.0 upgrade segfaults if certain packages are installed.: For what it's worth this isn't a problem specific to pfSense or our repositories. I've seen this in base FreeBSD when... Jim Pingle
07:26 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: No plans for a point release at this time.
You can install the "System Patches package":https://docs.netgate.com/p... Jim Pingle
07:16 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Jim Pingle wrote in #note-14:
> I can't reproduce this on any of my Namecheap entries on today's snapshot with the f... Chris Swinney
06:46 AM Regression #13150 (Resolved): Captive Portal not applying per user bandwidths: Viktor Gurov
04:39 AM Regression #13150: Captive Portal not applying per user bandwidths: Upload/download bandwidth restrictions works as expected. Viktor Gurov
04:56 AM pfSense Packages Feature #13207 (New): The feed column on the Alerts page is confusing: When you look at your alerts in the feed column, and per row, there are 2 records present, the current detection and ... Jon Brown

05/23/2022

09:30 PM Revision 91d8c6c9: Revert "Fixes RAM disk handling on ZFS (support boot environments)": This reverts commit e6b47d6812b1a46738c75a8991cd1393b200d7ef Christian McDonald
09:02 PM Revision e6b47d68: Fixes RAM disk handling on ZFS (support boot environments): Christian McDonald
08:25 PM Revision db6e63dd: Revert "Fix RAM disk support for ZFS layout changes related to BEs. Fixes #13182": This reverts commit b9097e4cfe3fcbdec86a00a5a470d93d05ea8102 Christian McDonald
06:36 PM Revision 32661caf: Captive Portal pipes reserve fix. Fixes #13204: Viktor Gurov
06:24 PM Revision 889bec18: Generate floating rules with "any" interface. Fix #13203: Marcos M
05:07 PM Revision b9097e4c: Fix RAM disk support for ZFS layout changes related to BEs. Fixes #13182: Christian McDonald
03:11 PM Regression #12827 (Resolved): High latency and packet loss during a filter reload: As there is no packet loss and the impact is significantly better than the last release we can call this solved for n... Jim Pingle
02:31 PM Regression #12827: High latency and packet loss during a filter reload: Here are some additional results between current and previous versions.... Marcos M
11:37 AM Regression #12827: High latency and packet loss during a filter reload: Steve Wheeler wrote in #note-26:
> Ruleset load times in 22.05 look like:
> [...]
>
> Tested in: 22.05.b.2022052... Michael Novotny
11:30 AM Regression #12827: High latency and packet loss during a filter reload: Ruleset load times in 22.05 look like:... Steve Wheeler
03:08 PM pfSense Docs New Content #13205 (Feedback): ZFS Boot Environment documentation: Initial commit: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/e972b47a24de9fe822c331ad6b13c48872da2aa5
Sta... Jim Pingle
02:53 PM pfSense Docs New Content #13205 (Resolved): ZFS Boot Environment documentation: Write documentation for the new ZFS Boot Environment feature.
Mostly done, adding this for tracking. Jim Pingle
03:02 PM Revision 6b73b812: Do not force setting a gateway with floating match limiter rules. Fix #13027: Marcos M
01:55 PM Revision 533b6c5a: Incompatible OpenVPN P2P option note. Issue #13189: Jim Pingle
01:45 PM Bug #13204 (Feedback): Captive Portal reserves four (instead of two) pipes for client: Applied in changeset commit:32661caf9549d8675763e814c9ceb9c2b47b2f02. Viktor Gurov
01:32 PM Bug #13204 (Pull Request Review): Captive Portal reserves four (instead of two) pipes for client: Jim Pingle
01:28 PM Bug #13204: Captive Portal reserves four (instead of two) pipes for client: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/798 Viktor Gurov
01:25 PM Bug #13204 (Resolved): Captive Portal reserves four (instead of two) pipes for client: @/var/db/captiveportaldn.rules@ reserves 4 pipes for each client, instead of 2 (in/out) Viktor Gurov
01:40 PM Regression #13203 (Feedback): Floating rules without an interface are not loaded: Applied in changeset commit:889bec18ecd0828e1401abcc1c8c4c8ec73aef81. Marcos M
01:34 PM Regression #13203: Floating rules without an interface are not loaded: Looks good in my test case:... Steve Wheeler
01:25 PM Regression #13203 (Pull Request Review): Floating rules without an interface are not loaded: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/797 Marcos M
01:05 PM Regression #13203 (Resolved): Floating rules without an interface are not loaded: In @22.01@, the following floating rule with no interface can be created:... Marcos M
12:23 PM pfSense Docs Correction #13186 (Resolved): Help link on some pages doesn't lead to documents the user might expect: These are all taken care of now, at least what is possible.
These redirects are handled server side so the fixes a... Jim Pingle
12:15 PM Regression #13182 (Feedback): Enabling /var as a RAM disks conflicts with ZFS: Applied in changeset commit:b9097e4cfe3fcbdec86a00a5a470d93d05ea8102. Christian McDonald
10:43 AM Bug #13027 (Resolved): Input validation requires a gateway for floating ``match out`` rules: Works as expected. Testing details in MR. Marcos M
10:40 AM Bug #13027 (Feedback): Input validation requires a gateway for floating ``match out`` rules: Applied in changeset commit:6b73b812b884cbc394137b07bab34b9a23bc66f0. Marcos M
10:33 AM Regression #13026 (Resolved): Limiters do not work: Tested on BETA build with connections initiated from inside and outside the firewall. Limiters now work as expected. Marcos M
10:17 AM Bug #12579 (Resolved): Utilize ``dnctl(8)`` to apply limiter changes without a filter reload: No issues with this in testing. Marcos M
10:11 AM pfSense Plus Regression #13183 (Feedback): ZFS module is loaded on systems without ZFS: Fix merged. Try again. Christian McDonald
09:48 AM Feature #12407: Use deferred client connections in OpenVPN: This fix would not affect that issue given it uses a different script. See https://redmine.pfsense.org/issues/12382#n... Marcos M
07:14 AM Feature #12407: Use deferred client connections in OpenVPN: Just as a quick question: should that also help with
https://redmine.pfsense.org/issues/12382
or does that issu... Jens Groh
09:41 AM Revision 3d1a553e: Captive Portal hostname pipes delete fix. Issue #13193: Viktor Gurov
09:09 AM Regression #13193 (Feedback): Deleting a host entry fails to remove dummynet pipes: Merged:
https://github.com/pfsense/pfsense/commit/3d1a553e7aa1615f6d228325dbaac3901cad3811 Viktor Gurov
07:38 AM Regression #13193 (Pull Request Review): Deleting a host entry fails to remove dummynet pipes: Jim Pingle
04:43 AM Regression #13193: Deleting a host entry fails to remove dummynet pipes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/794 Viktor Gurov
09:02 AM pfSense Plus Todo #13189 (Feedback): Input validation should reject the combination of DCO and P2P mode: Base of the note (for CE and Plus that doesn't mention DCO): https://gitlab.netgate.com/pfSense/pfSense/-/commit/533b... Jim Pingle
08:38 AM pfSense Plus Todo #13189 (In Progress): Input validation should reject the combination of DCO and P2P mode: Still needs a note under the IPv4 tunnel network fields about this not being compatible. Jim Pingle
08:26 AM pfSense Plus Todo #13189 (Feedback): Input validation should reject the combination of DCO and P2P mode: Merged: https://gitlab.netgate.com/pfSense/factory/-/commit/16c76f982b7c82d8cc89266e6fe15b3947774085 Jim Pingle
08:58 AM pfSense Packages Bug #13202 (New): Missing Protocols on IP Feed Groups Advanced Inbound/Outbound Firewall Rule settings: While messing around with IP Block list feeds, I found a feed that was very restrictive but it only seemed to block u... Jon Brown
08:47 AM Regression #13191 (Feedback): Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: Reid Linnemann
08:04 AM pfSense Packages Todo #13190 (Feedback): Update System_Patches package for pfSense+ 22.05: Merged. Jim Pingle
12:35 AM pfSense Packages Todo #13190 (Pull Request Review): Update System_Patches package for pfSense+ 22.05: https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/240 Marcos M
06:34 AM pfSense Packages Feature #13201 (New): Add FireHol Security IP Feeds: I have found an excellent repository of automatically created IP security feeds that should be added to pfBlockerNG f... Jon Brown
06:16 AM pfSense Packages Feature #13200 (New): Custom DNS Servers for Alert settings: I am running DNS Hijacking so all DNS/DoT/DoH is run through pfSense and then forwarded securley to Quad9 using DoT.
... Jon Brown
06:05 AM pfSense Packages Feature #13196: remove NoVirusThanks feed: Cannot edit issue, this should be a BUG Jon Brown
05:28 AM pfSense Packages Feature #13196 (New): remove NoVirusThanks feed: NoVirusThanks / NVT_BL / http://www.ipspamlist.com/public_feeds.csv
This is a dead feed, although it is a valid li... Jon Brown
06:05 AM pfSense Packages Feature #13198: Dark Theme Styling issues - Alerts White bar: Cannot edit issue, this should be a BUG Jon Brown
05:56 AM pfSense Packages Feature #13198 (New): Dark Theme Styling issues - Alerts White bar: When running the Dark Theme there are information bars that are white (not styled properly) that are hard to read unl... Jon Brown
06:03 AM pfSense Packages Feature #13199 (New): Feed groups should not have the first listing in the group bar: Currently when a new group is created with a single or multiple feeds in it, the first row is always grey with the fi... Jon Brown
05:35 AM pfSense Packages Feature #13197 (New): Put a Single donation link and a proper patreon lin in the pfBlocker Support Banner / Widget: On the pfBlockerNG support banner I would like the ability to make a single donation, PayPal maybe.
I think that i... Jon Brown
05:22 AM pfSense Packages Feature #13195 (New): Dedicated website for Feed mangement - Community Driven: What would be useful is a website where end users could submit new feeds, flag dead ones, and rate current feeds.
... Jon Brown
05:16 AM pfSense Packages Bug #13194 (New): Remove dead Malc0de feed: the following feeds need removing because they are dead:
* PRI4 / Malc0de / https://malc0de.com/bl/BOOT
the websi... Jon Brown
04:28 AM Revision 65530037: captiveportal: Only apply per-user default bw to pipes for user auth. Fixes #13192: captiveportal_pipe_configure() was unaware of the context of the pipes it was
creating (user auth vs. allowed mac/ip/... Reid Linnemann
03:41 AM Revision 43bd2b88: captiveportal: Correct errors in passthru mac deletion. Fixes #13192: Correct identifier mismatches in captiveportal_passthrumac_delete_entry()
($hostent vs $mac)
Correct and rename capt... Reid Linnemann
12:33 AM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Tested on 22.05 - I couldn't reproduce the original issue using the native (OxygenOS) android 11 IKEv2 MSCHAPv2 client. Marcos M

05/22/2022

11:12 PM Regression #13193 (Resolved): Deleting a host entry fails to remove dummynet pipes: When removing an allowed host, pipes are not cleared that were added for the entry. This may only apply if the hostna... Reid Linnemann
10:55 PM Regression #13192 (Feedback): Default pipe rate limits are applied to allowed mac/ip/host entries: Applied in changeset commit:43bd2b88b7774bba0c54d2f02eb429bfafb8d235. Reid Linnemann
09:58 PM Regression #13192 (Assigned): Default pipe rate limits are applied to allowed mac/ip/host entries: Reid Linnemann
09:56 PM Regression #13192 (Resolved): Default pipe rate limits are applied to allowed mac/ip/host entries: When adding an allowed mac, ip, or host, if the up or down bandwidth are not specified and a default per user bandwid... Reid Linnemann
09:58 PM Regression #13191 (Assigned): Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: Reid Linnemann
06:50 PM Regression #13191 (Resolved): Deleting a passthru mac entry fails to remove pf rules and dummynet pipes associated with the passthru mac: When a passthru mac entry is deleted, the pipes associated with the entry are intended to be removed, followed by the... Reid Linnemann
06:45 PM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: passthru mac is a separate issue Reid Linnemann

05/21/2022

05:57 PM pfSense Packages Todo #13190: Update System_Patches package for pfSense+ 22.05: That's expected with those patches in 22.05. The system patches package should be updated for 22.05. Steve Wheeler
04:40 PM pfSense Packages Todo #13190: Update System_Patches package for pfSense+ 22.05: Fixed subject spelling error. Kris Phillips
04:38 PM pfSense Packages Todo #13190 (Closed): Update System_Patches package for pfSense+ 22.05: The System_Patches package shows patches "pre-applied" that are fixes from 22.01 going into 22.05. It also recommend... Kris Phillips
05:24 PM pfSense Packages Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration: Now works correctly. Marcos M
04:57 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: FreshPorts has the 6.0.4 package upstream. We should pull this for the pfSense package:
https://www.freshports.or... Kris Phillips
04:55 PM Bug #4451: Status DHCP Leases shows double entries for static entries without IP address: This is still present in 22.01 and 22.05-BETA build from May 20th. Kris Phillips
01:00 PM pfSense Plus Todo #13189 (Resolved): Input validation should reject the combination of DCO and P2P mode: DCO has issues with OpenVPN's peer-to-peer mode (tunnel network /30-/32) and we should prevent that combination of se... Jim Pingle
07:51 AM Bug #13105 (Resolved): DNS Forwarder custom options may fail after save/restore when options are only separated by newline: Tested backing up a config file with (from the system running 2.7.0.a.20220520.0600) the following custom options in ... Danilo Zrenjanin

05/20/2022

07:32 PM Bug #12875: Import zabbix-agent6 and zabbix-proxy6 from FreeBSD Ports: *zabbix-agent6* (pfSense-pkg-zabbix-agent6) and *zabbix-proxy6* (pfSense-pkg-zabbix-proxy6) where added in https://gi... Clemens Bastian
05:49 PM Revision bfb06f9a: Revert "Destroy deleted/disabled IPsec SA. Fixes #13102": This appears to be causing a pileup of swanctl processes on systems with
a significant number of disabled tunnels.
T... Jim Pingle
03:08 PM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: Updating subject for release notes. Jim Pingle
03:08 PM Regression #13176: UPnP port mappings cause kernel panic: Not a problem in a release, so excluding from release notes. Jim Pingle
03:07 PM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Updating subject for release notes. Jim Pingle
03:05 PM Feature #12809: Recover existing SSH keys during installation: Updating subject for release notes. Jim Pingle
09:16 AM Feature #12809 (Resolved): Recover existing SSH keys during installation: Works great on the latest snapshot Jim Pingle
03:05 PM Regression #12873: Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: Updating subject for release notes. Jim Pingle
03:04 PM Feature #12687: Option to disable auto-addition of static routes for ``dpinger``: Updating subject for release notes. Jim Pingle
01:07 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Jim Pingle
01:00 PM Bug #13102 (Feedback): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: Applied in changeset commit:bfb06f9a27785f3c5164b44e004c3be9165f764e. Jim Pingle
12:55 PM Bug #13102 (New): Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php: I had to back the change in commit:d90552c59e51fb13c712b6a96a51ca2462424156 out for now. On systems with a lot of tun... Jim Pingle
11:40 AM pfSense Plus Feature #12546: Add 2FA Support to pfSense Plus Local Database Authentication: Hello,
This would be hugely helpful. Insurance companies are starting to require we implement 2FA across the board... Michael Pace
11:23 AM Bug #13188: states reset on all interfaces: Awesome, thank you! And sorry for posting a duplicate - I did try to search before. Alex Kolesnik
09:06 AM Bug #13188 (Duplicate): states reset on all interfaces: Already done on Plus 22.05/CE 2.7.0 snapshots. See #12092, #8555, and other related similar issues. Jim Pingle
09:01 AM Bug #13188 (Duplicate): states reset on all interfaces: Hi,
When a gateway goes down (in my case it's IPSEC VTI gateway) and "Flush all states when a gateway goes down" s... Alex Kolesnik
10:44 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure: David G wrote in #note-6:
> The reported issue is known. The workaround is to add the following config.
> [ details o... Robert Hardy
09:52 AM pfSense Plus Regression #13183 (Confirmed): ZFS module is loaded on systems without ZFS: The Dashboard instance is fixed, but I also found another way it can happen: During upgrade
Run @pfSense-upgrade@ ... Jim Pingle
08:54 AM Bug #13060 (Resolved): Potential XSS from URL and URL Table alias URLs: No issues on current snapshots Jim Pingle
07:04 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: There are similar problem in 2017, in CE 2.4.0 version
https://forum.netgate.com/topic/109945/error-it-was-not-pos... Sergei Shablovsky
05:05 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: Sergei Shablovsky wrote in #note-2:
> Steve Wheeler wrote:
> > Disbaling RAM disks will not restore access.
>
> ... Sergei Shablovsky
05:00 AM Regression #13182: Enabling /var as a RAM disks conflicts with ZFS: Steve Wheeler wrote:
> Enabling /var as a RAM disk conflicts with existing mounts in ZFS systems.
>
> This most o... Sergei Shablovsky
06:59 AM Regression #13146 (Resolved): Captive Potal: Hosts remain connected after removing them from the table: Tested:... Danilo Zrenjanin
06:52 AM pfSense Docs Correction #13187 (Closed): Azure Frequently asked questions: https://docs.netgate.com/pfsense/en/latest/solutions/azure-appliance/faq.html#is-a-live-update-of-the-software-suppor... Danilo Zrenjanin
12:49 AM Revision 382f76bc: Remove orphaned ram disk backup script: Christian McDonald

05/19/2022

04:03 PM Feature #13125 (Resolved): Option to restore dashboard widget layout: Tested on... Christopher Cope
03:22 PM Regression #13059 (Resolved): Error when saving changes to a disabled OpenVPN client: Tested and fixed in... Christopher Cope
03:05 PM pfSense Docs Correction #13186: Help link on some pages doesn't lead to documents the user might expect: The wizard is always optional, even the first time. You can click the logo to skip it.
The switch bit isn't viable... Jim Pingle
02:08 PM pfSense Docs Correction #13186 (Resolved): Help link on some pages doesn't lead to documents the user might expect: I'm running a 2100 which I've updated and is the latest stable version (22.01) as of this writing.
Clicking the re... Geoff Hilton
01:37 PM Bug #13185 (Resolved): LDAP setup does not display 'Global Root CA List' option unless another CA also exists: When configuring an LDAPs authentication server that uses root CA signed certs, such as Google LDAP, you need to set ... Steve Wheeler
12:18 PM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: My issue has been solved: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filterdns-thread-errors.html
... Tom Huerlimann
11:52 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: I'm sorry for the wrong wording and please excuse that i did not see that the other one is still confirmed.
I saw ... Tom Huerlimann
11:45 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: It was worded as a support question, not a bug report.
The issue you linked is still open, therefore this is redun... Jim Pingle
11:21 AM Bug #13184: pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: It‘s not a request for support, it‘s a request to fix a bug. Can you please mark it as a bug and increase priority as... Tom Huerlimann
11:14 AM Bug #13184 (Not a Bug): pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
11:04 AM Bug #13184 (Not a Bug): pfSense 2.6.0 CE alias table not populated if entries contain at lease one FQDN: Steps to reproduce
1. Login to pfsense WebGUI
2. Firewall > Aliases
3. Name = Test
4. Type = Host(s)
... Tom Huerlimann
12:03 PM Regression #13150: Captive Portal not applying per user bandwidths: This should be fixed by https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/87 , which changed pf etherne... Kristof Provost
11:15 AM Regression #12873 (Resolved): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: Jim Pingle
11:12 AM Regression #12873: Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This seems to work as expected.... Steve Wheeler
10:53 AM Feature #12809 (Feedback): Recover existing SSH keys during installation: Hopefully the last fix necessary: https://github.com/pfsense/FreeBSD-src/commit/2f579c0ea863e061339bce682259dddc7d27c... Jim Pingle
10:36 AM Feature #12809 (In Progress): Recover existing SSH keys during installation: The recover_configxml.sh part is working, I see the console message that it recovered the SSH keys. However, they are... Jim Pingle
10:13 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries: Same here, plase fix it. Tom Huerlimann
09:36 AM Bug #12633 (Resolved): Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: I retested on the SG-5100 as a PPPoE client. It works as expected. After unplugging the cable from the PPPoE parent i... Danilo Zrenjanin
08:47 AM pfSense Plus Regression #13183: ZFS module is loaded on systems without ZFS: Looks good so far. Applied patch on a 1000 and 3100 and rebooted, logged back into the GUI and the module remained un... Jim Pingle
08:32 AM pfSense Plus Regression #13183 (Feedback): ZFS module is loaded on systems without ZFS: This should do it: https://gitlab.netgate.com/pfSense/factory/-/merge_requests/61 Christian McDonald
08:15 AM pfSense Plus Regression #13183 (Resolved): ZFS module is loaded on systems without ZFS: A recent change in behavior is leading to the ZFS module getting loaded on systems that lack ZFS. When the user logs ... Jim Pingle
08:22 AM Bug #12870 (Resolved): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I can't reproduce this on any of my Namecheap entries on today's snapshot with the fix in place. Looks good to me.
Jim Pingle
07:47 AM Bug #13164 (Resolved): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: Tested:... Danilo Zrenjanin
07:13 AM Bug #13174 (Resolved): Icon missing for user manager entries with a scope other than "user": Tested:... Danilo Zrenjanin
05:21 AM Bug #13171 (Resolved): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Tested:... Danilo Zrenjanin
03:23 AM Bug #13131 (Resolved): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Tested:... Danilo Zrenjanin

05/18/2022

07:20 PM Revision 0a008d14: Fix pf rule for 'any' proto. Fixes #4259: Jim Pingle
05:59 PM Revision c5eea399: Fix up recover_configxml.sh logic. Fixes #12809: * Determine ZFS pool automatically
* Mount cf dataset if it isn't mounted automatically (default is noauto
on lates... Jim Pingle
05:38 PM Bug #13169 (Assigned): captiveportal_ether_delete_entry() does not delete anchors/pipes: Reid Linnemann
05:37 PM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: We still seem to have issues around passthru mac deletion. I see that pipes persist after we remove a mac entry. Reid Linnemann
04:02 PM Regression #13182 (Resolved): Enabling /var as a RAM disks conflicts with ZFS: Enabling /var as a RAM disk conflicts with existing mounts in ZFS systems.
This most obviously presents as a probl... Steve Wheeler
03:48 PM Revision 142ffe35: Delete temporary route file on OpenVPN client disconnect. Fixes #13145: Viktor Gurov
03:42 PM Revision bdffb77d: Close earlier to avoid overlap. Fixes 12870: Gather the information we need from curl and close the handle earlier
rather than passing around the handle unnecessa... Jim Pingle
02:40 PM Feature #13181 (Rejected): add new feature to prevent users for wifi tethering/sharing: Not possible in pf. There is no way to set or change the TTL to a maximum value that would make a difference for that... Jim Pingle
06:19 AM Feature #13181 (Rejected): add new feature to prevent users for wifi tethering/sharing: please add a feature in pfsense to prevent users for wifi tethering/sharing like in mikrotik with ttl. We need this f... Adeel Asghar
02:30 PM Feature #4259 (Feedback): Port forward NAT rules with "any" protocol: Applied in changeset commit:0a008d142f32a667e93c5aeba97938f7b71eff5b. Jim Pingle
02:19 PM Feature #4259 (In Progress): Port forward NAT rules with "any" protocol: I can replicate the error here as well. It's failing to load the firewall rule because it has "proto any" where it sh... Jim Pingle
01:54 PM Feature #12809: Recover existing SSH keys during installation: Additional related fix: https://github.com/pfsense/FreeBSD-src/commit/f08bce6597c45c349a77b302d1f5a538d2283110 Jim Pingle
01:05 PM Feature #12809 (Feedback): Recover existing SSH keys during installation: Applied in changeset commit:c5eea3996c8ab0aa28a720725adbca7d85cf34e4. Jim Pingle
12:43 PM Feature #12809: Recover existing SSH keys during installation: I'll fix the recover_configxml.sh part up. I have some code I'm testing now.
Jim Pingle
12:27 PM Bug #13175 (Resolved): PHP error on MAC entry add/edit: Tested and working correctly on... Christopher Cope
11:15 AM Bug #12870 (Feedback): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Fixed in commit:bdffb77d1aa21770b23ef408ad9fba79d0825ec5 Jim Pingle
10:38 AM Bug #12870 (In Progress): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Seems to be a problem with multiple overlapping curl requests. It doesn't like making new requests when there is one ... Jim Pingle
10:55 AM Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: Applied in changeset commit:142ffe35e82a4114adb06b7d5ddb7d7f70750cf6. Viktor Gurov
10:49 AM Bug #13145 (Feedback): Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed: MR Merged. Jim Pingle
10:00 AM Regression #13178: Incorrect usage of DSCP hex value: The fix works, thank you.
It's worth noting that for the System_Patches package on 2.6.0 *b7b78ea1b14555972efaf7e6... Joshua Niles
12:51 AM pfSense Packages Bug #13180: High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4: not sure why there is strike-through and cannot edit original but this is line of significance in OP:
root 12912 2... RED SKULL
12:48 AM pfSense Packages Bug #13180 (Duplicate): High CPU Utilization with pfb_filter since pfBlockerNG update to devel 3.1.0_4: SPECS:
-----
4 core Broadwell Xeon with SMT disabled in BIOS (0 logical cores)
32 GB DDR4 RAM
Powerd set to Maxi... RED SKULL

05/17/2022

07:12 PM Revision a375d2ac: Merge pull request #4586 from luckman212/outbound-nat-remove-colon: Jim Pingle
05:13 PM Revision a913a049: Fix rule label order and optimize. Fixes #13155: * Changes rule label order so the user label is first when present
* Clean up related redundant/suboptimal code along... Jim Pingle
04:49 PM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: I can reproduce this in my lab with Namecheap as well.
I added some debug logging and it seemed to be getting caug... Jim Pingle
04:01 PM Revision af2fcf5f: Merge pull request #4585 from luckman212/fix-status-dhcpleases-wrong-ifname: Viktor Gurov
04:01 PM Revision 1dbcb405: Merge pull request #4583 from luckman212/add-restore-dashboard-layout: Viktor Gurov
04:01 PM Revision 68ff4b87: Merge pull request #4588 from luckman212/fix-infoblock-placement-firewall_nat_out.php: Viktor Gurov
03:58 PM Regression #13176 (Resolved): UPnP port mappings cause kernel panic: This looks good here too:... Steve Wheeler
01:59 PM Regression #13176: UPnP port mappings cause kernel panic: Tested on @22.05.b.20220517.1621@, port mapping is now created and no panic is triggered. Marcos M
09:30 AM Regression #13176 (Feedback): UPnP port mappings cause kernel panic: This will be fixed in the next snapshot. Kristof Provost
09:16 AM Regression #13176: UPnP port mappings cause kernel panic: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/85
I'll merge that, and merge the change to plus-d... Kristof Provost
06:57 AM Regression #13176: UPnP port mappings cause kernel panic: The panic appears to be in the `nvlist_add_number(nvl, "timestamp", pf_get_timestamp(rule));` line in pf_krule_to_nvr... Kristof Provost
02:40 PM Bug #13093 (Feedback): LDAP authentication fails with extended query and RFC2307 group lookups enabled: The PR above was merged a while ago, needs re-tested.
If there is still a problem this should be moved to 22.09 so... Jim Pingle
02:39 PM Bug #13157 (Resolved): PHP error restoring DHCP lease data on fresh installation:: Tested and working successfully on... Christopher Cope
02:27 PM Feature #9393 (Resolved): Improved support for USB interfaces that may not always be present: Seems to be working about as well as we can hope for here. Maybe in the future we can add dummy entries into the inte... Jim Pingle
02:19 PM Feature #12687 (Feedback): Option to disable auto-addition of static routes for ``dpinger``: PR was merged two months ago. Jim Pingle
02:18 PM Bug #12757: Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``: PR: https://github.com/pfsense/pfsense/pull/4557
Can wait a little. Jim Pingle
02:15 PM Feature #13124: Option to wait for interface selection before displaying firewall rules: Move this ahead since it's a bit late to get in new features with a potentially high impact. Jim Pingle
02:14 PM Regression #13146 (Feedback): Captive Potal: Hosts remain connected after removing them from the table: PR was merged several days ago. Jim Pingle
02:13 PM Todo #13149 (Feedback): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: PR Merged Jim Pingle
12:30 PM Revision ed321966: captiveportal_ether_delete_entry() anchors/pipes delete fix. Issue #13169: Viktor Gurov
12:25 PM Regression #13155 (Feedback): Rule labels in pftop output are not correct: Applied in changeset commit:a913a049bf3c8004a68cc8711251c7a177e0760a. Jim Pingle
11:45 AM Regression #13155: Rule labels in pftop output are not correct: Looks good. Tested on @22.05.b.20220517.0600@.
Before patch @pftop -v label@ did not show rule labels with @USER_R... Marcos M
10:43 AM Regression #13155: Rule labels in pftop output are not correct: Rebased patch. Jim Pingle
11:57 AM Todo #13100 (In Progress): Transition Captive Portal from IPFW to PF: Viktor Gurov
11:13 AM Bug #13164 (Feedback): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/68ff4b874fb41c6de003558911118638f0b06fb0 Viktor Gurov
11:12 AM Feature #13125 (Feedback): Option to restore dashboard widget layout: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/1dbcb4052e2d0b64c4e97b75a073f36a2fc901d1 Viktor Gurov
11:12 AM Bug #13127 (Feedback): DHCP lease list displays wrong interface name in the "Leases in Use" summary if DHCP settings for a disabled interface remain in the configuration: PR merged, thanks!
https://github.com/pfsense/pfsense/commit/af2fcf5f9771adddf11c84db40113f81f7afc2ef Viktor Gurov
09:45 AM pfSense Packages Feature #13179 (New): Search based on CIDR: Search in Alerts for IPs that fall within a range instead of searching for a /32 source address
For example, if I se... Mike Moore
09:32 AM Revision 726c2c89: DSCP usage optimization. Fixes #13178: Viktor Gurov
09:23 AM Bug #13177 (Rejected): pppoe Cannot attach to ng_ether message: Invalid argument.: This is not a problem on its own. It's a side effect of mpd not being updated because the upgrade was not fully compl... Jim Pingle
06:53 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.: 3100 result:... Viktor Gurov
01:34 AM Bug #13177: pppoe Cannot attach to ng_ether message: Invalid argument.: I see the same issue on 3100 appliance, but not on 5100.
seems related to #12688 and https://github.com/pfsense/Free... Viktor Gurov
07:52 AM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: Merged:
https://github.com/pfsense/pfsense/commit/ed321966e14ccf3494536eb67ebb24ad37929833 Viktor Gurov
07:18 AM Bug #13169 (Pull Request Review): captiveportal_ether_delete_entry() does not delete anchors/pipes: Jim Pingle
02:58 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/788 Viktor Gurov
02:10 AM Bug #13169 (New): captiveportal_ether_delete_entry() does not delete anchors/pipes: @pfSense_pf_cp_get_eth_pipes()@ issue is fixed:
https://github.com/pfsense/FreeBSD-ports/commit/1c887f5eb2429fbc8040... Viktor Gurov
07:40 AM Regression #13178 (Feedback): Incorrect usage of DSCP hex value: Applied in changeset commit:726c2c891d56132a57fc6ba33a9d62a37223743d. Viktor Gurov
07:23 AM Regression #13178 (Pull Request Review): Incorrect usage of DSCP hex value: Jim Pingle
04:35 AM Regression #13178: Incorrect usage of DSCP hex value: It possible to use the "tos cs1" format, instead of the hex value.
fix:
https://gitlab.netgate.com/pfSense/pfSens... Viktor Gurov
02:21 AM Regression #13178 (Resolved): Incorrect usage of DSCP hex value: In the firewall UI, certain DSCP selections cause the rule to be created using a DSCP hex, rather than the ToS hex.
... Joshua Niles

05/16/2022

10:33 PM Bug #13177 (Rejected): pppoe Cannot attach to ng_ether message: Invalid argument.: pppoe fails to start after upgrading to 22.05 beta (from 22.01)
No session is ever established,
see
https://fo... net blues
07:37 PM Regression #13176: UPnP port mappings cause kernel panic: Tested with @22.05.b.20220513.0600@ on a ESXi VM by running a network test on a Playstation 5; the result gave NAT2 (... Marcos M
07:35 PM Regression #13176: UPnP port mappings cause kernel panic: See: https://forum.netgate.com/topic/172182/22-05-b-20220513-0600-upnp-crash Steve Wheeler
07:33 PM Regression #13176 (Resolved): UPnP port mappings cause kernel panic: Adding a port mapping via UPnP causes a kerlnel panic in 22.05.
Tested here using GUPnP Universal control point. ... Steve Wheeler
05:12 PM Revision b7ddc1b8: captiveportal_passthru_delete_entry() -> captiveportal_passthrumac_delete_entry(). Fixes #13175: Viktor Gurov
04:31 PM Revision edf6dbfa: User Mgr scope icon corrections. Fixes #13174: Jim Pingle
03:58 PM Regression #12961: CARP event storm when leaving persistent CARP maintenance mode: Florian Apolloner wrote in #note-15:
> I only looked over the code because I am heading out into the weekend but the... Bill Hughes
03:19 PM Bug #13169 (Feedback): captiveportal_ether_delete_entry() does not delete anchors/pipes: Fixed in 1c887f5e Reid Linnemann
11:56 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: I see what I did, I was expecting a single rule and that I should return its dnpipe and dnrpipe, when in actuality th... Reid Linnemann
11:32 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: Getting back 4 entries would indicate to me that the anchor path matches more than one rule, and you are getting the ... Reid Linnemann
11:07 AM Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/captiveportal.inc#L1098
same issue after replacing @$ho... Viktor Gurov
04:33 AM Bug #13169 (Resolved): captiveportal_ether_delete_entry() does not delete anchors/pipes: For some reason, @pfSense_pf_cp_get_eth_pipes()@, and @pfSense_pf_cp_flush()@ does not work properly inside @captivep... Viktor Gurov
02:13 PM Revision 6f0d088a: Port Forward Redirect target IP save fix. Fixes #13171: Viktor Gurov
12:20 PM Bug #13175 (Feedback): PHP error on MAC entry add/edit: Applied in changeset commit:b7ddc1b810f16c827cb6e61b6316a23c649d1e1c. Viktor Gurov
11:53 AM Bug #13175 (Pull Request Review): PHP error on MAC entry add/edit: Jim Pingle
11:50 AM Bug #13175: PHP error on MAC entry add/edit: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/787 Viktor Gurov
11:45 AM Bug #13175 (Resolved): PHP error on MAC entry add/edit: ... Viktor Gurov
11:40 AM Bug #13174 (Feedback): Icon missing for user manager entries with a scope other than "user": Applied in changeset commit:edf6dbfa7d03460303d9aa16dc67334f9bbf3c01. Jim Pingle
11:30 AM Bug #13174 (Resolved): Icon missing for user manager entries with a scope other than "user": There is supposed to be an icon before each user manager entry to indicate the scope (e.g. system, user) but currentl... Jim Pingle
11:35 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Updating subject for release notes. Jim Pingle
11:30 AM Bug #13171 (Feedback): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Applied in changeset commit:6f0d088a8451802aacd4e7fa6be95d00707babd9. Viktor Gurov
11:13 AM Bug #13171 (Pull Request Review): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Jim Pingle
09:14 AM Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/785 Viktor Gurov
06:06 AM Bug #13171 (Resolved): Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule: Tested on 22.01 but I saw the same issue on 21.05_p2 too.
To reproduce this issue:
- I created alias for internal... Azamat Khakimyanov
09:07 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: The internal name "wan" has nothing to do with your custom name "WAN" or "WAN_TEST".
The only references I see which... Jim Pingle
08:52 AM Bug #13170: Internet (IPV6-)connectivity gone due to renaming WAN-interface: Jim, could you please take me serious!
Hereby two config files:
- my actual config and
- the same config with th... Louis B
08:12 AM Bug #13170 (Incomplete): Internet (IPV6-)connectivity gone due to renaming WAN-interface: There isn't nearly enough information here to classify this as a bug. The interface name itself isn't referenced anyw... Jim Pingle
04:55 AM Bug #13170 (Not a Bug): Internet (IPV6-)connectivity gone due to renaming WAN-interface: Hello,
Yesterday I discovered that my IPV6 was not working any longer, despite the fact the both IPV4 and IPV6-gat... Louis B
08:18 AM Bug #13164 (Pull Request Review): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: Jim Pingle
08:15 AM Feature #13173 (Duplicate): Config restore could/should be better: Duplicate of #13172 Jim Pingle
06:42 AM Feature #13173 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:15 AM Feature #13172 (Duplicate): Config restore could/should be better: Duplicate of #3696 Jim Pingle
06:41 AM Feature #13172 (Duplicate): Config restore could/should be better: Today I was trying to solve issues by partly restoring old config files. A few things about that:
- I think it is ... Louis B
08:00 AM pfSense Packages Bug #13166 (Pull Request Review): IPsec Export: Apple Profile generates invalid configuration: Jim Pingle
02:53 AM pfSense Packages Bug #13166: IPsec Export: Apple Profile generates invalid configuration: fix:
https://gitlab.netgate.com/pfSense/factory-ports/-/merge_requests/56 Viktor Gurov
07:57 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: → luckman212 wrote in #note-10:
> I was just looking at Open issues marked "very high" and this still comes up -- sh... Jim Pingle
07:56 AM Regression #13150: Captive Portal not applying per user bandwidths: Thinking about this a bit more, it's expected that ... Kristof Provost
07:54 AM Feature #4259 (New): Port forward NAT rules with "any" protocol: Jim Pingle
07:53 AM Feature #13168: Multiple Dashboard views for a single user: A: Please do not set a target version on issues. Feature planning and resource allocation are something we determine ... Jim Pingle
03:29 AM Bug #11764 (Feedback): IPv6 link local gateway default status not indicated in GUI: Daryl Morse wrote in #note-7:
> I was running 2.7.0-dev up to around mid-January, then I shut it down to test the 2.... Viktor Gurov

05/15/2022

04:28 PM Feature #13168 (New): Multiple Dashboard views for a single user: Dear pfSense Dev Team!
Dashboard - by determination are **place where results of analytics in form of charts AND/O... Sergei Shablovsky
03:05 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error: Saved before I added the affected version: 2.6.0-RELEASE (amd64) Chris C
03:03 PM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error: Dynamic DNS updates using the DigitalOcean plugin are failing, it looks like phpDynDNS isn't expecting a hyphen in th... Chris C
02:43 PM pfSense Packages Bug #13166 (Resolved): IPsec Export: Apple Profile generates invalid configuration: Using 3DES for IPsec P1 and P2, the exported apple profile shows @DES3@ instead of @3DES@. This prevented a MacOS lap... Marcos M
02:33 PM pfSense Packages Bug #12948 (Resolved): IPsec Profile Wizard/Windows: Script generated for IKEv2 VPN using GCM does not use an optimal Phase 2 hash configuration: Now works. Marcos M
11:32 AM Regression #12873 (Feedback): Hyper-V RSC support in ``hn(4)`` driver is enabled by default and results in very low throughput: This patch is now in 2.7 and 22.05-beta snapshots. Steve Wheeler
10:53 AM Bug #9295: IPv6 PD does not work with PPPOE (Server & Client): @Flole have you tested this on any recent builds? There've been a lot of upstream fixes so, would be worth a try. I d... → luckman212
10:49 AM Bug #9123: Adding/configuring vlan on ixl-devices causes aq_add_macvlan err -53, aq_error 14: I was just looking at Open issues marked "very high" and this still comes up -- should it be closed? → luckman212
10:47 AM pfSense Packages Bug #13115: WireGuard panic due to KBI changes in ```udp_tun_func_t()```: @cmcdonald looks like John/Trond worked up a patch and it's been committed, see https://cgit.freebsd.org/ports/commit... → luckman212
01:48 AM Feature #13165 (Pull Request Review): Feat: live update for Services dashboard widget: I noticed that the Services dashboard widget did not live-update as services are modified. If a service dies or is st... → luckman212

05/14/2022

05:32 PM Bug #13158: Input validation error when applying limiter changes: Triggering this error on a couple of queues, then saving while on the pipe page leads to the queues being saved with ... Marcos M
01:01 PM Feature #4259: Port forward NAT rules with "any" protocol: I am still seeing the same error
2.7.0.a.20220513.0600
There were error(s) loading the rules: /tmp/rules.debug... Alhusein Zawi
06:52 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Sergei Shablovsky wrote in #note-3:
> Jim Pingle wrote in #note-1:
> > Do you mean increase? Decreasing distance wo... Sergei Shablovsky
06:40 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Jim Pingle wrote in #note-1:
> Do you mean increase? Decreasing distance would make them closer together and more li... Sergei Shablovsky
06:35 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Jim Pingle wrote in #note-1:
> What "two commands" are you referring to?
>
> Flashing NIC LEDs would vary by hard... Sergei Shablovsky
04:08 AM Revision b6669022: fix infoblock placement on firewall_nat_out.php - redmine #13164: → luckman212

05/13/2022

11:11 PM Bug #13164: Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: PR: https://github.com/pfsense/pfsense/pull/4588 → luckman212
10:06 PM Bug #13164 (Resolved): Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode: @firewall_nat_out.php@ has a bug where the infoblock (i) is displayed wayyy off to the left of the main table when in... → luckman212
06:21 PM Revision 17c43ebc: Ensure same type comparison. Additional fix #13059: Marcos M
06:06 PM Revision eca0a3ac: mkdir before restoring extra data. Fixes #13157: Viktor Gurov
04:36 PM Bug #12440 (Resolved): Zero-value prefix IPv6 addresses are mishandled: Testes and working as expected on... Christopher Cope
03:13 PM Feature #12616 (Resolved): Option to filter state table contents by rule ID: Tested successfully on... Christopher Cope
01:40 PM Revision f653dfe6: ovpn-dnslinkup: do not set interface routes for DNS servers: If the OpenVPN server provides DNS server information (and 'Pull DNS' is
set) we add these DNS servers to our DNS con... Kristof Provost
01:31 PM Revision 620a9745: check_dnsavailable() improvement. Fixes #13162: Viktor Gurov
01:30 PM Regression #13059 (Feedback): Error when saving changes to a disabled OpenVPN client: Applied in changeset commit:17c43ebc182ebd147f50713b4bce5d6e3c072535. Marcos M
01:20 PM Bug #13157 (Feedback): PHP error restoring DHCP lease data on fresh installation:: Applied in changeset commit:eca0a3acd2e806a4bfb56d23413dafdd782a3280. Viktor Gurov
12:04 PM Bug #13157 (Pull Request Review): PHP error restoring DHCP lease data on fresh installation:: Jim Pingle
11:51 AM Bug #13157: PHP error restoring DHCP lease data on fresh installation:: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/784 Viktor Gurov
01:20 PM Bug #11629 (Feedback): PPPoE WAN IP address different than expected when set static by ISP: Merged Viktor Gurov
01:17 PM Todo #12701 (Feedback): Reorganize CARP status page: Merged Viktor Gurov
12:59 PM Revision b7ca68bc: Print correct pkg name. Fixes #13163: Jim Pingle
12:06 PM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: Jim Pingle
10:24 AM pfSense Packages Feature #13160: Option to sort monitoring graph views: updated PR: https://github.com/pfsense/FreeBSD-ports/pull/1167
I reworked this so everything is self-contained in ... → luckman212
12:06 AM pfSense Packages Feature #13160 (Pull Request Review): Option to sort monitoring graph views: By default, RRD (Status -> Monitoring) tabs are just displayed in order of creation. This can get a bit messy. This s... → luckman212
09:01 AM pfSense Packages Bug #13153 (Feedback): Static routes bound to WireGuard interfaces are not restored after down / up events: Merged https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/152 and synced upstream. Look for v0.1.6_2 of the... Christian McDonald
08:40 AM Regression #13162 (Feedback): Upgrade does not work when using only IPv6 DNS servers: Applied in changeset commit:620a974509585d341120662508f011deca2bd8b5. Viktor Gurov
08:14 AM Regression #13162 (Pull Request Review): Upgrade does not work when using only IPv6 DNS servers: Jim Pingle
05:48 AM Regression #13162: Upgrade does not work when using only IPv6 DNS servers: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/781 Viktor Gurov
04:53 AM Regression #13162 (Resolved): Upgrade does not work when using only IPv6 DNS servers: When only IPv6 DNS servers are used (in general config) GUI update is not functional.
Following message is displayed... Sietse van Zanen
08:30 AM Regression #13163 (Feedback): Incorrect variable in package error message results in "Array" being printed instead of package name: Applied in changeset commit:b7ca68bc5a4bbbd38a305bacb8ea19370082f66a. Jim Pingle
07:53 AM Regression #13163 (Resolved): Incorrect variable in package error message results in "Array" being printed instead of package name: If the package system fails to find a package in the repository it's printing the name incorrectly in the error:
<... Jim Pingle
08:11 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: I've gotten used to the pinch and zoom when doing stuff on mobile. Yes the buttons are small, but I agree with Jim - ... → luckman212
07:27 AM Todo #13159: Decrease distance between img-buttons in webGUI to eliminate mistake entry: Do you mean increase? Decreasing distance would make them closer together and more likely to be hit accidentally.
... Jim Pingle
07:31 AM Feature #13161: FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: What "two commands" are you referring to?
Flashing NIC LEDs would vary by hardware/driver/etc. There isn't a gener... Jim Pingle
03:05 AM Feature #13161 (New): FLASH PORT'S LED button, to help quickly find port that need to be connected to patch&cable: Dear pfSense Dev Team!
Seems there are reason to making FLASH PORT'S LED button in sections Interface (and State /... Sergei Shablovsky
04:49 AM Regression #13150 (In Progress): Captive Portal not applying per user bandwidths: Viktor Gurov
04:48 AM Regression #13150: Captive Portal not applying per user bandwidths: Kristof Provost wrote in #note-8:
> No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to app... Viktor Gurov

05/12/2022

09:15 PM Todo #13159 (New): Decrease distance between img-buttons in webGUI to eliminate mistake entry: Hi, dear pfSense Dev Team!
Please, decrease distance between img-buttons in “Action” column in most webGUI pages t... Sergei Shablovsky
08:30 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I also played around with @devd@, adding something like this to @/usr/local/etc/devd/custom.conf@:... → luckman212
08:12 PM pfSense Packages Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events: I found what appears to be the cause, and submitted a small PR:
https://github.com/theonemcdonald/pfSense-pkg-Wire... → luckman212
08:24 AM pfSense Packages Bug #13153 (Resolved): Static routes bound to WireGuard interfaces are not restored after down / up events: h5. This was tested on today's 22.05 snap: 22.05.b.20220512.0600 using WG package 0.1.6_1 / kmod-0.0.20211105_1
h... → luckman212
07:47 PM Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound: Hey Netgate,
What happened to this fix... I see that the 22.05 beta is out and this bug is still set to CE-NEXT an... Dennis Adler
12:10 PM Bug #13158 (Resolved): Input validation error when applying limiter changes: Tested on @22.05.b.20220512.0600@.
# make a change to a limiter queue; save
# click on the queue to reload the pa... Marcos M
12:02 PM Regression #12834: Only TCP traffic is passed outbound through IPFW: I don't see any immediate reason it should not be working, the patch is definitely applied and the pass all not layer... Reid Linnemann
12:00 PM pfSense Docs Todo #12990 (Closed): Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: Marcos M
11:55 AM Bug #9024 (Feedback): Ping packet loss under load when using limiters: Marcos M
11:48 AM Bug #9024: Ping packet loss under load when using limiters: This seems to be resolved with 22.05. Testing with iperf3 client behind the firewall, and an iperf3 server a couple o... Marcos M
11:42 AM Bug #13157 (Resolved): PHP error restoring DHCP lease data on fresh installation:: Restoring a configuration with DHCP lease data can lead to a PHP error when restoring during a fresh install:
<pre... Jim Pingle
11:25 AM Regression #12915 (Resolved): ``diag_pftop.php`` does not fully encode output: Working properly on current snapshots. Jim Pingle
11:18 AM pfSense Packages Regression #13156: pfBlockerNG IP block stats do not work: pfBlockerNG page shows:
> When manually creating 'Alias' type firewall rules; Prefix the Firewall rule Description wi... Marcos M
11:16 AM pfSense Packages Regression #13156 (Resolved): pfBlockerNG IP block stats do not work: On 22.01, the filter log rules description includes the rule id in parenthesis. This breaks the IP block tracking for... Marcos M
11:10 AM Bug #12900 (Duplicate): Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout: Marcos M
11:10 AM Regression #13155 (Pull Request Review): Rule labels in pftop output are not correct: MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/780
After applying the patch to test, check the co... Jim Pingle
11:06 AM Regression #13155 (Resolved): Rule labels in pftop output are not correct: The output from @pftop@ uses the first label from the rule, so it's getting other incorrect labels now such as the ru... Jim Pingle
08:50 AM pfSense Packages Todo #12354 (Feedback): Update haproxy-devel to mitigate CVE-2021-40346: Merged:
https://github.com/pfsense/FreeBSD-ports/commit/8e2872d9734568b53d87285de1c50a21f0560551 Viktor Gurov
08:14 AM pfSense Packages Todo #12354 (Pull Request Review): Update haproxy-devel to mitigate CVE-2021-40346: Jim Pingle
12:58 AM pfSense Packages Todo #12354 (New): Update haproxy-devel to mitigate CVE-2021-40346: revert:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/237 Viktor Gurov
08:46 AM pfSense Packages Bug #13154: pfBlocker causing excessive CPU load: I'm also the OP for that ticket, too. Michael Novotny
08:44 AM pfSense Packages Bug #13154 (Duplicate): pfBlocker causing excessive CPU load: Almost certainly a duplicate of #12827 and not a unique issue. Jim Pingle
08:42 AM pfSense Packages Bug #13154 (Resolved): pfBlocker causing excessive CPU load: After killing that process (/usr/local/bin/php_pfb), my bandwidth & CPU usage was back to normal.
I'm running this o... Michael Novotny
07:11 AM Regression #13150: Captive Portal not applying per user bandwidths: No, that won't work on ethernet rules. The 'dnpipe (1, 2)' syntax tell pf to apply pipe 1 on forward traffic, and pip... Kristof Provost
04:21 AM Regression #13150: Captive Portal not applying per user bandwidths: Looks like dnpipe issue.
Maybe we should use L3-like dnpipe syntax, like:... Viktor Gurov
06:08 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: Duplicate of #13134 Viktor Gurov
05:22 AM Bug #13152 (Duplicate): Disconnecting PPPoE generates PHP error: I noticed this issue on the:... Danilo Zrenjanin
05:39 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Danilo Zrenjanin wrote in #note-10:
> Tested the patch:
> [...]
>
> After removing the cable on the PPPoE (WAN) ... Viktor Gurov
04:48 AM Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect: Tested the patch:... Danilo Zrenjanin
04:24 AM Bug #13148 (Feedback): Traffic passed by Captive Portal cannot use limiter queues on other rules: Merged:
https://github.com/pfsense/FreeBSD-src/commit/faf3efce30185573cfd263d019b2efa2745842af Viktor Gurov

05/11/2022

11:59 PM Revision fa2e511d: pfSense: Fix missing global decl in captiveportal_get_last_activity. Fixes #13147: linnemannr
07:52 PM pfSense Docs Todo #12990: Feedback on pfSense® software Configuration Recipes — Configuring CoDel Limiters for Bufferbloat: #9263 is no longer an issue with 22.05, and potentially neither is #9024. Something that's not clear is that if fq_co... Marcos M
07:10 PM Regression #13147 (Feedback): Captive Portal: Idle timeout does not see activity: Applied in changeset commit:fa2e511df4765c6e15b390214dd0a7b5868960d9. Anonymous
07:07 PM Regression #13147: Captive Portal: Idle timeout does not see activity: Additionally, the function captiveportal_get_last_activity() did not declare $config as a global, so the zone id was ... Reid Linnemann
01:12 PM Regression #13147: Captive Portal: Idle timeout does not see activity: It returns an empty array because the function never actually called pf_ctl_get_eth_rules() to get the rules before i... Reid Linnemann
05:30 AM Regression #13147: Captive Portal: Idle timeout does not see activity: @pfSense_pf_cp_get_eth_last_active("{$anchor}/{$ip}_32")@ returns empty array Viktor Gurov
05:24 AM Regression #13147: Captive Portal: Idle timeout does not see activity: Related to:
https://github.com/pfsense/pfsense/commit/978ea0858dd24d1cbcca02a69a501e0ef37c11da Viktor Gurov
05:47 PM Revision 6578d950: Fix JS for mobile IPsec disconnect. Fixes #13131: Jim Pingle
05:45 PM Bug #12737: CA path is not defined when using ``curl`` in the shell: For reference, the cert store can be specified:
> curl -vso /dev/null --cacert /etc/ssl/certs/a734448e.0 --connect-ti... Marcos M
03:25 PM Revision 0db2b0ff: Captive Portal per user bandwidths fix. Issue #13150: Viktor Gurov
03:23 PM Feature #7727 (Resolved): uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port: Lots of positive feedback on the forum here showing it's working as well as can be expected now.
There are still s... Jim Pingle
03:20 PM Regression #13106 (Resolved): ``pfanchordrill`` treating errors as anchor names: This one is fixed. Jim Pingle
03:17 PM Regression #13011 (Resolved): Ruleset can fail to load on snapshot from March 31st: Fixed and working for a while now. Jim Pingle
03:16 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail: Still no meaningful feedback here, can keep waiting until someone who can replicate the original problem can confirm ... Jim Pingle
03:14 PM Feature #8861 (Resolved): Show SFP module details on ``status_interfaces.php``: Looks great now:
!2022-05-11_16-13.png! Jim Pingle
03:10 PM Regression #12816 (Resolved): Namecheap Dynamic DNS responses are not parsed properly: This has been working well since it went in. Jim Pingle
02:52 PM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: https://gitlab.netgate.com/pfSense/FreeBSD-src/-/merge_requests/83 should fix the problem.
Kristof Provost
09:28 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: It looks like you need to have multiple queues defined on the pipe for this to manifest. Kristof Provost
06:58 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules: Do you have anything special configured for captive portal? Bandwidth restrictions or something?
I've tried to rep... Kristof Provost
02:48 PM Feature #12675 (Resolved): Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file: This is working very well. Option is active after config restore, it's only in the config, no more flag file. All OK. Jim Pingle
12:55 PM Bug #13131 (Feedback): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Applied in changeset commit:6578d9501401287f72be543b159e2f6b19d5e736. Jim Pingle
12:46 PM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: I was able to replicate the problem and have a fix. Jim Pingle
12:43 PM Bug #13131 (In Progress): Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Jim Pingle
05:27 AM Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen: Tested:... Danilo Zrenjanin
12:50 PM Regression #13150 (Confirmed): Captive Portal not applying per user bandwidths: With that patch the pipes are created correctly:... Steve Wheeler
10:52 AM Regression #13150 (Feedback): Captive Portal not applying per user bandwidths: Merged:
https://github.com/pfsense/pfsense/commit/0db2b0ff8b44d4b99a488ee798041a056a00dd10 Viktor Gurov
10:31 AM Regression #13150 (Pull Request Review): Captive Portal not applying per user bandwidths: Jim Pingle
10:26 AM Regression #13150: Captive Portal not applying per user bandwidths: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/778 Viktor Gurov
08:32 AM Regression #13150 (Resolved): Captive Portal not applying per user bandwidths: Enabling 'Per-user bandwidth restriction' in the captive portal and setting limits does not apply them to the created... Steve Wheeler
12:45 PM Bug #13132 (Resolved): Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: I was getting the error only when manually added sshdata tags in the following order:... Danilo Zrenjanin
06:12 AM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore: Tested the patch against:... Danilo Zrenjanin
12:41 PM Feature #9091 (Resolved): Chelsio TOE support using the ``t4_tom`` module: Tested:... Danilo Zrenjanin
12:29 PM Feature #13109 (Resolved): Trim whitespace from MAC addresses in user input: Tested and working successfully on... Christopher Cope
12:27 PM Revision dfd4d0e9: remove colon to stay consistent with the rest of the GUI: → luckman212
12:27 PM Regression #13122 (Resolved): PHP error from Captive Portal status on current development snapshots: Tested:... Danilo Zrenjanin
12:13 PM Regression #13123 (Resolved): PHP error from Captive Portal at boot on current development snapshots: Tested:... Danilo Zrenjanin
12:09 PM Revision 7610a397: Cleanup PPPoE VIPs on interface down to fix IP address order. Issue #11629: Viktor Gurov
11:18 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: Want to tell again on version of haproxy that now this actions not needed, please remove them DRago_Angel [InV@DER]
10:14 AM pfSense Packages Todo #12354: Update haproxy-devel to mitigate CVE-2021-40346: This patch seems to conflict with http-request redirect action:... Micha Kersloot
10:30 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the "Net... Jim Pingle
10:02 AM Bug #13151 (Not a Bug): DNS Resolver (unbound) leaking DNS queries: Not sure if this is a bug or a misconfiguration/misunderstanding of unbound on my part?
Platform: pfSense+ 22.01-R... Michael Mercier
08:50 AM pfSense Docs Todo #13143 (Closed): minor correction: WireGuard Remote Access VPN Configuration Example: Pushed a fix, it'll be public when the build finishes in a few minutes. Jim Pingle
06:37 AM pfSense Docs Todo #13143: minor correction: WireGuard Remote Access VPN Configuration Example: screenshot
!clipboard-202205110737-gbfno.png!
→ luckman212
08:06 AM Bug #11629 (Pull Request Review): PPPoE WAN IP address different than expected when set static by ISP: Jim Pingle
07:10 AM Bug #11629: PPPoE WAN IP address different than expected when set static by ISP: fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/777 Viktor Gurov
06:40 AM Bug #11629 (Confirmed): PPPoE WAN IP address different than expected when set static by ISP: able to reproduce on pfSense-2.7.0.a.20220511.0600 Viktor Gurov
08:05 AM Todo #13149: Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: related forum post: https://forum.netgate.com/topic/172102/updating-texts-that-are-referenced-by-gettext-translations... → luckman212
08:04 AM Todo #13149 (Pull Request Review): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Jim Pingle
07:32 AM Todo #13149 (Resolved): Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header: Firewall → NAT → Outbound → Automatic rules table header has a @:@ after it, which is not seen anywhere else in the G... → luckman212

Also available in: Atom

Project

General

Profile

pfSense

Activity

Activity

06/09/2022

06/08/2022

06/07/2022

06/06/2022

06/05/2022

06/04/2022

06/03/2022

06/02/2022

06/01/2022

05/31/2022

05/30/2022

05/29/2022

05/28/2022

05/27/2022

05/26/2022

05/25/2022

05/24/2022

05/23/2022

05/22/2022

05/21/2022

05/20/2022

05/19/2022

05/18/2022

05/17/2022

05/16/2022

05/15/2022

05/14/2022

05/13/2022

05/12/2022

05/11/2022