Project

General

Profile

Activity

From 12/06/2022 to 01/04/2023

01/04/2023

08:34 PM Revision bf6f57e4: Fix cron job removal. Fixes #13833
Jim Pingle
04:38 PM Feature #13836 (Duplicate): Show all rules that have effect
I recently learned that there are MANY rules that have effect in pfSense, but are not shown in UI.
For instance rule... Nazar Mokrynskyi
04:22 PM pfSense Packages Regression #13828 (Closed): ACME cron jobs persist after the package is uninstalled
Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
04:22 PM pfSense Packages Regression #13817 (Closed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
Fixed in https://redmine.pfsense.org/issues/13833 Marcos M
03:59 PM Regression #13835 (Duplicate): Cron jobs are not properly removed
Duplicate of https://redmine.pfsense.org/issues/13833 (fix already committed) Jim Pingle
03:10 PM Regression #13835 (Duplicate): Cron jobs are not properly removed
See https://redmine.pfsense.org/issues/13827#note-4
> Instead, I believe this issue was introduced by a recent chang... Marcos M
03:56 PM Revision 02724a5a: Fix copy/paste error. Issue #13831
Jim Pingle
03:50 PM Revision 5df5c9b4: Fix catch syntax and variable usage. Fixes #13831
* Add variable back to catch statement
* Use the exception message
* Correct error message when this exception is thr... Jim Pingle
03:12 PM pfSense Plus Regression #13613 (Resolved): OpenVPN crashes due to if_tuntap changes
Marcos M
03:10 PM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled
This issue may be closed and marked either "resolved" or "not a bug" as desired. It was addressed by this Changeset: ... Bill Meeks
11:34 AM pfSense Packages Bug #13830: Snort cron jobs persist after the package is uninstalled
Update -- this is not actually a problem within the Snort GUI package. Instead, the issue is the result of a PHP 8.1 ... Bill Meeks
09:05 AM pfSense Packages Bug #13830 (Resolved): Snort cron jobs persist after the package is uninstalled
Uninstalling the package does not remove the cron jobs added when the service is configured/enabled. Similar to https... Bill Meeks
02:46 PM pfSense Docs New Content #13834 (Resolved): Document 22.05.1 release
Document the 22.05.1 point release (similarly to 21.02.1).
https://docs.netgate.com/pfsense/en/latest/releases/ver... Marcos M
02:44 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled
PR merged, thanks! Jim Pingle
02:05 PM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
I made some changes to the Suricata uninstall code to ensure all code paths perform config writes before exiting. Tho... Bill Meeks
11:21 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
After some further investigation and testing, I'm not convinced the problem is within the package code. Instead, I be... Bill Meeks
09:03 AM pfSense Packages Regression #13827: Suricata cron jobs persist after the package is uninstalled
This was actually broken, it appears, 6 years ago by this commit: https://github.com/pfsense/pfsense/commit/b2bb49709... Bill Meeks
02:40 PM Regression #13833 (Feedback): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
Applied in changeset commit:bf6f57e4f857fd5a66d1e0a35c2b43c320da3c66. Jim Pingle
02:34 PM Regression #13833 (Resolved): Cron jobs are not removed by ``install_cron_job`` when set inactive as they should be
There is a regression in @install_cron_job@ where it fails to remove cron jobs when they are set inactive (@$active =... Jim Pingle
12:36 PM pfSense Packages Todo #13306 (Feedback): Update NUT to version 2.8.0 to match FreeBSD Packages
PR https://github.com/pfsense/FreeBSD-ports/pull/1175 Merged
Will be in snapshots overnight.
 Jim Pingle
12:17 PM pfSense Packages Todo #13306: Update NUT to version 2.8.0 to match FreeBSD Packages
Also updating for PHP 8.1 Denny Page
11:17 AM Feature #13832 (New): Allow Slack notification API URL override
Slack notifications were added in #12291 .
Currently it's hardcoded to always post to `https://slack.com/api/chat.... Ulrich Petri
10:27 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Jim Pingle wrote in #note-3:
> Reopening this since there is a bit more to think about here.
Perhaps another ch... Loh Phat
09:03 AM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Reading this again, perhaps I misunderstood. I was talking about assigned interfaces since you mentioned interfaces s... Jim Pingle
08:53 AM pfSense Packages Bug #13829: WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Jim Pingle wrote in #note-1:
> Interface rules are usually removed when removing an interface from assignments, which... Loh Phat
08:19 AM pfSense Packages Bug #13829 (Not a Bug): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
Interface rules are usually removed when removing an interface from assignments, which is a manual process and not pa... Jim Pingle
10:05 AM Regression #13831 (Feedback): Syntax error in /etc/inc/util.inc on line 3655
Applied in changeset commit:5df5c9b48aabacf223b29d7857d3c27486b8f591. Jim Pingle
09:55 AM Regression #13831: Syntax error in /etc/inc/util.inc on line 3655
This isn't plus specific, it was just noticed there first.
This would happen only if an invalid Cisco ACL rule is ... Jim Pingle
09:50 AM Regression #13831 (In Progress): Syntax error in /etc/inc/util.inc on line 3655
Jim Pingle
09:50 AM Regression #13831 (Resolved): Syntax error in /etc/inc/util.inc on line 3655
When upgrading from 22.05 to 23.01 with a specific config:... Steve Wheeler
09:12 AM pfSense Packages Bug #12178: WireGuard always shows 'Configuring WireGuard tunnels...done.' message on boot
Have to hop on this. This message (Configuring WireGuard tunnels) shows up couple of minutes if the interface the WG ... Car F

01/03/2023

08:42 PM Revision b756f227: Restore resolver host override sorting.
Jim Pingle
03:59 PM Revision a5c284f3: Fix #13799: Unbound python module persistently shows enabled in resolver settings.
Christian McDonald
02:31 PM pfSense Packages Bug #13829 (New): WG not removing interface rules from config even if "Keep Configuration" is unchecked before pkg removal
In the pfsense (22.05) config.xml there was a section of rules for the "WireGuard" package i/f. I had tried the pack... Loh Phat
02:25 PM pfSense Plus Bug #13602: OpenVPN fails to start again if it crashes with DCO enabled
I have the same issue. I have to run *ifconfig ovpns3 destroy* to allow the DCO enabled OpenVPN server to restart.
... Dean Arnold
02:02 PM pfSense Packages Regression #13828 (Resolved): ACME cron jobs persist after the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
01:46 PM pfSense Packages Regression #13827 (Resolved): Suricata cron jobs persist after the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest package.
Uninstalling the package does not remove the cron jobs ... Marcos M
12:47 PM Feature #13826 (Duplicate): Update pcsc-lite
Current version in pfSense+ 23.01 is @pcsc-lite-1.9.5,2@.
There have been several fixes to pcsc that are relevant ... Marcos M
12:06 PM pfSense Packages Bug #13798 (Feedback): Crash report with lldpd package and 23.01.b.20221223.0600
Fixed: https://github.com/pfsense/FreeBSD-ports/commit/c0904ba7caffb3edf51ab67ce70dbbd362119987 Jim Pingle
09:30 AM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600
The error in the original report is definitely from problematic code when run under PHP 8.1. It would be most evident... Jim Pingle
11:34 AM Bug #12927: OpenVPN with OCSP enabled allows connections with revoked certificates
OCSP is not checked at all if certificate depth checking is disabled.
openvpn.inc does not place tls-verify into t... Chris Linstruth
11:19 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
Maybe we should pass this one to Reid as he handled https://redmine.pfsense.org/issues/13418 Christian McDonald
11:10 AM Regression #13823 (Confirmed): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
The values used to generate the files by Captive Portal are correct - such as what gets placed in the db and quota tr... Marcos M
08:36 AM Regression #13823 (Not a Bug): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
I agree, it looks right.
In FreeRADIUS the label even mentions MB:
> Enter the amount of download and upload tr... Jim Pingle
08:26 AM Regression #13823: RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
... Christian McDonald
10:57 AM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.
PR Merged. Jim Pingle
10:57 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
PR Merged. Jim Pingle
10:44 AM Regression #13818: OpenVPN fails to start when a related static route already exists
Static routes for non-DCO OpenVPN should always be managed by OpenVPN itself, a dynamic routing protocol, or policy r... Jim Pingle
09:25 AM Regression #13818: OpenVPN fails to start when a related static route already exists
Tested on 23.01 BETA for Dec 30. Can confirm this is the case. Kris Phillips
10:41 AM pfSense Docs New Content #13825 (Closed): Add docs for installing/using a debug kernel
Starting with 23.01 there is an option to install a debug kernel that is actually a full debug kernel and not just de... Jim Pingle
10:27 AM pfSense Plus Regression #13824 (Feedback): CPU/Crypto Detection for the 3100 is not functioning properly
Fixed: https://gitlab.netgate.com/pfSense/factory/-/commit/e71c2e7ea3f67f09e6a8fcea7da87eac78c28094
 Jim Pingle
10:22 AM pfSense Plus Regression #13824 (Resolved): CPU/Crypto Detection for the 3100 is not functioning properly
The CPU and crypto detection on the dashboard widget are not functioning properly on the 3100. The CPU information di... Jim Pingle
10:19 AM pfSense Plus Regression #13779 (Resolved): SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module
This change was merged in and is present on current snapshots. It's a module again and the dashboard detects it corre... Jim Pingle
10:05 AM pfSense Plus Bug #13799 (Feedback): Unbound python module persistently shows enabled in resolver settings
Applied in changeset pfsense:commit:a5c284f3214df41f5b00d321bbcc92489285e344. Christian McDonald
09:37 AM pfSense Packages Regression #13817 (New): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
I had originally opened this against just pfBLockerNG-devel, but changed it since I saw it was happening on all packa... Marcos M
07:57 AM pfSense Packages Regression #13817 (Rejected): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
It's up to each package to manage its own cron jobs. There isn't a way for the package manager to know those belong t... Jim Pingle
08:20 AM Bug #13014: Deadlock in Charon VICI interface
After disabling keepalives on all responders, the IPsec has been up for past 8days. Before that it would fail every 1... Roman Kazmierczak
08:16 AM Bug #13014: Deadlock in Charon VICI interface
That could be part of the problem, then, because if there are two P2 entries for the same src/dst in the SPD table it... Jim Pingle
08:02 AM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-42:
> Having overlapping P2 networks isn't really supported either, and could be a source ... David Vazquez
07:47 AM Bug #13014: Deadlock in Charon VICI interface
David Vazquez wrote in #note-41:
> Jim Pingle wrote in #note-40:
> > I have a lot of connections that stay down in ... Jim Pingle
08:10 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test
This is not a useful test compared to testing from a client behind the firewall where it matters more.
Furthermore... Jim Pingle
08:04 AM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package
While it doesn't have the EKUs, it does work, at least last time I tried it before changing that recipe.
 Jim Pingle
08:02 AM Bug #8831 (Closed): Radvd causes latency spikes
Jim Pingle
08:01 AM pfSense Packages Bug #13612 (Resolved): Snort building lists is broken
Jim Pingle
07:54 AM pfSense Plus Regression #13816: Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.
There is an open issue for the 2100 having a similar problem on snapshots (NG internal redmine, 8866), given the simi... Jim Pingle
07:48 AM pfSense Packages Regression #12643 (Resolved): Rule categories are cleared after clicking the save button on the Global Settings page
Jim Pingle
07:44 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console
This is normal and expected. Restoring a past config doesn't activate it, it only changes the configuration data back... Jim Pingle
07:43 AM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
There are two main possibilities here:
1. They are normal errors during the upgrade that wouldn't come back on the... Jim Pingle
07:38 AM Feature #13805: A way to reliably determine if system is the primary or secondary in CARP
At the moment I don't see this being worth spending time on.
Having a manual setting is about the only way to make... Jim Pingle
07:29 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules"
That's what it's supposed to do. When adding new blocks they go into the alias. Only the first new block makes a rule... Jim Pingle
07:28 AM Bug #13802: Incorrect language in Plus registration
I'm pretty sure that comes from Prodtrack as those strings aren't in the code anywhere. Should probably move this to ... Jim Pingle
07:17 AM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports
Fixed: https://gitlab.netgate.com/docs/pfsense-platforms/-/commit/74b5da375e6e837bb078ba798a483b04c6d4d46c Jim Pingle
07:12 AM Regression #13517 (Resolved): Erroneous dhcp6 Messages in Boot log on 22.11
Jim Pingle
07:10 AM pfSense Plus Bug #13338 (Resolved): OpenVPN DCO panics with short UDP packets
Jim Pingle
07:08 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login
It's not feasible. The client can lie about its UUID, there is no way for the server to know that it is accurate and ... Jim Pingle

01/02/2023

10:04 PM Regression #13823 (Rejected): RADIUS attribute pfSense-Max-Total-Octets is not parsed correctly
The RADIUS attribute @pfSense-Max-Total-Octets@ is used in FreeRADIUS with the option @Amount of Download and Upload ... Marcos M
10:17 AM pfSense Packages Bug #13822 (Confirmed): haproxy bug when adding a Frontend containing accented characters in description in generated XML entities
Hello,
Running snapshot from 2022-12-30 and pfsense stable 2.6.0, same bug in haproxy package.
Adding a Frontend... appzer0 appzer0
09:25 AM pfSense Plus Bug #13797: DNS Resolver stops working
Hi there,
First of, happy new year.
I was able to get a new log file, this time with log level 4. Unfortunately, t... Fred Brunken
04:20 AM pfSense Packages Feature #13821: [New package] - DNS Leak Test
PR Submitted -> https://github.com/pfsense/FreeBSD-ports/pull/1211 Luis Moraguez
03:54 AM pfSense Packages Feature #13821 (Rejected): [New package] - DNS Leak Test
I've developed a package that I would like to be made available for other to install via the Package Manager.
I've... Luis Moraguez

01/01/2023

10:35 PM pfSense Docs Todo #13820 (Closed): Feedback on Packages — ACME package
*Page:* https://docs.netgate.com/pfsense/en/latest/packages/acme/index.html
*Feedback:*
The recipe for IPsec Re... Taine Gilliam
08:38 PM Bug #8831: Radvd causes latency spikes
At least for me this is no longer happening so I'd say er can mark it resolved (unless someone else is still seeing t... Flole Systems
08:36 PM Bug #13473: No IPv6 address acquired after reboot/dhcp6c not starting
Further information was provided, so this is not incomplete. Flole Systems
08:34 PM pfSense Packages Bug #13612: Snort building lists is broken
This has been resolved now, so the status is wrong. Flole Systems
06:13 PM Regression #13418 (Resolved): Captive Portal does not keep track of client data usage
The original issue is now resolved; traffic is recorded correctly:... Marcos M
06:54 AM Regression #13418: Captive Portal does not keep track of client data usage
More extended testing demonstrates a NEW issue (see #2 point above for as tested configuration): pre-mature captive p... Dale Harron
05:07 PM pfSense Plus Regression #13819 (Pull Request Review): OpenVPN process PID is not logged correctly
https://gitlab.netgate.com/pfSense/factory/-/merge_requests/90 Marcos M
04:57 PM pfSense Plus Regression #13819 (Resolved): OpenVPN process PID is not logged correctly
Tested on the latest snapshot.
The system logs now show the following when the OpenVPN service is started:
> Jan ... Marcos M
03:41 PM Regression #13818 (New): OpenVPN fails to start when a related static route already exists
Tested on @23.01.b.20221230.0600@.
Steps:
# Configure an OpenVPN client in the GUI (tested with non-DCO); verify ... Marcos M
03:04 PM pfSense Packages Bug #13333 (Resolved): PHP error when saving Suricata rulesets
Marcos M
01:18 PM pfSense Packages Regression #13817 (Confirmed): pfBlockerNG-devel cron jobs persist after the service is disabled or the package is uninstalled
Tested on @23.01.b.20221230.0600@ with the latest pfBlockerNG-devel, Suricata, and ACME packages.
Using pfBlockerN... Marcos M
09:17 AM pfSense Plus Regression #13816 (Resolved): Shutting down an 1100 running 23.01 results in an error. Unsure if operating system has halted.
With a normal shutdown (CLI option 6 or Diagnostics > Halt) in 22.05, the USB console output ends with:... Chris W
04:21 AM pfSense Packages Feature #10818: UDP Broadcast Relay
Is there any way to install 1.0 package in pfSense 2.6? Installation failed, see below. Or do I have to use the older... M J

12/31/2022

02:14 PM Bug #13814 (Rejected): DNS Resolver continue fail to answer queries until I restart the server or wait a couple of minutes the services to work
Hello guys.
I have been testing pfsense 2.7-dev for a while, is my current version on my lan(home)network.
Right ... Peter Moreno
12:17 AM pfSense Packages Feature #13469: Feature/Package request: Wireguard Client/Peer config files export
I think this is a much needed feature and should be prioritized. WireGuard is far superior than OpenVPN and other VPNs. Eric Nix

12/30/2022

06:47 PM Bug #13687: Cannot add limiters named ``new``
Seeing this on build:
23.01-BETA (arm64)
built on Wed Dec 28 03:05:04 UTC 2022
FreeBSD 14.0-CURRENT
I create ... Chris W
04:36 PM pfSense Docs Correction #13813: Minor typo in io ports
The same wording is on the 2100 page as well.
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/io... Christopher Cope
04:01 PM pfSense Docs Correction #13813 (Resolved): Minor typo in io ports
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html#switched-ethernet
Reads... Christopher Cope
03:20 PM Regression #13418: Captive Portal does not keep track of client data usage
Some success, data is now being passed to freeRadius but: (steady state stream of 33 MB/minute, single login per user... Dale Harron
08:53 AM pfSense Packages Bug #13812: Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
The fix for this issue was added to open Pull Request #1210 against DEVEL posted here: https://github.com/pfsense/Fre... Bill Meeks
12:30 AM pfSense Packages Bug #13812 (Resolved): Attempting to change suricata blocking mode on LAN interface from legacy to inline throws a PHP error
WebGUI reports:
The 'lan' interface does not support Inline IPS Mode with native netmap.
However, I then get a cr... John Elliott

12/29/2022

11:07 PM Revision c1bc55a9: Change captive portal counter keys to string keys. Fixes #13418.
String keys for rule counters are introduced in php-pfSense-module v0.89 Reid Linnemann
09:34 PM pfSense Plus Bug #13797: DNS Resolver stops working
Hi,
Thanks for you feedback. As for your questions, well...
The symptom is relatively easy to explain. The Netw... Fred Brunken
09:09 PM pfSense Plus Bug #13797: DNS Resolver stops working
Hello,
There is nothing unusual in the log file provided and there isn't enough information to go on here for a bu... Kris Phillips
09:15 PM Regression #13517: Erroneous dhcp6 Messages in Boot log on 22.11
Tested on Dec 28th builds of 23.01-BETA and these messages are no longer present. This can be marked as Resolved. Kris Phillips
09:12 PM pfSense Packages Bug #13798: Crash report with lldpd package and 23.01.b.20221223.0600
I'm unable to reproduce any issue with the LLPDd package in pfSense 23.01-BETA's December 28th build. Please provide... Kris Phillips
09:03 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
Jonas R wrote in #note-6:
> FWIW: I get these errors whenever I (try to) delete a snapshot that is the parent snapsh... Kris Phillips
08:59 PM pfSense Plus Bug #13799: Unbound python module persistently shows enabled in resolver settings
I can confirm this. Steps to reproduce:
1. Go to Services --> DNS Resolver --> Python Module and check the box. ... Kris Phillips
09:18 AM pfSense Plus Bug #13799 (Confirmed): Unbound python module persistently shows enabled in resolver settings
Christian McDonald
08:55 PM pfSense Plus Bug #13338: OpenVPN DCO panics with short UDP packets
This can be marked as Resolved since we have tested the fix and confirmed it's resolution. Kris Phillips
08:53 PM pfSense Packages Bug #10867 (Resolved): squidGuard Package Hangs on Uninstall or Upgrade
Tested on latest 23.01 builds and the install issue is no longer a problem. Closing as resolved. Kris Phillips
06:21 PM Regression #13418: Captive Portal does not keep track of client data usage
PF_IN/PF_OUT direction was mismatched with the array index into the counters that we sampled. This should be fixed in... Reid Linnemann
06:20 PM Regression #13418 (Feedback): Captive Portal does not keep track of client data usage
Applied in changeset commit:c1bc55a9f37e5977110a3bb1f170321738fdf3d2. Reid Linnemann
12:36 PM pfSense Packages Bug #13811: Youtube content getting filtered on Squid when none is Selected
Maharsh Patel wrote:
> Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* ... Maharsh Patel
10:38 AM pfSense Packages Bug #13811 (Closed): Youtube content getting filtered on Squid when none is Selected
Youtube's content gets filtered by its SafeSearch headers even though I have selected *None* on youtube restrictions ... Maharsh Patel
09:26 AM pfSense Packages Feature #13791 (Resolved): package information link goes to an old forum post - change to pfBlockerNG package page
I agree...docs is better than an old forum post. Fixed. Christian McDonald
01:07 AM pfSense Packages Bug #13810 (Rejected): Squid options obsolete
Hello guys.
Running squid -k parse we have some options that are no longer used, maybe is time to update the GUI:... Peter Moreno

12/28/2022

10:18 PM pfSense Packages Feature #13809 (New): Add Netdata package
I would like to see the Netdata monitoring package added to pfSense.
This would allow a fleet of pfSense systems to ... Ben Woods
01:13 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules
It was intended to be 22.05. I fixed that. Danilo Zrenjanin
12:32 PM Bug #13680: Package install scripts run after PHP upgrade produce errors
I think we'd be better served by focusing our efforts on performing the complete upgrade in the target boot environme... Reid Linnemann

12/27/2022

09:43 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
04:49 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Okay, was able to reproduce the condition when using SID MGMT to auto-disable rules. Will dig into the processing to ... Bill Meeks
04:46 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
A fresh greenfield install still works for me, showing the rule categories auto-enabled on the CATEGORIES tab (green ... Bill Meeks
04:24 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Still working for me in an existing installation. I just went to the SID MGMT tab, created an _enablesid.conf_ file, ... Bill Meeks
04:12 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Marcos M wrote in #note-2:
> It's a fresh install and configuration. All categories do show correctly (see attached)... Bill Meeks
02:41 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
It's a fresh install and configuration. All categories do show correctly (see attached) - they are currently being ma... Marcos M
02:04 PM pfSense Packages Bug #13806: Suricata interface rules cannot be viewed.
Can you post additional details? I cannot reproduce this issue on my test virtual machine. Do you show any rule categ... Bill Meeks
09:42 PM pfSense Packages Bug #13808: Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
This issue is corrected by Pull Request 1210 submitted to the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
09:30 PM pfSense Packages Bug #13808 (Resolved): Suricata saves duplicate entries for the default built-in events and files rule sets when saving changes on the CATEGORIES tab
The Suricata package will save duplicate entries in _config.xml_ for the default built-in rules when saving enabled r... Bill Meeks
08:32 PM pfSense Packages Bug #10646 (Feedback): Reinstall package process stalls at pfBlockerNG when restoring a config
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:31 PM pfSense Packages Bug #10867 (Feedback): squidGuard Package Hangs on Uninstall or Upgrade
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
08:30 PM pfSense Packages Bug #11398 (Feedback): pfBlocker upgrade hangs forever
Issue here has to do with pkg(8) hardening that prevents it from spawning long-lived processes. pkg(8) uses procctl t... Christian McDonald
12:01 PM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-40:
> I have a lot of connections that stay down in my lab for various reasons, but they ca... David Vazquez
02:00 AM Bug #13807 (Not a Bug): NAT changes aren't rolled back using Restore recent configuration on the console
Accidentally I natted all traffic from the intranet(1) going to the firewall(2) to an internal host. Obviously I wasn... Gustavo Domínguez

12/26/2022

10:00 PM pfSense Packages Bug #13806 (Resolved): Suricata interface rules cannot be viewed.
Tested on the latest version on the dev branch.
No matter which rule is selected in the drop-down, the custom rule... Marcos M
03:29 PM Feature #13805 (New): A way to reliably determine if system is the primary or secondary in CARP
There is no current way, as far as I can tell, to reliably determine if the current system is the primary or secondar... Christopher Cope
03:16 PM Feature #13804 (Pull Request Review): Prevent CARP status/maintenance mode from being erroneously toggled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/999 Christopher Cope
03:06 PM Feature #13804 (Resolved): Prevent CARP status/maintenance mode from being erroneously toggled
On the Status > CARP page the buttons to disable/enable CARP or enter/leave CARP maintenance mode only toggle the sta... Christopher Cope
10:33 AM Regression #13803 (Not a Bug): When adding an EasyBlock rule, the GUI redirects to "Firewall > Aliases > IP" instead of "Firewall > Rules"
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 23 06:05:19 UTC 2022
FreeBSD 14.0-CURRENT
Repro steps:
1. Navigate... Gerke Max Preussner
10:21 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
It occurs on 23.01 DEVEL too. I kindly ask Netgate to take a look at this issue because it breaks IPv6 almost complet... Tito Sacchi
10:17 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
I found a way to automate this process with pfSsh.php:... Tito Sacchi
10:12 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
OK -
Tested saving the interface and it did add multicast group:... Chris Linstruth
08:34 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Opening the interface configuration page and clicking 'Save' and then 'Apply' without changing anything solves the pr... Tito Sacchi
06:56 AM Bug #13802 (New): Incorrect language in Plus registration
The email sent by shopify says this:... Chris Linstruth
06:56 AM Feature #13801 (New): PPPoE Server should allow no authentication
Currently the built-in PPPoE server supports PAP and CHAP auth, but does not allow for no authentication.
The use-... Nick Hall

12/25/2022

08:32 PM Bug #13800: Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
Somehow you've managed to upgrade PHP without also upgrading the extensions.
Module compiled with module API=20210... Christian McDonald
06:28 PM Bug #13800 (Rejected): Module Init Failure - FreeBSD 14.0-CURRENT #0 devel-main-n255825-17d2b04a49e: Fri Dec 23 06:29:08 UTC 2022
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
10:48 AM pfSense Packages Feature #10818: UDP Broadcast Relay
Check Diagnostics / System Activity and make sure that the process is actually running. There are some errors which a... Marcos M
12:43 AM Bug #13729: Gateways stuck in Unknown status
Jordan Greene wrote in #note-7:
> Nazar Mokrynskyi wrote in #note-6:
> >
> > Qemu 7 with 3 virtio network interfa... Nazar Mokrynskyi

12/24/2022

08:56 PM pfSense Packages Regression #12643: Rule categories are cleared after clicking the save button on the Global Settings page
suricata 6.0.8_2 on 23.01.b.20221223.0600 does not lose interface rule selection when saving from global settings page Jordan G
07:50 PM pfSense Plus Bug #13799 (Resolved): Unbound python module persistently shows enabled in resolver settings
Unchecking python module in dns resolver settings shows checked again after save/apply and there is no python script ... Jordan G
06:25 PM Bug #13729: Gateways stuck in Unknown status
Nazar Mokrynskyi wrote in #note-6:
>
> Qemu 7 with 3 virtio network interfaces (WAN, LAN, WAN2), host is x86-64 Al... Jordan G
05:01 PM pfSense Packages Bug #13798 (Resolved): Crash report with lldpd package and 23.01.b.20221223.0600
Seen this issue since the first 23.01 BETA and still see it every upgrade. Using the standard LLDPD package from pfSe... Richie Crews
12:42 PM pfSense Plus Bug #13797 (Not a Bug): DNS Resolver stops working
Hi there,
I have been having problems with the DNS Resolver that it just stops working for no reason every now and... Fred Brunken
06:51 AM Feature #13796 (Rejected): Restrict hardware address client (UUID string) login
Hello everybody,
I am using Netgate pfsense on Aws
Now i want trust the client login vpn server by restrict uuid st... vicent lee

12/23/2022

04:20 PM Revision 0d5e0838: Fix loading the i915 driver for MBT in 2.7.
Steve Wheeler
01:38 PM Bug #13014: Deadlock in Charon VICI interface
David Vazquez wrote in #note-39:
> After a couple mentions of Phase 2 connections being down, I decided to do a test... Jim Pingle
01:33 PM Bug #13014: Deadlock in Charon VICI interface
After a couple mentions of Phase 2 connections being down, I decided to do a test. On the affected firewall, I had a ... David Vazquez
12:47 PM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Not a blocker since it's functional (if ugly), but would be nice to figure out for this release if possible.
Since... Jim Pingle
12:35 PM pfSense Plus Bug #13602 (Resolved): OpenVPN fails to start again if it crashes with DCO enabled
The commit that's in place now is already tested and working. Let's move that other change to the next release so we ... Jim Pingle
12:24 PM Bug #13680: Package install scripts run after PHP upgrade produce errors
This may not be viable for this release but for a while I've thought the upgrade process should be removing all packa... Jim Pingle
12:15 PM pfSense Packages Bug #13771 (Resolved): Suricata tries to load invalid SID file
PR Merged Jim Pingle
11:05 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
A fix for this issue has been posted in Pull Request #1208 against DEVEL posted here: https://github.com/pfsense/Free... Bill Meeks
09:39 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
I will investigate further and get a fix submitted to address this. Bill Meeks
12:15 PM pfSense Packages Bug #13794 (Resolved): Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
PR Merged Jim Pingle
11:06 AM pfSense Packages Bug #13794: Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
A fix for this issue has been posted in Pull Request #1208 against DEVEL here: https://github.com/pfsense/FreeBSD-por... Bill Meeks
11:00 AM pfSense Packages Bug #13794 (Resolved): Suricata - when adding a new interface the latest app-layer protocol decoders are not default enabled on the new interface
When adding a new interface to an existing Suricata installation, the most recently supported app-layer protocol deco... Bill Meeks
11:46 AM pfSense Packages Feature #13795 (New): Add Country Code (Geolocation) details to the lookup modals
I would like the country to be displayed when you click on an IP lookup button in Snort.
It could be added as addi... Jon Brown
11:37 AM pfSense Packages Feature #10160: Dedicated Maxmind GeoIP package including license registration
I think this is the best way forwards to have a shared package offering IP to country resolution. This package need n... Jon Brown
09:39 AM pfSense Plus Regression #13741: Update message interpreted as the available version
Not a problem in a release, excluding from release notes. Jim Pingle
09:39 AM Bug #13067: Resolve interval for ``filterdns`` may not match the configured value
Updating subject for release notes. Jim Pingle
09:14 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules
I checked all around my lab and though I have captive portal enabled on numerous systems I couldn't find any that had... Jim Pingle
09:02 AM Bug #9296 (Resolved): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
The issue here related to the subject appears to be OK, and the other related issues have been spun off into their ow... Jim Pingle
08:53 AM Bug #13282 (Resolved): Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
Hard to reproduce this but at least as stated it appears to be OK. I tried a few variations and every time the table ... Jim Pingle
08:52 AM Bug #12708 (Resolved): Alias with non-resolving FQDN entry breaks underlying PF table
Hard to reproduce this but at least as stated it appears to be OK. I tried a few variations and every time the table ... Jim Pingle
08:32 AM Regression #13391 (Resolved): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
This appears to be OK now:... Jim Pingle
08:29 AM Bug #13756 (Resolved): Rules for authenticated Captive Portal users are not removed when a zone is disabled
Rules for logged-in users are removed when disabling a portal zone as expected now. Jim Pingle
01:25 AM Revision b37f3f5d: Include all interface IPs and VIPs in cpip table. #13391
The cpzoneid_<zone>_cpips tables only include the IP and VIPS of the final
interface searched, causing captive portal... Reid Linnemann

12/22/2022

11:07 PM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
I haven't looked at how the value is ending up there, but I can say that I've never used that particular option, nor ... Marcos M
10:17 AM pfSense Packages Bug #13771: Suricata tries to load invalid SID file
A lowercase "none" should not be present there. A value of "None" (note the uppercase "N") is automatically added to ... Bill Meeks
09:48 PM Revision 19ae6203: Remove rules before unlinking the db files
Steve Wheeler
07:35 PM Regression #13391 (Feedback): Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
Reid Linnemann
07:28 PM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
Reading over the forum post again, I think I am actually seeing what you are describing - that the ips for the interf... Reid Linnemann
05:32 PM Regression #13391: Multiple Captive Portal interfaces do not properly form the list of portal IP addresses
I don't currently see this behavior in devel, unless I understand the problem incorrectly, but I do see a problem wit... Reid Linnemann
05:44 PM pfSense Packages Feature #10818: UDP Broadcast Relay
Very nice job @Marcos M, thank you to you and everyone else that has contributed to the creation of this package.
... Joe Lippa
04:02 PM Bug #13756 (Feedback): Rules for authenticated Captive Portal users are not removed when a zone is disabled
MR merged Jim Pingle
02:55 PM Bug #13756 (Pull Request Review): Rules for authenticated Captive Portal users are not removed when a zone is disabled
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/997 Steve Wheeler
03:32 PM pfSense Packages Bug #13609 (Resolved): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Tested using bind 9.17 on both:... Christopher Cope
02:26 PM pfSense Plus Regression #13741 (Resolved): Update message interpreted as the available version
This is resolved on current snaps.
 Jim Pingle
02:04 PM Bug #13545 (Resolved): Toggling NAT rules using the button method does not enable/disable corresponding firewall rules
Works as expected. I could reproduce the problem on 22.05, but performing the same test on the current 23.01 snapshot... Jim Pingle
02:00 PM Bug #13638 (Resolved): ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes
This appears to be OK now.
22.05 test:... Jim Pingle
01:57 PM Bug #13793 (New): filterdns does not reconcile modelled tables with the current state of filter tables
filterdns tracks changes in the sets of addresses associated with hostnames to generate add/delete events for those a... Reid Linnemann
01:47 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
The most recent comments above identify problems in filterdns that are fundamentally different in nature. I am openin... Reid Linnemann
01:18 PM Bug #9296 (Feedback): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Lets keep this issue for just the stated problem here and ensure that any potentially related problems have their own... Jim Pingle
01:46 PM Bug #13067 (Resolved): Resolve interval for ``filterdns`` may not match the configured value
This issue only addresses the filter interval, which has been confirmed to be correct. Reid Linnemann
01:45 PM Feature #12768 (Rejected): pfSense-repo: Make sure default config file exists
Dynamic repos will supersede this Brad Davis
01:35 PM Bug #13253 (Resolved): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Re-tested on 23.01.b.20221221.1946 and dhcp6c is restarted there when applying WAN changes.
 Jim Pingle
01:30 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
Works as expected in:... Steve Wheeler
01:28 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
This is the intended behavior, so it's safe to close. Jim Pingle
01:27 PM Regression #13420 (Resolved): TCP traffic sourced from the firewall can only use the default gateway
Jim Pingle
09:50 AM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
tested to the same result as Steve Wheeler - traffic flows correctly but states are present on the interface with def... Georgiy Tyutyunnik
01:28 PM Bug #13408 (Resolved): PF can fail to load a new ruleset
I haven't seen this happen (or any reports of it happening) on snapshots since the fix went in. Jim Pingle
01:14 PM Regression #13622: QinQ ethertype tags changed
Moving ahead to 23.05, we can document the change for now. Jim Pingle
01:11 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
This is still broken in HEAD and on snapshots, moving forward to 23.05. The attached textdump has a bit more debug in... Jim Pingle
01:09 PM Bug #12079: Kernel panic when running IGMP Proxy: Sleeping thread owns a non-sleepable lock
Rebase to main happened and the bug remains and as predicted in the previous comment the bug is still there.
Most ... Mateusz Guzik
01:09 PM Bug #13792 (New): Filterdns assumes sets of resolved addresses for each hostname are nonintersecting
In the current design of filterdns, each hostname thread wake periodically and performs a NS lookup, comparing its cu... Reid Linnemann
01:07 PM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
These cases all appear to be solved now, and no more errors/regressions in the ruleset or from config accesses that I... Jim Pingle
12:44 PM pfSense Plus Regression #13613 (Feedback): OpenVPN crashes due to if_tuntap changes
Jim Pingle
12:43 PM Bug #13671: DHCP client can fail permanently if an interface is down at boot
Moving to the next release so we have more time to reproduce and test. Jim Pingle
11:40 AM pfSense Plus Bug #13766 (Closed): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Chris W
11:40 AM pfSense Plus Bug #13766: Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Sounds good. They certainly didn't reappear on next reboots but just thought I'd bring it to attention. Chris W
11:10 AM Bug #6668 (Closed): IPSec tunnel + L2TP/IPSec VPN - wrong PSK chosen by pfSense
Jim Pingle
11:09 AM Bug #10577 (Not a Bug): intel x553 (c3000 chipset) loading x520 driver
If you can still reproduce this on 2.7.0 or 23.01 snapshots, post on the forum, it's likely some kind of config issue... Jim Pingle
11:08 AM Feature #10621 (Resolved): Update system.inc/system_identify_specific_platform() update to accommodate AWS, Azure and GCP
Jim Pingle
11:07 AM Feature #12055 (Closed): Option to disable XMLRPC Sync for Loopback Virtual IPs
Jim Pingle
11:06 AM Bug #8576 (Closed): pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address
Jim Pingle
11:05 AM Bug #12853 (Closed): Network Address Translation - Pure NAT pfsense freeze after reboot
Doesn't seem to happen to anyone else and might have been related to other solved issues in PF with loading rules/mem... Jim Pingle
11:03 AM Bug #12829 (Closed): Dummynet kernel module fails to load after upgrade.
No other reports and no way to reproduce it that I'm aware of, and it's been quite some time since the last report.
... Jim Pingle
11:02 AM Bug #9024 (Closed): Ping packet loss under load when using limiters
Jim Pingle
11:01 AM Bug #12877 (Closed): Cloudflare DynDNS fails to update more than two addresses
Jim Pingle
11:00 AM Bug #7096 (Resolved): Unbound fails to start on boot if specific network devices are configured in the "Network Interfaces"
Jim Pingle
11:00 AM Bug #13383 (Rejected): Certificates cannot be created via csr in the Certificate Manager
Closing for lack of response and not being able to reproduce the problem. Jim Pingle
10:57 AM Regression #13598 (Resolved): fcgicli can output garbage for stdout/stderr read back from php-fpm
Jim Pingle
10:50 AM pfSense Packages Bug #8315 (Closed): Mail Report mail_report_send() behavior different than notify_via_smtp()
Jim Pingle
10:48 AM pfSense Packages Feature #11879 (Closed): Add support for SSL.com ACME server
Jim Pingle
10:47 AM pfSense Packages Todo #13532 (Closed): Sync ACME package with upstream v3.0.5
Jim Pingle
10:47 AM pfSense Packages Feature #11163 (Closed): Preferred Chain option
Jim Pingle
10:47 AM pfSense Packages Bug #13053 (Closed): LoopiaAPI error handling
Jim Pingle
10:46 AM pfSense Packages Bug #13773 (Resolved): Include file of mail reports package changed path and filename but one file requiring it did not follow
Working fine on the current version of the package. Jim Pingle
10:44 AM pfSense Packages Feature #13791: package information link goes to an old forum post - change to pfBlockerNG package page
also this https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
should go to
https://docs.netgate.... Jon Brown
10:39 AM pfSense Packages Feature #13791 (Resolved): package information link goes to an old forum post - change to pfBlockerNG package page
The info link goes to https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/43
... Jon Brown
09:52 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
I've updated to @1.0.5@ and checked the contents of @/var/etc/newsyslog.conf.d/zabbix_proxy.log.conf@, it's still set... Steve Scotter
09:27 AM pfSense Packages Bug #13444: zabbix_proxy : cannot open "/var/log/zabbix-proxy/zabbix_proxy.log": [13] Permission denied
Apologies for the delay Kris. Zabbix had been behaving itself for quite some time (or rather I hadn't noticed it was ... Steve Scotter
09:49 AM pfSense Packages Feature #13790 (New): Bar and Bar (stacked) graphs are almost the same
h1. The issue
If you look at the follow Traffic Totals graphs you will see that they are the same except one alter... Jon Brown
09:01 AM pfSense Packages Feature #13540: Check what rule is triggered by a Domain or IP
I would add this in it's own tab and this can also be used to test any domain or IP to see if they would get blocked ... Jon Brown
07:54 AM Feature #13789: Available Packages should have information buttons
While the icon isn't there, the link is. It's linked as the package name, rather than a separate icon.
It could pr... Jim Pingle
07:32 AM Feature #13789 (New): Available Packages should have information buttons
On installed packages you have information buttons which links to their related page in the Netgate documentation. th... Jon Brown
07:46 AM Bug #13788 (Duplicate): Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig
Duplicate of #8346 though I changed it to be more general just now, it was there to add "client" style support.
Th... Jim Pingle
03:24 AM Bug #13788 (Duplicate): Allow IPSEC .vips-configuration in GUI - connections.<conn>.vips ModeConfig
To be able to request an ip address from another vpn-server, ipsec configuration needs vips-support.
https://docs.st... Stefan Bauer
07:45 AM Feature #8346: Allow pfSense to act as an IPsec VPN client
Making this more general since Xauth is pretty much dead. Jim Pingle

12/21/2022

10:47 PM pfSense Packages Bug #12667 (Bogus): Firewall Crashed After Upgrading Wireguard
Christian McDonald
10:46 PM pfSense Packages Bug #12667 (Incomplete): Firewall Crashed After Upgrading Wireguard
Christian McDonald
10:44 PM pfSense Packages Bug #13114 (Resolved): BIND calls rndc in rc_stop when named is not running
Christian McDonald
10:41 PM pfSense Packages Bug #13115 (Resolved): WireGuard panic due to KBI changes in ```udp_tun_func_t()```
Christian McDonald
07:44 PM Revision b7b482b1: xmlparse.inc: tweak the handling of XML listtags that are parsed as leaf strings
Christian McDonald
05:59 PM Revision 1670f4c0: Correct check IP service config path.
Jim Pingle
04:38 PM Revision 5daac457: Revert "Pass reloadall flag to dhcp6c config. Fixes #13253"
This reverts commit 8e88bd48a22b55d213ac7613be74c651706cfa0d. Jim Pingle
02:13 PM pfSense Plus Bug #11626 (Resolved): Google LDAP connections fail due to lack of SNI for TLS 1.3
We don't have an account with Google LDAP auth any longer, but I can confirm that the LDAP client is sending the SNI ... Jim Pingle
01:52 PM pfSense Packages Bug #13609 (Feedback): Editing ACLs in BIND Package Produces PHP error in CE 2.7.X
Should be fixed in next snapshot run for CE and Plus
https://github.com/pfsense/pfsense/commit/b7b482b1601272723ac97... Christian McDonald
12:56 PM Regression #13782: DHCP leases are not registered in Unbound
Not a problem in a release, excluding from release notes. Jim Pingle
11:40 AM Feature #13787 (New): Increase Tiers under Gateway Group
Hello, i am using latest pfsense but i have a request about increasing Tiers under Gateway Group, currently the limit... edi t
10:45 AM Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Backing out this change and re-testing on lab systems with multiple DHCP6 WANs, dhcp6 is still restarted now. Some ot... Jim Pingle
10:45 AM Bug #13253 (Feedback): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Applied in changeset commit:5daac45752d00a97a9e01c5ddc7ed4f5ae0501ba. Jim Pingle
10:27 AM Bug #13253 (In Progress): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
There is a bit of a regression here in certain cases. For whatever reason the change made here is causing a failure f... Jim Pingle
08:10 AM Regression #13660 (Resolved): PHP8.1 error after applying floating rules changes
I loaded/edited/saved/applied a bunch of floating rules without error on the latest snapshot. Hard to say if it's sol... Jim Pingle
08:04 AM pfSense Packages Regression #13597 (Resolved): haproxy-devel PHP8 regression when saving a backend entry
No errors when editing backends in current version of haproxy package on the latest snapshot.
 Jim Pingle
07:56 AM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Yep, agree - fixed for me on the latest snapshots. Ben Woods
07:53 AM pfSense Packages Bug #13775 (Resolved): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:54 AM Regression #13553 (Resolved): PHP error when creating a new limiter
Jim Pingle
07:48 AM pfSense Packages Bug #13774 (Resolved): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:44 AM pfSense Packages Bug #13752 (Resolved): Avahi broken on PHP 8.1
Unable to replicate the errors on a current snapshot, so it appears to be fixed.
 Jim Pingle
07:36 AM pfSense Packages Bug #13589 (Resolved): PHP Errors during cellular package installation on CE 2.7
Package installs and deinstalls without error. Visting the GUI page and using the widget also do not produce any erro... Jim Pingle
07:28 AM Regression #13781 (Resolved): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Works without error on current snapshot in cases which failed easily before.
 Jim Pingle
07:24 AM Bug #13675 (Resolved): Code that sets IPv6 MTU can unintentionally act on IPv4 addresses
Closing based on the note above saying it was tested successfully. Jim Pingle
06:26 AM Revision 435948ff: Always declare $config global in case a script is included in a non-global scope
$config is expected to always be a global containing the parsed configuration,
however in the sources that it is assi... Reid Linnemann

12/20/2022

11:01 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
Mike Moore wrote in #note-2:
> This isn’t for OpenVPN. This is for firewall rules controlling movement day from LAN t... Christian McDonald
07:05 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
This isn’t for OpenVPN. This is for firewall rules controlling movement day from LAN to DMZ.
Source is an AD user n... Mike Moore
06:40 PM pfSense Plus Feature #13786: ldap intergration for firewall rules
Normally this type of setup is implemented with something like IPsec/OpenVPN using RADIUS authentication, at which po... Marcos M
03:54 PM pfSense Plus Feature #13786 (New): ldap intergration for firewall rules
Seeing as there are LDAP connectors in the software already for authentication, would it be possible to leverage that... Mike Moore
10:37 PM Bug #13014: Deadlock in Charon VICI interface
Regarding my previous experiment turning off disk logging, we just had IPsec total fail due to just a few p2 of 150+ ... Dan Bailey
06:37 PM Revision 9ac53f56: Fix more config access regressions in filter.inc. Fix #13754
Marcos M
06:25 PM Revision 7e5dbbfc: Fix regression allowing blocked MAC addresses to login. Fix #13747
Marcos M
06:18 PM Regression #13781: DNS Forwarder: PHP error in ``services_dnsmasq_edit``
That fixes it for my test case.
Waiting for new build to confirm. Steve Wheeler
10:05 AM Regression #13781 (Feedback): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Applied in changeset commit:0fb806adf349a1fbeb2f040b08a917157abbcb40. Jim Pingle
07:05 AM Regression #13781 (In Progress): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Jim Pingle
03:51 PM Revision 0fb806ad: PHP 8.1 fixes for DNS Forwarder Hosts/Overrides. Fixes #13781
Jim Pingle
03:47 PM Regression #13747 (Resolved): Captive Portal blocked MAC addresses are not blocked
Marcos M
02:41 PM Regression #13747: Captive Portal blocked MAC addresses are not blocked
This works as expected for me with the patch:
 Steve Wheeler
12:35 PM Regression #13747 (Feedback): Captive Portal blocked MAC addresses are not blocked
Applied in changeset commit:7e5dbbfca68179fd29a685363625c810d4da6417. Marcos M
10:20 AM Regression #13747: Captive Portal blocked MAC addresses are not blocked
Good feedback - I fixed the regression and kept the old behavior. The new blocking functionality will be a new option... Marcos M
03:33 AM Regression #13747: Captive Portal blocked MAC addresses are not blocked
> Previously, ....
But is that they way to block ?
'Hard MAC blocking' with pf firewall rules, now possible, is a... Gertjan KROEB
02:55 PM Regression #13757 (Resolved): Circular dependency issue in ``auth.inc``/``authgui.inc``
Closing this for now as it appears to be working as expected given the current limitations for the moment.
I can t... Jim Pingle
02:52 PM Regression #13782 (Resolved): DHCP leases are not registered in Unbound
Working on the latest snap or when patched.
 Jim Pingle
08:00 AM Regression #13782 (Feedback): DHCP leases are not registered in Unbound
Applied in changeset commit:6ba16cde4f7fe8db5c4ae415a737d5da5fcc84d7. Jim Pingle
07:49 AM Regression #13782 (In Progress): DHCP leases are not registered in Unbound
Jim Pingle
02:49 PM Bug #12811 (Resolved): Services are not restarted when PPP interfaces connect
Ran some tests just now and services are restarted when the interface (re)connects (gets its address) and the rules r... Jim Pingle
01:50 PM Revision 6ba16cde: Correct DHCP lease reg enabled test. Fixes #13782
Jim Pingle
01:14 PM Revision 243afd23: Revert "Fix more config access regressions in filter.inc. Fix #13754"
This reverts commit c0d7519df5dc1632ba9f2791ab377bdc19f45105. Jim Pingle
12:42 PM Regression #13767 (Resolved): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
All three affected actions now work properly (allow snoop, deny nonlocal, refuse nonlocal). The config is correct and... Jim Pingle
12:38 PM Bug #13228 (Resolved): Recovering interface gateway may not be added back into gateway groups and rules when expected
Seems to be doing OK here for now, and was previously found to help before committing.
If there is a regression di... Jim Pingle
12:34 PM Feature #13304 (Resolved): ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Value is present in ALTQ list.
 Jim Pingle
12:31 PM Bug #13462 (Resolved): Advanced DHCP6 client settings only work for a single interface
This change had already been validated by multiple other people. Safe to close.
 Jim Pingle
12:17 PM Feature #13784 (Pull Request Review): Option to completely block MAC addresses in Captive Portal
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/994
A new "reject" action is now available which retai... Marcos M
11:13 AM Feature #13784 (Rejected): Option to completely block MAC addresses in Captive Portal
Currently, blocked MAC addresses are still able to access services on the firewall itself such as DNS and NTP. Add an... Marcos M
12:09 PM Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration
Lets take our time with this and make sure it gets a thorough and proper analysis and correction for the next release... Jim Pingle
12:07 PM pfSense Plus Bug #13785 (Closed): 23.01.b.20221220.0600 Broke routing, Boot Environments, probably other stuff
Already fixed, there is already a new snapshot with that corrected. Jim Pingle
12:01 PM pfSense Plus Bug #13785 (Closed): 23.01.b.20221220.0600 Broke routing, Boot Environments, probably other stuff
Upgraded to 23.01.b.20221220.0600
After that I couldn't log in to the router, or get any trafic out through the netw... Jonas R
12:04 PM Bug #13776: Some functions fail if the Language does not exactly match an available Locale
Not a release blocker, can be pushed to 23.05 if we can't find a good solution near term.
 Jim Pingle
11:44 AM pfSense Packages Bug #13589 (Feedback): PHP Errors during cellular package installation on CE 2.7
Fix committed, it will be in snapshots tomorrow to test. Since the package couldn't even install I tested bits of the... Jim Pingle
10:27 AM pfSense Packages Bug #13589 (In Progress): PHP Errors during cellular package installation on CE 2.7
Jim Pingle
10:36 AM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Ben Woods wrote in #note-3:
> Out of curiosity, is it the same suite of packages used on both the stable and devel b... Jim Pingle
10:35 AM Regression #13490 (Duplicate): blocking mac addresses in captive portal
Marcos M
10:26 AM pfSense Packages Regression #13597 (Feedback): haproxy-devel PHP8 regression when saving a backend entry
This was merged a week ago Jim Pingle
10:25 AM Bug #13704: Refactor IPsec code using config access functions
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:25 AM Todo #13702: Replace direct config accesses in ``system_advanced_sysctl``
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:25 AM Todo #13701: Replace direct config accesses for the rest of the paths in ``system_advanced_admin.inc``
Moving this ahead, we'll fix any breakage we find in the meantime but pushing these issues which cover entire files. Jim Pingle
10:22 AM pfSense Plus Bug #13455: Serial console output fails to render properly in certain cases on 4100, 6100, and 8200.
Looks like there is also an issue with the loader menu on here, option 8 for the boot environment list doesn't clear ... Jim Pingle
10:20 AM pfSense Plus Bug #13783 (Duplicate): Console (USB) doesn't show Boot Environments properly
The BE list is there it's just not drawn properly on your terminal for some reason. You can see see them and select t... Jim Pingle
06:07 AM pfSense Plus Bug #13783 (Duplicate): Console (USB) doesn't show Boot Environments properly
Had an issue with the latest beta for 23.01. That completely broke everything (I'll provide separate bug report on th... Jonas R

12/19/2022

07:21 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Generally there's a decent chance that an issue has already been reported and/or resolved, hence it's good to search ... Marcos M
07:17 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
I have verified myself now on github master branch.
Looks like the code has been changed to no longer filter in lo... Chris Collins
07:06 PM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Might be quicker if I show you the code, then you check if the code that restricts it is there, I m guessing you unab... Chris Collins
07:00 PM Revision c0d7519d: Fix more config access regressions in filter.inc. Fix #13754
Marcos M
05:28 PM Regression #13782 (Resolved): DHCP leases are not registered in Unbound
Enabling 'Register DHCP leases in the DNS Resolver' in the Unbound config no longer functions as expected.
The /va... Steve Wheeler
05:10 PM Regression #13781 (Resolved): DNS Forwarder: PHP error in ``services_dnsmasq_edit``
Trying to add a host override in a clean DNSmasq config throws a PHP error.
Using:... Steve Wheeler
04:58 PM pfSense Packages Bug #13780 (Rejected): pfBlockerNG v2.1.4_28 on 23.01b Alerts-page results in error
When looking at the Alerts page for pfblockerng. It results in a white page with the error pasted below.
Pfsense Plu... Jonas R
03:39 PM Regression #13747 (Pull Request Review): Captive Portal blocked MAC addresses are not blocked
This regression was introduced in 22.05. Fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/990
Previo... Marcos M
03:06 PM Regression #13747 (In Progress): Captive Portal blocked MAC addresses are not blocked
Marcos M
01:16 PM Regression #13747 (Confirmed): Captive Portal blocked MAC addresses are not blocked
This isn't a duplicate of #13742.
MAC addresses added as block entries are not blocked. Hosts are still redirected t... Steve Wheeler
03:31 PM pfSense Packages Bug #13775: Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Thanks for the quick fix - I’ll test it once it’s released tomorrow.
Out of curiosity, is it the same suite of pac... Ben Woods
02:37 PM pfSense Packages Bug #13775 (Feedback): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Fix committed, will be tomorrow's snapshots.
https://github.com/pfsense/FreeBSD-ports/commit/3aaece2348795bfd36b81... Jim Pingle
10:38 AM pfSense Packages Bug #13775 (Resolved): Status Traffic Totals PHP error on dev snapshots w/PHP 8.1
Status Traffic Totals has a problem generating its interface list, and it appears to be from needing to be updated fo... Jim Pingle
03:01 PM Revision ce2fe058: Redo Unbound ACL action handling. Fixes #13767
Jim Pingle
03:00 PM pfSense Packages Bug #13774 (Feedback): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Fix committed, will be in tomorrow's snapshot:
https://github.com/pfsense/FreeBSD-ports/commit/43ec955af978b16adbb... Jim Pingle
09:15 AM pfSense Packages Bug #13774: PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
Marcos M wrote in #note-1:
> I'm able to add configuration for interfaces as normal.
If your config has OpenVPN c... Jim Pingle
09:11 AM pfSense Packages Bug #13774: PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
I'm able to add configuration for interfaces as normal. Marcos M
08:37 AM pfSense Packages Bug #13774 (Resolved): PIMD Interfaces drop-down empty on dev snapshots w/PHP 8.1
The interfaces drop-down in PIMD has no content, and it appears to be from needing to be updated for PHP 8.1.
@pim... Jim Pingle
02:11 PM pfSense Packages Bug #13752 (Feedback): Avahi broken on PHP 8.1
Fix committed, will be in snapshots tomorrow.
https://github.com/pfsense/FreeBSD-ports/commit/1c8ad5a506aa5204833a... Jim Pingle
10:42 AM pfSense Packages Bug #13752: Avahi broken on PHP 8.1
There is a similar error when trying to run it as well, looking at the code it's the same use of old/deprecated array... Jim Pingle
02:05 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
Yes, from the assignments page is where I was speaking of as well, but I meant you may have to save/apply on the rele... Jim Pingle
01:43 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
I should of mentioned that I was doing this from (Interfaces --> assignments) page, is there another page I should be... Jon Brown
01:07 PM Feature #13778: Changing a network port may not fully move all settings to the new interface
It does work but you likely need to visit the interface page and save/apply to fully apply the settings, or (worst ca... Jim Pingle
12:41 PM Feature #13778 (New): Changing a network port may not fully move all settings to the new interface
I spent a bit of time trying to change the network port on the LAN interface and I found out that you cannot change t... Jon Brown
01:25 PM Regression #13754 (Feedback): DHCPv4 rules are not automatically created
Applied in changeset commit:c0d7519df5dc1632ba9f2791ab377bdc19f45105. Marcos M
01:01 PM Regression #13754 (Pull Request Review): DHCPv4 rules are not automatically created
When @filter_rules_generate()@ is called in this case, only enabled interfaces are parsed hence there's no need for a... Marcos M
10:22 AM Regression #13754 (New): DHCPv4 rules are not automatically created
Looks like these changes can cause a pf error if DHCP is enabled on an interface that is disabled. It's worth adding ... Jim Pingle
12:46 PM Feature #628: Ability to specify listen IP address of management services (SSH, web interface)
I just initiated an ticked asking for better GUI/SSH security. GUI/SSH should IMHO only listen to defined IP's and no... Louis B
12:42 PM pfSense Plus Regression #13779 (Resolved): SafeXcel support is built into the aarch64 kernel on snapshots instead of being a module
SafeXcel is selected in *System > Advanced* , *Miscellaneous* tab but dashboard system status shows SafeXcel present ... Jim Pingle
11:59 AM Feature #13777 (Rejected): Better security for FW-management
Most of these things are already possible with proper configuration, others there are already open feature requests f... Jim Pingle
11:57 AM Feature #13777 (Rejected): Better security for FW-management
IMHO pfSense should only be manageable via defined IP-addresses, and not via all GW-ddresses, like it is now.

You... Louis B
11:26 AM Bug #13776 (Resolved): Some functions fail if the Language does not exactly match an available Locale
Some languages are defined in the pfSense translations system without a location, such as French which is defined as ... Jim Pingle
11:20 AM Bug #12920 (Confirmed): Gateway behavior differs when the gateway does not exist in the configuration
Marcos M wrote:
> The gateway status and @dpinger@ behave differently when the respective gateway entry does not exi... Ryan Coleman
09:25 AM Regression #13767 (Feedback): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Applied in changeset commit:ce2fe0583fda6b38f70c78892d63945b40145867. Jim Pingle
09:03 AM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Looks like when this code was changed for PHP 8.1 it was changed in a way that didn't match the original intent of wh... Jim Pingle
09:06 AM Bug #13573 (Feedback): DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
Jim Pingle
08:37 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
Jordan Greene wrote in #note-5:
> pimd 0.0.3_5 on 23.01.b.20221217.1429 has bind to all/none and interface binding a... Jim Pingle
08:24 AM pfSense Packages Bug #13773 (Feedback): Include file of mail reports package changed path and filename but one file requiring it did not follow
Fix merged, will be in the package with the next new snapshot (likely tomorrow AM)
https://github.com/pfsense/Free... Jim Pingle
08:02 AM pfSense Packages Bug #13773 (Resolved): Include file of mail reports package changed path and filename but one file requiring it did not follow
In a recent change to update the mail reports package for PHP 8.1 the main include file for the package was moved and... Jim Pingle
07:55 AM pfSense Packages Bug #13763 (Not a Bug): Error starting TFTP with PHP 8.1
From a completely fresh install that never had TFTP before, after enabling the service I can start/stop it from the d... Jim Pingle
03:42 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
See attached screenshot Mathew Hepple
03:23 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Hi All,
I have upgraded to the latest PFSense 23.01.b.20221217.1429 and found the same error. Unable to start the ... Mathew Hepple
12:24 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Tested on latest
23.01-BETA (amd64)
built on Sat Dec 17 14:33:51 UTC 2022
FreeBSD 14.0-CURRENT
I did update fr... aleksei prokofiev
07:29 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure
David G wrote in #note-15:
> According to the developers the issue has been fixed in mpd5-5.9_11 and later versions,... Jim Pingle
02:45 AM Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure
According to the developers the issue has been fixed in mpd5-5.9_11 and later versions, therefore the above workaroun... David G
07:08 AM pfSense Plus Bug #13766 (Not a Bug): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
One-off PHP warnings during upgrade will always happen when we change PHP versions or have other major differences be... Jim Pingle

12/18/2022

01:25 PM pfSense Packages Feature #13575: Update to frr 9.0.1
Marcos M wrote:
> The current frr package version is 7.5.1_3 - frr 7.5.1 was released on 2021-03-07 https://github.c... Carlos Daniel Silva
11:58 AM Bug #9296 (Confirmed): Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Another potentially related issue:
Editing an entry within an alias when that alias has been included within another ... Marcos M
08:48 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I am testing https://snapshots.netgate.com/amd64/pfSense_master/installer/pfSense-CE-2.7.0-DEVELOPMENT-amd64-20221216... Alexey Ab
11:52 AM Bug #13772 (Confirmed): Changing the alias resolve interval to the default value does not take effect after saving.
Under @System / Advanced / Firewall & NAT@, if the @Aliases Hostnames Resolve Interval@ option is changed from a cust... Marcos M
11:10 AM pfSense Packages Bug #13771 (Resolved): Suricata tries to load invalid SID file
Tested on @6.0.8_2@, @pfSense-23.01.b.20221217.1429@.
After trying to start Suricata using inline mode, the follow... Marcos M
08:20 AM pfSense Packages Feature #13770 (New): Shellcmd package - Add Enable/Disable option
NB: there is no Shellcmd package option to choose from in Redmine
I think it is better to have an Enable/Disable o... Jon Brown
08:18 AM pfSense Packages Feature #13769 (New): Shellcmd Package - Add Copy Command
NB: there is no *Shellcmd* package option to choose from in Redmine
It would make things a little easier for me t... Jon Brown
08:12 AM Feature #13768 (New): Add Gatway Descriptions to the Gateways Widget
When you use this widget you can see the interface name and the IP address of the interface.
I would also like to ... Jon Brown
06:41 AM pfSense Packages Bug #10692: PIMD starts twice at boot
Running a pimd beta build on top of latest 2.7 pfSense build, Í just checked the general system log. Which does look ... Louis B
12:23 AM pfSense Packages Bug #10692: PIMD starts twice at boot
not seeing the previously noted behavior on 23.01.b.20221217.1429 w/ pimd 0.0.3_5
good so far! Jordan G
01:06 AM pfSense Packages Bug #12330: pfBlockerNG devel creating invalid NAT rules on boot
-similar behavior when restoring a backupconfig.xml that had pfBlockerNG-devel settings but the pfBlockerNG pkg doesn... Jordan G
12:56 AM pfSense Packages Bug #12907: PIMD: Nonexistent interfaces should be hidden/disabled in pimd.conf before bringing up the service
pimd 0.0.3_5 on 23.01.b.20221217.1429 has bind to all/none and interface binding always/never settings available but ... Jordan G

12/17/2022

07:52 PM pfSense Packages Bug #13738: Typo under Services/Snort/Interface Settings/WAN - Rules
Is the affected version correct for 21.05 or was this intended to be 22.05? Kris Phillips
07:48 PM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Tested on CE abc516d86cf14a85029e and was unable to reproduce this issue there. Seems to be a 23.01 only issue. Kris Phillips
06:27 PM Bug #13573: DHCP Server generates an invalid configuration for static mappings when defining network booting and UEFI HTTPBoot URL
I'm unable to reproduce this in pfSense Plus 23.01. Can you please test this on the latest development version to ve... Kris Phillips
06:02 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
Tested on Dec 17th builds and now the repo list is completely blank. Running "pkg update -f" shows normal results:
... Kris Phillips
05:48 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
I can confirm this behavior on pfSense Plus 23.01 as well. Service fails to start when "Refuse Nonlocal" is chosen i... Kris Phillips
02:56 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
In `/var/unbound/access_lists.conf`, the access list entry that is generated reads as follows:... Gerke Max Preussner
02:54 PM Regression #13767: Refuse Nonlocal action in DNS Resolver access list breaks configuration file
Full error message:... Gerke Max Preussner
02:53 PM Regression #13767 (Resolved): Refuse Nonlocal action in DNS Resolver access list breaks configuration file
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 16 06:05:53 UTC 2022
FreeBSD 14.0-CURRENT
After upgrading to the late... Gerke Max Preussner
09:12 AM Feature #12091: RFE: Add support for sssd authentication
Orion Poplawski wrote in #note-1:
> I was very disappointed to see that sssd disappeared from the pfSense repository.... Gabriel Zellmer

12/16/2022

06:22 PM pfSense Plus Bug #13766 (Closed): Various PHP warnings during first reboot after upgrading to 23.01 from 22.01 or 22.05
Some examples, but they're all easy to spot in the screen logs files despite their length.... Chris W
05:07 PM pfSense Packages Bug #13679 (Resolved): Error in pfBlockerNG Post Install Script
Tested version 3.1.0_15 on... Christopher Cope
05:05 PM Revision db6dd2d2: Don't load CSRF timeout from config. Fixes #13757
This allows us to reorder includes so that authgui.inc can load auth.inc first, which fixes several auth mechanisms t... Jim Pingle
03:12 PM Regression #13420: TCP traffic sourced from the firewall can only use the default gateway
The same test works as expected in 23.01:... Steve Wheeler
11:56 AM Bug #13525: Memory leak in PF when retrieving Ethernet rules
Updating subject for release notes. Jim Pingle
03:04 AM Bug #13525 (Feedback): Memory leak in PF when retrieving Ethernet rules
This is now in 23.01 and 2.7.
It needs feedback from someone who was hitting it previously. Steve Wheeler
11:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save
Updating subject for release notes. Jim Pingle
11:55 AM Regression #13290: Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
Updating subject for release notes. Jim Pingle
11:53 AM Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules
Updating subject for release notes. Jim Pingle
11:52 AM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Updating subject for release notes. Jim Pingle
11:15 AM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``
Applied in changeset commit:db6dd2d2d288fdd64b9e741db0900c5eb15ba9fb. Jim Pingle
11:06 AM Bug #12920 (Resolved): Gateway behavior differs when the gateway does not exist in the configuration
Closing for lack of feedback either way here. I haven't noticed any gateway issues like this in a while and I've done... Jim Pingle
11:05 AM Regression #13459 (Resolved): Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
I haven't needed the manual rule to disable reply-to on WAN since this went in months ago. Seems OK to close to me.
 Jim Pingle
11:04 AM Bug #13317 (Resolved): ``array_filter`` PHP Errors in ``interfaces.inc``
Closing for lack of feedback either way here. Given the code involved if it was still a problem we'd have encountered... Jim Pingle
08:05 AM Bug #13445 (Resolved): ``easyrule`` CLI script has multiple bugs and undesirable behaviors
This all appears to be OK now. Can always make new issues if more problems pop up.
 Jim Pingle
08:04 AM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes
All working well on current snapshots:
* No trace of UPnP anchors/rules in ruleset when UPnP is disabled
* Enabli... Jim Pingle
07:57 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts
I can't reproduce any of the original errors on a current snapshot now. This appears to be resolved. Jim Pingle
07:55 AM Regression #11545 (Resolved): Primary interface address is not always used when VIPs are present
No feedback (positive or negative) and it's been in snapshots for quite some time now. Closing this now, but if anyon... Jim Pingle
07:54 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries
Gateway list has content again on current snapshots. Jim Pingle
07:32 AM pfSense Packages Regression #13697 (Resolved): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1
Those other errors were unrelated and were corrected a few snaps ago. Jim Pingle
07:29 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying
This is likely either a duplicate of #13743 (fixed by picking the right update branch) or another known issue where i... Jim Pingle
03:47 AM Bug #13762 (Duplicate): Available Packages for 23.01 Not Displaying
Hi all,
I have upgrade to 23.01.b.20221216.0600 however when you go to
System > Packet Manager > Available Pac... Mathew Hepple
07:20 AM pfSense Packages Bug #13763: Error starting TFTP with PHP 8.1
Copying the error out of the attachment so it's easier to see:... Jim Pingle
03:50 AM pfSense Packages Bug #13763 (Not a Bug): Error starting TFTP with PHP 8.1
Hi all,
I have upgraded to 23.01.b.20221216.0600 and found that the package TFTP pfSense-pkg-tftpd upgraded: 0.1.3... Mathew Hepple
07:18 AM Bug #13764 (Not a Bug): DHCP Server config restore
There is likely a difference in interface layout between the two systems. The backup/restore function is intended for... Jim Pingle
06:09 AM Bug #13764 (Not a Bug): DHCP Server config restore
Need to transfer DHCP server config from one system to another
Done backup on original system.
After restore, confi... Ivaylo Velikov

12/15/2022

11:27 PM Revision 1e706214: Protect mem_usage() from doing arithmetic with empty sysctl values.
get_single_sysctl() may return an empty string in some conditions, there is no
guarantee that it returns an expected ... Reid Linnemann
04:20 PM Revision 616579c0: Remove trailing whitespace
Steve Wheeler
04:20 PM Revision 4049406a: Remove cxl from altq capable interfaces list
Steve Wheeler
02:27 PM Revision 8a9e2bfb: Some cleanups in system_routes.php
Christian McDonald
01:45 PM Revision e44e4bb8: Clean up some global access in system_routes_edit.php
Christian McDonald
01:33 PM Revision de0e9927: Fix gateway list for static routes. Fixes #13761
Jim Pingle
01:24 PM pfSense Packages Bug #13753: Gateway groups stop sending traffic if they contain wireguard tunnels
Today, Cox went down. In theory, the gateway group should have automatically switched over to starlink, and the wg_s2... Dan Tentler
12:51 PM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
Marcos M wrote in #note-7:
> > I shouldn't be required to send DHCP over the bridge
> From what I understand, if no... Yousif Hassan
08:45 AM Regression #13761: Gateway list is empty when editing static route entries
Jim Pingle wrote in #note-2:
> Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4.
Confirmed co... Ronald Schellberg
07:40 AM Regression #13761 (Feedback): Gateway list is empty when editing static route entries
Applied in changeset commit:de0e99275b5275d1f5b2e477fcd0322aef5284c4. Jim Pingle
07:12 AM Regression #13761 (Confirmed): Gateway list is empty when editing static route entries
I saw this last night but hadn't had a chance to make an issue for it yet. Since I can reproduce it here, I'll take a... Jim Pingle
12:27 AM Regression #13761 (Resolved): Gateway list is empty when editing static route entries
Completely blank drop-down for Gateway in ' System/Routing/Static Routes' page despite multiple gateways configured. ... RED SKULL
07:42 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled
Updating subject for release notes. Jim Pingle
07:11 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save
Jim Pingle
02:55 AM Regression #13748: DHCP server "Disable Ping Check" option does not store value on save
Tested on
@23.01-DEVELOPMENT (amd64)
built on Wed Dec 14 06:05:14 UTC 2022
FreeBSD 14.0-CURRENT@
The "<disab... Lev Prokofev
04:08 AM Regression #13522: Minnowboard Turbot additions are no longer present
Tested on MBT-2220
2.7.0-DEVELOPMENT (amd64)
built on Tue Dec 15 06:07:19 UTC 2022
FreeBSD 14.0-CURRENT
No vi... Lev Prokofev
03:28 AM Bug #12926: Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
Tested on 22.05.
I restored the same HA cluster on current 22.05 and got the same result - after changing LAGG typ... Azamat Khakimyanov
02:37 AM Bug #12926 (Confirmed): Changing LAGG type on CARP interfaces makes VIPs go to an "init" State
Tested on 22.01
I was able to reproduce this bug.
I've created HA cluster with LAGG interface on each node and 30... Azamat Khakimyanov
02:21 AM Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages
I am having the same issue in 22.05. Netgate XG1541 van trung tran

12/14/2022

06:38 PM Revision 7cae10a3: Revert "Correct includes/load order in guiconfig.inc. Fixes #13757"
This reverts commit 2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
06:23 PM Revision 2a24c162: Correct includes/load order in guiconfig.inc. Fixes #13757
The recent change here ended up loading some things out of order. Jim Pingle
04:49 PM Revision e3d247ec: Another DDNS empty entry fix. Fixes #13581
Jim Pingle
04:45 PM Revision 00d3003d: Improve handling of empty DDNS entries. Fixes #13581
Jim Pingle
04:35 PM Revision 2067a034: Revert "Add shells/zsh to poudriere_bulk"
This reverts commit a360b261b33663b062b20ec15f3f7b5082e6e2bd.
This requires man(1) which we do not have so revert th... Brad Davis
03:33 PM pfSense Docs Todo #13760 (Rejected): Feedback on Development — Executing Commands at Boot
*Page:* https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html
*Feedback:*
This page does no... Jon Brown
03:29 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``
Draft MR: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/984
At the moment the least disruptive way t... Jim Pingle
01:58 PM Regression #13757 (In Progress): Circular dependency issue in ``auth.inc``/``authgui.inc``
That fix attempt ended up not incomplete, it could break CSRF in certain cases.
Still experimenting and checking i... Jim Pingle
12:30 PM Regression #13757 (Feedback): Circular dependency issue in ``auth.inc``/``authgui.inc``
Applied in changeset commit:2a24c162e0a8e69d176c54b5a7be09b23cb233f8. Jim Pingle
12:26 PM Regression #13757: Circular dependency issue in ``auth.inc``/``authgui.inc``
Looks like this may have broken in commit:746f30e3ce1ff39c226a73bf87c86dd370ef239c with the added includes changing t... Jim Pingle
11:49 AM Regression #13757 (Resolved): Circular dependency issue in ``auth.inc``/``authgui.inc``
Some parts of @auth.inc@ use a check for a function before doing some GUI-specific checks:... Jim Pingle
02:58 PM Feature #13758: OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi
While there is definitely room for improvement here, you can get the OpenVPN ID by editing an instance directly. It's... Jim Pingle
02:24 PM Feature #13758 (New): OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi
h1. Background
This came about because I am creating a command to be run by Shellcmd to disable an OpenVPN service... Jon Brown
02:48 PM Revision a360b261: Add shells/zsh to poudriere_bulk
Christian McDonald
02:44 PM Feature #13759 (New): Ability to disable services on boot up
h1. The feature
I would like the ability to prevent selected services from being enabled during bootup.
h1. Why... Jon Brown
02:05 PM Revision 374dd9fe: UPnP rule/service cleanup. Fixes #13755
* Fix several incorrect config paths/tests
* Fix UPnP local interface automatic rule to pass traffic into UPnP
itse... Jim Pingle
11:36 AM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
Chris W
11:36 AM Regression #13754: DHCPv4 rules are not automatically created
Looks good. This is present in Firewall-Generated Ruleset.txt:... Chris W
07:25 AM Regression #13754 (Feedback): DHCPv4 rules are not automatically created
Applied in changeset commit:46c9508efb21a8c809dda5b1cc47a4218399a04f. Marcos M
11:24 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-16:
> There is a second commit for the widget, commit:e3d247ec
Fixes my issues with #13... Ronald Schellberg
11:17 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
There is a second commit for the widget, commit:e3d247ec Jim Pingle
11:08 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-13:
> I found several places that can trigger errors the same way between traditional DynD... Ronald Schellberg
10:55 AM Regression #13581 (Feedback): Empty Dynamic DNS entry causes PHP errors in various contexts
Applied in changeset commit:00d3003d9aad824e4d51dd908c234ffebd5a3516. Jim Pingle
10:24 AM Regression #13581 (In Progress): Empty Dynamic DNS entry causes PHP errors in various contexts
OK I can reproduce these errors but only with an empty entry in the configuration, such as:... Jim Pingle
11:23 AM Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled
Tested:... Steve Wheeler
11:22 AM Bug #13756 (Resolved): Rules for authenticated Captive Portal users are not removed when a zone is disabled
Users that have been authenticated by the captive portal are added as ether pass rules to the 'cpzoneid_X_auth' ancho... Steve Wheeler
08:25 AM Bug #13755 (Feedback): Multiple incorrect configuration paths in recent UPnP code changes
Applied in changeset commit:374dd9fe6a456d09cb41515b913396ac0992467d. Jim Pingle
08:05 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
I spotted another incorrect configuration path usage in there as well as I was testing. Commit coming shortly.
 Jim Pingle
07:26 AM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
There is at least one other place using the same incorrect test for upnp being enabled, and I'd prefer a slightly dif... Jim Pingle
03:53 AM Bug #13014: Deadlock in Charon VICI interface
Jim Pingle wrote in #note-21:
> It didn't get pushed back to the next version, there won't be a 22.11 as there is sti... james greenhill
03:42 AM Revision 46c9508e: Fix config access regressions in filter.inc. Fix #13754
Marcos M
12:55 AM pfSense Packages Feature #10818: UDP Broadcast Relay
The underlying package (https://github.com/marjohn56/udpbroadcastrelay) does not support IPv6 (https://github.com/mar... Djon K

12/13/2022

10:38 PM Regression #13635 (Resolved): Interface speed and duplex selection defaults to non-default option
Marcos M
10:13 PM Feature #385 (In Progress): Allow the use of Captive Portal to restrict services on the firewall itself.
Marcos M
10:11 PM Bug #13215 (Incomplete): Allowed MAC/IP/Hostname traffic counts for authorized users
Marcos M
10:01 PM Regression #13754 (Pull Request Review): DHCPv4 rules are not automatically created
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/980 Marcos M
08:36 PM Regression #13754 (Resolved): DHCPv4 rules are not automatically created
Tested on @23.01.a.20221213.1812@.
With DHCPv4 Server enabled, rules allowing DHCP traffic are not automatically c... Marcos M
09:59 PM Bug #13755 (Pull Request Review): Multiple incorrect configuration paths in recent UPnP code changes
Marcos M
09:58 PM Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes
The miniupnp auto rule has been broken since the code was committed due to the invalid config path access, and due to... Marcos M
09:55 PM Bug #13755 (Resolved): Multiple incorrect configuration paths in recent UPnP code changes
The automatic rule @pass multicast traffic to miniupnpd@ is never created. Marcos M
09:39 PM Revision 30196510: Fix direct config accesses in unbound for php81
Christian McDonald
09:02 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle wrote in #note-11:
> Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete ... Ronald Schellberg
12:33 PM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Do you maybe have a blank entry under the RFC2136 tab for dynamic DNS? If so, delete it.
That's about the only way I... Jim Pingle
06:48 PM Revision 503e7e8c: Fix DHCP server ping check option. Fixes #13748
Jim Pingle
03:08 PM pfSense Packages Bug #13753 (New): Gateway groups stop sending traffic if they contain wireguard tunnels
I have a dual-isp setup running on an xg7100. Cox and Starlink. I have been able to configure two wireguard tunnels, ... Dan Tentler
12:55 PM Regression #13748 (Feedback): DHCP server "Disable Ping Check" option does not store value on save
Applied in changeset commit:503e7e8cfde3127068b2c5aaef6ccc01e80036d4. Jim Pingle
12:45 PM pfSense Packages Bug #13752 (Resolved): Avahi broken on PHP 8.1
Clea install of 23.01.a.20221213.0600.
Installed avahi from packages.
Click on Services > Avahi... Erik Osterholm
10:53 AM Feature #13751 (New): Add language to IPsec configuration for disabled ciphers
Apparently it is confusing to users to have inapplicable hash methods disabled in the IPsec configuration pages.
A... Chris Linstruth
07:31 AM Bug #13436 (Resolved): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
This issue was specifically about the variable names being incorrect which was causing the validation to be non-funct... Jim Pingle
07:27 AM Bug #13436 (In Progress): Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
Should this be in Feedback, Resolved, or is there more work to be done based on the last feedback? Chris Linstruth
07:18 AM Regression #13614 (Resolved): Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Jim Pingle
05:34 AM Regression #13614: Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
no more errors. Good to close out RED SKULL
06:44 AM Regression #13739 (Resolved): Interfaces without a configured name appear as lowercase
This looks good in todays snap.
Tested:... Steve Wheeler
05:29 AM pfSense Docs Correction #13750 (Resolved): "Using Software from FreeBSD"
The topic "Using Software from FreeBSD" is missing information.
The text says to modify the file */usr/local/etc/p... Michel Pereira

12/12/2022

09:46 PM Bug #7553 (Resolved): Captive portal on a parent interface blocks traffic on VLAN interfaces too
Tested on latest 23.01 snap - this is no longer an issue. Marcos M
09:42 PM Bug #12467 (Resolved): CP error on client disconnect after reboot
Tested on latest snap - I'm not seeing this error in any logs, nor the extra files. Marcos M
09:35 PM Bug #12730 (Resolved): RADIUS accounting does not work if WAN is down
Marcos M
09:28 PM Bug #13148 (Resolved): Traffic passed by Captive Portal cannot use limiter queues on other rules
Tested on latest snap - this is indeed fixed. Marcos M
09:11 PM Bug #13215 (New): Allowed MAC/IP/Hostname traffic counts for authorized users
These needs further testing/explanation.
If the issue is that rules under @cpzoneid_2_allowedhosts@ will have thei... Marcos M
09:09 PM Bug #13014: Deadlock in Charon VICI interface
I have some 40+ spoke firewalls with new ones deploying weekly. Each FW is initiating 3 IPSec VPNs.
While the VPN is... Roman Kazmierczak
08:26 PM Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue
The root issue here is actually #11556. When @pfSense_kill_states()@ is called, the state on WAN using NAT will remai... Marcos M
06:50 PM Regression #13290 (Resolved): Error ``dummynet: bad switch 21!`` when using Captive Portal with Limiters
Marcos M
06:41 PM Bug #13475 (Duplicate): Captive Portal per-user limiters malfunction
Marcos M
06:36 PM Bug #13477 (Resolved): Captive Portal disconnecting a single user stops all traffic.
Tested latest snap. This is no longer a problem after the fix in the related issue #13488. Marcos M
06:13 PM Regression #13490 (Not a Bug): blocking mac addresses in captive portal
As mentioned, more info would be needed for 22.05 to be considered a bug. Note that even after the MAC rule has been ... Marcos M
06:09 PM Bug #13736 (Not a Bug): Captive Portal service restart needed after MAC bypass
Marcos M
06:08 PM Bug #13742 (Not a Bug): Captive Portal MAC bypass - pf rules are not enforced
I was unable to reproduce the reported issue on the latest snap - the client with the bypass MAC correctly bypasses R... Marcos M
05:14 PM Regression #13418 (Pull Request Review): Captive Portal does not keep track of client data usage
Marcos M
01:41 PM Regression #13418 (In Progress): Captive Portal does not keep track of client data usage
Thank you for testing - there looks to be a type casting issue in php-pfSense-module.
https://gitlab.netgate.com/pfSe... Marcos M
01:32 PM Regression #13418: Captive Portal does not keep track of client data usage
Counters still zero... Chris Linstruth
03:37 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work
Tested the patch - I am now able to authenticate using MSCHAPv2! Marcos M
02:38 PM Regression #13749 (Feedback): RADIUS auth using CHAP does not work
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/5601fb0b0bb0c733aece989bd8a71882c1fd9118
Should be fixed... Christian McDonald
12:58 PM Regression #13749 (Resolved): RADIUS auth using CHAP does not work
In 23.01, PAP works but CHAP protocols (e.g. MSCHAPv2) do not when authenticating with a RADIUS backend.
The error... Marcos M
02:51 PM Bug #13716: CVE-2022-23093 / FreeBSD-SA-22:15.ping
Further "clarification from FreeBSD":http://docs.freebsd.org/cgi/mid.cgi?CAPyFy2AMKEorH6v2VLG_g0UOyZdcpXb0YjZbc+-0=-d... Jim Pingle
02:09 PM Revision 8fec79ad: Restore default interface media selection. Fix #13635
Marcos M
02:08 PM Revision 5c7cda13: Restore default description behavior. Fix #13739
Marcos M
02:00 PM Feature #2676: Reply-to option in firewall rule
Upvote for this request.
We have a rare scenario that requires this reply-to been added to some of the firewall rule... Billy Yao
01:12 PM pfSense Plus Regression #13741: Update message interpreted as the available version
Yes, the message error affects any device that receives it. Not limited to aarch64.... Steve Wheeler
08:20 AM Regression #13635 (Feedback): Interface speed and duplex selection defaults to non-default option
Applied in changeset commit:8fec79ad597ff0d25674c249594fe2043817fb56. Marcos M
08:15 AM Regression #13739 (Feedback): Interfaces without a configured name appear as lowercase
Applied in changeset commit:5c7cda134dbcffe3ff4a2387b6d8a83fc9d03aa3. Marcos M
08:14 AM Regression #13747 (Duplicate): Captive Portal blocked MAC addresses are not blocked
Appears to be a duplicate of #13742 Jim Pingle
01:21 AM Regression #13747 (Resolved): Captive Portal blocked MAC addresses are not blocked
See here https://forum.netgate.com/topic/176356/captive-portal-bypass-issue/13
This test : https://github.com/pfse... Gertjan KROEB
08:04 AM Regression #13744 (Resolved): Debug output shown on dashboard
Jim Pingle
07:51 AM Regression #13744: Debug output shown on dashboard
I can confirm that this is fixed with:
2.7.0-DEVELOPMENT (amd64)
built on Mon Dec 12 06:07:23 UTC 2022
FreeBSD 1... RED SKULL
08:03 AM pfSense Plus Regression #13726 (Resolved): pkg-utils.inc error at first boot
Jim Pingle
07:49 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
Traffic graphs are still working but saw this error after updating this AM:
PHP ERROR: Type: 1, File: /etc/inc/auth.... TyphooN .
07:36 AM pfSense Plus Bug #11626 (Feedback): Google LDAP connections fail due to lack of SNI for TLS 1.3
Jim Pingle
07:35 AM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Jim Pingle
07:35 AM pfSense Plus Regression #13724 (Resolved): pfSense-upgrade breaks the pkg repo conf
Jim Pingle
07:32 AM pfSense Plus Feature #13649 (Resolved): Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
Jim Pingle
07:32 AM Bug #12645 (Resolved): ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
The filterdns part is likely OK then. IIRC there may be an open issue for that other quirk already, it seems familiar... Jim Pingle
06:33 AM Regression #13748 (Resolved): DHCP server "Disable Ping Check" option does not store value on save
Tested on 22.05 and latest 23.01-DEV
When 'Disable Ping Check' option checked and "Save' button pressed, system sh... Azamat Khakimyanov

12/11/2022

11:50 PM Regression #13660 (Feedback): PHP8.1 error after applying floating rules changes
Applied in changeset commit:483512b3a3226132b7b249f7ea3e2146d3829c23. Reid Linnemann
07:10 PM Bug #13736: Captive Portal service restart needed after MAC bypass
I was not able to reproduce this issue on 23.01. After the MAC was added in Captive Portal, the client was able to ac... Marcos M
06:25 PM pfSense Packages Bug #13746: Removing Watchdog Show me other applications installed
Christian McDonald wrote in #note-1:
> This isn't unique to service watchdog, there was some debug bits in the XML p... Peter Moreno
06:15 PM pfSense Packages Bug #13746 (Duplicate): Removing Watchdog Show me other applications installed
This isn't unique to service watchdog, there was some debug bits in the XML parser that accidentally made it into a p... Christian McDonald
06:03 PM pfSense Packages Bug #13746 (Duplicate): Removing Watchdog Show me other applications installed
Hello guys.
I'm working with PFsense 2.7.x Watchdog-1.8.7_1.
Pfsense:
2.7.0-DEVELOPMENT (amd64)
built on F... Peter Moreno
01:47 PM pfSense Packages Bug #13745 (New): pfBlockerNG doesn't resolve aliases in supression alias list
When adding another alias to the pfBlockerNGSuppresion alias it is not resolved. I would expect that at least all oth... Flole Systems
12:31 PM Regression #13635 (Pull Request Review): Interface speed and duplex selection defaults to non-default option
Fix https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/975 Marcos M
12:09 PM Regression #13739 (Pull Request Review): Interfaces without a configured name appear as lowercase
Marcos M
12:09 PM Regression #13739: Interfaces without a configured name appear as lowercase
Fix https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/974 Marcos M
11:43 AM Bug #13014: Deadlock in Charon VICI interface
I am running 2.7.0.a.20221202.0600 on my firewall at the current time so I installed the strongswan package above for... David Vazquez
11:39 AM Bug #13014: Deadlock in Charon VICI interface
we have new developers for this topic Hi Mateusz.
I Have this same issue in my configuration on production. One or... Rafał Kaźmierowski
11:34 AM Feature #12190: Ability to use an IPv6 prefix in firewall rules
Marcos M wrote in #note-2:
> This is possible in rules, but not practical to implement in aliases, see https://redmi... Greg Wallace
11:21 AM Feature #12190 (Rejected): Ability to use an IPv6 prefix in firewall rules
This is possible in rules, but not practical to implement in aliases, see https://redmine.pfsense.org/issues/6626#not... Marcos M
11:31 AM Bug #13659 (Resolved): replace direct config accesses for system/webgui paths in system_advanced_admin.inc
Marcos M
11:29 AM Regression #13744 (Feedback): Debug output shown on dashboard
It seems this was fixed with https://github.com/pfsense/pfsense/commit/2c8f5e09d54071db912638429e6a370efe544a62. Marcos M
10:59 AM pfSense Docs New Content #10311: Default net.link.ifqmaxlen value leads to packet loss under load in OpenVPN
Chris Collins wrote in #note-5:
> Interestingly its forced to a value of 128 now.
>
> If set it inside on /boot/l... Marcos M
09:57 AM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
> I shouldn't be required to send DHCP over the bridge
From what I understand, if no DHCP range is set, then there wo... Marcos M
09:20 AM Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled
Can someone explain this bug fix to me? It seems like it may have been driven by a change in OpenVPN itself, but this... Yousif Hassan
08:58 AM Feature #6626: Support for IPv6 firewall entries with dynamic delegated prefix and static host address
Thilo Gass wrote in #note-39:
> Format for source or destination address is {LAN-56}2601:db8::dead:beef
>
> but... Thilo Gass
08:50 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc
I was able to replicate that previously. Looks good in the current snap on all archs.
Tested:... Steve Wheeler
08:22 AM pfSense Plus Regression #13741: Update message interpreted as the available version
You will only see it on a system that is sent a message. I believe that's only the aarch64 supported devices right no... Steve Wheeler
07:52 AM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
FWIW: I get these errors whenever I (try to) delete a snapshot that is the parent snapshot of another clone. But dele... Jonas R
05:09 AM pfSense Packages Bug #13409: Copy button for Optional pre-shared key for this tunnel works in HTTPS mode only
Still persist such behavior on
23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 UTC 2022
FreeBSD 14.0-CURRENT aleksei prokofiev

12/10/2022

10:05 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced
Ive noticed that there are anchor rules that do not apply as there is no MAC bypass available. Its as if the config i... Mike Moore
07:17 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced
Can you help me diagnose this then because im really not understanding how this is currently possible?
I cant use an... Mike Moore
06:45 PM Bug #13742: Captive Portal MAC bypass - pf rules are not enforced
I tested this in Dec 10th build of 23.01 pfSense Plus and was unable to reproduce this. I did the following:
1. Cre... Kris Phillips
05:38 PM Bug #13742 (Not a Bug): Captive Portal MAC bypass - pf rules are not enforced
I am able to bypass all firewall rules for an Interface that has Captive Portal enabled using MAC or IP bypass.
This... Mike Moore
09:45 PM Regression #13744 (Resolved): Debug output shown on dashboard
Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #0 devel-main-n2558... RED SKULL
08:39 PM Bug #13659: replace direct config accesses for system/webgui paths in system_advanced_admin.inc

WebGUI redirect option is showing up in System>Advanced
23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 ... Alhusein Zawi
08:06 PM pfSense Plus Regression #13726: pkg-utils.inc error at first boot
not seeing this on fresh install using 23.01-amd64-20221210-0318 build Jordan G
06:57 PM pfSense Plus Regression #13726: pkg-utils.inc error at first boot
No longer seeing this on the December 10th builds. Looks fixed. Kris Phillips
07:18 PM pfSense Plus Bug #11626: Google LDAP connections fail due to lack of SNI for TLS 1.3
Builds for 23.01 are including openldap26-client version 2.6.3, so this can probably be marked as Feedback. Kris Phillips
07:12 PM pfSense Plus Bug #13348: Error when deleting ZFS Boot Environment created from duplicate of non-default entry
This should probably be marked as Incomplete. Kris Phillips
07:07 PM pfSense Plus Regression #13741: Update message interpreted as the available version
Steve Wheeler wrote:
> In some circumstances the message sent by the update server is seen as the available version ... Kris Phillips
09:00 AM pfSense Plus Regression #13741 (Resolved): Update message interpreted as the available version
In some circumstances the message sent by the update server is seen as the available version by the GUI upgrade page:... Steve Wheeler
07:03 PM pfSense Plus Regression #13712: PHP error: pkg-utils.inc
Not seeing
Lev Prokofev wrote in #note-6:
> Tested on
>
> @23.01-DEVELOPMENT (amd64)
> built on Thu Dec 08 0... Kris Phillips
07:00 PM pfSense Plus Regression #13743: Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
Confirmed that the drop down appears to show 22.05 Stable, but oddly it shows the current 23.01 build in both the "Cu... Kris Phillips
06:46 PM pfSense Plus Regression #13743 (Closed): Latest snapshot defaults to 22.05 branch selected which can pull that version's package information
23.01-DEVELOPMENT (amd64)
built on Sat Dec 10 03:22:16 UTC 2022
FreeBSD 14.0-CURRENT
On a fresh installation, Sy... Chris W
06:49 PM Bug #13687: Cannot add limiters named ``new``
No longer able to reproduce this bug in the Dec 10th builds of 23.01. It appears this may be fixed. Kris Phillips
04:33 PM Bug #13729: Gateways stuck in Unknown status
Jordan Greene wrote in #note-5:
> what virtual environment, host version, etc?
Qemu 7 with 3 virtio network inter... Nazar Mokrynskyi
04:17 PM Bug #13729: Gateways stuck in Unknown status
what virtual environment, host version, etc? Jordan G
07:37 AM Bug #13729: Gateways stuck in Unknown status
Marcos M wrote in #note-3:
> I would not recommend it for production, but it should be fine for personal use.
It ... Nazar Mokrynskyi
04:10 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf
Updating from 23.01.a.20221206.1416 to 23.01.a.20221210.0318 required running pkg update -f && pkg upgrade or being... Jordan G
12:13 AM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf
Happy to confirm that Glenn's approach worked for me as well now. After nearly a month of breakage, I'm back on the d... Nick Goehring
03:45 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
I tested using both the Emerging Threats Open rules and the Emerging Threats Pro rules in a 2.7.0-DEVEL CE virtual ma... Bill Meeks
02:29 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
I presume this was initially opened using the ETOpen rule list and not the ETPro list. ETOpen working fine on:
23.... Chris W
01:02 PM pfSense Plus Feature #13649: Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO

added as shown
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022 Alhusein Zawi
10:12 AM Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes
Tested against:... Danilo Zrenjanin
08:37 AM Regression #13739: Interfaces without a configured name appear as lowercase
In addition this changes the auto generated gateway name for any dynamic gateway on an affected interface.
So if W... Steve Wheeler
07:41 AM Bug #11730 (Resolved): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists
Tested against:... Danilo Zrenjanin

12/09/2022

09:30 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf
Thanks for the feedback! Christian McDonald
09:00 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf
Working for me now. Was able to successfully upgrade from 22.05 to 23.01.a.20221209.1819.
Since the upgrade had prev... Glenn Hall
02:49 PM pfSense Plus Regression #13724: pfSense-upgrade breaks the pkg repo conf
on an SG5100 running 22.05. Attempting to switch to the 23.01 branch no longer breaks the upgrade/pkg function on my ... Nick Goehring
12:01 PM pfSense Plus Regression #13724 (Feedback): pfSense-upgrade breaks the pkg repo conf
Fixed in the latest snapshot.
Only make the link after complete the repo settings download. Luiz Souza
07:32 PM pfSense Packages Regression #13697: pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1
Not seeing the original error anymore with -devel version 3.1.0_14 on:
2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 09... Chris W
06:53 PM Revision 483512b3: Prevent get_pf_rules() from indexing a string error. Fixes #13660
pfSense_get_pf_rules(), which populates the $rulescnt variable sent to
get_pf_rules(), will terminate its loop fetchi... Reid Linnemann
05:24 PM Revision c7f74fcc: Add phpunit/phpunit to composer as dev dependency
Christian McDonald
04:48 PM Regression #13739: Interfaces without a configured name appear as lowercase
The interfaces lack a descr tag initially, so they are assumed to be the internal name of the interface ('wan', 'lan'... Jim Pingle
11:37 AM Regression #13739: Interfaces without a configured name appear as lowercase
Jim Pingle wrote in #note-1:
> Where exactly are they printed lowercase?
>
> Boot output? The console menu? A das... Christopher Cope
11:22 AM Regression #13739: Interfaces without a configured name appear as lowercase
Where exactly are they printed lowercase?
Boot output? The console menu? A dashboard widget? Interface status page... Jim Pingle
11:20 AM Regression #13739 (Resolved): Interfaces without a configured name appear as lowercase
... Christopher Cope
04:12 PM pfSense Packages Bug #13640 (Resolved): PHP Error: util.inc:1932
Tested on... Christopher Cope
02:04 PM pfSense Plus Feature #13740 (New): Feature Request: Mark Boot Environments with different properties. I.e "No boot", "No Delete" etc etc
Boot snapshots are awesome. However. I see huge potential for expanding the features on these. So here are a few sugg... Jonas R
01:18 PM Revision 2c8f5e09: Remove leftover debug prints.
Jim Pingle
12:59 PM Regression #13661 (Resolved): Input validation issues on firewall_shaper.php
Tested against:... Danilo Zrenjanin
12:20 PM Regression #13660: PHP8.1 error after applying floating rules changes
This is probably another case where the returned array can contain an element keyed 'error' that indicates some error... Reid Linnemann
12:17 PM pfSense Packages Bug #13641 (Not a Bug): PHP Error: squid.inc:852
I'm going to close this as not a bug, when we upgrade php we expect php errors before the packages are updated. Reid Linnemann
12:16 PM pfSense Packages Bug #13641 (Assigned): PHP Error: squid.inc:852
Reid Linnemann
12:15 PM Bug #13529 (Resolved): Intel i226 network interfaces do not honor a manually selected link speed
Reid Linnemann
11:59 AM pfSense Plus Regression #13726 (Feedback): pkg-utils.inc error at first boot
The PHP has to be initialized before calling pfSense-upgrade in the first boot.
Fixed in 3f97a8052c5767bfb7e20d1b8... Luiz Souza
10:50 AM Regression #13614: Cannot Edit Firewall Rules - 2.7.0-DEVELOPMENT (amd64) built on Mon Oct 31 06:05:27 UTC 2022
Don't see listed errors on
@2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 09 06:13:30 UTC 2022
FreeBSD 14.0-CURR... Lev Prokofev
10:35 AM Bug #12960 (Resolved): VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes
This is working properly for both EFI and legacy BIOS installs. Either way, when visiting the page for the first time... Jim Pingle
10:16 AM Bug #13280 (Resolved): Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
No, those are unrelated. They are added during the process that builds the images and are left as-is in the file, the... Jim Pingle
10:03 AM Regression #13735 (Resolved): UPnP service status is incorrect when disabled
Service is now hidden when disabled. Jim Pingle
09:57 AM Bug #13737: Killing OpenVPN client connection from dashboard widget fails with error
The affected Version is
2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022 me me
07:26 AM Bug #13737 (Duplicate): Killing OpenVPN client connection from dashboard widget fails with error
Duplicate of #12817 Jim Pingle
03:48 AM Bug #13737: Killing OpenVPN client connection from dashboard widget fails with error
I couldn't replicate this issue on the following releases:... Danilo Zrenjanin
01:23 AM Bug #13737 (Duplicate): Killing OpenVPN client connection from dashboard widget fails with error
When I tried to kill a OpenVPN client connection from the dashboard OpenVPN widget it failed (see attached PHP_errors... me me
09:41 AM Bug #13295 (Resolved): Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc``
Closing as it seems to be correct now in the code, even if it didn't impact much (if anything), can always reopen if ... Jim Pingle
09:36 AM Bug #13736: Captive Portal service restart needed after MAC bypass
Here are a list of specific issues in Captive Portal on 23.01 (most are already resolved):
https://redmine.pfsense... Jim Pingle
08:52 AM Bug #13736: Captive Portal service restart needed after MAC bypass
Thanks for the feedback Jim.
Would you happen to have the changelog just for Captive Portal?
Its going to take m... Mike Moore
07:29 AM Bug #13736 (Feedback): Captive Portal service restart needed after MAC bypass
Can you try this on a development snapshot? There have been a number of captive portal fixes there after 22.05 and th... Jim Pingle
09:32 AM pfSense Packages Regression #13628 (Resolved): FreeRADIUS Users cleared out each time a user is add, removed, or modified
Seems to be working OK on current snaps+package version. Users are listed in the GUI OK, I can modify them, and the u... Jim Pingle
08:57 AM Bug #13014: Deadlock in Charon VICI interface
I've built strongswan packages for 22.05 (should also work on 2.6.0) and 23.01:
https://people.freebsd.org/~kp/stron... Kristof Provost
07:25 AM pfSense Packages Bug #13642 (Resolved): PHP Error: frr_zebra.inc:159
This appears to be OK on a current snap with the latest package (After removing some leftover debug prints in the bas... Jim Pingle
01:48 AM pfSense Packages Bug #13642: PHP Error: frr_zebra.inc:159
I had neglected originally to bump the portrevision, so the package was not actually rebuilt. That has been done as o... Reid Linnemann
07:25 AM pfSense Packages Bug #13564 (Resolved): PHP error after creating a Route Map
This appears to be OK on a current snap with the latest package (After removing some leftover debug prints in the bas... Jim Pingle
01:49 AM pfSense Packages Bug #13564: PHP error after creating a Route Map
The above commit adds a workaround if the user's config.xml already has empty config tags in the frrglobalroutemaps tag. Reid Linnemann
07:23 AM Regression #13581 (Resolved): Empty Dynamic DNS entry causes PHP errors in various contexts
Jim Pingle
06:26 AM Regression #13581: Empty Dynamic DNS entry causes PHP errors in various contexts
After upgrading to v2.7.0.a.20221209.0600 I am no longer experiencing this issue and can see the graphs. TyphooN .
02:10 AM pfSense Plus Regression #13712 (Feedback): PHP error: pkg-utils.inc
Danilo Zrenjanin
02:05 AM pfSense Plus Regression #13712: PHP error: pkg-utils.inc
Tested on
@23.01-DEVELOPMENT (amd64)
built on Thu Dec 08 06:08:06 UTC 2022
FreeBSD 14.0-CURRENT@
It works fin... Lev Prokofev
01:28 AM pfSense Packages Bug #13738 (Resolved): Typo under Services/Snort/Interface Settings/WAN - Rules
Once at the rules selection page, the "Category Selection:" should be set to "User Forced Disabled Rules"
Hover the ... Danilo Zrenjanin
12:14 AM Revision 63a0efce: Work around for empty config tags. Fixes #13564.
Related to issue #13642, the serialization of route maps was broken for a time
in such a way that the frrglobalroutem... Reid Linnemann

12/08/2022

10:03 PM Revision 663a93e4: globals.inc needs to be sourced in auth_func.inc
Christian McDonald
09:11 PM Revision 4fb9658d: Improve visibility of select fields in dark theme. Fix #11730
Marcos M
09:03 PM Revision 2568e151: Rector direct global g accesses
Christian McDonald
08:28 PM Revision 7e8a2c76: Merge branch 'rcm-rector'
Christian McDonald
08:24 PM Revision 255a18ee: Introduce GlobalGGetExprRector.php
Christian McDonald
07:15 PM Revision b573f119: Use correct UPnP enabled test. Fixes #13735
Jim Pingle
06:32 PM Bug #13736: Captive Portal service restart needed after MAC bypass
Found perhaps an associated issue with this bug.
Once the clients are added to the whitelist on Captive Portal, Fir... Mike Moore
06:25 PM Bug #13736 (Not a Bug): Captive Portal service restart needed after MAC bypass
When using either MAC or IP address bypass in Captive Portal for a Guest WLAN setup, when entering a MAC address for... Mike Moore
06:20 PM pfSense Packages Bug #13564 (Feedback): PHP error after creating a Route Map
Applied in changeset pfsense:commit:63a0efce7eb90ddea102e79a6750d4c19605f1cf. Reid Linnemann
04:53 PM pfSense Packages Bug #13564: PHP error after creating a Route Map
I neglected to tick the portrevision when I fixed this in #13642, I have corrected that and the next build should hav... Reid Linnemann
11:20 AM pfSense Packages Bug #13564 (New): PHP error after creating a Route Map
I still get errors here:... Jim Pingle
03:39 PM pfSense Packages Bug #13587 (Resolved): Zabbix-agent62 install fails
Test version zabbix-agent62 version 1.0.6 on... Christopher Cope
03:37 PM Bug #13240 (Resolved): User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length
Working correctly on current snap Jim Pingle
03:36 PM Bug #13364 (Resolved): Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``
Working correctly on current snap Jim Pingle
03:30 PM Bug #13493 (Resolved): Several advanced DHCP6 client options do not inform the user when rejecting invalid input
Working as expected now Jim Pingle
03:21 PM Todo #13501 (Resolved): Clean up obsolete code in ``pfSense-dhclient-script``
Old unused code block is gone and things are still working normally. Closing. Jim Pingle
03:20 PM Bug #11730 (Feedback): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists
Applied in changeset commit:4fb9658da45fb6b0fcda92607ded50456bf0d0b6. Marcos M
03:09 PM Revision 01d714a1: Add nikic/php-parser as a composer dev dependency
Christian McDonald
02:48 PM Bug #13253 (Resolved): ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6
Jim Pingle
02:31 PM Bug #12632 (Resolved): Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Seems to be doing the right/expected thing. It prompts to set the default gateway and does so when instructed.... Jim Pingle
02:14 PM Bug #4500 (Resolved): UPnP/NAT-PMP status page does not display all port mappings
Jim Pingle
02:13 PM Todo #13648 (Resolved): Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing)
I've tried the upgrade path several more times and it's been doing the right/expected thing each time. Deprecated ent... Jim Pingle
01:40 PM Regression #13735 (Feedback): UPnP service status is incorrect when disabled
Applied in changeset commit:b573f1194c44baf82fe2d0b094032e72207865ae. Jim Pingle
01:14 PM Regression #13735 (Resolved): UPnP service status is incorrect when disabled
When the UPnP service is disabled (top checkbox unchecked), the service is still listed but shown as stopped.
It s... Jim Pingle
01:23 PM pfSense Plus Bug #13664 (Resolved): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30)
Jim Pingle
01:08 PM pfSense Plus Bug #13664: GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30)
Testes against the following release:... Danilo Zrenjanin
01:22 PM Todo #13357 (Resolved): Spelling and typo corrections
These have been in for almost a month, should be good to close as there hasn't been any observed negative impact. Jim Pingle
01:07 PM Regression #13604 (Resolved): OpenVPN service status is incorrect
Works as expected. Jim Pingle
12:43 PM Regression #13373 (Resolved): IPsec rejects certificates if any SAN is wildcard rather than rejecting when **all** SANs are wildcard
A cert with both a wildcard and non-wildcard SAN works on current snapshots.
 Jim Pingle
10:55 AM Bug #12757 (Resolved): Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc``
The code in question is gone. Jim Pingle
10:24 AM Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link
If we can find a fix maybe we can get this in but I don't see this as being a blocker for 23.01. Jim Pingle
10:21 AM Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link
Might be related to https://redmine.pfsense.org/issues/7981 Danilo Zrenjanin
10:20 AM Bug #13734 (New): PPP interfaces with a QinQ parent can't initialize the PPPoE node for link
After defining PPPoE using a QinQ interface as a parent, the PPPoE node for the link can't be initialized.
Here ar... Danilo Zrenjanin
10:23 AM Bug #13014: Deadlock in Charon VICI interface
A way to reproduce it reliably, but I appreciate that that's not easy (I've been trying to get one for two days, afte... Kristof Provost
10:07 AM Bug #13014: Deadlock in Charon VICI interface
Kristof Provost wrote in #note-30:
> I've tried running charon under valgrind's helgrind and drd tools. The idea was... David Vazquez
07:24 AM Bug #13014: Deadlock in Charon VICI interface
I've tried running charon under valgrind's helgrind and drd tools. The idea was to identify any lock misuse or lock o... Kristof Provost
08:08 AM Todo #13731 (Resolved): Add multicast group membership (``ifmcstat``) to ``status.php``
Output is present on a current snap. Jim Pingle
08:06 AM Bug #13479 (Resolved): Input validation is checking RAM disk sizes when they are inactive
Working as expected.
 Jim Pingle
08:05 AM Bug #12737 (Resolved): CA path is not defined when using ``curl`` in the shell
Working as expected. Mark a CA as trusted and cURL in a shell prompt can connect to a server with a cert signed by th... Jim Pingle
07:55 AM Todo #13718 (Resolved): Improve LDAP debugging
This is working well. Go to Diag > Auth, pick the server, enter the credentials, check the debug box and:... Jim Pingle
07:41 AM pfSense Plus Regression #13712 (Resolved): PHP error: pkg-utils.inc
Tested against:... Danilo Zrenjanin
02:51 AM Revision 089c14df: Update Rector to v0.15
Christian McDonald

12/07/2022

11:27 PM Bug #13014: Deadlock in Charon VICI interface
We have tried everything based on....
https://forum.netgate.com/topic/172075/my-ipsec-service-hangs/6
We now have o... Dan Bailey
10:10 PM pfSense Packages Feature #13733 (Resolved): Upgrade ha proxy 2.6
As above, 2.6 has been out since May 2022, opnsense has it!
devel branch still only 2.5.5 Darren Taylor
09:20 PM Feature #13732: Allow the use of macros within aliases
I agree it can be tedious. There's the @Copy@ button on the rules page which does make it easier. Marcos M
01:08 PM Feature #13732: Allow the use of macros within aliases
In ipv6 we now receive public ip locally and this is dynamic.
The old way to block private IP is not an option with ... Luc Courville
12:54 PM Feature #13732: Allow the use of macros within aliases
I understand but this is a easy way to help everyone.
Let me give you an exemple
If you have 10 interface that me... Luc Courville
11:57 AM Feature #13732: Allow the use of macros within aliases
The @* net@ and @* address@ options are actually macros, not aliases, which are handled differently by the system. It... Marcos M
11:33 AM Feature #13732 (New): Allow the use of macros within aliases
Because of limitation of IPv6 at the current way. (Traffic is allow between Vlan) I found a solution but this will be... Luc Courville
09:11 PM Bug #13729: Gateways stuck in Unknown status
I would not recommend it for production, but it should be fine for personal use. Marcos M
09:08 PM pfSense Packages Regression #13628 (Feedback): FreeRADIUS Users cleared out each time a user is add, removed, or modified
Merged. Marcos M
08:53 PM Bug #11730 (Pull Request Review): "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists
There exist a number of workarounds with mixed complexity and compatibility between different browsers and even versi... Marcos M
08:42 PM Revision 0c6c7237: Update composer.lock
Christian McDonald
05:36 PM pfSense Packages Regression #13697 (Feedback): pfBlockerNG alerts error on 2.7.0 devel and PHP 8.1
This should be fixed in CE as of "e912a45":https://github.com/pfsense/FreeBSD-ports/commit/e912a4571e950f6f6f8759f9fe... Reid Linnemann
05:05 PM Bug #13723: dpinger doesn't renew Gateway Monitoring IP address for IPsec VTi after changing IPsec VTi subnet
This might be related to #13362, there seems to be some missing functionality for updating gateways when VTI interfac... Reid Linnemann
04:40 PM Revision 9a5eb723: Add ifmcstat to status.php. Implements #13731
Jim Pingle
03:51 PM Revision dce1eece: Use rtrim for trimming whitespace and EOLs from version files
Christian McDonald
03:01 PM Bug #13591: Changing the GUI port does not redirect the browser to the new port on save
Updating subject for release notes. Jim Pingle
02:58 PM Bug #13436: Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields
Updating subject for release notes. Jim Pingle
02:56 PM Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields
Updating subject for release notes. Jim Pingle
02:53 PM Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net``
Updating subject for release notes. Jim Pingle
02:52 PM Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty
Updating subject for release notes. Jim Pingle
02:48 PM Bug #4500: UPnP/NAT-PMP status page does not display all port mappings
Updating subject for release notes. Jim Pingle
02:47 PM Regression #13593: pfSense-repo.abi left at FreeBSD:14:amd64 after changing update branch to DEVEL and back
Not a problem in a release, excluding from release notes. Jim Pingle
02:47 PM Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes
Updating subject for release notes. Jim Pingle
02:46 PM Todo #13440: Update external HTTPS/HTTP links
Updating subject for release notes. Jim Pingle
02:44 PM Todo #13357: Spelling and typo corrections
Updating subject for release notes. Jim Pingle
02:42 PM Feature #13304: ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces
Updating subject for release notes. Jim Pingle
02:40 PM Regression #13604: OpenVPN service status is incorrect
Not a problem in a release, excluding from release notes. Jim Pingle
02:40 PM Regression #13601: Error creating port forward rule with port alias
Updating subject for release notes. Jim Pingle
02:39 PM Bug #13507: Copying multiple rules at the same time results in new rules with duplicate tracker IDs
Updating subject for release notes. Jim Pingle
02:38 PM Todo #13505: Correct DHCP client rule descriptions in the generated firewall ruleset
Updating subject for release notes. Jim Pingle
02:37 PM Regression #13459: Automatic ``reply-to`` bypass for traffic in the same subnet is no longer functioning in main builds
Not a problem in a release, excluding from release notes. Jim Pingle
02:37 PM Bug #13445: ``easyrule`` CLI script has multiple bugs and undesirable behaviors
Updating subject for release notes. Jim Pingle
02:33 PM Regression #13460: Panic with netgraph interfaces
Wasn't a bug in a release, exclude from notes. Jim Pingle
02:32 PM Todo #13648: Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing)
Updating subject for release notes. Jim Pingle
02:30 PM Todo #13398 (Resolved): Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established
Info block now only contains a link to configure IPsec no matter what the current IPsec state is, which is the intend... Jim Pingle
02:27 PM Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Updating subject for release notes. Jim Pingle
02:26 PM Bug #11539 (Ready To Test): Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail
Still no feedback on the proposed fix Jim Pingle
02:26 PM Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses
Updating subject for release notes. Jim Pingle
02:24 PM Bug #13671 (Ready To Test): DHCP client can fail permanently if an interface is down at boot
Updating subject for release notes. Jim Pingle
02:22 PM Todo #13501: Clean up obsolete code in ``pfSense-dhclient-script``
Updating subject for release notes. Jim Pingle
02:22 PM Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input
Updating subject for release notes. Jim Pingle
02:10 PM Regression #13381: Software VLAN tagging does not work on ``ixgbe(4)`` interfaces
Updating subject for release notes. Jim Pingle
02:09 PM Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface
Updating subject for release notes. Jim Pingle
02:05 PM Regression #13167 (Resolved): DigitalOcean Dynamic DNS update fails with a "bad request" error
Jim Pingle
02:04 PM Regression #13167: DigitalOcean Dynamic DNS update fails with a "bad request" error
Updating subject for release notes. Jim Pingle
02:05 PM Regression #13303: DNSExit Dynamic DNS updates no longer work
Updating subject for release notes. Jim Pingle
02:04 PM Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating
Updating subject for release notes. Jim Pingle
02:02 PM Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver
Updating subject for release notes. Jim Pingle
12:37 PM Feature #13584: Input validation for numbered DHCP options in static mappings
Updating subject for release notes. Jim Pingle
12:36 PM Feature #12070: Support for VLAN ``0``
Updating subject for release notes. Jim Pingle
12:34 PM Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list
Updating subject for release notes. Jim Pingle
12:32 PM Bug #13479: Input validation is checking RAM disk sizes when they are inactive
Updating subject for release notes. Jim Pingle
12:31 PM Bug #12737: CA path is not defined when using ``curl`` in the shell
Updating subject for release notes. Jim Pingle
12:29 PM Regression #13488: All Captive Portal users are given the same limiter pipe pair
Updating subject for release notes. Jim Pingle
12:29 PM Regression #13323: Captive Portal breaks policy based routing for MAC address bypass clients
Updating subject for release notes. Jim Pingle
12:27 PM Todo #12782: Disable ``pkg`` compatibility flag which creates ``txz`` file extension symbolic links
Updating subject for release notes. Jim Pingle
12:22 PM Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore
Updating subject for release notes. Jim Pingle
12:21 PM Feature #13388: Support for international characters in the AutoConfigBackup Hint/Identifier field
Updating subject for release notes. Jim Pingle
12:20 PM Feature #11266: Option to list AutoConfigBackup entries in "reverse" order (newest at top)
Updating subject for release notes. Jim Pingle
12:19 PM Regression #13356: RADIUS authentication attempts no longer send RADIUS NAS IP attribute
Updating subject for release notes. Jim Pingle
12:11 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content
Updating subject for release notes again, last one was a bit off.
Though really this would affect anything using d... Jim Pingle
12:06 PM Feature #13367: Specify CA trust store location when downloading and validating URL alias content
Updating subject for release notes. Jim Pingle
12:09 PM Feature #13362: Update dynamic gateway consumers when their interface is renamed
That sounds like the most likely culprit. We should target an enhancement for 23.05 I think. Reid Linnemann
12:02 PM Feature #13362 (New): Update dynamic gateway consumers when their interface is renamed
If an interface with dynamic gateways is renamed, the dynamic gateways also change names to follow the interface, but... Jim Pingle
12:05 PM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Updating subject for release notes. Jim Pingle
12:03 PM pfSense Packages Regression #13695 (Duplicate): pfBlockerNG-devel net 3.1.0_11 install error | 2.7.0-DEVELOPMENT (amd64) built on Thu Nov 24 06:05:10 UTC 2022
Cause is the same as #13679, resolution should fix this particular issue. Can you confirm? Reid Linnemann
12:03 PM pfSense Plus Bug #13358: Traffic to OpenVPN DCO RA clients above the first available tunnel IP address is incorrectly routed
Updating subject for release notes. Jim Pingle
12:03 PM pfSense Plus Regression #13355: OpenVPN crashes after reaching the configured concurrent connection limit
Updating subject for release notes. Jim Pingle
11:54 AM Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias
Updating subject for release notes. Jim Pingle
10:50 AM Todo #13731 (Feedback): Add multicast group membership (``ifmcstat``) to ``status.php``
Applied in changeset commit:9a5eb723dd2127601e0c0da22c5a30ebc3067417. Jim Pingle
10:22 AM Todo #13731 (Resolved): Add multicast group membership (``ifmcstat``) to ``status.php``
Having the multicast group membership in the status output can be helpful for diagnosing IPv6 issues.
 Jim Pingle
10:40 AM Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf``
Version 2.7.0-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:46 UTC 2022
FreeBSD 14.0-CURRENT
Hyper-V VMs
net.link... Georgiy Tyutyunnik
10:39 AM pfSense Packages Feature #9833: ACME: add ability to use custom ACME server
Another +1. Just got Step CA installed, and it's really great. Right now I'm just creating CSR's and creating certs t... Jeremy Schoonover
10:37 AM pfSense Packages Feature #10818: UDP Broadcast Relay
Sadly it doesn't seem to IPv6.
I have set up mDNS (5353/224.0.0.251) and SSDP (1900/239.255.255.250), only with IPv6... Øystein Gåsdal
10:00 AM pfSense Packages Feature #10818: UDP Broadcast Relay
I installed pfSense-pkg-udpbroadcastrelay-0.1_6.pkg on my 2.6 install, but am unable to start the service...
!clipbo... John Stafford
12:59 AM pfSense Packages Feature #10818: UDP Broadcast Relay
I've successfully installed the 1.0 package on the 2.7.0 snapshots and was able to configure mDNS (5353/224.0.0.251) ... Dean Arnold
10:33 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
It may also be useful to set `net.inet6.icmp6.nd6_debug` to 1 in the system tunables, and then restarting the machine... Kristof Provost
10:21 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
... Chris Linstruth
10:10 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
In my case I had an extra IP alias VIP on that interface for fe80:: and removing that VIP and saving/applying the int... Jim Pingle
10:08 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Jim and I have done a bit more digging on his setup, and we believe the issue is that the interface is not joined on ... Kristof Provost
09:46 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
As with cjl, a packet capture on an affected target shows the NS arrive, but there is no NA response. Other hosts in ... Jim Pingle
08:49 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
Here is a packet capture filtered on the MAC address that is not receiving NDP responses. (Taken on the node that is ... Chris Linstruth
08:44 AM Bug #13423: IPv6 neighbor discovery protocol (NDP) fails in some cases
This is from a system that is currently refusing to offer NDP to a host:... Chris Linstruth
12:45 AM Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout
I can also confirm the recent changeset fixes the issue in 2.7.0 snapshots. Dean Arnold

12/06/2022

10:06 PM Revision 8e26b84f: Cleanup globals.inc. Use single quotes on scalar strings.
Christian McDonald
08:53 PM Bug #13729: Gateways stuck in Unknown status
Marcos M wrote in #note-1:
> There's a decent chance this is fixed in 2.7/23.01. Please test there.
I'm willing t... Nazar Mokrynskyi
01:43 PM Bug #13729 (Feedback): Gateways stuck in Unknown status
There's a decent chance this is fixed in 2.7/23.01. Please test there. Marcos M
12:13 PM Bug #13729 (Resolved): Gateways stuck in Unknown status
My pfSense is virtualized, so its interfaces are always up.
I have a multi-WAN setup with WAN and WAN2 interfaces.
... Nazar Mokrynskyi
07:11 PM Revision 97ac6eb4: Eliminate some direct config access in util.inc, add some documentation
Christian McDonald
05:01 PM pfSense Packages Bug #13730 (Feedback): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Merged to CE as of 71bfc136 Reid Linnemann
03:29 PM pfSense Packages Bug #13730: Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Pull request 1201 has been submitted to the DEVEL branch. Details are here: https://github.com/pfsense/FreeBSD-ports/... Bill Meeks
03:23 PM pfSense Packages Bug #13730 (Resolved): Suricata fails to download Emerging Threats rule archive due to a behavior change in a native PHP function in PHP 8.1
Suricata fails to download Emerging Threats rules archives in the latest pfSense DEVEL snapshots due to apparent chan... Bill Meeks
03:17 PM Revision def2ce00: Add append hook to globals.inc.
Christian McDonald
01:39 PM pfSense Packages Regression #13628 (Pull Request Review): FreeRADIUS Users cleared out each time a user is add, removed, or modified
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/merge_requests/301
Copy/paste/apply attached patch (strip count... Marcos M
12:51 PM pfSense Plus Bug #13664 (Feedback): GUI allows configuring OpenVPN DCO with incompatible options (TCP, compression, TAP, net30)
GUI now hides dev mode and topology choices when DCO is enabled, both front and backend code force the use of tun dev... Jim Pingle
12:35 PM pfSense Plus Feature #13728: Builtin Database for historical log collection
In fairness Jim, other vendors have a similar feature set. This isn’t an oddball request. It’s an attempt to have so... Mike Moore
11:17 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection
The firewall is not a place to run a database. Massively increases the attack surface and complexity for little benef... Jim Pingle
10:39 AM pfSense Plus Feature #13728 (Rejected): Builtin Database for historical log collection
Not sure of the amount of effort / technical debt that would be needed to accomplish this but I would like to see the... Mike Moore
12:08 PM Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius)
We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
12:08 PM Feature #3377: OAuth2 authentication in captive portal
We would like to setup a captive portal with an authentication server that supports type oauth2. At the moment it's o... Tom Peeters
11:51 AM Regression #13629 (Duplicate): Uncaught TypeError: Cannot access offset of type string on string in /usr/local/www/services_dhcp.php
This was duplicated by #13719 and a fix was put in there.
 Jim Pingle
07:14 AM pfSense Packages Regression #13714 (Resolved): PHP8.1 error when adding a new interface.
PR merged, thanks! Jim Pingle
06:58 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.
A fix for this issue has been submitted for review and merge. The pull request is here: https://github.com/pfsense/Fr... Bill Meeks
05:47 AM pfSense Packages Regression #13714: PHP8.1 error when adding a new interface.
I am working on this and will post a pull request to DEVEL soon.
 Bill Meeks
07:09 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface
Jim Pingle
07:06 AM pfSense Packages Bug #13727: Snort - PHP 8.1 error when adding a new interface
Not a bug.
Oops! This bug report was submitted in error. Please delete it. The Snort package does NOT have the bug r... Bill Meeks
07:00 AM pfSense Packages Bug #13727 (Not a Bug): Snort - PHP 8.1 error when adding a new interface
When adding a new interface to Snort, a fatal PHP 8.1 error is thrown due to passing a NULL where an array parameter ... Bill Meeks
06:19 AM Bug #13014: Deadlock in Charon VICI interface
Kris Phillips wrote in #note-26:
> Kristof Provost wrote in #note-25:
> > Thanks for that.
> >
> > There's nothi... Mikael Karlsson
03:02 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
Brian M wrote in #note-116:
> I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why... Reid Linnemann
12:54 AM Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries
I have the same issue. Mixing FQDN and IP addresses caused me hours of frustration why various rules were not working... Brian M
01:18 AM Revision dd8a019e: Fix a regression caused by Rector: Fixes #13712
Christian McDonald
 

Also available in: Atom