2.8.0 open pfSense CE software release 95% 369 issues (347 closed — 22 open) Related issues Bug #9453: Reconfiguring a parent LAGG interface breaks its VLANs Actions Bug #10980: ``/etc/rc.local`` script content is executed at login instead of during boot sequence Actions Bug #11268: Cookie named ``id`` prevents some forms from being loaded or saved properly Actions Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec Actions Bug #12249: Long configuration revision reasons can cause AutoConfigBackup upload to fail Actions Bug #12673: Firewall Logs Dashboard Widget is slow and may fail to update Actions Bug #12747: Restarting the logging daemon during rotation also restarts ``sshguard``, leading to frequent log messages Actions Bug #12920: Gateway behavior differs when the gateway does not exist in the configuration Actions Bug #12938: Incorrect warning from ``radvd`` about ``AdvRDNSSLifetime`` value Actions Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect Actions Bug #12947: Old IPv6 addresses may continue to be used after DHCP or RA changes Actions Bug #13087: OpenVPN WINS options may be visible even when NetBIOS is disabled Actions Bug #13089: Some OpenVPN NetBIOS settings are kept even when NetBIOS is disabled Actions Bug #13090: OpenVPN NetBIOS Node Type and Scope ID options are not pushed to clients Actions Bug #13158: Input validation error when applying limiter changes Actions Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue Actions Bug #13413: Some messages presented to users contain relative links to pages which may be invalid when triggered from certain packages Actions Bug #13498: Newer variant models within the PC Engines APU2 platform are not recognized, causing garbled early serial console output Actions Bug #13662: Setting a limiter queue length greater than 100 prevents the limiter from loading Actions Bug #13687: Cannot add limiters named ``new`` Actions Bug #14083: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity Actions Bug #14290: ICMPv6 Path MTU Discovery breaks with NPT Actions Bug #14312: MSS clamping on VPN traffic does not work on IPsec IPv6 mobile VPNs Actions Bug #14386: ``openvpn.auth-user.php`` gets stuck at 100% CPU usage when RADIUS authentication times out Actions Bug #14605: Dynamic DNS uses the default gateway interface instead of the specified interface Actions Bug #14648: Values obtained from ``sysctl`` are sometimes unexpectedly empty, leading to PHP and other math errors Actions Bug #14708: PHP error when the system fails to create an interface Actions Bug #14742: Several PHP errors in upgrade_config.inc Actions Bug #14854: Packets are passed through dummynet twice when using ``route-to`` leading to half the expected bandwidth Actions Bug #14859: Config upgrade error: upgrade_config.inc:6135 Actions Bug #14893: Large number of IPsec tunnels causes long filter reload times Actions Bug #14919: OpenVPN forms invalid ``route`` statements for empty local networks Actions Bug #14929: ``choparp`` service is not stopped after deleting Proxy ARP type Virtual IP addresses Actions Bug #14933: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount Actions Bug #14936: ``radvd`` service shows as stopped in services list when it should be disabled and hidden from that list Actions Bug #14942: DNS Resolver host overrides ignore all aliases if first entry has a domain set but no hostname Actions Bug #14967: Cannot disable Router Advertisements when the interface IPv6 configuration is set to ``None`` Actions Bug #14977: Kea fails to restart due to race between process termination and startup Actions Bug #14991: Kea does not allow FQDNs for NTP servers but input validation does not prevent them from being added Actions Bug #14996: Kea DHCP PHP error from WINS server value Actions Bug #15032: Kea DHCP sends wrong bootloader file for UEFI Actions Bug #15043: IGMP proxy works intermittently Actions Bug #15054: Permissions on tmpfs RAM disk for ``/var`` are too lenient Actions Bug #15057: Router Advertisement daemon does not prioritize IPv6 GUA over ULA Actions Bug #15067: Secondary node attempts to delete the ``admins`` group when synchronizing accounts via XMLRPC Actions Bug #15069: Extra space in ``pkg`` configuration file ``FreeBSD.conf`` Actions Bug #15071: Applying interface changes may not update default ACLs for the DNS Resolver Actions Bug #15083: Installing to ZFS mirror does not format or populate EFI partition on additional disks Actions Bug #15084: Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks Actions Bug #15096: Interface subnet aliases do not contain IPv6 VIPs Actions Bug #15108: ``pfctl`` is unable to retrieve state creator list in certain circumstances Actions Bug #15116: Kea not working with UEFI HTTPBoot URL configured Actions Bug #15117: Shortcut bar on DHCPv6 leases (``status_dhcpv6_leases.php``) navigates to DHCPv4 destinations, not DHCPv6 Actions Bug #15118: DHCPv6 settings page "DDNS Reverse" check box not showing current state Actions Bug #15122: PHP errors in LDAP server prevent it from falling back to Local Database Actions Bug #15124: IPsec VTI is not created correctly when using a Phase 2 remote type of ``Network`` Actions Bug #15127: ``check_dnsavailable()`` failing even when DNS is available Actions Bug #15130: Kea will not start with identical MAC address filters on multiple interfaces Actions Bug #15133: PHP error with OpenVPN server certificate verification if the certificate has multiple ``CN`` attributes Actions Bug #15135: Potential local file include vulnerability via DNS Resolver Python Module Script include mechanism Actions Bug #15139: Local DNS resolution behavior does not add an IPv6 nameserver Actions Bug #15145: Unable to perform Packet Captures on a tailscale interface in GUI with default settings Actions Bug #15147: Cannot configure dual stack IPsec tunnel to accept connections from any remote address on both address families Actions Bug #15148: OpenVPN Wizard fails when a VIP is used Actions Bug #15156: Fragmented packets delayed by limiters are lost Actions Bug #15157: PHP error when generating a notification after detecting a malformed configuration Actions Bug #15162: Adding Wake-On-LAN entry from ARP table view can incorrectly include OEM text in MAC address field Actions Bug #15171: Removing an IPsec Phase 1 entry can either remove the wrong Phase 2 entries or leave orphaned Phase 2 entries in the configuration Actions Bug #15176: Change Mobile IPsec RADIUS accounting to use ``accounting_requires_vip`` so accounting will not activate for non-mobile VPNs Actions Bug #15181: PHP error in ``interfaces_qinq_edit.php`` when creating a QinQ interface Actions Bug #15214: Advanced rule options tooltip does not show negated Tag option Actions Bug #15223: Killing states on downed gateways breaks when ``Skip rules when gateway is down`` is enabled Actions Bug #15224: ``services_acb_settings.php`` does not fully validate value of ``frequency``, uses value without encoding Actions Bug #15225: Killing states on downed gateways breaks for static interface configurations Actions Bug #15248: Removing a gateway group used as the default gateway results in no default route Actions Bug #15252: Egress states remain when killing states for scheduled rules Actions Bug #15263: PHP error display formatting issues Actions Bug #15264: ``crash_reporter.php`` displays PHP Error log without encoding Actions Bug #15282: Users with Deny Config Write privilege can trigger some VLAN interface operations Actions Bug #15288: ``loader.conf`` may be missing ``loader_conf_files`` so ``loader.conf.lua`` may not be parsed Actions Bug #15299: Old auto-added MAC addresses are not pruned for non-concurrent Captive Portal sessions Actions Bug #15301: Setup Wizard WAN configuration form field problem Actions Bug #15310: Errors in ``status.php`` IPsec sections when IPsec is not configured Actions Bug #15318: Users with Deny Config Write privilege can trigger some QinQ interface operations Actions Bug #15328: Changes in Kea DHCP interface pools may invalidate lease database content Actions Bug #15332: Kea fails to start if DHCP pool configuration contains default lease time or max lease time Actions Bug #15361: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs Actions Bug #15362: Config upgrade error with empty gateway interval tags. Actions Bug #15363: Reply traffic on a secondary WAN may be dropped when passed through dummynet Actions Bug #15373: Firewall Logs Dashboard widget update interval does not behave as expected Actions Bug #15384: Reordering IPsec Phase 2 entries may result in a malformed configuration Actions Bug #15399: Local host gateways are shown in the default gateways list Actions Bug #15404: Captive Portal logo fails to load after authenticated redirect Actions Bug #15411: Hostname missing from logs in certain cases can cause the system log to display in an unexpected manner Actions Bug #15413: Kernel panic in HA nodes when under high load Actions Bug #15423: PHP error when applying interface settings if the ``/tmp/.interfaces.apply`` file is present but empty Actions Bug #15434: DNS Forwarder ignores "Use remote DNS Servers, ignore local DNS" setting Actions Bug #15440: CA certificates are not added to the Trust Store Actions Bug #15442: CLI password check exits with a write access error when checking is a read-only operation Actions Bug #15449: IPsec VTI static routes may not be added after the system boots Actions Bug #15454: Certificate Manager GUI inconsistency in Revocation tab titles Actions Bug #15471: Memory leak in pfSense module function ``pfSense_get_ifaddrs()`` Actions Bug #15481: File descriptor leak in ``bsnmpd`` Actions Bug #15490: Sanitize RFC 2136 Dynamic DNS update keys in ``status.php`` output Actions Bug #15502: Proxy variables in ``crontab`` contents are improperly formatted Actions Bug #15516: Per-rule byte counter values lost across a filter reload Actions Bug #15525: File browser on ``diag_edit.php`` does not encode directory names before display Actions Bug #15537: Separator positions are incorrect when copying interface group rules Actions Bug #15547: Filter rule association incorrectly displayed when editing a port forward Actions Bug #15552: NTP option "DNS Resolution" has no effect when using NTP pool hostnames Actions Bug #15565: System proxy credentials with certain characters may fail to authenticate Actions Bug #15572: Disabling DNSSEC should also disable Harden DNSSEC Data Actions Bug #15589: Saving an IPv6 gateway overrides the IPv4 gateway Actions Bug #15598: Input validation for duplicate remote gateways does not work when using the duplicate P1 button Actions Bug #15601: Routes with IPv6 Address as Next Hop for IPv4 Destination Causes Kernel Panic Actions Bug #15606: Data transfer problems when using interface-bound states with automatic floating states for IPsec rules Actions Bug #15624: Skip Packages option for Configuration Backups fails with large configurations Actions Bug #15635: Gateway monitoring includes disabled gateways Actions Bug #15637: Kea DHCP service control inconsistencies Actions Bug #15643: Deleting one pre-installed package may delete other pre-installed packages Actions Bug #15657: State table entries printed on ``diag_dump_states.php`` may contain an unexpected interface Actions Bug #15671: Setting the Port Forward interface to an interface group selects an invalid destination Actions Bug #15679: Multicast with intel NIC Actions Bug #15684: Panic in ``tcp_m_copym`` with selective ACK enabled Actions Bug #15685: Mobile IPsec does not automatically switch to failover gateway Actions Bug #15694: State Killing on Gateway Recovery fails for the default gateway group with the "Kill all" option selected Actions Bug #15700: Package navigation menus can be duplicated when reinstalling the package Actions Bug #15702: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs Actions Bug #15704: Automatic EDNS value may be lower than expected Actions Bug #15711: Special characters in the ACB configuration change description can cause PHP errors Actions Bug #15718: AutoConfigBackup tries to upload backups before the system has finished booting Actions Bug #15719: GUI logout messages do not use the ``auth`` log facility Actions Bug #15722: Unbound configuration file contains Localhost address in forwarding mode with TLS enabled Actions Bug #15723: ``unbound-checkconf`` fails with python mode enabled Actions Bug #15725: Dashboard widgets refresh at unintended intervals Actions Bug #15729: Session cookie warnings Actions Bug #15750: Hostnames for ISC DHCP leases are not removed from Unbound when switching to Kea Actions Bug #15751: Declining to reset the admin account via the console menu still prompts to change the password Actions Bug #15755: Mobile IPsec sends incorrect DNS attribute IDs Actions Bug #15767: Clicking the picture widget image downloads the image with an invalid filename instead of showing it inline Actions Bug #15772: Captive Portal zones can fail to start due to ID conflict Actions Bug #15777: ``resizewin`` occasionally gets fed a spurious line feed over certain serial console+client combinations Actions Bug #15778: Interface group members are not validated on load/save on ``interfaces_groups_edit.php``, and are printed without encoding on ``interfaces_groups.php`` Actions Bug #15791: No default route after boot Actions Bug #15795: Removing a route from the High Availability primary node does not remove the entry from the routing table on the secondary node Actions Bug #15802: Dynamic DNS attempts to resolve entries with disabled interfaces Actions Bug #15809: UFS upgrades do not create new log files Actions Bug #15819: PHP error when creating intermediate certificates Actions Bug #15830: ``process_alias_urltable()`` can fail to create an archive of a URL table alias when RAM disks are enabled Actions Bug #15831: Kernel Panic when IGMPProxy gets CIDR Removed Actions Bug #15834: Package menus with the same name but different sections do not get removed Actions Bug #15842: Kea HA does not list TLS certificates Actions Bug #15844: Dashboard ``widgetkey`` values are not validated on save or load, can lead to configuration corruption or other problems Actions Bug #15856: OpenVPN Status Page and Dashboard Widget use input values without validation Actions Bug #15873: PHP error when a user is denied access to the dashboard Actions Bug #15874: Users with Deny Config Write privilege can trigger logging operations Actions Bug #15876: Routing Advertisements daemon fails to start when configured with more than 3 RDNSS entries in a prefix Actions Bug #15907: PHP error in Captive Portal with undefined zone interface list Actions Bug #15908: Users with Deny Config Write privilege can change their own password Actions Bug #15911: PHP error on save with very long configuration change descriptions Actions Bug #15912: Errors on the console when starting/stopping services Actions Bug #15914: PHP error when a queue is added with the same name as a limiter Actions Bug #15924: SCTP states not purged causing subsequent SCTP INIT to be blocked Actions Bug #15925: DNS Resolver option for Query Name Minimization cannot be disabled Actions Bug #15926: Captive Portal does not function with MAC filtering disabled Actions Bug #15927: Potential XSS in AutoConfigBackup backup list on ``services_acb.php`` Actions Bug #15935: Incorrect rule may be opened for editing after rule order has changed Actions Bug #15977: Incorrect color in button text within disabled rows Actions Bug #15988: PHP error when saving System Log settings Actions Bug #15990: Input validation prevents updating a limiter without changing the name Actions Bug #16005: PHP error from invalid IPv6 address on ``diagnostics_ping.php`` Actions Bug #16010: AutoConfigBackup scheduled backups always upload even when the configuration has not changed Actions Bug #16011: AutoConfigBackup remote revision timestamps may not be unique due to batch uploads Actions Bug #16012: "Reset" button on AutoConfigBackup Restore tab does not submit the form Actions Bug #16019: Kea can unintentionally attempt to spawn multiple processes and fail Actions Bug #16028: RFC 2136 Dynamic DNS cannot update AAAA records over IPv6 Actions Bug #16030: Captive Portal service management via ``pfSsh.php svc`` fails when the zone name contains uppercase letters Actions Bug #16032: Creating a Captive Portal zone with uppercase letters overwrites existing zones of the same name Actions Bug #16043: The filtered states shown may include states for interfaces other than the selected interface Actions Bug #16046: Dynamic DNS IP address may not be updated after changing the interface of a Dynamic DNS entry Actions Bug #16047: Cannot kill states using the post-NAT address Actions Bug #16057: The package ``post-install`` script does not run with a system upgrade on ZFS Actions Bug #16059: RAM Disk cron jobs are not saved correctly Actions Bug #16063: PHP error after saving NTP settings with an interface selected Actions Bug #16064: Boot loader is not upgraded on UFS installs Actions Bug #16069: The monitoring IP address for dynamic gateways may be unexpectedly routed via a different gateway Actions Bug #16076: Deleting or adding a firewall rule may result in an unexpected rule order Actions Bug #16081: Panic accessing ``sysctl`` OID ``net.inet.ip.nhdispatch`` with an INVARIANTS kernel Actions Bug #16093: Firewall logs mark entries for ``match`` rules the same as ``pass`` rules Actions Bug #16095: Firewall generates invalid rules for IPsec tunnels with descriptions containing special symbols Actions Bug #16102: syslogd fails to release file handlers Actions Bug #16103: PPPoE WAN loses IPv4 addresses on ``IPV6CP`` ``LayerDown`` events Actions Bug #16104: Config access error with null static routes Actions Bug #16114: Potential XSS in Firewall Schedules Actions Bug #16115: Potential XSS in IPsec Phase 1 Actions Bug #16116: Potential XSS in Wake on LAN page and widget Actions Bug #16130: Input validation prevents creating port forwards for the same port using a different address family Actions Bug #16145: Not possible to delete Custom message text for the login screen Actions Bug #16155: mpd5 specific options remain availble after enabling if_pppoe Actions Bug #16156: DDNS may send requests over IPv4 for IPv6 services Actions Bug #16158: IPsec allows deleting P1/P2 entries with an assigned VTI Actions Bug #16162: IPsec unnecessarily prompts to apply changes after input errors Actions Bug #16167: if_pppoe sends invalid service name Actions Bug #16169: NAT64 states have ``src`` and ``dst`` swapped in data returned by pfSense PHP Module Actions Bug #16170: Incorrect logic for detection of DNS server change in cases where the ISP does not provide search domains in DHCPv6 renewal Actions Bug #16182: Firewall rules using interface subnet aliases may prevent filter rules from loading after upgrades Actions Feature #855: Ability to selectively kill states on gateway recovery Actions Feature #1979: Allow user-defined rules to utilize built-in system aliases Actions Feature #2358: NAT64 support Actions Feature #5080: Settings tab for global Kea DHCP server options Actions Feature #7943: Overflow scrolling for top navigation drop-down menus in Fixed mode Actions Feature #8794: NTP authentication support Actions Feature #9293: Custom message text for the login screen Actions Feature #10000: Enable ``@`` support for Azure in Dynamic DNS Actions Feature #11177: Improve Dynamic DNS client IPv6 support Actions Feature #11556: Kill states using the pre-NAT address Actions Feature #12522: More GUI options for OpenVPN Client-Specific Overrides Actions Feature #13085: OpenVPN NBDD server options Actions Feature #13256: Better handling of duplicate IP addresses in static DHCP assignments Actions Feature #13520: Improve Thermal Sensors Dashboard widget readability Actions Feature #13894: Explicitly enable/disable DHCP Dynamic DNS updates in each scope Actions Feature #14067: Per-instance options to control Dynamic DNS client Check IP Service behavior Actions Feature #14165: Option to allow the DNS Forwarder to ignore system DNS servers Actions Feature #14208: Automatic Split-DNS for 1:1 NAT Actions Feature #14289: Enable ``@`` support for name.com in Dynamic DNS Actions Feature #14437: Add DynDNS Provider - Hetzner Actions Feature #14728: Support for CD/DVD drives in the External Configuration Locator (ECL) Actions Feature #14953: Add Kea information to ``status.php`` Actions Feature #15022: Allow overriding text scrolling during package install/uninstall Actions Feature #15089: Support LuaDNS provider Actions Feature #15183: Add per-rule option to set PF State Policy (if-bound vs floating) Actions Feature #15233: Recognize QAT 4xxx devices in System Information Widget Actions Feature #15234: Show details of system aliases in tooltip on firewall and NAT rule lists Actions Feature #15245: Show interface subnet details in a tooltip on the IPsec Phase 2 list Actions Feature #15257: Support using a mask to block MAC addresses in Captive Portal Actions Feature #15297: Add EFI boot information to ``status.php`` Actions Feature #15298: Add ``loader.conf.lua`` contents to ``status.php`` Actions Feature #15321: Kea DHCP Custom Configuration Support (IPv4 and IPv6) Actions Feature #15322: 50x and 404 error handling to GUI web server configuration Actions Feature #15323: Display server description when WOL is sent using mac url or power-on button Actions Feature #15415: Enhanced firewall log action information display Actions Feature #15422: Show current boot method in System Information Dashboard widget Actions Feature #15437: Use natural sorting when sorting interfaces Actions Feature #15575: Kea High Availability Support (IPv4 and IPv6) Actions Feature #15609: Allow filtering packet captures by system-defined protocols Actions Feature #15636: High Availability Status Changes Actions Feature #15651: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6) Actions Feature #15652: Kea DHCPv6 Prefix Delegation Support (IPv6 Only) Actions Feature #15654: Kea Static ARP Support (IPv4 only) Actions Feature #15659: Kea option for ``reservations-out-of-pool`` and associated input validation (IPv4 and IPv6) Actions Feature #15661: GUI options to change default SCTP state timeouts Actions Feature #15776: System Aliases for various reserved networks Actions Feature #15808: PREF64 support in Router Advertisements Actions Feature #15818: Certificate Authorities created in the GUI do not have the Basic Constraints extension marked critical Actions Feature #15828: Kea DHCP lease database RAM disk support (IPv4 and IPv6) Actions Feature #16014: Download function for AutoConfigBackup entries Actions Feature #16015: Method to change the AutoConfigBackup device key Actions Feature #16092: Separate IDS/IPS and link-local firewall log entries from default block logging Actions Feature #16134: Support ``if_pppoe`` backend for PPPoE WAN interfaces Actions Todo #13263: Reduce log spam when deleting a static DHCP entry Actions Todo #13268: Dynamically adjust the interface name maximum width in the login banner Actions Todo #13537: Update vendor files Actions Todo #14888: Exclude non-release branches from general update checks Actions Todo #15053: Update PHP to 8.3.x Actions Todo #15106: Remove ``Time`` column from OS Boot logs Actions Todo #15173: Add global option to set default PF State Policy (if-bound vs floating) Actions Todo #15188: Remove deprecated OpenVPN hardware crypto engine option Actions Todo #15220: Handle ``route-to`` and ``reply-to`` states when using the ``if-bound`` state policy Actions Todo #15258: Update Gandi LiveDNS service with API changes Actions Todo #15265: Remove ``jquery-treegrid`` unit testing files Actions Todo #15302: Error handling in the Setup Wizard is very user-unfriendly Actions Todo #15408: Reduce inconsistencies between Configuration History with/without ZFS Boot Environments Actions Todo #15429: Clarify descriptions for gateway recovery options Actions Todo #15465: Update dnsmasq to version 2.90 Actions Todo #15483: Update Unbound to 1.22.0 Actions Todo #15586: Query for SMART data only on root disk devices Actions Todo #15728: Improve Thermal Sensors Dashboard widget refresh code Actions Todo #15779: Update Dynamic DNS API URL for porkbun.com Actions Todo #15781: Remove deprecated HTTP/1.0 Pragma header Actions Todo #15782: Use minified nvd3 vendor files Actions Todo #15848: Exclude the WireGuard and Tailscale interface group system aliases from rules Actions Todo #15863: Update nginx HTTP2 syntax Actions Todo #15864: Update UPnP IGD & PCP GUI text Actions Todo #15865: Make the UPnP IGD & PCP STUN port optional Actions Todo #15953: Link to release information on the system update page Actions Todo #15969: Improve the system load impact from Dashboard widgets Actions Todo #15975: Additional error handling for invalid certificate configuration Actions Todo #16013: AutoConfigBackup code cleanup and GUI refresh Actions Todo #16016: Change AutoConfigBackup default key generation format Actions Todo #16049: Update nginx to 1.26.3 Actions Todo #16050: Update cpu-microcode-intel to version 20250211 for multiple CVE mitigations Actions Todo #16060: ``pkg`` no longer supports setting ``ALTABI`` manually at run-time Actions pfSense Docs - Todo #15642: Update OpenVPN CSC documentation Actions pfSense Packages - Bug #13214: AttributeError: 'NoneType' object has no attribute 'text' Actions pfSense Packages - Bug #14299: pfBlockerNG does not honor the cURL source interface setting for DNSBL lists Actions pfSense Packages - Bug #14523: PHP error when using an unsupported alias type in Advanced Rule Settings Actions pfSense Packages - Bug #14572: Unused DNSBL files may not be removed Actions pfSense Packages - Bug #14861: PHP error when pings are enabled but no ping hosts are defined Actions pfSense Packages - Bug #15190: PHP error from RRD Graphs when resolution is null Actions pfSense Packages - Bug #15644: Snort Status icon disappears Actions pfSense Packages - Bug #15726: Apcupsd dashboard widget warning/critical values are not digits or units as expected Actions pfSense Packages - Bug #15733: Changing the account key name does not update respective certificates Actions pfSense Packages - Bug #15744: Suricata LOGS MGMT feature shows ``enabled`` by default on a green-field install when it should instead default to ``disabled`` Actions pfSense Packages - Bug #15760: Typo in Snort Important Preproc Information Actions pfSense Packages - Bug #15771: RPKI cannot be configured Actions pfSense Packages - Bug #15824: Build options on haproxy29 package do not match previous versions Actions pfSense Packages - Bug #15845: UPS Settings doesn't display the full list of availabale drivers Actions pfSense Packages - Bug #15872: PHP error when accessing mail reports Actions pfSense Packages - Bug #15939: An empty IPv4/v6 and DNSBL entry is added if it’s not saved Actions pfSense Packages - Bug #15976: Fix ntopng listen options Actions pfSense Packages - Bug #15996: pfBlockerNG can clobber unbound file permissions Actions pfSense Packages - Bug #16094: pfBlocker-NG null blocking SERVFAIL Actions pfSense Packages - Bug #16096: Day of week description does not reflect input validation Actions pfSense Packages - Feature #13063: Improve modem support Actions pfSense Packages - Feature #13135: Add dibdot DoH-IP-blocklists feeds Actions pfSense Packages - Feature #15674: Support custom IP and Port variables for interfaces Actions pfSense Packages - Feature #15891: NUT driver list update Actions pfSense Packages - Todo #15058: Remove Zabbix 4 Agent and Proxy Actions pfSense Plus - Bug #15639: Automatic boot verification shows negative timer Actions
2.9.0 open pfSense CE software release 7% 13 issues (1 closed — 12 open) Related issues Bug #14921: External Config Locator does not trigger a pkg sync except on first boot Actions Bug #15757: Incorrect dashboard column spacing when using five columns Actions Bug #16141: RRD data fails to restore via the ECL Actions Bug #16153: ECL can modify a discovered config file Actions Bug #16191: Early DNS registration can add invalid addreses Actions Feature #13293: Option to set auth-gen-token in OpenVPN GUI Actions Feature #14483: Conditionally reconfigure IPsec VTI interfaces only when necessary while applying IPsec changes Actions Feature #15544: Add hostname to Slack notifications Actions Feature #15922: Allow using dhcp mappings in host aliases for any service Actions Feature #15934: Kea Lease Reclamation and Affinity Options (IPv4 and IPv6) Actions Feature #16159: Provide periodic connection reset for if_pppoe Actions Feature #16166: Option to deactivate ALTQ for VTNET interfaces Actions Feature #16189: Better Logging for LDAP Connection Errors Actions
pfSense Plus - 25.03 open Release targeted for March 2025 81% 16 issues (13 closed — 3 open) Related issues pfSense Plus - Bug #15499: Manually verifying the boot environment makes config changes Actions pfSense Plus - Bug #15533: Boot verification script over matches Actions pfSense Plus - Bug #15595: ``pftop`` core dump with ICMP states Actions pfSense Plus - Bug #15959: MIM GUI is unable to write IPv6 aliases Actions pfSense Plus - Bug #15968: Updating to development versions with pfBlockerNG-devel installed causes 50x error on GUI (Dashboard) Actions pfSense Plus - Bug #15989: Renaming an alias in MIM does not update firewall and NAT rules with the new alias name Actions pfSense Plus - Bug #15994: Backup configuration cache is not cleaned automatically Actions pfSense Plus - Bug #16051: Limiters saved while MIM is enabled disappear after reboot Actions pfSense Plus - Bug #16079: Separators for Ethernet rules span past the actions column Actions
pfSense Plus - 25.07 open Release targeted for July 2025 0% 9 issues (0 closed — 9 open) Related issues pfSense Plus - Bug #14894: Password protected console login prompt does not render properly on 4100/6100/8200 serial console Actions pfSense Plus - Bug #16176: Config restored during install can be overwitten by hardware specific default values Actions pfSense Plus - Feature #14297: Add Option for Vendor Class ID in DHCP Client Actions pfSense Plus - Feature #15380: During upgrade Process GUI timeouts still occur Actions pfSense Plus - Todo #15372: Adjust LED patterns for Boot Environments 2.0 Actions
CE-Next open The next release of pfSense software (CE) 14% 90 issues (5 closed — 85 open) Related issues Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Actions Bug #5413: Reduce disruptions when changing DNS records from DHCP leases in Unbound Actions Bug #6333: Bootup starts/restarts dpinger multiple times Actions Bug #7389: Limiter does not work with transparent proxy Actions Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Actions Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary Actions Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Actions Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Actions Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Actions Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost Actions Bug #8815: IP addresses are removed from interfaces when link is lost and either IPv4 or IPv6 is dynamic Actions Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through Actions Bug #9136: IPv6 Tracking Interfaces Lose IPv6 Address in Certain Cases Actions Bug #9349: IPSec service start/stop/restart fails after settings change Actions Bug #9384: devd putting "$" before variable contents when using single quotes Actions Bug #10513: State issues with policy routing and HA failover Actions Bug #10530: Convert config version to be based on product version Actions Bug #10690: Not possible to make UFS install on ZFS formatted drive Actions Bug #10708: ZFS bootpool boot symlink issue Actions Bug #10875: PPP periodic reset does not fully restore gateway group round-robin functionality Actions Bug #10892: Large number of VLAN/LANs make floating rules are to read Actions Bug #11110: Backup file should be checked before restoring a specific area Actions Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down Actions Bug #11335: Spoofing the MAC on a LAGG interface does not work for some NIC types. Actions Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter Actions Bug #11430: PHP console spam after Assigning Interfaces Actions Bug #11503: Using multiple authentication backends on an OpenVPN server fails Actions Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1 Actions Bug #12095: Memory leak in pcscd Actions Bug #12335: IPsec DNS inefficiency Actions Bug #12357: Captive Portal popup Logout button loads full login page in popup when clicked Actions Bug #12715: Long system startup time when LDAP is configured and unavailable during startup. Actions Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php Actions Bug #13217: dhclient using default pid file location which does not exist Actions Bug #13273: dhclient can use conflicting recorded leases Actions Bug #13329: Traffic shaping Wizard sets invalid values for qVoip queue Actions Bug #13450: L2TP Clients system alias is not populated Actions Bug #13480: GIFs are not automatically started when parent interface doesn't have an address at boot Actions Bug #13483: dhcp6c shouldn't be killed and restarted on interface reconfigurations Actions Bug #13487: GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up Actions Bug #13499: Namecheap service type is missing help text for the password field Actions Bug #13680: Package install scripts run after PHP upgrade produce errors Actions Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link Actions Bug #13792: Filterdns assumes sets of resolved addresses for each hostname are nonintersecting Actions Bug #13793: filterdns does not reconcile modelled tables with the current state of filter tables Actions Bug #13937: New OpenVPN entries are not immediately reflected in RRD graphs Actions Bug #13961: Virtual IP address input validation does not check for overlap with DHCP address ranges Actions Bug #14244: ``get_interface_list()`` in ``util.inc`` does not always match the expected device in ``dmesg``. Actions Bug #14262: IPv6 firewall log entries do not wrap and force the table width past the width of the page Actions Bug #14350: Captive portal text messages are not translated Actions Bug #14577: OpenVPN not removing old Cisco-AVPair anchor rules and files in ``/tmp`` Actions Bug #14983: Upgrade can fail when unexpected EFI partitions are present. Actions Bug #15081: Upgrade fails due to undersized EFI filesystem Actions Bug #15448: ``miniupnpd`` lacks IGDv2 support Actions Bug #15518: Kea does not send configured TFTP server name Actions Bug #15847: Kea DHCP lease utilization stats incorrect for delegated prefix pools Actions Bug #15902: After an IPv6 prefix and IP change on the WAN interface the KEA DHCP service crashes and cannot be restarted Actions Feature #2386: Bridge member that is not an assigned interface Actions Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Actions Feature #11440: Expand collapsed sections by clicking anywhere on header Actions Feature #11589: Fix iftop experimental traffic fetcher, unify and improve output style Actions Feature #12077: Allow stick-connections per gateway group Actions Feature #12121: Wider "local network(s)" fields in OpenVPN server configuration Actions Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible Actions Feature #12495: DynDNS: add deSEC IPv4&v6 simultaneos update Actions Feature #12553: Auto Config Backup: Allow selecting multiple backups for deletion Actions Feature #13244: Add help text under Timezone settings in the GUI Actions Feature #13351: Improve Indicated Memory Usage in the Dashboard Actions Feature #13362: Update dynamic gateway consumers when their interface is renamed Actions Feature #13710: Support UTF-8 CA/Certificate subject components Actions Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more Actions Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled Actions Feature #14122: Allow selecting the repo branch on config restore Actions Feature #14166: Use netstat output for interface packet counters Actions Feature #14620: Support running DHCPv4 Server and DHCPv4 Relay at the same time on different interfaces Actions Feature #14762: Support X25519 and X448 public key algorithms in certificates Actions Feature #15090: Improve feedback from config recovery during install Actions Feature #15647: Include ability to generate Configuration file and QR Code for wireguard configuration Actions Feature #15648: Include ability to gen private/public key in UI for easier WireGuard client provisioning Actions Feature #15745: Add User Manager Setting to control Remote Authentication fallback behavior Actions Todo #12367: ZFS: Do not show memstick disk on target list Actions Todo #13508: Uncouple RAM Disk size from available kernel memory Actions Todo #13644: Enable ALTQ support in cxgbe(4) Actions Todo #14264: Consider lowering default session timeout from current default of four hours (240m) Actions Todo #14352: Virtual IP address configuration input fields are handled inconsistently between VIP types Actions Todo #14359: Reorganize Advanced Options Actions Todo #15780: Speed up MBUF Usage command in system information widget Actions
Future open Items for an indeterminate later release 3% 114 issues (5 closed — 109 open) Related issues Bug #1675: Captive portal logout problems with pop-up blockers. Actions Bug #4406: ALTQ problems with wireless cloned interfaces Actions Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Actions Bug #5367: Safari repeatedly tries to reload dashboard Actions Bug #5786: Check WebConfigurator port for conflicts Actions Bug #6167: IPsec IPComp not working Actions Bug #6186: race conditions in service startup Actions Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Actions Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Actions Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Actions Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Actions Bug #7222: Encryption No Longer Enforced for Email Notifications Actions Bug #7288: The field 'Distinguished name Organization' contains invalid characters Actions Bug #8502: main (top) menu items do not drop down in some cases Actions Bug #8614: Cannot remove Additional BOOTP/DHCP Options Actions Bug #8820: System/Advanced/Misc - "Do not kill connections when schedule expires" UN-checked still leaves existing connections open. Actions Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan) Actions Bug #9353: PHPSession errors from limited access to dashboard and widgets Actions Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export Actions Bug #10310: Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade Actions Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters Actions Bug #11093: ral(4) driver non-functional in arm64 Actions Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing Actions Bug #11473: System Activity shows invalid data on SG-3100 Actions Bug #12013: Reading log data is inefficient in certain cases Actions Bug #15228: User manger fails to display certificate option for a new user in case of input error Actions Bug #15708: The filterdns service won't start Actions Feature #84: Nightly Filter Summary E-Mail Actions Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Actions Feature #286: Backup/restore users individually Actions Feature #290: Add Multi-WAN awareness to UPnP Actions Feature #521: Group manager Assigned Permissions Actions Feature #701: Interface groups with NAT Actions Feature #946: Allow aliases to be used to define IPsec phase 2 networks Actions Feature #1257: Handle encypted CA/Certificate private keys Actions Feature #1268: Allow mass renewing of certs Actions Feature #1337: VLANs with different MAC address than parent interface Actions Feature #1831: Captive portal IPv6 support Actions Feature #2024: RRD Graphs for packages Actions Feature #2479: Allow reordering of the traffic graphs on the dashboard Actions Feature #2593: sync NTPD, SNMP config between HA members Actions Feature #2676: Reply-to option in firewall rule Actions Feature #2965: Mac Firewalling Actions Feature #3115: Traffic shaping for multi WAN Actions Feature #3185: Accommodate a DHCPv6 failover-like mechanism Actions Feature #3377: OAuth2 authentication in captive portal Actions Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Actions Feature #3696: Multiple items backup/restore Actions Feature #3697: New backup/restore area: Certificates Actions Feature #3882: Add OUI database to the base system, remove dependency on nmap Actions Feature #4098: Add option to force a password change on login Actions Feature #4195: Aliases: sections Actions Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Actions Feature #4632: Support for Multipath TCP (MPTCP) Actions Feature #4724: Captive Portal Status Add Client Hostname Actions Feature #4776: Add 802.1x dynamic vlan support Actions Feature #5307: Add logarithmic scale option to RRD graphs Actions Feature #5510: Need a simple way to enable/disable package-installed services Actions Feature #5619: Curl with ARES support Actions Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Actions Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Actions Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Actions Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Actions Feature #6728: Route53 API mod and Geolocation Actions Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Actions Feature #7078: Allow reordering of client specific overrides in OpenVPN Actions Feature #7181: Add Top and Add Bottom on Seperator Actions Feature #7182: Break up System Widget on the Dashboard Actions Feature #7244: Publish pfsense as a Vagrant Basebox Actions Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Actions Feature #7783: Support for hosting VMs on pfSense using bhyve Actions Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Actions Feature #7852: Add views support to Unbound GUI Actions Feature #8316: expiration date when creating new rules Actions Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Actions Feature #8694: Client CA Auth for PFSense WebGui Actions Feature #8712: QOS on ipsec links Actions Feature #8775: Use SRV record for LDAP Authentication Actions Feature #8879: DHCP options ADD force options Actions Feature #9536: Support dynamic prefix in DHCPv6 Server Actions Feature #9574: Show changelog at package upgrade Actions Feature #9680: Seperate DHCP Server and relay per interface Actions Feature #9717: Search box for pfsense ? Actions Feature #9718: Make diag_states_summary table sortable Actions Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users Actions Feature #10204: Possible clarification of Track IPv6 Interface Subnet ID Actions Feature #10223: Add the ability to create additional loopback interfaces Actions Feature #10250: DHCP lease view by interface Actions Feature #10404: Consider using chrony for NTP services Actions Feature #10467: Email alert functionality for system health Actions Feature #10987: Add support for secure boot Actions Feature #11056: Add option to disable flow-control on interfaces in GUI Actions Feature #11270: Consider integrating Nebula mesh VPN Actions Feature #11302: WireGuard XMLRPC sync Actions Feature #11324: Separate syslog "Remote log servers" Parameters Actions Feature #11498: WireGuard does not pass multicast traffic to peer Actions Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer Actions Feature #11604: WireGuard Dynamic Listen Port Randomization Actions Feature #11921: Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet) Actions Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols Actions Feature #12564: add column to show that an Alias is in use by or not Actions Feature #12863: dynamically tune sha512crypt rounds Actions Feature #13805: A way to reliably determine if system is the primary or secondary in CARP Actions Feature #14666: Option to add automatic pass rules for IGMP Proxy which allow IP options Actions Feature #15078: Display all available updates on the dashboard Actions Todo #32: PPPoE Server users integration with user manager Actions Todo #33: L2TP users integration with user manager Actions Todo #5902: Use a common place for default values Actions Todo #6647: Enable Additional Security Headers Actions Todo #6697: White squares around the numeric values in the Status / Queues page Actions Todo #6727: Missing file apple-touch-icon-precomposed.png ? Actions Todo #11280: Add WireGuard to ALTQ list Actions Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address Actions
pfSense Packages - Future open Scheduled for an unspecified future version, typically not the next one 37% 8 issues (3 closed — 5 open) Related issues pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough Actions pfSense Packages - Bug #10791: Valid (vlan)interfaces do not get vif reporting "Invalid phyint address" Actions pfSense Packages - Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events Actions pfSense Packages - Feature #11178: Filer do not ask what to do with previous filename Actions pfSense Packages - Feature #11798: HA Sync for FRR config Actions pfSense Packages - Feature #12358: IP List Copy/Import/Export Actions pfSense Packages - Feature #12909: Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database Actions pfSense Packages - Feature #13284: Option to define "Issuer" in OPT configuration. Actions
pfSense Plus - Plus-Next open The next release of pfSense Plus software 0% 4 issues (0 closed — 4 open) Related issues Todo #1521: Multipath Routing GUI Support Actions pfSense Plus - Bug #12759: Proprietary packages link to non-existant or non-public github pages Actions pfSense Plus - Bug #16080: Issues Upgrading from 24.03 to 24.11 SG-1100 Atheros 9280 Actions