2.7.0 open Future pfSense CE software release 87% 537 issues (444 closed — 93 open) Related issues Bug #3132: Gateway events for IPv6 affect IPv4 services and vice versa Actions Bug #4154: RADIUS authentication not working over IPv6 Actions Bug #4500: UPnP/NAT-PMP status page does not display all port mappings Actions Bug #6253: Firewall log widget action icon features stop working when new log entries are added dynamically Actions Bug #6880: Multiple DHCP6 WAN connections leads to multiple dhcp6c clients Actions Bug #7996: Unnecessary link tag in login page Actions Bug #8846: Misleading gateway error message adding/editing static routes using a disabled interface Actions Bug #9263: Incorrect ICMP reply when using limiters Actions Bug #9296: Alias content is sometimes incomplete when an alias contains both FQDN and IP address entries Actions Bug #9887: Rule separator positions change when deleting multiple rules Actions Bug #10624: Memory leak in Unbound with Python module and DHCP lease registration active Actions Bug #11226: IPsec VTI phase 2 traffic selectors default to address when defined as a network Actions Bug #11416: OpenVPN IPv4 Tunnel Network incorrectly allows hostnames Actions Bug #11629: PPPoE WAN IP address different than expected when set static by ISP Actions Bug #11692: ``fixup_default_gateway()`` should not remove a default gateway managed by a dynamic routing daemon Actions Bug #11730: "Dark" theme does not sufficiently distinguish between selected and deselected elements in option lists Actions Bug #11764: IPv6 link local gateway default status not indicated in GUI Actions Bug #11864: OpenVPN stays bound to previous IP address after interface changes Actions Bug #11877: Labels and description disappear in firewall_schedule_edit.php Actions Bug #11941: Many ``exec()`` functions do not use full path to executable files Actions Bug #11984: Automatic Outbound NAT mode can create incorrect rules in some cases Actions Bug #12003: Pie and ``fq_pie`` are missing options and do not handle floating point number input correctly Actions Bug #12079: IGMPProxy: kernel panic, Sleeping thread owns a non-sleepable lock Actions Bug #12105: Packages are not automatically reinstalled when restoring configuration using the installer Actions Bug #12141: Lack of DNS or Internet connectivity causes GUI to be slow Actions Bug #12319: NAT reflection does not work for IPv6 port forwarding rules when configured for NAT+Proxy mode Actions Bug #12332: OpenVPN does not clear old Cisco-AVPair anchor rules in some cases Actions Bug #12440: Zero-value prefix IPv6 addresses are mishandled Actions Bug #12464: Syslog Auth messages are sent as Emergency Level Actions Bug #12527: DHCPv6 server does not skip interfaces configured with invalid ranges Actions Bug #12536: Setting a default gateway of "None" does not remove the default gateway from the routing table Actions Bug #12579: Utilize ``dnctl(8)`` to apply limiter changes without a filter reload Actions Bug #12590: Dynamic DNS custom IPv6 service fails on 6rd tunnels Actions Bug #12606: ``devd`` is not configured to act on USB interface attach/detach events Actions Bug #12609: IGMP Proxy server is restarted during every ``rc.newwanip`` event Actions Bug #12611: SNMP daemon is restarted during every ``rc.newwanip`` event Actions Bug #12612: DNS Resolver is restarted during every ``rc.newwanip`` event even for interfaces not used in the resolver Actions Bug #12613: DNS Resolver does not restart during link up/down events on a static IP address interface Actions Bug #12628: OpenVPN re-synchronization also synchronizes override entries unnecessarily in some cases Actions Bug #12632: Changing an interface IP address and gateway at the console does not save the new gateway if one already exists for the interface Actions Bug #12633: Gateway monitoring should mark gateway as "offline" on PPPoE parent interface disconnect Actions Bug #12645: ``filterdns`` does not monitor remote IPsec gateways for IPv6 address changes Actions Bug #12649: Allowed IP/Hostname "Direction" option is never used Actions Bug #12651: ``nginx`` logs an error that the port is already in use when restarting Captive Portal services Actions Bug #12672: GleSYS Dynamic DNS responses are not parsed properly Actions Bug #12673: Firewall Logs Widget fails to update at intervals below 5 seconds. Actions Bug #12678: Applying firewall rule changes does not clear dirty flag for aliases subsystem Actions Bug #12680: Typo in the warning text Actions Bug #12691: Support encrypted ``config.xml`` files when restoring during install Actions Bug #12703: pf ``hostid`` value is handled inconsistently Actions Bug #12708: Alias with non-resolving FQDN entry breaks underlying PF table Actions Bug #12710: Disabling DHCP Server RRD statistics does not work Actions Bug #12721: IPv6 gateway group using link local addresses incorrectly logs a gateway change because it not including interface scope properly Actions Bug #12723: Disallow remote gateway of ``0.0.0.0`` for VTI mode Actions Bug #12727: Renaming an alias does not update the alias names in static routes and OpenVPN instances Actions Bug #12728: Cannot remove IPv6 static routes Actions Bug #12733: Value of ``net.inet.ip.dummynet.*`` OIDs in ``sysctl`` are ignored Actions Bug #12735: Interface status "Total Interrupts" display is non-functional Actions Bug #12737: CA path is not defined when using ``curl`` in the shell Actions Bug #12749: Uninitialized array in ``array_remove_duplicates()`` Actions Bug #12750: Input validation prevents configuring wildcard Dynamic DNS records on GoDaddy Actions Bug #12754: Google Domains Dynamic DNS responses are not parsed properly Actions Bug #12757: Clean up use of ``pfctl -F`` in ``/etc/inc/filter.inc`` Actions Bug #12761: Input validation prevents configuring wildcard Dynamic DNS records on Google Domains Actions Bug #12763: VTI gateway status stuck as "pending" after reboot Actions Bug #12766: Packages with custom ``internal_name`` values do not reinstall properly when restoring a backup Actions Bug #12771: Automatic filter reload with OpenVPN client gateway uplink happens too soon or not at all Actions Bug #12775: NTP service is not listed on ``status_services.php`` unless ``config.xml`` contains NTP configuration data Actions Bug #12780: L2TP/PPTP interface assignment page loses some values after input validation error Actions Bug #12781: DNS Resolver help text for **System Domain Local Zone Type** option refers users to ``unbound.conf(5)`` man page instead of pfSense docs Actions Bug #12790: Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN Actions Bug #12792: Automatic Outbound NAT rules do not include OpenVPN CSO entries Actions Bug #12794: Link-local address does not reset after removing MAC address spoofing Actions Bug #12801: User password hashes pseudo-random number generator may return insecure salt value Actions Bug #12803: Error loading ruleset due to illegal TOS value Actions Bug #12810: Sanitize SHA-512 user password hashes in ``status.php`` output Actions Bug #12811: Services are not restarted when PPP interfaces connect Actions Bug #12824: Firewall Alias not working as intended - Stack Trace (2.6.0) Actions Bug #12831: Typo in in /etc/inc/interfaces.inc line 1107 Actions Bug #12847: On startup "No routing address with matching address" might appear Actions Bug #12868: Output from ``pfctl -vvsr`` does not include ``ridentifier`` value in the expected location Actions Bug #12870: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout Actions Bug #12871: Some action buttons are always active for firewall rules, even if no rules are selected Actions Bug #12876: Changing RAM disk size does not prompt to reboot Actions Bug #12887: GUI does not reject an invalid OpenVPN tap mode configuration with an empty tunnel network "Bridge DHCP" disabled Actions Bug #12892: ``HTTPClient`` option not sent when using UEFI HTTP Boot Actions Bug #12896: ``HTTPClient`` option does not work for static mappings Actions Bug #12900: Clicking Save & Force Update on a Dynamic DNS entry results in a GUI timeout Actions Bug #12901: DNS Forwarder refuses valid retries from clients in certain cases Actions Bug #12902: DNS Forwarder creates a loop when "Use local DNS, ignore remote DNS servers" is selected Actions Bug #12920: Gateway behavior differs when the gateway does not exist in config.xml Actions Bug #12923: DHCP "Ignore denied clients" option with MAC Deny list set causes DHCP server to not start Actions Bug #12925: FQDN in network alias is omitted from OpenVPN networks list Actions Bug #12927: OpenVPN with OCSP enabled allows connections with revoked certificates Actions Bug #12940: Deleting a user on the primary node does not delete its home directory on secondary node during XMLRPC sync Actions Bug #12947: DHCP6 client does not take any action if the interface IPv6 address changes during renewal Actions Bug #12953: ESP description in IPsec phase 2 proposal help text is ambiguous Actions Bug #12957: Delete button is always active for NAT rules, even if no rules are selected Actions Bug #12960: VGA install defaults to serial as primary console when loading/saving admin GUI settings without making changes Actions Bug #12975: IKEv2 Mobile IPsec clients do not receive ``INTERNAL_DNS_DOMAIN`` (value ``25``) attribute Actions Bug #12985: DNS Resolver updates trust anchor at boot even with DNSSEC disabled which can lead to a startup delay of ~2 minutes if the firewall does not have Internet access Actions Bug #12986: DHCP network boot filename can be incorrectly placed in DHCP Pool Options Actions Bug #12991: DNS Resolver ACLs are not updated when OpenVPN networks change Actions Bug #12998: Wireless interface WPA configuration fields are always visible Actions Bug #13004: ``write_rcfile()`` does not create ``rc_restart()`` entry Actions Bug #13012: NAT Reflection generates duplicate rules when internal interface contains multiple VIPs in the same subnet Actions Bug #13013: bsdinstall error while creating filesystem on the latest snapshots Actions Bug #13014: Charon.vici can get in a bad state Actions Bug #13015: NAT generates duplicate ``no nat on`` rules for port forwards with a destination of ``Any`` Actions Bug #13027: Input validation requires a gateway for floating ``match out`` rules Actions Bug #13048: Explicit PPPoE disconnect of a WAN Gateway Group member may not restore a default route. Actions Bug #13049: Empty ``negate_networks`` table breaks policy routing rules Actions Bug #13055: The ``negate_networks`` table is not updated when an OpenVPN server is deleted Actions Bug #13060: Potential XSS from URL and URL Table alias URLs Actions Bug #13061: Gateway events for IPv6 affect IPv4 OpenVPN instances and vice versa Actions Bug #13066: L2TP MPD configuration is not updated when a dynamic WAN IP address changes Actions Bug #13067: Resolve interval for ``filterdns`` may not match the configured value Actions Bug #13069: Input validation for IPv6 addresses allows invalid address compression in some cases Actions Bug #13071: Delete function for IPsec SAD entries on ``status_ipsec_sad.php`` does not work Actions Bug #13076: Marking a gateway as down does not affect IPsec entries using gateway groups Actions Bug #13080: Cannot set EFI console as primary console when using both EFI and Serial Actions Bug #13082: L2TP stays bound to previous IP address after static IP address change Actions Bug #13083: Slack notification options only allow `` -`` as a special character in channel names Actions Bug #13086: Traffic shaper wizard rewrites Mbits to Kbits Actions Bug #13088: OpenVPN Client Overrides: properly hide/show form fields Actions Bug #13092: PPPoE WANs fail to reconnect after parameter negotiation failure Actions Bug #13097: PHP error when upgrading from before configuration revision 21.6, ``ipsec_create_vtimap()`` is undefined Actions Bug #13099: Static routes to destinations at L2TP clients are not re-added after a client reconnects Actions Bug #13102: Deleting an IPSec tunnel doesn't destroy the SA (SADs/SPDs), causes crash in status_ipsec.php Actions Bug #13105: DNS Forwarder custom options may fail after save/restore when options are only separated by newline Actions Bug #13116: OpenVPN client ``tls-client``/``client`` configuration directive not handled properly Actions Bug #13127: DHCP lease list displays wrong interface name in the "Leases in Use" summary if DHCP settings for a disabled interface remain in the configuration Actions Bug #13131: Mobile IPsec clients cannot be manually disconnected from IPsec status screen Actions Bug #13132: Multiple ``<sshdata>`` or ``<rrddata>`` sections in ``config.xml`` lead to an XML parsing error during restore Actions Bug #13133: OpenVPN ``client-connect`` file contains ``topology`` Actions Bug #13139: Stale ``sshdkeys.dirty`` lock file prevents generating SSH server keys Actions Bug #13145: Per-user ``route`` files are not removed from ``/tmp`` when they are no longer needed Actions Bug #13148: Traffic passed by Captive Portal cannot use limiter queues on other rules Actions Bug #13157: PHP error restoring DHCP lease data on fresh installation: Actions Bug #13164: Info icon on ``firewall_nat_out.php`` is incorrectly placed in manual outbound NAT mode Actions Bug #13169: captiveportal_ether_delete_entry() does not delete anchors/pipes Actions Bug #13171: Changing the redirect target for a Port Forward with an associated filter creates an incorrect firewall rule Actions Bug #13174: Icon missing for user manager entries with a scope other than "user" Actions Bug #13175: PHP error on MAC entry add/edit Actions Bug #13185: LDAP setup does not display 'Global Root CA List' option unless another CA also exists Actions Bug #13204: Captive Portal reserves four (instead of two) pipes for client Actions Bug #13210: PPPoE server panics with multiple client connections Actions Bug #13216: Switching nomacfilter option does not change autorized users rule format Actions Bug #13218: GIF-based interface MTU is assigned to parent interface on boot when parent interface is a LAGG Actions Bug #13225: Bridges with QinQ interfaces not properly set up at boot Actions Bug #13228: Recovering interface gateway may not be added back into gateway groups and rules when expected Actions Bug #13240: User is forced to pick an NPt destination IPv6 prefix length even when choosing a drop-down entry which contains a defined prefix length Actions Bug #13243: OpenVPN status for multi-user VPN shows info icon to display RADIUS rules when there are none to display Actions Bug #13253: ``dhcp6c`` is not restarted when applying settings when multiple WANs are configured for DHCP6 Actions Bug #13254: DNS resolver does not update its configuration or reload during link down events Actions Bug #13257: Exporting a PKCS#12 file from the certificate manager does not use the intended encryption algorithm Actions Bug #13258: Hidden menu option ``100`` incorrectly handles HTTPS detection Actions Bug #13262: File browser on ``diag_edit.php`` does not encode filenames before display Actions Bug #13272: Voucher CSV output has leading space before voucher code Actions Bug #13280: Entries for ``net.link.ifqmaxlen`` duplicated in ``/boot/loader.conf`` Actions Bug #13282: Alias content is sometimes incomplete if the firewall cannot resolve an FQDN in the alias Actions Bug #13289: Attempting to restore a 0 byte ``config.xml`` prints an error that the file cannot be read Actions Bug #13295: Incorrect function parameters for ``get_dpinger_status()`` call in ``gwlb.inc`` Actions Bug #13298: Dynv6 Dynamic DNS client does not check the response code when updating Actions Bug #13307: PPP interface custom reset date/time Hour and Minute fields do not properly handle ``0`` value Actions Bug #13308: The ``negate_networks`` table is duplicated in ``rules.debug`` Actions Bug #13310: Each line in the NPt destination IPv6 prefix list also contains the network of the previous line when multiple choices are present Actions Bug #13317: ``array_filter`` PHP Errors in ``interfaces.inc`` Actions Bug #13318: Neighbor hostnames in the NDP Table on ``diag_ndp.php`` are always empty Actions Bug #13364: Using the copy (not clone) function on firewall rules unintentionally converts interface ``address`` to interface ``net`` Actions Bug #13387: Input validation is not rejecting invalid description characters when editing a CA or Certificate Actions Bug #13390: "Dark" theme uses the same colors for disabled and enabled input fields Actions Bug #13393: DNS Resolver responds with unexpected source address when the DNS over TLS server function is enabled Actions Bug #13396: Custom logo or background image is created with two dots (``..``) before the file extension Actions Bug #13408: PF can fail to load a new ruleset Actions Bug #13424: CRL expiration date with default lifetime is too long, goes past UTCTime limit Actions Bug #13425: Invalid alias name can still be used by code attempting to validate URL table content Actions Bug #13426: ``status.php`` uses ``<name>`` component of ``/tmp/rules.packages.<name>`` filenames in shell command without encoding Actions Bug #13436: Input validation on ``system_advanced_firewall.inc`` uses incorrect variable references for some fields Actions Bug #13437: ECDSA certificate renewal causes digest algorithm to be reset to SHA1 Actions Bug #13445: ``easyrule`` CLI script has multiple bugs and undesirable behaviors Actions Bug #13448: Table row selection has poor contrast in Dark theme Actions Bug #13453: Incorrect word in "Network Interfaces" help text on ``services_unbound.php`` Actions Bug #13462: Advanced DHCP6 client settings only work for a single interface Actions Bug #13471: APU1 hardware is not properly identified with current BIOS versions Actions Bug #13477: Captive Portal disconnecting a single user stops all traffic. Actions Bug #13479: Input validation is checking RAM disk sizes when they are inactive Actions Bug #13480: GIFs are not automatically started when parent interface doesn't have an address at boot Actions Bug #13487: GUI IPV6-WAN-status stays "Offline, Packetloss" after a short communication hick up Actions Bug #13492: Start rtsold immediately after dhcp6c sends it requests Actions Bug #13493: Several advanced DHCP6 client options do not inform the user when rejecting invalid input Actions Bug #13507: Copying multiple rules at the same time results in new rules with duplicate tracker IDs Actions Bug #13525: Memory leak in PF when retrieving Ethernet rules Actions Bug #13529: Intel i226 network interfaces do not honor a manually selected link speed Actions Bug #13533: pfsense 2.7 (FreeBSD 14) system_authservers.php - syntax error Actions Bug #13538: Deleting an alias marks the subsystem as unclean but also unconditionally reloads the filter configuration Actions Bug #13539: Missing descriptions for referrers to firewall aliases cause empty strings for references to be returned when deleting an in-use alias Actions Bug #13545: Toggling NAT rules using the button method does not enable/disable corresponding firewall rules Actions Bug #13561: Unable to set web interface session timeout to ``0`` (i.e. never expire) Actions Bug #13573: Adding a UEFI HTTPBoot URL and enabling network booting with static mappings causes dhcpd to crash Actions Bug #13574: Extra remote address information can confuse ``sshguard`` Actions Bug #13579: Incorrect quoting of Split DNS attribute value in ``strongswan.conf`` Actions Bug #13591: Changing the GUI port does not redirect the browser to the new port on save Actions Bug #13594: "Provide DNS servers to DHCPv6 clients" setting does not reflect a changed value until the page is reloaded Actions Bug #13607: Malformed format strings in French translation causing PHP errors. Actions Bug #13633: DHCPv6 rules are not created for interfaces with static IPv6 Actions Bug #13638: ``fcgicli`` fails to write packets with ``nvpair`` values that exceed ``128`` bytes Actions Bug #13645: PHP errors regarding ssh Actions Bug #13655: DNS Forwarder (``dnsmasq``) is using an invalid combination of options when "Query DNS servers sequentially" is enabled Actions Bug #13659: replace direct config accesses for system/webgui paths in system_advanced_admin.inc Actions Bug #13671: DHCP client can fail permanently if an interface is down at boot Actions Bug #13675: Code that sets IPv6 MTU can unintentionally act on IPv4 addresses Actions Bug #13676: PHP errors on services_dhcpv6_relay.php Actions Bug #13680: Package install scripts run after PHP upgrade produce errors Actions Bug #13701: replace direct config accesses for the rest of the paths in system_advanced_admin.inc Actions Bug #13702: replace direct config accesses in system_advanced_sysctl Actions Bug #13704: replace direct config accesses in vpn_ipsec* Actions Bug #13716: CVE-2022-23093 / FreeBSD-SA-22:15.ping Actions Bug #13734: PPP interfaces with a QinQ parent can't initialize the PPPoE node for link Actions Bug #13736: Captive Portal service restart needed after MAC bypass Actions Bug #13742: Captive Portal MAC bypass - pf rules are not enforced Actions Bug #13755: Multiple incorrect configuration paths in recent UPnP code changes Actions Bug #13756: Rules for authenticated Captive Portal users are not removed when a zone is disabled Actions Bug #13776: Some functions fail if the Language does not exactly match an available Locale Actions Bug #13792: Filterdns assumes sets of resolved addresses for each hostname are nonintersecting Actions Bug #13793: filterdns does not reconcile modelled tables with the current state of filter tables Actions Bug #13838: Captive Portal RADIUS start/stop accounting does not reset counters at each accounting start Actions Bug #13851: DNS Resolver does not generate automatic ACLs for IPv6 when Network Interfaces is set to "All" Actions Bug #13853: Captive Portal does not apply RADIUS bandwidth limits to user pipes Actions Bug #13860: Typo in Remote IPv4/IPv6 Address help text on ``interfaces_gre_edit.php`` Actions Bug #13883: UDP checksum errors with ``ixgbe`` interfaces Actions Bug #13908: CARP automatically generated rules don't get removed Actions Bug #13911: Unnecessary delay when querying ixgbe NICs Actions Bug #13915: PHP error when making changes in the traffic shaper wizard Actions Bug #13935: RRD restore process does not sanitize filenames from backup XML Actions Bug #13937: New OpenVPN entries are not immediately reflected in RRD graphs Actions Bug #13938: Kernel panic accessing the GUI over IPsec in certain environments when using nginx ``sendfile`` with unmapped mbufs Actions Bug #13939: IPv6 doesn't work on secondary PPPoE WAN Actions Bug #13940: Firewall log parser does not handle SCTP log entries Actions Bug #13946: Polish translation contains an invalid ``sprintf()`` format in the text for ``firewall_nat_out_edit.php`` Actions Bug #13953: PHP Error loading Floating rule tab with OpenVPN group rules when there are no OpenVPN instances in the configuration Actions Bug #13959: Interface page accepting empty characters on Static IPv6 Configuration Actions Bug #13961: Virtual IP address input validation does not check for overlap with DHCP address ranges Actions Bug #13963: Some interface operations (e.g. OpenVPN and GIF create/destroy) fail after 23.01 upgrade due to outdated linker.hints Actions Bug #13973: PHP error on ``gwlb.inc`` when assigned OpenVPN or IPsec interface entries are missing Actions Bug #13992: Custom default state timeouts are not respected in the ruleset Actions Bug #14004: PHP errors when configuration lacks any certificates Actions Bug #14007: Using PF reserved keywords for interface descriptions results in an invalid ruleset Actions Bug #14009: PHP error from upgraded IPsec tunnel containing only deprecated ciphers Actions Bug #14013: PHP error when attempting to bulk import Alias content Actions Bug #14022: PHP error when exporting a CRL for an old CA Actions Bug #14027: Upgrade to PHP8.2 Actions Bug #14031: Identical SMTP notifications repeat in an infinite loop under certain conditions Actions Bug #14033: NTP under Services generates a PHP error Actions Bug #14034: PHP errors in ``xmlrpc.php`` during HA config sync with empty tag on sync target Actions Bug #14035: PHP Error when attempting to create a GIF interface Actions Bug #14036: PHP error when missing timeserver in config Actions Bug #14037: PHP Error enabling ICMP6 using EasyRule Actions Bug #14061: Write failure of ``config.cache`` for what may be a non-hardware cause Actions Bug #14077: Kernel panic from incoming IPv6 connections Actions Bug #14091: The "Kill States" button does not work consistently Actions Bug #14098: PF syntax to disable fragment disassembly changed Actions Bug #14115: Unable to configure DHCP on OPT interfaces if WAN and LAN are DHCP Actions Bug #14117: PHP Error on ``status_interfaces.php`` from PPP interface uptime Actions Bug #14124: Blank SAN fields are not ignored when creating a certificate Actions Bug #14136: radvd missing from Services Status Actions Bug #14167: Auto Config Backup: Selected manual backups are not retained. Actions Bug #14176: Uptime displays plural seconds for multiple minutes in the System Information dashboard widget Actions Bug #14182: PHP error when XMLRPC client attempts to sync without any HA sync settings in the configuration Actions Feature #2456: Option to choose default tab in IPsec status Dashboard widget Actions Feature #2505: Toggle button to disable/enable multiple firewall rules Actions Feature #4259: Port forward NAT rules with "any" protocol Actions Feature #4881: Allow NPt to use dynamic IPv6 networks Actions Feature #7727: uPnP fails to properly give out subsequent reservations when multiple gaming systems are playing the same game/using the same port. Actions Feature #8365: Button to copy rules from one interface to another Actions Feature #8861: Show SFP module details on ``status_interfaces.php`` Actions Feature #9091: Chelsio TOE support using the ``t4_tom`` module Actions Feature #9393: Improved support for USB interfaces that may not always be present Actions Feature #9544: Enable ``ROUTE_MPATH`` multipath routing Actions Feature #10345: Improve distinction between online and idle/offline entries in DHCP lease list Actions Feature #11266: Option to list AutoConfigBackup entries in "reverse" order (newest at top) Actions Feature #12070: Support for VLAN ``0`` Actions Feature #12092: Utilize new ``pfctl`` abilities to kill states Actions Feature #12267: OpenVPN option to limit concurrent connections per user Actions Feature #12392: Allow the selection of "any" interface in floating rules Actions Feature #12407: Use deferred client connections in OpenVPN Actions Feature #12616: Option to filter state table contents by rule ID Actions Feature #12636: Automatically create DNS Resolver ACLs for OpenVPN CSO entries Actions Feature #12675: Move command line history to a GUI option stored in ``config.xml`` rather than a manual flag file Actions Feature #12685: Support encrypted ``config.xml`` files when restoring via ECL Actions Feature #12687: Option to disable auto-addition of static routes for ``dpinger`` Actions Feature #12702: Use consistent pf host ID and add GUI option to set a custom host ID in state synchronization settings Actions Feature #12714: Show ``Inactive`` for Hardware Crypto output instead of empty field on System Information dashboard widget when nothing can be accelerated Actions Feature #12724: Notify user if AutoConfigBackup is unable to successfully upload a backup Actions Feature #12741: Eliminate duplicate shell commands from history file Actions Feature #12744: IPv6 support for DNSimple Dynamic DNS Actions Feature #12752: Support wildcard Dynamic DNS records on DigitalOcean Actions Feature #12773: Ability to sort AutoConfigBackup entries Actions Feature #12809: Recover existing SSH keys during installation Actions Feature #12819: GUI option to configure layers for LACP hash Actions Feature #12842: Retain descriptions when exporting and importing aliases Actions Feature #12855: GUI option to select the user password hashing algorithm Actions Feature #12879: Toggle button to disable/enable multiple entries on NAT pages Actions Feature #12931: Retain knowledge of previous dynamic gateway IP address when interface is down Actions Feature #12945: Implement missing ipfw equivalents in libpfctl necessary for captiveportal Actions Feature #12968: Button to clear previous packet capture data Actions Feature #12973: Playback script to perform a configuration upgrade on an arbitrary ``config.xml`` file Actions Feature #13010: Option to retain the existing serial number when renewing a CA or certificate Actions Feature #13023: DNS Resolver option to keep probing when servers are down Actions Feature #13054: Package plugin hook for web server configuration stanzas Actions Feature #13057: GUI option for IPsec ``dns-interval`` setting Actions Feature #13070: Allow auto prefix with manual prefix-length in NPt Actions Feature #13094: Allow packet capture filtering in tagged packets Actions Feature #13103: Warn the user if they attempt to disable SSH from the menu while connected through SSH Actions Feature #13109: Trim whitespace from MAC addresses in user input Actions Feature #13118: Relax DHCP maximum lease time input validation Actions Feature #13124: Option to wait for interface selection before displaying firewall rules Actions Feature #13125: Option to restore dashboard widget layout Actions Feature #13245: Type column on Alias lists Actions Feature #13304: ALTQ GUI support for Broadcom Netextreme II (``bxe``) interfaces Actions Feature #13362: Update dynamic gateway consumers when their interface is renamed Actions Feature #13367: Specify CA trust store location when downloading and validating URL alias content Actions Feature #13377: Option to configure a custom value for the PHP memory limit Actions Feature #13382: More flexible packet capture GUI Actions Feature #13388: Support for international characters in the AutoConfigBackup Hint/Identifier field Actions Feature #13411: Packet capture does not support 6rd tunnels Actions Feature #13422: Add a 'type' field to the DHCPv6 server Additional BOOTP/DHCP Options Actions Feature #13446: Upgrade PHP from 7.4 to 8.1 Actions Feature #13584: Input validation for numbered DHCP options in static mappings Actions Feature #13647: Support for ChaCha20-Poly1305 encryption with IPsec Actions Feature #13710: Support UTF-8 CA/Certificate subject components Actions Feature #13784: Option to completely block MAC addresses in Captive Portal Actions Feature #13804: Prevent CARP status/maintenance mode from being erroneously toggled Actions Feature #13868: Allow packet capture on unassigned interfaces Actions Feature #14047: Add webgui control options for Intel Speed Shift Actions Feature #14050: Add iwlwifi as a wireless interface Actions Feature #14122: Allow selecting the repo branch on config restore Actions Feature #14166: Use netstat output for interface packet counters Actions Feature #14183: OpenVPN Wizard - Several areas out of date Actions Feature #14185: Ability to edit Certificate Revocation List properties Actions Feature #14186: Improve DynDNS help text readability Actions Todo #12093: Make AutoConfigBackup menu entry point to the settings tab so it loads faster when there is no WAN connectivity Actions Todo #12431: GUI pages should use ``POST`` for AJAX calls, not ``GET`` Actions Todo #12556: Comply with current iteration standards when encrypting and decrypting configuration files Actions Todo #12619: Restart services on interface changes Actions Todo #12624: Reorganize UPnP options Actions Todo #12701: Reorganize CARP status page Actions Todo #12782: Disable ``pkg`` compatibility flag which creates ``txz`` file extension symbolic links Actions Todo #12881: Update ``dpinger`` to 3.2 Actions Todo #12934: Update strongSwan Actions Todo #12981: Warn about OpenVPN shared key deprecation Actions Todo #13042: Remove code references to unused ``reset`` parameter from traffic shaper pages Actions Todo #13100: Transition Captive Portal from IPFW to PF Actions Todo #13129: OpenVPN status page improvements Actions Todo #13149: Remove unnecessary trailing colon after Outbound NAT "Automatic Rules" section header Actions Todo #13250: Clean up DHCP Server option language Actions Todo #13357: Spelling and typo corrections Actions Todo #13398: Information box on ``status_ipsec.php`` says "IPsec not enabled" even when a tunnel is established Actions Todo #13440: Update external HTTPS/HTTP links Actions Todo #13501: Clean up obsolete code in ``pfSense-dhclient-script`` Actions Todo #13505: Correct DHCP client rule descriptions in the generated firewall ruleset Actions Todo #13508: Uncouple RAM Disk size from available kernel memory Actions Todo #13524: Update reserved alias names Actions Todo #13648: Remove deprecated IPsec algorithms (3DES, Blowfish, and CAST 128 encryption; MD5 HMAC/Hashing) Actions Todo #13718: Improve LDAP debugging Actions Todo #13731: Add multicast group membership (``ifmcstat``) to ``status.php`` Actions Todo #13865: Update Python 3.9.15 to 3.9.16 in base system Actions Todo #13866: Add Python 3.11.1 to base system Actions Todo #13867: Update Unbound to use Python 3.11 instead of Python 3.9 Actions Todo #13893: Update Unbound to 1.17.1 Actions Todo #14011: Update memory graphs to account for changes in memory reporting Actions Todo #14103: Add more disk information to status output Actions Todo #14188: Add information: 'Next Certificate Serial' value is ignored when using 'Randomize Serial' Actions Todo #14201: Remove deprecated NCP enable/disable toggle from OpenVPN Actions Todo #14209: TZdata update to 2023c Actions pfSense Docs - Todo #13557: Minnowboard Turbo: Add ZFS install warning Actions pfSense Packages - Bug #10646: Reinstall package process stalls at pfBlockerNG when restoring a config Actions pfSense Packages - Bug #10867: squidGuard Package Hangs on Uninstall or Upgrade Actions pfSense Packages - Bug #11398: pfBlocker upgrade hangs forever Actions pfSense Packages - Bug #13410: ClamAV 0.104.2 is subject to several vulnerabilies Actions pfSense Packages - Bug #13509: NRPE: Checks requiring net-snmp fail Actions pfSense Packages - Bug #13564: PHP error after creating a Route Map Actions pfSense Packages - Bug #13566: Non-devel pfBlocker Package Broken in 2.7 CE with PHP 8.1 Actions pfSense Packages - Bug #13619: PHP Error in pfblockerNG-devel widget Actions pfSense Packages - Bug #13640: PHP Error: util.inc:1932 Actions pfSense Packages - Bug #13642: PHP Error: frr_zebra.inc:159 Actions pfSense Packages - Bug #14060: Auto Config Backup - decrypted config.xml is under 50 characters Actions pfSense Packages - Bug #14075: Using the ``Transparent ClientIP`` option in HAproxy results in kernel panics Actions pfSense Packages - Bug #14096: Status_Traffic_Totals does not work on snapshots due to sqlite change Actions pfSense Packages - Feature #13733: Upgrade ha proxy 2.6 Actions pfSense Packages - Todo #13190: Update System_Patches package for pfSense+ 22.05 Actions pfSense Plus - Bug #13799: Unbound python module persistently shows enabled in resolver settings Actions
pfSense Plus - 23.05 open Release targeted for May 2023 33% 9 issues (2 closed — 7 open) Related issues pfSense Plus - Bug #13348: Boot Environments GUI displays error Actions pfSense Plus - Bug #13455: Serial console output fails to render properly in certain cases Actions pfSense Plus - Bug #13929: IGMP Proxy multicast group membership query packets have an invalid checksum Actions pfSense Plus - Bug #13976: SNMP logs "Device not configured" error message when queries involve built-in switch port interfaces Actions pfSense Plus - Bug #13981: PHP Error on ``status_interfaces.php`` with empty switch VLAN group configuration and assigned VLAN interfaces Actions pfSense Plus - Bug #14204: System Info widget stops showing CPU details in aarch64 Actions
CE-Next open The next release of pfSense software (CE) 10% 69 issues (1 closed — 68 open) Related issues Bug #1819: DNS Resolver Not Registering DHCP Server Specified Domain Name Actions Bug #5413: Incorrect Handling of Unbound Resolver [service restarts, cache loss, DNS service interruption] Actions Bug #6333: Bootup starts/restarts dpinger multiple times Actions Bug #7389: Limiter does not work with transparent proxy Actions Bug #8013: IPsec MSS clamping value shared for IPv4 and IPv6 Actions Bug #8100: pfsync Initially Deletes States on Primary for Connections Established through Secondary Actions Bug #8192: dpinger - Change in ISP link-local IPv6 address drops connectivity Actions Bug #8263: Cannot create a nonlinear `Link Share` service curve because of: "the sum of the child bandwidth higher than parent" Actions Bug #8273: IPv6 GRE tunnel over PPPoE fails on startup Actions Bug #8611: unable to receive IPv6 RA's on SG-1000, default route lost Actions Bug #8815: IP addresses are removed from interfaces when link is lost and either IPv4 or IPv6 is dynamic Actions Bug #8964: IPsec async cryptography advanced setting - TCP traffic not passing through Actions Bug #9136: IPv6 Tracking Interfaces Lose IPv6 Address in Certain Cases Actions Bug #9349: IPSec service start/stop/restart fails after settings change Actions Bug #9384: devd putting "$" before variable contents when using single quotes Actions Bug #10513: State issues with policy routing and HA failover Actions Bug #10530: Convert config version to be based on product version Actions Bug #10690: Not possible to make UFS install on ZFS formatted drive Actions Bug #10708: ZFS bootpool boot symlink issue Actions Bug #10875: PPP periodic reset does not fully restore gateway group round-robin functionality Actions Bug #10892: Large number of VLAN/LANs make floating rules are to read Actions Bug #11110: Backup file should be checked before restoring a specific area Actions Bug #11296: Static route targets may still reachable via default route when the gateway they should route through is down Actions Bug #11335: Spoofing the MAC on a LAGG interface does not work for some NIC types. Actions Bug #11429: System Log / Settings form activates "Reset Log Files" button on enter Actions Bug #11430: PHP console spam after Assigning Interfaces Actions Bug #11503: Using multiple authentication backends on an OpenVPN server fails Actions Bug #11539: Mobile IPsec ``split_include`` value of ``0.0.0.0/0`` causes some clients to fail Actions Bug #11541: OpenVPN status does not work properly when set to TCP and Concurrent Connections = 1 Actions Bug #11548: "rule expands to no valid combination" error from port forward automatic rule mixing IPv4 and IPv6 elements Actions Bug #12095: Memory leak in pcscd Actions Bug #12225: Group membership field is not needed for remote groups Actions Bug #12249: HAProxy causing failed ACB backups Actions Bug #12335: IPsec DNS inefficiency Actions Bug #12357: Captive Portal popup Logout button loads full login page in popup when clicked Actions Bug #12715: Long system startup time when LDAP is configured and unavailable during startup. Actions Bug #12747: System log is filled by sshguard Actions Bug #12942: Code to kill states for old gateway when reconnecting an interface is incorrect Actions Bug #13217: dhclient using default pid file location which does not exist Actions Bug #13226: Disconnecting a user from Captive Portal may allow previously established connections to continue. Actions Bug #13273: dhclient can use conflicting recorded leases Actions Bug #13329: Traffic shaping Wizard sets invalid values for qVoip queue Actions Bug #13450: L2TP Clients system alias is not populated Actions Bug #13483: dhcp6c shouldn't be killed and restarted on interface reconfigurations Actions Bug #13499: Namecheap service type is missing help text for the password field Actions Bug #13903: PPPoE server allows entering IPv6 address Actions Bug #14045: pfSense-boot can fail to copy the EFI bootloader Actions Bug #14046: bsdinstall based installs are missing EFISYS DOS label on efi partition Actions Feature #855: Ability to selectively kill states on gateways recovery Actions Feature #2386: Bridge member that is not an assigned interface Actions Feature #4405: Traffic shaping doesn't work when applied to a bridge interface Actions Feature #6960: Replace ISC DHCP server with Kea Actions Feature #8794: NTP authentiction Actions Feature #11440: Expand collapsed sections by clicking anywhere on header Actions Feature #11589: Fix iftop experimental traffic fetcher, unify and improve output style Actions Feature #12077: Allow stick-connections per gateway group Actions Feature #12121: Wider "local network(s)" fields in OpenVPN server configuration Actions Feature #12494: DynDNS: make simultaneous update of IP and LegacyIP possible Actions Feature #12495: DynDNS: add deSEC IPv4&v6 simultaneos update Actions Feature #12553: Auto Config Backup: Allow selecting multiple backups for deletion Actions Feature #13244: Add help text under Timezone settings in the GUI Actions Feature #13351: Improve Indicated Memory Usage in the Dashboard Actions Feature #13511: Add a PCP field to interface configuration Actions Feature #13843: Add ability to properly configure RADIUS captive portal user quotas of 4096MB or more Actions Feature #13844: Make RADIUS Start/Stop accounting immediately log off a user that exceeds quota when reauthentication is disabled Actions Todo #10464: Disallow package updates when a system update is available Actions Todo #12367: ZFS: Do not show memstick disk on target list Actions Todo #13644: Enable ALTQ support in cxgbe(4) Actions
Future open Items for an indeterminate later release 3% 116 issues (5 closed — 111 open) Related issues Bug #1675: Captive portal logout problems with pop-up blockers. Actions Bug #4406: ALTQ problems with wireless cloned interfaces Actions Bug #4479: Firewall rules won't match GRE interface after applying IPSEC transport encryption on GRE tunnel Actions Bug #5367: Safari repeatedly tries to reload dashboard Actions Bug #5786: Check WebConfigurator port for conflicts Actions Bug #6167: IPsec IPComp not working Actions Bug #6186: race conditions in service startup Actions Bug #6696: Add configure link to Status > Queues error message if traffic shaping not configured Actions Bug #7082: pkg_edit.php - impossible to use default_value with rowhelperfield Actions Bug #7138: Pfsense wide dhcpv6 client doesn't recognise ifid statement Actions Bug #7195: pkg_edit.php - <checkenablefields> tag has no effect on fields other than checkbox/input Actions Bug #7222: Encryption No Longer Enforced for Email Notifications Actions Bug #7288: The field 'Distinguished name Organization' contains invalid characters Actions Bug #8502: main (top) menu items do not drop down in some cases Actions Bug #8614: Cannot remove Additional BOOTP/DHCP Options Actions Bug #8820: System/Advanced/Misc - "Do not kill connections when schedule expires" UN-checked still leaves existing connections open. Actions Bug #9344: OpenVPN click NCP Algorithms will always go to DH Parameters website(in Chinese-Taiwan) Actions Bug #9353: PHPSession errors from limited access to dashboard and widgets Actions Bug #9755: package description wrong link https://www.freshports.org/security/openvpn-client-export Actions Bug #10310: Systems with low RAM and several packages may temporarily fail to load large tables after an upgrade Actions Bug #10352: RADIUS authentication fails with MSCHAPv1 or MSCHAPv2 when passwords contain international characters Actions Bug #11093: ral(4) driver non-functional in arm64 Actions Bug #11352: CTF types > 2^15 in the pfSense kernel config results in DTrace failing Actions Bug #11418: 'NAT-T: Force' is broken for IPv6 IPsec Actions Bug #11473: System Activity shows invalid data on SG-3100 Actions Bug #12013: Reading log data is inefficient in certain cases Actions Feature #84: Nightly Filter Summary E-Mail Actions Feature #96: Add "All local networks" to source and destination drop down boxen in firewall rules Actions Feature #286: Backup/restore users individually Actions Feature #290: Add Multi-WAN awareness to UPnP Actions Feature #521: Group manager Assigned Permissions Actions Feature #701: Interface groups with NAT Actions Feature #746: Add interface group to source/dest drop downs Actions Feature #946: Allow aliases to be used to define IPsec phase 2 networks Actions Feature #1257: Handle encypted CA/Certificate private keys Actions Feature #1268: Allow mass renewing of certs Actions Feature #1337: VLANs with different MAC address than parent interface Actions Feature #1831: Captive portal IPv6 support Actions Feature #1979: Add some default read-only system aliases Actions Feature #2024: RRD Graphs for packages Actions Feature #2358: NAT64 Support Actions Feature #2479: Allow reordering of the traffic graphs on the dashboard Actions Feature #2593: sync NTPD, SNMP config between HA members Actions Feature #2676: Reply-to option in firewall rule Actions Feature #2965: Mac Firewalling Actions Feature #3115: Traffic shaping for multi WAN Actions Feature #3185: Accommodate a DHCPv6 failover-like mechanism Actions Feature #3377: OAuth2 authentication in captive portal Actions Feature #3652: OpenVPN - Dynamic IPv6 Tunnel Network Actions Feature #3696: Multiple items backup/restore Actions Feature #3697: New backup/restore area: Certificates Actions Feature #3882: Add OUI database to the base system, remove dependency on nmap Actions Feature #4098: Add option to force a password change on login Actions Feature #4195: Aliases: sections Actions Feature #4234: allow for strict user <> cn validation of mobile ipsec users when using rsa+xauth Actions Feature #4632: Support for Multipath TCP (MPTCP) Actions Feature #4724: Captive Portal Status Add Client Hostname Actions Feature #4776: Add 802.1x dynamic vlan support Actions Feature #5307: Add logarithmic scale option to RRD graphs Actions Feature #5510: Need a simple way to enable/disable package-installed services Actions Feature #5619: Curl with ARES support Actions Feature #5735: Automaticaly add DHCP leases to alias list or make it readable in selected fields Actions Feature #5835: Improve OpenVPN client gateway detection in edge cases where the remote does not send gateway information Actions Feature #5950: DHCPv6 Server support for PD of PD-obtained networks Actions Feature #6457: Allow ability to configure AWS EC2 AMI via userdata Actions Feature #6728: Route53 API mod and Geolocation Actions Feature #6742: OAuth2 authentication for OpenVPN (and for FreeRadius) Actions Feature #7078: Allow reordering of client specific overrides in OpenVPN Actions Feature #7181: Add Top and Add Bottom on Seperator Actions Feature #7182: Break up System Widget on the Dashboard Actions Feature #7244: Publish pfsense as a Vagrant Basebox Actions Feature #7260: Source OS / p0f Database Missing Modern Operating Systems Actions Feature #7783: Support for hosting VMs on pfSense using bhyve Actions Feature #7847: USB NIC not loading (TP-Link UE300 RTL8153) Actions Feature #7852: Add views support to Unbound GUI Actions Feature #8316: expiration date when creating new rules Actions Feature #8474: Easier Conversion to HA Pair from Existing Non-HA Firewall Actions Feature #8694: Client CA Auth for PFSense WebGui Actions Feature #8712: QOS on ipsec links Actions Feature #8775: Use SRV record for LDAP Authentication Actions Feature #8879: DHCP options ADD force options Actions Feature #9536: Support dynamic prefix in DHCPv6 Server Actions Feature #9574: Show changelog at package upgrade Actions Feature #9680: Seperate DHCP Server and relay per interface Actions Feature #9717: Search box for pfsense ? Actions Feature #9718: Make diag_states_summary table sortable Actions Feature #9942: Give pfSense the possibility to change the keyboard Layout for console users Actions Feature #10204: Possible clarification of Track IPv6 Interface Subnet ID Actions Feature #10223: Add the ability to create additional loopback interfaces Actions Feature #10250: DHCP lease view by interface Actions Feature #10404: Consider using chrony for NTP services Actions Feature #10467: Email alert functionality for system health Actions Feature #10987: Add support for secure boot Actions Feature #11056: Add option to disable flow-control on interfaces in GUI Actions Feature #11270: Consider integrating Nebula mesh VPN Actions Feature #11302: WireGuard XMLRPC sync Actions Feature #11324: Separate syslog "Remote log servers" Parameters Actions Feature #11369: add Enabling IPv6 Source Address Validation support Actions Feature #11498: WireGuard does not pass multicast traffic to peer Actions Feature #11588: Automatically suggest next IP address in Wireguard interface subnet when creating a peer Actions Feature #11604: WireGuard Dynamic Listen Port Randomization Actions Feature #11921: Feature Request: Compile unbound with EDNS Client Subnet (ECS) module (--enable-subnet) Actions Feature #12521: Add the BBR2, QUIC, RACK Congestion Control (CC) protocols Actions Feature #12564: add column to show that an Alias is in use by or not Actions Feature #12863: dynamically tune sha512crypt rounds Actions Feature #13805: A way to reliably determine if system is the primary or secondary in CARP Actions Todo #32: PPPoE Server users integration with user manager Actions Todo #33: L2TP users integration with user manager Actions Todo #1521: Investigate FreeBSD route metric support for future versions Actions Todo #5902: Use a common place for default values Actions Todo #6647: Enable Additional Security Headers Actions Todo #6697: White squares around the numeric values in the Status / Queues page Actions Todo #6727: Missing file apple-touch-icon-precomposed.png ? Actions Todo #11280: Add WireGuard to ALTQ list Actions Todo #12025: Add 1:1 Validation to Notify Someone They are 1:1 NAT'ing an Interface Address Actions
pfSense Packages - Future open Scheduled for an unspecified future version, typically not the next one 25% 8 issues (2 closed — 6 open) Related issues pfSense Packages - Bug #7267: Status Traffic Totals - Stacked Bar - Scale not high enough Actions pfSense Packages - Bug #10791: Valid (vlan)interfaces do not get vif reporting "Invalid phyint address" Actions pfSense Packages - Bug #13153: Static routes bound to WireGuard interfaces are not restored after down / up events Actions pfSense Packages - Feature #11178: Filer do not ask what to do with previous filename Actions pfSense Packages - Feature #11798: HA Sync for FRR config Actions pfSense Packages - Feature #12358: IP List Copy/Import/Export Actions pfSense Packages - Feature #12909: Convert Suricata GeoIP Lookup feature on ALERTS tab to use local GeoIP2 database Actions pfSense Packages - Feature #13284: Option to define "Issuer" in OPT configuration. Actions
pfSense Plus - Plus-Next open The next release of pfSense Plus software 33% 3 issues (1 closed — 2 open) Related issues pfSense Plus - Bug #12759: Proprietary packages link to non-existant or non-public github pages Actions pfSense Plus - Bug #12974: Typing anything into 1100/2100 recovery installer causes process to stop Actions