@rlljorge said in Haproxy block user-agent: Hello there, I would like to block some user agents in haproxy like: Baiduspider Sosospider Sogou ZumBot Yandex I found some examples in haproxy community but Didn't make work in pfsense/haproxy, example: acl blockedagent hdr_sub(user-agent) -i -f /etc/haproxy/blacklist.agent http-request deny if blockedagent And how You resolve it ?

@Trey said in FreeRADIUS sync interfaces: Hi all, the new sync method is synchronising everything from freeradius. This destroyed our freeradius setup in multiple branches, as it overwrote all interfaces and all eap certificates in every sync host. We have about 7 branches with the freeradius deamon running and used the sync to sync only users and NAS/clients. Was this change really intended? For me this is more a bug as a feature… Could someone clarify this? Thanks for your help If you used a common CA and Radius certificate (same thumbprint) across the different pfSense boxes, and created only a 127.0.0.1 interface in Radius, would it then not work again? You would obviously need to create a NAT rule for ports 1812/1813 on the interfaces where Radius should be present (pointing to 127.0.0.1)

@viragomann @viragomann said in Using HAProxy to redirect, but not to load balance: But do the printers check the host name at all, or do they only simply listen on IP and port? The printers are connected to the Pi with a USB cable. They don't deal with IP at all. What does deal with anything like that is the slicer when I use it to upload to OctoPrint to print, but that's something I expected to have to deal with. Sounds like the configuration is pretty much the same as what I had to do on the Pi I was using for printing and shouldn't be too hard. Thanks - and thank you for not going into why to just use the names I give each host instead!

Hi @Gertjan Thank you sharing your configuration and suggestions. I'll review my config and carry out more testing with debugging on this weekend. Can I ask, are you authenticating users or devices using username and password in the 'Users' tab, and/or devices with MAC address in the MAC's tab ? Thanks, Stuart

So checking those boxes, adds these lines to the generated config acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^edge\.117pd\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^bbc-911\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^bbc-revere\.xxx\.us(:([0-9]){1,5})?$ acl aclcrt_https-edge var(txn.txnhost) -m reg -i ^flasktestapp\.xxx\.us(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) use_backend flasktestapp_ipvANY if aclcrt_https-edge This line use_backend flasktestapp_ipvANY if aclcrt_https-edge Is only added if a default backend is selected. If I have a backend for each of these hostnames, it seems that I still need to create an ACL for each to use for backend selection. So I guess I still don't see the point of checking those boxes and creating the aclcrt_https-edge acl .

@bmeeks @bmeeks said in Are there any default packages?: @TangoOversway said in Are there any default packages?: I'm trying to eliminate as many variables as I can to narrow things down. It won't hurt anything to remove those packages if you desire for troubleshooting. If you don't use them, then you won't create any new problem by removing them. I was just saying that in the normal case (that is, when not trying to eliminate possible problems), leaving them installed should be fine. Got it. Thank you!

@smokers Browsing on the pfSense host is not supported by the package. The package is designed for managing mDNS advertisements only. Configure Avahi like this: Check the box that says "Enable the Avahi daemon" Select "Allow Interfaces" as the "Interface Action" Select your LAN and IOT networks in "Interfaces" Do not check the box that says "Disable IPv4" Check the box that says "Enable reflection" Do not check the box that says "Enable publishing" Do not put anything in "Advanced settings" You are done. If you want to know if the service is running, look at Status / Services. Avahi will allow you to discover mDNS services across the LAN and IOT segments. You will need nDNS publishers and mDNS subscribers in these networks to confirm operation. If you are a iPhone or Mac user, Discovery.app is a good tool to see what is being advertised. I can't speak to Windows or Android.

@viktor_g said in Suppress arpwatch flip flop emails for Bonjour Sleep Proxy: Please see https://redmine.pfsense.org/issues/10474 Thank YOU SO MUCH ! ;) In office we have a lot of appleTV and w/o this suppressing mail/pushover would be filled in a day… Good luck in coding!

This is in Diagnostics → Crash Reporter: Crash report begins. Anonymous machine information: arm64 14.0-CURRENT FreeBSD 14.0-CURRENT aarch64 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec 6 20:59:18 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/aarch64/8ra4gn87/var/jenkins/workspace/pfSense-Plus-snapshots-23_ Crash report details: PHP Errors: [14-Feb-2024 23:41:45 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:41:45 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:42:24 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:42:24 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:03 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:03 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:59 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:43:59 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:52:39 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('Netgate pfSense...') #3 /etc/inc/notices.inc(151): notify_all_remote('Netgate pfSense...') #4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'Netgate pfSense...', 'pfSenseConfigur...', '') #5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...') #6 /usr/local/www/pkg_edit.php(233): write_config('[notes] Success...') #7 {main} thrown in /etc/inc/util.inc on line 3748 [14-Feb-2024 23:52:39 US/East-Indiana] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1264 and defined in /etc/inc/util.inc:3748 Stack trace: #0 /etc/inc/config.lib.inc(1264): array_path_enabled(-1, 'notifications/s...', 'disable') #1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable') #2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...') #3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...') #4 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors') #5 [internal function]: pfSense_clear_globals() #6 {main} thrown in /etc/inc/util.inc on line 3748 No FreeBSD crash data found.

@nambi Sure, any DNS filtering option that you are comfortable with, and find easy to use would do. But you still need to make sure you are doing your best to block “alternative DNS options” for clients which gets somewhat more difficult if you do not use pfBlockerNG. Don’t let clients use OpenDNS servers directly. Set up DNS Resolver in pfSense and forward it OpenDNS. Then you can still create a NAT destination rule that catches all rogue DNS client requests and forwards it to the built in resolver (using OpenDNS). Then all you have to do is figure out how to easily block most/wellknown DNS over HTTPS/TLS servers - that will get a little hard without pfBlockerNG (where it’s quite easy)

@CZvacko said in Squidguard + Whitelist + regex: use regex since 2.7.2 above regex stopped work, now I use below (.*office365\.com.*)|(.*office\.com.*) It can also match a url like below, it doesn't bother me too much, someone can improve my regex... HACKoffice365.com office365.comHACK

@christopherbradski Just following up that I figured this out and that the CLI doesn't behave exactly like the UI when adding packages. Anyways, you can check the results of my effort here: https://github.com/christopherbradski/pfsense-addons

@Gertjan thanks for all the work done above. You are absolutely right this was an oversight on our side and yes we've decided, as per the same analytical process you went through, to use SQL as a back end instead of files and ditching pfsense altogether. The appeal of pfsense was that it is almost he only decent GUI to manage freeradius which help with the adoption internally. Thanks a lot for the reply.

@jecker it’s probably this: https://docs.netgate.com/pfsense/en/latest/backup/zfsbe/space.html Just ignore the size shown and delete a few old ones.

same problem here with flip flop notifications for a server that uses a bridge on its interface. MAC are all lower case here, as reported in the notification. package version 0.2.1

I switched back to using the ISC DHCP server. Now arpwatch is working properly again. It seems the new DHCP server was the problem.

@izanatos It seems as if /cf/conf/config.xml refers to files like: /usr/local/pkg/freeradiussettings.xml and /usr/local/pkg/freeradiusclients.xml As far as I can tell, those files do not contain configuration and are merely a template for the web GUI. So the question is/remains where can we find the configuration? I've been searching for known values but I could not find any. I'm sure I still have to learn a lot about how pfSense works and interacts with installed packages. Suggestions are welcome. :-D