Have there been any more thoughts about including Crowdsec as an official pfSsense package?

@Gertjan said in Email Reports PHP warning -> report not created:

@patient0

This one : https://redmine.pfsense.org/issues/15872 ?

I don't think so, it's on line 44 and my issue was on line 210 and not an PHP error but ${id} not set. But not very important, it's fixed and that's good.

@isaaclondo09

SSH into your pfSense box and run this command: /usr/local/sbin/zabbix_agentd -f

That will show any early output and the cause of the failure to start. Usually it will be a parameter error.

What is the IP of your Zabbix server?
It looks like the agent's the Server Active parameter is set to 192.168.13.148 for active checks but the server is rejecting the connection.
Passive checks (from the server) are coming from 192.168.13.109 but the agent is rejecting them because the Server parameter is set to 192.168.13.190.

@enesas follow up with the zen armor team on an official pfsense package.

https://www.zenarmor.com/contact

@lawern Good to hear :) I think I also updated it once or twice to be compatible, but we used it until we replaced the gateway. Until then I think there was no easy alternative to this.

@mtarbox said in Email Reports WebGUI crashes February 2025:

https://github.com/pfsense/FreeBSD-ports/commit/c49098e2900a9211de44dc0b9937235ce9d638a2.diff

Ah, ok, the pfSense-pkg-mailreport package.

fe37f9ae-869e-4abe-ae82-918dfe2d5ac7-image.png

Package make less - or, AFAIK, not use of the patches system.
If a patch exists fro them, then package is rebuild and you are proposed to update it.

After clearing the Protocol field in stunnel config, which I had originally set to ldap, saving the change, and restarting stunnel service, executing a connection test from the Toshiba MFD was successful.
And after adding the Google Workspace server entry in the Toshiba MFD LDAP Client settings as a directory/service option (click Server Assignment button, also in MFD LDAP Client settings), Google Workspace directory searches from the Toshiba MFD are working as expected.

@KelvinU said in How to block specific webpage and not a all website:

sounds NL, right?

Born over there, exact.
Living in France for the last 3 decades.

@KelvinU said in How to block specific webpage and not a all website:

though it came somewhat pretentious, right?! What makes you assume I'm a newbie?

Lol, you first : what makes you presume that I assume you are a newbie ?
But I get your point ^^
It's true, I am and I was pushing a bit.
My point of view :

About the proxy solution : me talking about planes was just an very accessible way to make you understand what the (imho) real question is.
A lot of people fly planes. It's feasible. It just needs a lot of work.
It's just that you were asking about why "/this/" isn't accessible to pfSense and/or anything else other then your browser and the web server on the other side. So I kicked of my way of saying : go have a look.
I good have finished the question with one question back : do you know what https is ? (I sometimes do - as this is not a ).
And I'm hoping I waked up your curiosity, that you dive into it, and then come back here and tell us how you did it. Because I'm still waiting as I never had the patience and/or time to use a proxy set up myself. Also, I don't have the age neither the young kids at home that motivates me being able to see my own traffic, let alone traffic off other people. That makes me feel very uncomfortable.

@KelvinU said in How to block specific webpage and not a all website:

and I've learned that we should never say, "No one. Not pfSense. Nobody. Not on planet Earth."

and I fully agree with you.
And we also enter into the "computer politics" now. So no more black and white, all becomes suddenly 'gray'. And it always was.
If TLS (real time) decoding was possible, while the private key is unknown, this would mean "some one" could listen into your TLS connections at any time.
I get it, it's the role of every big (governmental ?!) organization to let us know, the big public, that it's a scandal according to them, that they can't do their job right (protecting all of us, the big public), that they can't access your phone's traffic, can't see what you are saying (writing) to some one else. as national security is at stake here. So they say, your traffic is hidden and that's a problem for them - and this for us.
edit : still looking for the country where the usage of TLS or comparable is forbidden by law ^^
And at the same time, somewhere hidden, down deep, in zone 51, they have this quantum computer that can tap into everything all ready using, probably, a back door key ? Maybe. And they won't say any one of course that they actually can I get that (except for tiktok of course). Let's give the public the impression they are safe, so the will "speak" freely, not knowing that some one listens in after all. If that capability was known, then Internet as a communication method would fall .... world economy would fall.

But real time brut-forcing their way in ? Well ... do the math yourself ^^

Keep in mind : most of what I said above is "afaik" and "imho".

@KelvinU said in How to block specific webpage and not a all website:

I know a ton of GertJan

Oula ... why even bother posting here - come and see me !?
As I've questions also, and not only pfSense.

I've been forced to upgrade to Zabbix 7.0 due to the previous LTS version 6.0 going EOL on February 28, 2025. (https://www.zabbix.com/life_cycle_and_release_policy)

The Zabbix Proxies I have are also 6.0 LTS and I've just discovered there is no 7.0 package.

I'm also seeing a lot of the following messages in my zabbix logs...

9868:20250208:120811.048 Proxy "FW-1" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.086 Proxy "FW-2" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.269 Proxy "FW-3" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.366 Proxy "FW-4" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.393 Proxy "FW-5" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.403 Proxy "FW-6" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.436 Proxy "FW-7" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.489 Proxy "FW-8" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.644 Proxy "FW-9" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.700 Proxy "FW-10" version 6.0.27 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.911 Proxy "FW-11" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9.

So I'm basically stuff. Rolling my Zabbix server back isn't an option due to EOL/compliance issues. And I seem unable to install the Zabbix 7 agent or proxy on pfsense.

It seems as though the pfsense communication edition is dead?

😢

@leeroy said in Do I Need to Revert Patches Before Upgrading pfSense?:

We don’t have any custom packages

Make :

61aef0a2-815f-46fa-b99f-95174dc0a65f-image.png

an exception.
It's made by Netgate, for pfSense. Even if you don't think you need it, you need it. Probably because Netgate knows more about pfSense then we do 😊

Adding this here rather than a new topic since this is what comes up vv google when looking for why uname and zfs are throwing errors in the pfSense system log

Following the steps above from @ameinild does stop the messages from appearing, but only until you restart or touch the config in the ui.

After digging around here github and looking for some overly complicated way to override the default conf, a definite 🤦 was in order though... its so obvious once you see it, i.e. all of the selected options are all just flags in the config, and adding --no-collector.XX is just another flag, but from what I could find this wasnt called out anywhere, despite this issue being discussed in a number of forums.

The solution is simply to add --no-collector.zfs --no-collector.uname to Extra flags and save.

2b94e695-3dc2-4a2e-886e-87a09509605d-image.png

Which results in /usr/local/etc/rc.conf.d/node_exporter updated as follows, and the config persisting.

a49b3815-2788-43c7-802b-fa395d1b4812-image.png

Firewall states wouldn't affect LCDProc since it's not a TCP connection, it's local serial.

You should definitely be using cuaU0 or a cuaU<n> port, though, not a TTY.

I have LCDProc going on two systems, one with a crystalfontz display and another with an adafruit LCD+Backpack setup. Both work great and never lose connection.

@rocket

Updated Jan 28-2025

pfsense 24.11 - Telegraf freebsd-15

pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.33.1.pkg

pfsense 2.7.2 - Telegraf freebsd-14

pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.33.1.pkg

Can this security vulnerability get some love please?

@iStuart said in Packages showing as up to date - they are not. 2.7.2:

link that states what the latest version is?

I don't think so. Usually it's discussed in the forum category here. There is https://www.patreon.com/pfBlockerNG but it isn't always posted there I think. Also https://www.reddit.com/r/pfBlockerNG/.