@isaaclondo09

SSH into your pfSense box and run this command: /usr/local/sbin/zabbix_agentd -f

That will show any early output and the cause of the failure to start. Usually it will be a parameter error.

What is the IP of your Zabbix server?
It looks like the agent's the Server Active parameter is set to 192.168.13.148 for active checks but the server is rejecting the connection.
Passive checks (from the server) are coming from 192.168.13.109 but the agent is rejecting them because the Server parameter is set to 192.168.13.190.

@enesas follow up with the zen armor team on an official pfsense package.

https://www.zenarmor.com/contact

@lawern Good to hear :) I think I also updated it once or twice to be compatible, but we used it until we replaced the gateway. Until then I think there was no easy alternative to this.

@mtarbox said in Email Reports WebGUI crashes February 2025:

https://github.com/pfsense/FreeBSD-ports/commit/c49098e2900a9211de44dc0b9937235ce9d638a2.diff

Ah, ok, the pfSense-pkg-mailreport package.

fe37f9ae-869e-4abe-ae82-918dfe2d5ac7-image.png

Package make less - or, AFAIK, not use of the patches system.
If a patch exists fro them, then package is rebuild and you are proposed to update it.

After clearing the Protocol field in stunnel config, which I had originally set to ldap, saving the change, and restarting stunnel service, executing a connection test from the Toshiba MFD was successful.
And after adding the Google Workspace server entry in the Toshiba MFD LDAP Client settings as a directory/service option (click Server Assignment button, also in MFD LDAP Client settings), Google Workspace directory searches from the Toshiba MFD are working as expected.

@KelvinU said in How to block specific webpage and not a all website:

sounds NL, right?

Born over there, exact.
Living in France for the last 3 decades.

@KelvinU said in How to block specific webpage and not a all website:

though it came somewhat pretentious, right?! What makes you assume I'm a newbie?

Lol, you first : what makes you presume that I assume you are a newbie ?
But I get your point ^^
It's true, I am and I was pushing a bit.
My point of view :

About the proxy solution : me talking about planes was just an very accessible way to make you understand what the (imho) real question is.
A lot of people fly planes. It's feasible. It just needs a lot of work.
It's just that you were asking about why "/this/" isn't accessible to pfSense and/or anything else other then your browser and the web server on the other side. So I kicked of my way of saying : go have a look.
I good have finished the question with one question back : do you know what https is ? (I sometimes do - as this is not a ).
And I'm hoping I waked up your curiosity, that you dive into it, and then come back here and tell us how you did it. Because I'm still waiting as I never had the patience and/or time to use a proxy set up myself. Also, I don't have the age neither the young kids at home that motivates me being able to see my own traffic, let alone traffic off other people. That makes me feel very uncomfortable.

@KelvinU said in How to block specific webpage and not a all website:

and I've learned that we should never say, "No one. Not pfSense. Nobody. Not on planet Earth."

and I fully agree with you.
And we also enter into the "computer politics" now. So no more black and white, all becomes suddenly 'gray'. And it always was.
If TLS (real time) decoding was possible, while the private key is unknown, this would mean "some one" could listen into your TLS connections at any time.
I get it, it's the role of every big (governmental ?!) organization to let us know, the big public, that it's a scandal according to them, that they can't do their job right (protecting all of us, the big public), that they can't access your phone's traffic, can't see what you are saying (writing) to some one else. as national security is at stake here. So they say, your traffic is hidden and that's a problem for them - and this for us.
edit : still looking for the country where the usage of TLS or comparable is forbidden by law ^^
And at the same time, somewhere hidden, down deep, in zone 51, they have this quantum computer that can tap into everything all ready using, probably, a back door key ? Maybe. And they won't say any one of course that they actually can I get that (except for tiktok of course). Let's give the public the impression they are safe, so the will "speak" freely, not knowing that some one listens in after all. If that capability was known, then Internet as a communication method would fall .... world economy would fall.

But real time brut-forcing their way in ? Well ... do the math yourself ^^

Keep in mind : most of what I said above is "afaik" and "imho".

@KelvinU said in How to block specific webpage and not a all website:

I know a ton of GertJan

Oula ... why even bother posting here - come and see me !?
As I've questions also, and not only pfSense.

I've been forced to upgrade to Zabbix 7.0 due to the previous LTS version 6.0 going EOL on February 28, 2025. (https://www.zabbix.com/life_cycle_and_release_policy)

The Zabbix Proxies I have are also 6.0 LTS and I've just discovered there is no 7.0 package.

I'm also seeing a lot of the following messages in my zabbix logs...

9868:20250208:120811.048 Proxy "FW-1" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.086 Proxy "FW-2" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.269 Proxy "FW-3" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.366 Proxy "FW-4" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.393 Proxy "FW-5" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.403 Proxy "FW-6" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.436 Proxy "FW-7" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.489 Proxy "FW-8" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.644 Proxy "FW-9" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.700 Proxy "FW-10" version 6.0.27 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.911 Proxy "FW-11" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9.

So I'm basically stuff. Rolling my Zabbix server back isn't an option due to EOL/compliance issues. And I seem unable to install the Zabbix 7 agent or proxy on pfsense.

It seems as though the pfsense communication edition is dead?

😢

@leeroy said in Do I Need to Revert Patches Before Upgrading pfSense?:

We don’t have any custom packages

Make :

61aef0a2-815f-46fa-b99f-95174dc0a65f-image.png

an exception.
It's made by Netgate, for pfSense. Even if you don't think you need it, you need it. Probably because Netgate knows more about pfSense then we do 😊

Adding this here rather than a new topic since this is what comes up vv google when looking for why uname and zfs are throwing errors in the pfSense system log

Following the steps above from @ameinild does stop the messages from appearing, but only until you restart or touch the config in the ui.

After digging around here github and looking for some overly complicated way to override the default conf, a definite 🤦 was in order though... its so obvious once you see it, i.e. all of the selected options are all just flags in the config, and adding --no-collector.XX is just another flag, but from what I could find this wasnt called out anywhere, despite this issue being discussed in a number of forums.

The solution is simply to add --no-collector.zfs --no-collector.uname to Extra flags and save.

2b94e695-3dc2-4a2e-886e-87a09509605d-image.png

Which results in /usr/local/etc/rc.conf.d/node_exporter updated as follows, and the config persisting.

a49b3815-2788-43c7-802b-fa395d1b4812-image.png

@iStuart said in Packages showing as up to date - they are not. 2.7.2:

link that states what the latest version is?

I don't think so. Usually it's discussed in the forum category here. There is https://www.patreon.com/pfBlockerNG but it isn't always posted there I think. Also https://www.reddit.com/r/pfBlockerNG/.

I'm not seeing how the errors would trigger via the GUI - was the config.xml file manually modified?

@TravisH said in Suricata fails install:

@bmeeks That gave me the same errors, I might try a fresh install just to see if it has something else going on.

Cheers

I don't have any other suggestions, then. Those error messages appear to definitely originate from the pkg utility itself as it is creating the directories and copying the Suricata install files to the correct locations. The Suricata package is not even "alive" at that point (since it is in the process of being installed by the pkg utility).

Have you monkeyed with any user permissions on the firewall?

Can you remove and then successfully reinstall another package? What about trying to reinstall Snort again?

What kind of hardware do you have? Is it something with an eMMC disk? Perhaps it has gone into "read only" mode ???

@dennypage said in Avahi reflection filtering:

You are conflating local services and service reflection between interfaces. They are unrelated.

Thank you, I'll remove those entries.

@Target-Bravo How did you enable debugging on this plugin?

Hmm, not familiar. Backtrace:

db:0:kdb.enter.default> bt Tracing pid 87885 tid 100340 td 0xfffffe006a4e7ac0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe0063881830 vpanic() at vpanic+0x163/frame 0xfffffe0063881960 panic() at panic+0x43/frame 0xfffffe00638819c0 trap_fatal() at trap_fatal+0x40c/frame 0xfffffe0063881a20 calltrap() at calltrap+0x8/frame 0xfffffe0063881a20 --- trap 0x9, rip = 0xffffffff80ee0935, rsp = 0xfffffe0063881af0, rbp = 0xfffffe0063881ba0 --- in_joingroup_locked() at in_joingroup_locked+0x335/frame 0xfffffe0063881ba0 inp_setmoptions() at inp_setmoptions+0x11c6/frame 0xfffffe0063881d30 sosetopt() at sosetopt+0xb4/frame 0xfffffe0063881d80 kern_setsockopt() at kern_setsockopt+0xa5/frame 0xfffffe0063881de0 sys_setsockopt() at sys_setsockopt+0x24/frame 0xfffffe0063881e00 amd64_syscall() at amd64_syscall+0x109/frame 0xfffffe0063881f30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0063881f30 --- syscall (105, FreeBSD ELF64, setsockopt), rip = 0x82687dd0a, rsp = 0x8203704f8, rbp = 0x820370550 ---

Panic:

<6>vlan0: changing name to 'ixv0.7' <6>ixv0: link state changed to DOWN <6>ixv0: link state changed to UP arprequest_internal: cannot find matching address Fatal trap 9: general protection fault while in kernel mode cpuid = 6; apic id = 06 instruction pointer = 0x20:0xffffffff80ee0935 stack pointer = 0x28:0xfffffe0063881af0 frame pointer = 0x28:0xfffffe0063881ba0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 87885 (avahi-daemon) rdi: fffff80003c2c480 rsi: 0000000000000000 rdx: 00000000000000a0 rcx: 0000000000000020 r8: 0000000000000000 r9: 00000000000000f8 rax: 14d81dff33337b20 rbx: fffffe006a4e7ac0 rbp: fffffe0063881ba0 r10: 0000000000000000 r11: fffffe006a4e7fe0 r12: 0000000000000000 r13: fffffe0063881c04 r14: fffff800797d9800 r15: fffff80003c2c400 trap number = 9 panic: general protection fault cpuid = 6 time = 1734052404 KDB: enter: panic

It's interesting that it seems to re-create the interface after boot. Did you resave something there?

I'd have to guess it's some hardware off-loading in the ixv driver causing problem there when it tried to jpin the multicast group.
What hardware offloading is shown as capable or enabled by ifconfig -m ixv0 or for ifconfig -m ixv0.7?

@marcosm said in Email Reports WebGUI crashes when trying to edit the reports:

@Darkk You'll need to add and apply the diff yourself - it's not included.

I've applied the patch and it's working perfectly now.

Thank you!