Development

• 

  HEADS UP: Snapshots moving to pfSense 2.5.0 on FreeBSD 12, expect initial instability
  • jimp  

  1
  0
  Votes
  1
  Posts
  1195
  Views

  No one has replied

• M

  What skills are needed for Development
  • mikeisfly  

  8
  0
  Votes
  8
  Posts
  9974
  Views

  F

  if we talk about software development Go with HTML CSS java php credit @optimumlogic
• 

  cant login webgui
  • yon 0  

  10
  0
  Votes
  10
  Posts
  79
  Views

  

  i have install the snort
• S

  2.5 latest update issue
  • SMartes33  

  3
  0
  Votes
  3
  Posts
  132
  Views

  Q

  You arent alone. I think it may be related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240818 If you down/up the parent interface (em1 in my case) things will work.
• 

  Athp driver
  • stephenw10  

  52
  0
  Votes
  52
  Posts
  1294
  Views

  

  Yeah not in the code so the driver would not attach to that yet.
• 

  Starting point for developing a Package?
  • luckman212  

  4
  0
  Votes
  4
  Posts
  75
  Views

  

  @bmeeks Great, this is very helpful information (and thanks for your work on the Snort package! )
• S

  crash with 2.4.5-RELEASE-p1 (amd64)
  • sensemann  

  2
  0
  Votes
  2
  Posts
  72
  Views

  

  All of the backtraces in that are identical: db:0:kdb.enter.default> bt Tracing pid 26689 tid 100757 td 0xfffff80251dd5620 kdb_enter() at kdb_enter+0x3b/frame 0xfffffe046257aaa0 vpanic() at vpanic+0x19b/frame 0xfffffe046257ab00 panic() at panic+0x43/frame 0xfffffe046257ab60 trap_pfault() at trap_pfault/frame 0xfffffe046257abb0 trap_pfault() at trap_pfault+0x49/frame 0xfffffe046257ac10 trap() at trap+0x29d/frame 0xfffffe046257ad20 calltrap() at calltrap+0x8/frame 0xfffffe046257ad20 --- trap 0xc, rip = 0xffffffff80e9a6fa, rsp = 0xfffffe046257adf0, rbp = 0xfffffe046257ae00 --- in_delayed_cksum() at in_delayed_cksum+0x5a/frame 0xfffffe046257ae00 pf_test() at pf_test+0x2493/frame 0xfffffe046257b010 pf_test() at pf_test+0x2088/frame 0xfffffe046257b220 pf_test() at pf_test+0x2088/frame 0xfffffe046257b430 pf_check_out() at pf_check_out+0x1d/frame 0xfffffe046257b450 pfil_run_hooks() at pfil_run_hooks+0x90/frame 0xfffffe046257b4e0 ip_output() at ip_output+0xa53/frame 0xfffffe046257b610 udp_send() at udp_send+0xa0c/frame 0xfffffe046257b6d0 sosend_dgram() at sosend_dgram+0x345/frame 0xfffffe046257b730 kern_sendit() at kern_sendit+0x1f9/frame 0xfffffe046257b7e0 sendit() at sendit+0x19e/frame 0xfffffe046257b830 sys_sendto() at sys_sendto+0x4d/frame 0xfffffe046257b880 amd64_syscall() at amd64_syscall+0xa86/frame 0xfffffe046257b9b0 fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe046257b9b0 --- syscall (133, FreeBSD ELF64, sys_sendto), rip = 0x801f929ea, rsp = 0x7fffdf5f84a8, rbp = 0x7fffdf5f84f0 --- Fatal trap 12: page fault while in kernel mode cpuid = 3; apic id = 03 fault virtual address = 0x18 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80e9a6fa stack pointer = 0x28:0xfffffe0462267df0 frame pointer = 0x28:0xfffffe0462267e00 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 11651 (unbound) trap number = 12 panic: page fault cpuid = 3 KDB: enter: panic I'm not seeing any similar backtraces for previous crashes when I search, but in_delayed_cksum at the top of that makes me suspect it may be an issue with checksum processing, but it could also be a hardware issue in general. Maybe try toggling the hardware checksum option under System > Advanced, Networking tab
• A

  2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl
  • andrew_241  

  106
  0
  Votes
  106
  Posts
  5838
  Views

  G

  Hyper-V 2 CPU cores with pfBlockerNG and Table Usage Count: 24691 is every 2 seconds unbound using 1CPU at 100%. When pfBlockerNG is disabled, all ok. With same lists on 2.4.4 there is no noticeable CPU usage at all. Problem still there. but not so critical as it was. p.s. And memory usage with pfBlockerNG is increased twice compare to 2.4.4.
• 

  2.4.5 Snapshots are Live
  • dennis_s  

  39
  1
  Votes
  39
  Posts
  2476
  Views

  

  The initial issue is gone now.
• T

  2.4.5-p1 crash report
  • tomahhunt  

  13
  0
  Votes
  13
  Posts
  191
  Views

  T

  Crashed again. Any idea what else I might do to aid debug?
• J

  2.4.5-p1 crash in vr
  • jeffersonmfs  

  4
  0
  Votes
  4
  Posts
  35
  Views

  

  I split your posts off to a new topic since, although it was a crash, it was nowhere near the same crash. Yours is crashing in the NIC driver while processing an interrupt from a vr(4) NIC. Those Via Rhine NICs are very, very old (They're only 10/100!) and were never all that reliable. I would strongly suggest replacing that NIC with a quality Intel NIC gigabit NIC. And replace those Realtek NICs while you are at it.
• S

  Creating firewall rule via ssh
  • speatzle_  

  5
  0
  Votes
  5
  Posts
  91
  Views

  

  There are existing examples in the code for doing this as well. Start here: https://github.com/pfsense/pfsense/blob/master/src/usr/local/bin/easyrule https://github.com/pfsense/pfsense/blob/master/src/etc/inc/easyrule.inc
• M

  Unexpected VLAN and interface assignments prompt at boot
  • mikahe  

  1
  0
  Votes
  1
  Posts
  27
  Views

  No one has replied

• R

  MDS Mitigation: any reason that's not enabled automatically?
  • rcfa  

  23
  0
  Votes
  23
  Posts
  7402
  Views

  

  Yeah if your running your esxi in your own lab with your own vms - I wouldn't use any of the mitigation anything for this family of exploits.. If there is any possible performance hit.. Which most all of these mitigations are.. Some can be a pretty stiff hit.. Do you recall when meltdown first came out.. Lots of hoopla about that.. Even though most use cases of pfsense would have zero need for concern with such an attack vector.. Lots of traffic about it here and elsewhere, etc.. negate put out this blog back Jan of 2018 https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html The important take away Most of our users should not be concerned as long as they follow our basic guidelines for limiting access to the WebGUI, shell as well as physical access to the pfSense appliance. Same goes for all of these sorts of exploits..
• T

  Here we go again.
  • techpro2004  

  8
  0
  Votes
  8
  Posts
  244
  Views

  C

  @kiokoman said in Here we go again.: uhm i knew it was coming neverthless it was somehow funny Exactly what she said yesterday....
• 

  pfssh: how to add (initial) VLANs?
  • JeGr  

  2
  0
  Votes
  2
  Posts
  95
  Views

  

  You have to declare each level of the hash/array as you go. Like this: $config['vlans'] = array(); $config['vlans']['vlan'] = array(); $config['vlans']['vlan'][] = $newvlan; There is a convenience function that can help: init_config_arr(array('vlans', 'vlan')); $config['vlans']['vlan'][] = $newvlan; That function only initializes the arrays if they are unset/don't exist/are not arrays so it's safe to run unconditionally.
• P

  2.4.5 export ovpn 2.3 config bug
  • pukoid  

  6
  0
  Votes
  6
  Posts
  56
  Views

  P

  @Gertjan Updated OpenvpnClientExport package and checkbox works fine now. Dumb me.
• A

  How <caref>code in the confing.xml is generated?
  • aimad  

  4
  0
  Votes
  4
  Posts
  34
  Views

  

  On a cert, it's the refid of the CA that signed the cert. So it's copied from the CA refid.
• 

  ETA on traffic shaping for C3000 X553 NICs?
  • maxtoid  

  3
  0
  Votes
  3
  Posts
  123
  Views

  

  There are no plans to add altq to ixgbe as far as I know. One workaround for that us to use VLANs on the ix NICs, vlan interfaces do support altq. Steve
• 

  pf 2.4.5 and FRR bugs
  • yon 0  

  1
  0
  Votes
  1
  Posts
  69
  Views

  No one has replied

• I

  [Bug?]2.5.0-DEVELOPMENT (amd64) built on Sun May 03 23:56:0 snort-2.9.16 Inline IPS throttles Wireguard speed
  • iqjet  

  5
  0
  Votes
  5
  Posts
  135
  Views

  I

  I'm runing pfsense at a Intel(R) Core(TM) i5-5250U CPU. CPU load is low, RAM usage 23% out of 8GB. Google DNS is blocked. I use igb1. As I told, no problems without WG and full speed. WG natively runing on a Linux Mint 19.3 PC throttles the speed. Imho there is nothing wrong with Mode "Inline IPS" Edit Your requested results are in Snort.zip
• 

  Support for Edwards Curves
  • yon 0  

  1
  0
  Votes
  1
  Posts
  76
  Views

  No one has replied

• B

  Upgrade to 2.4.5 > 2.4.4-p3 SG-3100 ipv6 bogon list issue
  • behemyth  

  22
  0
  Votes
  22
  Posts
  658
  Views

  N

  @jimp said in Upgrade to 2.4.5 > 2.4.4-p3 SG-3100 ipv6 bogon list issue: It's reporting the size as it was when the page was loaded, apparently, and not what the calculated default for the system would be. That may be a bug, though it should probably report both. Well, it technically does report both in that it appropriately shows the value that was set when the page was loaded in the field where you can change the value. The bug would be that the display for the "default value" stated under the field is actually showing the currently set value.
• C

  crash reported.. can you tell me what happened?
  • comet424  

  10
  0
  Votes
  10
  Posts
  153
  Views

  C

  @virgiliomi ok thank you ill check it out.... I appreciate it... due to no work.. I cant afford anything,... and people hoarding food and the damn toilet paper... I appreciate it and ill check it out (:
• T

  Refactoring: create a wrapper Object or duplicate code?
  • tm_an  

  4
  0
  Votes
  4
  Posts
  57
  Views

  

  There aren't any plans to migrate from one to the other since they operate in much different ways.
• M

  Cert Manager Export Password
  • michaelschefczyk  

  12
  0
  Votes
  12
  Posts
  7112
  Views

  B

  @johnpoz said in Cert Manager Export Password: See the popup I showed where it says to look in profiles - did you miss that? It is a very valid point. It is easy to miss. But I haven't. Going back to the two things I have tried. If using the unencrypted p12 (which I know it is not meant to work): when I click on it, I see the pop up at the bottom saying that I have to go to my profiles to add it. If I go to general-->profiles I can see it there, I can click to install it, enter the pin code, and then I get stuck waiting for the password. But the p12 does get sent to profiles and an install can be attempted. when using the encrypted version, nothing happens when I click on the p12 file. When I say "nothing", I mean as if I had not touched the screen at all. No error, no "open with" menu, nothing. UPDATE: I have noticed that you used the Windows version of openssl. So just for the sake of it, I decided to install it and give it a shot. Surprisingly, it worked this time. Thinking that there can't be a difference between the two openssl, my head pointed towards the transfer between my raspbian and my Windows computer. Per default winscp transfers text file, and apparently doing this messed up the base64 and made it unusable for the encrypted version. After repeating the process with a binary transfer mode, I could import that encrypted p12 as well. So in the end, I could solve the problem and I hope this can help someone else. Thanks a lot @johnpoz for pointing me in the right direction. Without your screenshot I wouldn't have thought about looking into that and find the root-cause.
• T

  Get list of interface name, descriptions and ip address
  • trumee  

  4
  0
  Votes
  4
  Posts
  126
  Views

  

  Of course You already did. When you visit the console, you activated that script. ( maybe without knowing it )
• R

  (SOLVED) vnstatd Status Traffic Totals data collection daemon not loading
  solved • • ragnar00  

  6
  0
  Votes
  6
  Posts
  194
  Views

  H

  @ragnar00 Thank you. I found it.
• L

  readline.so 0 bytes after upgrade
  • louis2  

  9
  0
  Votes
  9
  Posts
  311
  Views

  

  I split this off into its own thread so it doesn't take over the other one.
• B

  firewall rules are not applied after a reboot of firewall, the fix is reapply or run status filter reload
  • bcruze  

  6
  0
  Votes
  6
  Posts
  170
  Views

  B

  i replied in my other thread about the alias is fixed by reinstalling the firewall on my SG 3100 back to stable and not restoring ANYthing previously. entirely rebuilt from scratch i am now running sg 3100 on 2.4.4-RELEASE-p3 (arm) but have the same issue as i originally posted in this thread. on the stable release, i have spent hours on trying to figure this out. in reading on redmine https://redmine.pfsense.org/issues/6028 if i am reading this correctly this affects ALL versions of Pfense? i have been using Pfsense for the past 3-4 years and never experienced this. leads me to two things. is the image file for the sg 3100 contain issues my SG 4220 and SG 2220 did not have? because i have been using these same rules, and yesterday they were built from scratch not restored from a previous firewall.. if this is the bug i just need to know that so i understand its being worked on thank you Sir
• T

  This topic is deleted!
  • techpro2004  

  4
  0
  Votes
  4
  Posts
  62
  Views
• G

  Anchors not processing
  • gidotop  

  3
  0
  Votes
  3
  Posts
  95
  Views

  G

  So a good example would be something like this: pfctrl -sr currently prints out the rule set and userrules anchor (anchor "userrules/*" all) is empty. I have confirmed with a pfctrl -a userrules -sr which returns nothing. I then added the following: echo "pass in quick on em0 inet proto tcp from 192.168.1.7 to any port = 32400 flags S/SA keep state" | pfctl -a userrules -f - when I run pfctrl -a userrules -sr after this I get: pass in quick on em0 inet proto tcp from 192.168.1.7 to any port = 32400 flags S/SA keep state The rule doesn't work though and it doesn't display with a pfctrl -sr either. I can't see what I am specifying wrong, I have tried calling the anchor with and with out the /* in quotes a few times and it places the new rule under the userrules anchor as displayed with pfctl -a userrules -sr each time. I can clear it with pfctl -a userrules -Fr as well. Given this example can you see where I have gone astray? Thank you for your help.
• T

  2.4.5 bugs?
  • techpro2004  

  8
  0
  Votes
  8
  Posts
  443
  Views

  

  It's not ready. /EOT. Again.
• S

  /usr/local/sbin/pfSense-upgrade deletions
  • skogs  

  15
  0
  Votes
  15
  Posts
  627
  Views

  

  See above, that is not the recommended procedure. Locking this, it's been solved already.
• T

  (SOLVED)pfSense 2.5.0 and 2.4.5 confusion
  • tman904  

  12
  0
  Votes
  12
  Posts
  717
  Views

  T

  Thank you, I'll keep that in mind for future. I understand why I had confusion and the replies have helped clear it up for me. Again thank you Jim and everyone that helped.
• 

  pfSense-upgrade -6 pfSense-upgrade: Command not found.
  • yon 0  

  2
  0
  Votes
  2
  Posts
  138
  Views

  

  https://forum.netgate.com/topic/150930/usr-local-sbin-pfsense-upgrade-deletions/9
• C

  PHP Crash Reporter on upgrading to 2.4.5
  • cobhc  

  3
  0
  Votes
  3
  Posts
  117
  Views

  C

  @jimp Thank you!
• K

  Problem with OpenVPN and Dynamic DNS
  • k625  

  2
  0
  Votes
  2
  Posts
  110
  Views

  K

  Today I updated pfsense to the version "2.4.5-RC (amd64) built on Thu Feb 27 00:05:35 EST 2020" and the problem with Dynamic DNS is gone. Thanks!
• T

  how can i fix this error in he process of building source code
  • Tewodros  

  6
  0
  Votes
  6
  Posts
  155
  Views

  T

  @jimp i try to to customize the code for my Owen purpose still it don't run after i gate the code
• S

  Few CSS Changes and Traffic Graph
  • sbwcws  

  2
  1
  Votes
  2
  Posts
  198
  Views

  S

  It has a well view, what did you use to improve your traffic graph? I still have some problems with and even more when I try to upgrade my Ip man is such horrible haha. I like you css style, well done bro!