Development

• T

  cloning
  • Tewodros  

  13
  0
  Votes
  13
  Posts
  213
  Views

  

  That looks like cygwin or msysgit. It still is limited by the underlying filesystem support. You need something that emulates a non-Windows filesystem and environment. You can use a completely isolated VM for that, as has been mentioned already, but I just tested using the Windows/Ubuntu integration (Windows Subsystem for Linux (Link 1, Link 2)) and it checked out OK there as well.
• 

  List of hooks?
  • luckman212  

  8
  0
  Votes
  8
  Posts
  484
  Views

  J

  @cosmor, we host public DNS zones on a separate server (bind9), so when the ISP channel gets switched to another one on pfSense, we need something to reach that server out and somehow update the zones (by nsupdate if the zones are dynamic or a custom script otherwise). In our case we use a custom script, which is triggered by ssh login called from rc.gateway_alarm_custom. The script discovers the current channel, substitutes predefined zone template for a zone, increases the zone serial and reloads the zone. Let me know if you need more details on that.
• C

  Apply changes button : javascript post to php function question
  • cosmor  

  5
  0
  Votes
  5
  Posts
  84
  Views

  C

  @jimp Many thanks for you clarification.
• P

  Two packages for preview: Network Inelligence and App/Protocol Blocking
  • pbaldwin  

  1
  1
  Votes
  1
  Posts
  245
  Views

  No one has replied

• S

  Snort problem
  • Simbad  

  1
  1
  Votes
  1
  Posts
  90
  Views

  No one has replied

• A

  This topic is deleted!
  • Aabir Abdallah  

  1
  0
  Votes
  1
  Posts
  5
  Views

  No one has replied

• R

  pfsense + python script problem
  • Ruta974  

  4
  0
  Votes
  4
  Posts
  102
  Views

  

  Remove it !
• S

  WebGUI Really Buggy On Mobile (iOS 13 Safari).
  • StonecoldServers316  

  1
  0
  Votes
  1
  Posts
  104
  Views

  No one has replied

• M

  On github, which branch to create pull requests against? I.e I'd like to add LDAP/AD nested group search as an option to an Authentication Server config.
  • maglub  

  3
  0
  Votes
  3
  Posts
  136
  Views

  M

  Thanks! Now I also found the proper documentation for a pull request! https://docs.netgate.com/pfsense/en/latest/development/submitting-a-pull-request-via-github.html Have a nice day! //magnus
• T

  pfSense apache
  • tobijuan  

  5
  0
  Votes
  5
  Posts
  163
  Views

  

  There is no apache on pfSense. Perhaps you meant nginx? You shouldn't call the shell exec programs indirectly like that. It isn't going to work. You're telling PHP to spawn a subshell and then run more PHP code from there. If you are looking to make your own page, just copy the contents of the easyrule script and adjust it to suit your needs. Though odds are, whatever you end up making will be less secure than granting users rights to edit firewall rules in the GUI directly.
• T

  pfSense Shell - shell_exec php
  • tobijuan  

  2
  0
  Votes
  2
  Posts
  72
  Views

  

  Trying to run a pfSense shell script from the GUI won't work as you expect (if at all). Use an actual shell.
• T

  after cloning how can i run code it don't work any one can tell me steps or a requirements for this if can send me any helping materials(video or doc) by this email (rasteddy0@gmail.com) 10Q for your help
  • Tewodros  

  4
  0
  Votes
  4
  Posts
  120
  Views

  

  If people have info - then they would post it here, not personally email you with it.. Such action would defeat really the whole purpose of a forum ;) Also that would also give you the persons email address - which many are not open to be sharing with some guy on a forum asking for help.. edit: BTW what is more likely to happen with you posting your email like that is some yahoo will think its funny to sign you up for every kind of spam or fetish porn they can.. If I were you I would really remove that email address from your post.. If you need help doing that - just let me know.
• K

  Question about list, tables and pfctl
  • Kei  

  5
  0
  Votes
  5
  Posts
  96
  Views

  K

  @stephenw10 said in Question about list, tables and pfctl: pfctl -a openvpn/test1 -t automatic_41319fc_0 -T show pfctl -a openvpn/test1 -t __automatic_41319fc_0 -T show did it!!! thank you!!!
• C

  Snort 4.0_7 Not starting
  • cdx304  

  6
  0
  Votes
  6
  Posts
  146
  Views

  

  The fix for the issue identified in this thread is now available in the Snort-4.0_8 package version. The update is available for install for users of pfSense-2.5 snapshots only.
• P

  Traffic shaping with FQ_CODEL
  • perlenbacher  

  1
  0
  Votes
  1
  Posts
  204
  Views

  No one has replied

• A

  Create makefile package
  • andresense  

  5
  0
  Votes
  5
  Posts
  131
  Views

  

  @andresense said in Create makefile package: Can you tell me where I can find references to variables like these from makefile: $ {WRKSRC} $ {INSTALL_DATA} $ {FILESDIR} You need to research the format of FreeBSD Makefiles. Start here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/makefiles.htmllink text.
• F

  pfctl Anchor based approach possible?
  firewall • • Flole  

  3
  0
  Votes
  3
  Posts
  82
  Views

  F

  When I run an iperf UDP Test that involves pfsense as router and a filter reload is done there is packet loss while the filter is reloading. This is especially annoying if an IPv6 Gateway goes down, the filter is reloaded and this affects the IPv4 Link aswell. If pfsense could selectively reload ipv6 only if an IPv6 Gateway goes down that would make things a lot easier. This was not meant to be a "problem post" but rather a "couldn't we improve by splitting ipv4 and ipv6 rules in 2 anchors" though. My first idea was something that could be done in iptables but not pf: Have a list of rules we want and one with rules we have and issue the commands to make them match. The closest we could get to that is probably splitting up, comparing when we want to reload and only reload if last != current.
• P

  Help patching driver BCM57810S
  patch broadcom • • petesmc  

  7
  0
  Votes
  7
  Posts
  311
  Views

  P

  @stephenw10 yup but no single source can provide that, and even if I create 2 connections (e.g download from steam and Battle.net at same time) which are independently capable of around 90MB/s, I can’t push much further than 140MB/s. Load on cpu is minimal, so feel like somewhere downstream at the ISP is restricting the bandwidth.
• 

  Suricata crash log
  • kiokoman  

  12
  0
  Votes
  12
  Posts
  230
  Views

  

  @kiokoman said in Suricata crash log: @bmeeks i had this today after upgrading pfsense 2.5 and reboot to the latest revision Crash report begins. Anonymous machine information: amd64 12.0-RELEASE-p9 FreeBSD 12.0-RELEASE-p9 e23c75c4280(RELENG_2_5) pfSense Crash report details: PHP Errors: [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_3908_pppoe0/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 999 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_3908_pppoe0/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1001 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_3908_pppoe0/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1003 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_35924_igb2/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 999 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_35924_igb2/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1001 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_35924_igb2/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1003 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_55009_igb1/rules/suricata.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 999 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_55009_igb1/rules/flowbit-required.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1001 [27-Aug-2019 20:56:56 Europe/Rome] PHP Warning: filesize(): stat failed for /usr/local/etc/suricata/suricata_55009_igb1/rules/custom.rules in /usr/local/pkg/suricata/suricata_generate_yaml.php on line 1003 No FreeBSD crash data found. I just upgraded a test virtual machine to the same version without issue. Something went awry with your system during the update. Those errors indicate none of the rules files got created properly. I suggest you delete the package and install it again from the Package Manager menu. If you have a RAM disk configured, be sure there is at least 256 MB of free space on /tmp.
• D

  The firewall has enountered an error
  • devilbillyee  

  6
  0
  Votes
  6
  Posts
  134
  Views

  

  pfSense is built on top of FreeBSD, so use your Google-fu to research how to analyze FreeBSD crash dumps.
• R

  This topic is deleted!
  • ravicool  

  1
  0
  Votes
  1
  Posts
  7
  Views

  No one has replied

• R

  How to setup development env for port?
  • rickyzhang  

  10
  0
  Votes
  10
  Posts
  165
  Views

  

  Trying to think who maintains the stuff for snort.. This is related to that I take it.. Prob be easier to just post up the "fix" and who maintains the package/port for pfsense could include it if they agree with the fix, etc. You might notice that my fix was for a like 1 person ;) But did submit it to freebsd, and it got finally pushed down. edit: Ah I see @bmeeks is already in your other thread - yeah that would be "the guy" to help for sure!!
• 

  Snort crash log
  • kiokoman  

  7
  0
  Votes
  7
  Posts
  128
  Views

  

  These errors should all be fixed in the latest Snort-4.0_4 package for pfSense-2.5 snapshots.
• 

  Squid not start
  • calitzin  

  1
  0
  Votes
  1
  Posts
  73
  Views

  No one has replied

• Z

  Question about Intel igp driver in 2.5
  • Zermus  

  3
  0
  Votes
  3
  Posts
  225
  Views

  Z

  Ahh yes, sorry for the mix up. Had to work late on a migration project last night and I'm kinda behind today. Nice that's good to know. Thanks!
• G

  Integration with GuardianKey
  • gbernardes  

  1
  0
  Votes
  1
  Posts
  87
  Views

  No one has replied

• M

  crash log
  • mod  

  3
  0
  Votes
  3
  Posts
  78
  Views

  M

  yikes i hope not :( did reinstall still issues after installling packages . all seemed well :( reset is the name of the game i guess. cause daddy dun f'ed up :(
• L

  This topic is deleted!
  • limoo  

  1
  0
  Votes
  1
  Posts
  11
  Views

  No one has replied

• P

  fixing issue with dynamic dns updater
  • paolone919191  

  1
  0
  Votes
  1
  Posts
  58
  Views

  No one has replied

• J

  Suricata stopped working on 2.5.0-DEVELOPMENT (amd64) built on Sat Jun 01 20:37:20 EDT 2019
  • jjstecchino  

  10
  0
  Votes
  10
  Posts
  220
  Views

  

  @bmeeks said in Suricata stopped working on 2.5.0-DEVELOPMENT (amd64) built on Sat Jun 01 20:37:20 EDT 2019: That does sound interesting. I agree it sounds like a lot of coordination work to keep things straight. So does the user still have to choose the correct package from something like a list, or can pkg make a choice at install time? If the package has a dependency set, it would have to depend on a specific flavor, so you'd have, say packagename@option1 for the package name with option1 enabled, and packagename@option2 for the package with option 2 enabled. What typically happens is then you'd have meta-ports for either one with slightly different names, and unique dependencies, and the user would choose one to install. Another way would be to remove a specific dependency from the port and have the installer pick which flavor to install but since that breaks dependency tracking I wouldn't want to encourage that.
• R

  Hardware support for encryption hinting?
  • rcfa  

  8
  0
  Votes
  8
  Posts
  330
  Views

  R

  @JeGr Thanks!
• R

  VGA console takes "forever" to become visible...
  • rcfa  

  10
  0
  Votes
  10
  Posts
  145
  Views

  

  It does boot but stops outputing to the console after mountroot. Exactly as though it's set to serial console as primary. But it isn't and you can't force VGA/EFI console from the boot loader. Bigger brains than me are assigned to it. Steve
• I

  2.5 snapshots have polling enabled in the kernel disabling multithreaded netisr - Solved
  • idak  

  4
  0
  Votes
  4
  Posts
  208
  Views

  I

  Just upgraded to the latest snapshot, 2.5.0-DEVELOPMENT-amd64-20190520-1137, and can confirm that this now seems to be working properly. Thank you for the quick response!
• 

  box beeps constant after update
  • chpalmer  

  1
  1
  Votes
  1
  Posts
  64
  Views

  No one has replied

• H

  Feature Request: Ability to Allow for Limited Time
  • HansSolo  

  3
  0
  Votes
  3
  Posts
  75
  Views

  A

  Are we talking about IP Addresses or Firewall Rules here? I see both in the posts up above... If IP Addresses, what would be the point of removing or disabling those numbers at a later time, after your timer/scheduler expired? I understand the timed schedule on rules, and I use them myself. But I don't understand on IP Addresses. Jeff
• F

  pfSense has detected a crash report or programming bug.
  • froglevelmc  

  8
  0
  Votes
  8
  Posts
  207
  Views

  

  No. That crash is a filesystem problem, nothing to do with the update other than the update wrote files to the disk, so maybe it's hitting different spots on the disk. If you still get errors, either you didn't run fsck enough times, or the filesystem is too corrupt and you need to reinstall. Also possible, though less likely, is that there is a hardware problem with the disk or controller.
• 

  Squid Transparent Crush
  • periko  

  1
  0
  Votes
  1
  Posts
  157
  Views

  No one has replied

• J

  Wanted: pfSense Development Orientation - Remote Session
  • johnhimself  

  1
  0
  Votes
  1
  Posts
  78
  Views

  No one has replied

• 

  System crash report
  crash bug • • skilledinept  

  2
  0
  Votes
  2
  Posts
  180
  Views

  

  It crashed in a network memory operation. db:0:kdb.enter.default> bt Tracing pid 12 tid 100026 td 0xfffff80004e1f620 m_tag_delete_chain() at m_tag_delete_chain+0x83/frame 0xfffffe01735bf8d0 mb_dtor_pack() at mb_dtor_pack+0x11/frame 0xfffffe01735bf8e0 uma_zfree_arg() at uma_zfree_arg+0x42/frame 0xfffffe01735bf940 mb_free_ext() at mb_free_ext+0xfe/frame 0xfffffe01735bf970 m_freem() at m_freem+0x48/frame 0xfffffe01735bf990 vmxnet3_stop() at vmxnet3_stop+0x273/frame 0xfffffe01735bf9e0 vmxnet3_init_locked() at vmxnet3_init_locked+0x2c/frame 0xfffffe01735bfa50 softclock_call_cc() at softclock_call_cc+0x13a/frame 0xfffffe01735bfb00 softclock() at softclock+0x79/frame 0xfffffe01735bfb20 intr_event_execute_handlers() at intr_event_execute_handlers+0xe9/frame 0xfffffe01735bfb60 ithread_loop() at ithread_loop+0xe7/frame 0xfffffe01735bfbb0 fork_exit() at fork_exit+0x83/frame 0xfffffe01735bfbf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe01735bfbf0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 vmx0: watchdog timeout on queue 0 Fatal trap 12: page fault while in kernel mode cpuid = 3; apic id = 06 fault virtual address = 0x0 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80d0eee3 stack pointer = 0x28:0xfffffe01735bf8c0 frame pointer = 0x28:0xfffffe01735bf8d0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi4: clock (0)) It's not normal to see those kinds of NIC timeouts in a VM either. I'd make sure your ESX or VMWare install is completely current first, and upgrade the VM hardware compatibility as far as possible. Also make sure the selected OS version matches what you have installed. The exact text will vary depending on your ESX/VMware version but it should be set to FreeBSD 11.x 64-bit.
• A

  Pfsense dictionary in freeradius
  • ahmedbona  

  7
  0
  Votes
  7
  Posts
  1471
  Views

  M

  For the record, if anyone needs this and wants an actual answer, the file is located here currently: https://github.com/pfsense/pfsense/blob/master/src/usr/share/doc/radius/dictionary.pfsense VENDOR pfSense 13644 BEGIN-VENDOR pfSense ATTRIBUTE pfSense-Bandwidth-Max-Up 1 integer ATTRIBUTE pfSense-Bandwidth-Max-Down 2 integer ATTRIBUTE pfSense-Max-Total-Octets 3 integer END-VENDOR pfSense