Just for info and hopefully not relevant for you
and perhaps many related to the fact that I try to do / test things with pimd
also switching interfaces on and off
I had so may instability’s and crashes in the past few days, that I had to decide to go back to a snapshot from a week ago.
I am having the same problem, when I setting everything in bridge mode and set the jumbo size on the nic cards. After rebooting the system its show jumbo size on the every nic card but when I do the ifconfig command on shell, to confirm the setting has saved its show on every device MTU 1500 and when I do the benchmark its showing 1Gbes per transfers and these on 10Gb network card.
Its must be a bug...
On the older version of Pfsense never had a problem.
For now both Suricata and Snort simply dump the contents of a given log into a PHP data variable and then print the contents of the variable out to the browser. When the log files are huge, this operation exhausts the available PHP memory in the session.
For now, as @Derelict mentioned, reduce the size of the logs by turning on the log size limiting and rotation features under LOGS MGMT. Keep the max log file sizes to the defaults or only a little larger.
I'm looking at a future update in the LOGS VIEW code that would output the log data in a series of smaller data blocks.
Using a USB adapter is much better but I still experience crash from time to time (~ weelky). I found a procedure to compile the Realtek driver for FreeBSD (https://gist.github.com/jovimon/524e116471f249626fd2ccd141f3fe05), everything went as expected and I resumed using the ETH NICs however my PFSense keeps crashing (at least daily).
I also tried the official guide but keep getting the same results (https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-troubleshooting-network-cards.html#tuning-and-troubleshooting-network-cards).
Looking at the logs I was able to see an issue with the darkstat module so uninstalled it, but still experiencing daily crashes...
At this point I still don't know whether it is hardware related or software/setup related.0_1552440129045_PFsense crash March2019.zip
Please find attached the latest crash dump logs, any suggestions or help would be greatly appreciated!
Open a bug report for that on https://redmine.pfsense.org/projects/pfsense-packages -- that is likely an issue in the sync code for that package not declaring something it should so it doesn't happen properly at boot.
Whoever is maintaining that package will need to fix it.
@jimp Thanks for your quick help, I was able to make it work with your second suggention:
init_config_arr(array('aliases', 'alias', 0));
$config['aliases']['alias']['name'] = 'LANNetworks';
$config['aliases']['alias']['address'] = 'CIDR';
$config['aliases']['alias']['descr'] = 'SomeDescription';
$config['aliases']['alias']['type'] = 'network';
@tsmalmbe @netblues Thanks. I'm not in charge of configuring the actual host system or hypervisor, so I likely can't do that.
But it's very useful to know this exists for future reference, and maybe the hosting provided can use this, too.
Yes, I am compiling 2.4.4.
I keep getting an error when building iso file. I have change the product name, so some strange errors comes up. I have set poudriere up, I've built the jail, ports and kernel, but when I try to build the iso file, I get error message.
If you suspect a vulnerability in pfSense, a public forum is not a place to post about it. See https://www.pfsense.org/security/ and follow the correct procedure for responsible disclosure.
Most of that seems pretty mundane. The SSL/TLS warnings must be talking about OpenVPN or something else. The GUI uses 4096 DH parameters by default, and the default GUI cert uses SHA256.
The detection in that last thing is quite broken somehow. Shellshock? That was fixed years ago. That OSVDB-112004 entry is also for Apache, and pfSense uses nginx. Maybe you have that port forwarded into something else?
(wrote this while I was tinkering so the end result is I found the issue. )
Thats what it looks like.. Logged in as Admin I can do everything.
Just updated to latest snap. This is on bare metal..
Save config permission denied by the 'User - Config: Deny Config Write' permission for user 'email@example.com (Local Database)'.
I have two users and they are both part of the admin group. admin and my user name.. Still occurs.
Just made a new user name and same issue.
Ok.. found it. I had selected every rule without reading them all. Second one down.. User- Config: Deny Config Write
Seems backwards compared to the rest of the "allow rules" and does not affect the "admin" account as it does the others..
Same here, all my C3000 SoC boxes are working fine with 2.4.4 release except there are no AltQ, as far as I understand ixgbe supports ALTQ in FreeBSD supported NICs, what could be done about that? I also noticed that the release is using 3.2.12-k, when the latest version on Intel site now is 3.3.6
@msdisatis said in Make a PHP MVC Frontend for pfSense:
How do I port pfSense PHP extensions into python
Depends on what you mean by extensions. If you mean the PHP modules, you wouldn't. You'd find equivalent python libraries. If you mean the pfSense PHP module, that would have to be rewritten in something compatible with Python. If you mean packages, then that would be like rewriting any other part in another language.
If you drop the file in as-is then it could be run by anyone without logging in, which would be a giant security hole.
Anything you want to do could probably be done with enough coding, but if you want to do it securely, then you should look at similar pages from the GUI and other packages and look at what they have in common. If you include the standard set of required files it will do auth and other things for you automatically. At a minimum you'll need the require lines, plus other parts like head.inc and foot.inc and the same basic page structure with panels and such.
I use TortoiseGIT (on Windows) to do my git stuff..
And am using 'NetBeans' to make changes to my local copy of the repository. Upon saving a file it gets uploaded automatically to my pfSense test box. Other than that, its pretty similar. To your workflow..
Git-Sync the latest pfSense master repo to local filesystem.
Make edits / save / test
Commit changes to a new branch
Push branch to my github repo
Submit a PR
The nice thing about NetBeans is that knows the complete 'project' and offers completion of function names and some basic validation of code and variables used..
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive for past announcements.