Bounties

digital rights to a rack cleanup before / after pic $100 venmo / paypal

bmosier — Fri, 06 Mar 2026 00:36:31 GMT

@luckman212 thanks. i put a post up.

Proposal to implement a Reverse Portal

joetaber — Fri, 04 Apr 2025 16:42:38 GMT

Rereading this I realize I didn't provide much context or frame the issue very well, and since I can't edit I'll post what the OP should have started with here. From the pfSense Docs: Captive Portal in pfSense software forces users on an interface to authenticate before granting access to the Internet. Where possible, the firewall automatically presents a login web page in which the user must enter credentials such as a username/password, a voucher code, or a simple click-through agreement. Users have made many requests for something similar, but for authorizing access into the intranet, instead of out to the internet. This is often called a "reverse portal". This would be useful for e.g. setting up MFA for wireguard vpn connections or requiring login to access a different segment of the local network. Unfortunately, despite being nearly identical in implementation, netgate explicitly states that their captive portal feature is not capable of acting as a reverse portal, aka authorizing access to the local intranet. One of the challenges with reverse portals is how to know when the user has disconnected and needs to reauthenticate. Here I propose a design where the user has to keep a browser tab with an open tcp connection (SSE with heartbeats) connected to the firewall to for the pass rule to be enabled; when the connection closes the pass rule is disabled and they will have to reauthenticate.

Better pfTop - DSCP & ethertype packet counts, VLAN ID, linkspeed + anycast + fqECN L4S/DCTCP ECN packetcounts and types($500+250+100)

HLPPC — Thu, 09 May 2024 13:29:04 GMT

Would like pfTop to show a DSCP packet counter (instead of having to make tons of floating rules and reporting all DSCP to the firewall), show the linkspeed for each connection (just the negotiated linkspeed) and show if the linkspeed changes. And show an ethertype counter for easier L2 firewall filtration.

+250
Notification of Anycast incidences would be nice, so as to be able to disable fq_codel on that connection temporarily, or correct UDP packets being redirected by CDNs while being expected to continue riding their corresponding TCP sawtooth. Or to have fq_codel not repeatedly elevate anycasted UDP connection priority and new UDP connections above the TCP connection they are "sawtooth" riding.

+100
ECN packet counts, from attempted negotiations, DCTCP/L4S and FQ_Codel itself

Assuming NICs are running in promiscuous mode and able to see all unencrypted traffic (would be nice if it worked for D-TLS and TLS too).

Maybe the "mark bad packets in promiscuous mode" hardware tunables can be used.

FQ_Codel IEEE pulse match rules/code/(applet?)/ $500

dennypage — Thu, 09 May 2024 12:58:23 GMT

@HLPPC said in FQ_Codel IEEE pulse match rules/code/(applet?)/ $500: Detection has to detect devices passing through managed switches to negotiate with the pSense, or correctly detect pulses while passing through pfSense in a bridge configuration to negotiate with a different device/router... Since auto-negotiation is not visible outside the two ends of the physical link, how would you expect this to work?

I was told to post here...

Echo2Niner — Fri, 28 Jul 2023 05:30:00 GMT

Re: ATT Uverse RG Bypass (0.2 BTC)

Preface. I have reverted to 2.6.0 to regain functionality and no longer have the error file to consult.

AT&T Modem: BGW210.
WAN NIC's: Intel X540-T2 Dual Port 10G 10GBase-T - igb3
LAN NIC's: Intel X520-DA2 Dual Port 10G SFP+ 10Gbase-SR - igb0
I have two VLAN's based on the primary LAN NIC port - igb0.100 (LAN) and igb0.300 (DMZ)

I'm unsure if this is specific to my setup or in general. The upgrade from 2.6.0 to 2.7.0 worked as it should with no errors. After rebooting, there is an error about a line(s) in the pfatt file. I've been using said file for about 2 years now. I search the internet and find a file that states it's for "newer" versions of pfSense. I tried that file in my upgraded version and could not ever get DHCP from modem. Shellcmd is setup to execute the pfatt files so... I plan to install 2.7.0 to cleanly so there's no residual issues from an upgrade and test again once I can get time and the family won't yell at me for the internet being down.

I have actually built out two fresh installs and used AuthBridge. I did this on two separate machines to confirm the functionality. Both had the same issue. The 802.1x auth would occur and receive a DHCP assigned IP but the machine would not be on the internet. I would have to log into the machine and go to Interfaces, choose one and click on save then apply. Once I did that I could then ping 8.8.8.8 from the WAN interface. I would generally pick the LAN interface to click on save. Most of the time it would work to get the machine able to ping 8.8.8.8. Sometimes I would have to choose the WAN connection. This proved to be the case on two separate machines with 2.6.0 installed with basic WAN/LAN config and upgraded to 23.05.1. I used two HP EliteDesk 800 G3's with a SuperMicro AOC-SG-I4 1GB 4 port NIC which I believe has the Intel I-350 chipset.

So for me, at this juncture, using the pfatt file is a much smoother experience than the current AuthBridge method which I think still needs some polishing but is definitely a step in the right direction.

I don't mind running 2.6.0 for a bit longer but would prefer to be on the latest stable version for all of its added/fixed security aspects. Is there any one out there that has upgraded with success and using the pfatt file? If so, may I please get a copy of your file with your info removed. Any assistance would be appreciated. Thank you.

Ignore me

darkphox — Wed, 31 May 2023 01:25:06 GMT

Accidental repost

NTP - Add Peer - $100

ccb056 — Fri, 05 Nov 2021 01:56:32 GMT

Thank you @viktor_g

Bounty: $2000 for OpenMPTCProuter-like Functionality in pfSense

sweetapollo — Mon, 09 Aug 2021 23:20:31 GMT

@winkmichael Thanks so much. I'll look into it some more, but you were a great help. What I meant by a 0 point release is that is it basically an alpha or beta version until it reaches version 1.x This to me has historically been an indication that it shouldn't be deployed in mission critical spaces or commercial spaces, but good to hear it is very active and very reliable. thanks again

Fix uPnP for multiple consoles playing the same game - Feature #7727 Bounty $1,000

pfuser1129 — Wed, 16 Jun 2021 20:27:44 GMT

I didn't realize how dead this forum was when I posted. I guess this isn't going to happen. I'm going to try to find another solution instead of waiting for this to be fixed.

BETTER WAN GATEWAY MONITOR - JUST NEED HELP - FREE/DONATION

dennypage — Thu, 10 Dec 2020 16:36:32 GMT

@webdawg said in BETTER WAN GATEWAY MONITOR - JUST NEED HELP - FREE/DONATION: I wish I could ban people from threads. You want to ban the only dev who was willing to take up the conversation with you? Sigh. I consider myself banned.

Package idea: Autoconfig of site-to-site VPN using other ends backup configs as source?

iorx — Tue, 29 Sep 2020 18:42:56 GMT

Tried this in the Packages in the forum, with zero traction. 5 views or something like that and no replies.

Is there any traction with this idea or should I just "shut it!" ?

As the title says. Read config from other install to semi-auto configure ipsec or openvpn endpoints as example.
What I look for is mentioned down below also. But when you for example move, wan-address change, change encryption (vpns) on a pfsense install the other end could by it self reconfigure by reading from the config file from the installation that changed.

Post from Packages:
Hi,

Back story:
Played around with Cisco Meraki in a project I was involved with. Setting up IPsec site-to-site was so simple. They've got a central cloud management system for their stuff. And through that everything was relayed to the other "hub" (as they call it).
WAN IP, PSK, Routes, LAN everything just configured it self on the second site. Very nice!
I also moved the primary site to a new WAN IP and before I knew it the second site was connect as it had received the new WAN IP address from the cloud. Impressive I think.

Idea:
So I though, pfSense doesn't have a central cloud in the same way but we have centrally backed configs!

Would it be possible with minimal config at a second site to pick up everything else from the primary sites config backups (given that you got the backup-key) and though that configure everything else needed for site-to-site as the Meraki did (PSK, maybe even Cert, LAN, WAN ... you catch my drift)
My though that this could be applicable on both IPsec and OpenVPN site-to-site configs.

I got no experience in building packages. Or have no idea if this is even feasible to configure these components through a package.

Enlighten me! Should I bury this idea and go back to munching glue and configure site-to-site the old and gritty way?

Brgs,

Edit:
Or should this be submitted as an idea for a built in function in pfSense?

Plugin development

maverickws — Wed, 02 Sep 2020 14:28:36 GMT

Hi all,

I'm looking to find a solution for a specific problem I've encountered when using CARP.
As it happens the DC switches don't allow Multicast and treat Multicast as broadcast, which breaks functionality. In order to overcome this difficulty, I was suggested to make GARP requests to make the switches learn the new MAC addresses when states change.

I've looked around in the forums and I found some scripts to achieve this. However, I don't think the implementation is quite practical, (at least for me it didn't work) as failover takes a while to respond.

So what I was thinking, inline with this topic: https://forum.netgate.com/topic/156499/carp-issues-due-to-layer-2-switching

To make a package that would respond upon event (when changing to master) it would run that function.

I'm not really a developer, but I'd greatly appreciate if someone could pick this up. I am willing to pay some for it, but I do believe that the community would generally benefit. Thanks.

Captive Portal Active Card Restore 100$

viktor_g — Thu, 23 Apr 2020 16:29:00 GMT

@Gertjan yeap! right, correct redmine link https://redmine.pfsense.org/issues/3128

Help getting unbound grafana dashboard working

andrema2 — Fri, 03 Apr 2020 17:02:47 GMT

@kiokoman said in Help getting unbound grafana dashboard working: rm /usr/local/etc/unbound/unbound.conf Hi, I tried what you said, but dispite the conf file with Unbound Statistics statistics-interval: 0 extended-statistics: yes statistics-cumulative: no the stats is cumulative, which is no good for influx. How did you manage to make it not cumulative ?

Help make unifi-pfsense a package

jimp — Thu, 30 Jan 2020 14:48:01 GMT

The licensing of the ubiquity software makes packaging it problematic, and that really isn't a service that should be on a firewall. It should be on a separate device, VM, etc. Isolated on a management system.

FTP issue specific to Pfsense

eblaster101 — Thu, 05 Dec 2019 10:57:18 GMT

OK, managed to fix this by installing FTP Proxy Plugin and selecting below. It mentions some firewall rules being created, but i dont see anything. [image: 1575554055135-ftp-fix.png]

all done i guess

TonyStone — Mon, 04 Nov 2019 23:36:07 GMT

Re: Temperature Fahrenheit /Celsius Option and Alarms
WOW. I posted this so long ago. Never got a notice that it was implemented or that anyone ever responded! And I remeber checking for responces. Anyway. I did make an offer and I will honor it. I am quite sure I made donations to pfSense at least once via Paypal. Could be wrong as I do donate to several open source developers and projects when its easy to do. I feel like I need to make good on this request. And thanks to everyone that did the work. While I only have pfSense running in one setup now I will go and check it out and see if it was snuck in an update I did and never noticed. Thanks for everyones work.

Captive Portal configuration

Tom8888 — Sat, 12 Oct 2019 10:42:09 GMT

There is anyone willing to configure remotely a very basic captive portal???
Let me know what's your fee for that, if we do agree on that, it will be paid immediately after setup (previously used Fiverr.com, where you can check i DO PAY for work done), thanks.

Current setup, so you know what we do have available and how it should work:

The last and current version of PFSense, is installed on a (powerfull) mini pc, which has nothing else inside, not even an OS, but only PFSense.
A LAN wire connect PFSense to an Engenius ENH202, which act as AP, broadcasting the open and unprotected wi-fi signal to potential users.
The internet is coming from a small router, which is connected by LAN wires to both the PFSense mini pc and an old desktop which is used as a local server to host my intranet site (NOT on the internet).
An old desktop is used to host a site made with Joomla, all the people connecting to the wi-fi should be bounced back to this site, no matter what address they try to reach.

PiHole Supported Package

JeGr — Fri, 11 Oct 2019 03:56:06 GMT

Indeed, pfBlockerNG + DNS Resolver (unbound) is pretty much the exactly same use case as PiHole and can/could be used for that for a long time now. ;)

Custom Source OS Fingerprinting ($500+)

gcjh01 — Wed, 12 Jun 2019 18:59:50 GMT

I am looking to create an updated Fingerprint to match 2 particular versions of Linux. The available fingerprints under Rules - Source OS are very outdated and don't do what I need. This would be a very valuable feature to us.

Multi Wan Bonding (250$)

Marv21 — Mon, 10 Jun 2019 18:19:55 GMT

@tandyuk There are some Solutions to this with a VPS in an Datacenter and your Pfsense at home. Like MLVPN or mptunnel/VPN.

Anyone interested in adapting RasPi GPIO PPS driver for SG-2340/MBT-4220?

rcfa — Tue, 14 May 2019 21:25:37 GMT

There's a RasPi GPIO PPS driver for FreeBSD here:

https://github.com/BobBallance/freebsd-gpio-pps/wiki

The SG-2340/MBT-4220/MinnowBoard
( https://docs.netgate.com/platforms/minnowboard/faq.html )

also has a GPIO interface, and a GPS module that goes on it:

https://minnowboard.org/add-ons/gps-lure

Would be nice to have a proper NTP server on the LAN while having pfSense in service...

Delete if not allowed: Need Plugin Devs for UCRM (end user)

NogBadTheBad — Fri, 30 Nov 2018 18:54:24 GMT

@900MHZDUDE Sorry I thought you were looking for something running on your firewall.