Packages wishlist?

hcoin

Notice the multi-master database, mariadb / galera has a little state-saving daemon, garbd, which is a 'member' of a cluster but doesn't save any data.  It serves only to keep track of which other 'real' members were up and when.  The purpose is to prevent 'split brain' events from happening, as one 'real' database instance and one 'garbd' instance is enough, while one database instance alone shuts down for fear of 'split brain' corruption.

If pfsense supported garbd only, then real failover and a multi-master database with only two other systems is possible.  And, with pfsync, multiple garbd instances provide better assurances.  It's a natural, really, for pfsense.

hcoin

The CRON gui should be split into two sections, one which is maintained on the specific machine, and another which is automatically synced via the usual pfsync/HA option.

Presently it's a bit of a pain to remember to manually update some, but not all, cron entries on backup pf boxes.

hcoin

The "Filer" package should have an option so that the given command can be run after any change to config.xml.

If you want to stay entirely 'pure' within the xml, (avoid ugly hacks), the only way to do this is create a cron job that looks for changes and then runs a list of commands.

marcelloc

@hcoin:

The "Filer" package should have an option so that the given command can be run after any change to config.xml.

I do not recommend filer to edit files that pfsense does after any change.

abidkhanhk

Would really love an implementation of either of the following

• Freenas
• Bacula Server
• Simple FTP server for file storage
• Samba (with UI)

Most of the above are already available in some adhoc way on pfsense (except bacula server and Freenas) , but really appreciate a UI based installation and management.

thanks

comi

I'd love to have privoxy available on PfSense.

jsvg

ntop-ng! I really wish I knew how to package stuff for pfsense or I'd do it myself…. I mean, is there a guide anywhere?

marcelloc

@sunghost:

Hi,
i didnt read the full list with 30 pages but back to last year. My wish is a simple update of the actual squid package to 3.4.x - whould nice to use an actual one ;)

It's not ported yet to freebsd ports

http://www.freebsd.org/cgi/ports.cgi?query=squid3&stype=all&sektion=all

Nadrek

More certificate management; in particular:

The ability to use a pfSense Certificate Manager CA certificate to sign CSR's (Certificate Signing Requests).  I've got some internal devices that I'd like to use my normal internal CA (generated on pfSense) to sign.

edgars

OCSinventory-agent

Bismarck

1. Postfix Forwarder update to 2.11.1 with postscreen_dnsbl_whitelist_threshold enabled, so we can finaly make use of postscreens greylisting feature.

• A new postscreen_dnsbl_whitelist_threshold feature to allow
      clients to skip postscreen tests based on their DNSBL score.
      This can eliminate email delays due to "after 220 greeting"
      protocol tests, which otherwise require that a client reconnects
      before it can deliver mail. Some providers such as Google don't
      retry from the same IP address, and that can result in large
      email delivery delays.

http://permalink.gmane.org/gmane.mail.postfix.announce/146

http://svnweb.freebsd.org/ports/head/mail/postfix/

2. Postfix secure SMTP should use pfSense certs

# pfSense Postfix Forwarder TLS 
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/pbi/postfix-amd64/etc/ssl/server.key
smtpd_tls_cert_file = /usr/pbi/postfix-amd64/etc/ssl/server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

so we don't need to use custom main.cf options and generate the certs via command line.

220-mailserver.tld ESMTP smtprelay service ready.
220 mailserver.tld ESMTP smtprelay service ready. [285 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-mailserver.tld
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN [749 ms]
MAIL FROM: supertool@mxtoolbox.com250 2.1.0 Ok [749 ms]
RCPT TO: test@example.com554 5.7.1 test@example.com: Relay access denied [749 ms]/test@example.com/test@example.com/supertool@mxtoolbox.com

https://forum.pfsense.org/index.php?topic=70046.msg382794#msg382794

3. squid3-dev amd64 with working Clamav anti-virus integration using c-icap

https://forum.pfsense.org/index.php?topic=73921.0

I know that marcelloc does not have the time and resource to fix this problem atm, but we could collect some money and call a bounty, so we can hire him or someone who can fix this. A lot of people struggling with squid and dansguardiann anti-virus on amd64 systems, so there is a high demand fixing this.

Thanks for your attention.

lsense

gnupg

jamesmr89

@jamesmr89:

I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.

In about 2 weeks time we will be looking for a few beta testers of this package.

Features will include:

• node.js based http proxy/dns filter
• Commercial based categorization engine
• HTTP filtering based on categories
• DNS filtering based on categories
• AD integration
• Fully customizable block/login/tos pages

We will be looking for feedback and bug reporting.

If you would be interested in participating in this test, please let me know.

Thanks,
James

The demo of this is ready, if anyone is interested in testing it out let me know.

Thanks,

MBX

This could be good, we can do some testing for you.

cr08

As far as I could tell I couldn't find this for pfSense so someone correct me if I am wrong.

Ages ago I used to play in the Smoothwall side of things and one package I really loved was the modem monitor package. Simply put it logged modem signal stats over time and graphed them. http://community.smoothwall.org/forum/viewtopic.php?f=26&t=23844

Really itching to see this in pfSense.

Cino

@jamesmr89:

@jamesmr89:

I'm currently working on an alternative to squid/dansguardian/squidguard that uses a commercial categorization engine.

In about 2 weeks time we will be looking for a few beta testers of this package.

Features will include:

• node.js based http proxy/dns filter
• Commercial based categorization engine
• HTTP filtering based on categories
• DNS filtering based on categories
• AD integration
• Fully customizable block/login/tos pages

We will be looking for feedback and bug reporting.

If you would be interested in participating in this test, please let me know.

Thanks,
James

The demo of this is ready, if anyone is interested in testing it out let me know.

Thanks,

James I would be interested if your still looking for testers

KOM

Smokeping

feld

If someone could package sysutils/xe-guest-utilities for me that would be great. I know nothing of the pfSense packaging, but maintain/developed the port. The port is very simple – a couple shell scripts -- and just requires a daemon start/stop. It also has very few dependencies.

This is going to be extremely important for virtualizing pfSense 2.2 on Citrix XenServer

Thank you!

periko

ACL Custom rules for squid, the GUI is to limit.
I have to manually edit the internal files :-).

bzg

The nginx will be packaged in the feature? We are using as reverse proxy for http and https with multiple applications and multiple backend host (tomcat, apache, thin).

Kind Regards,
Zoltan