Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - doktornotor

Pages: [1] 2 3 4 5 ... 569
1
This "mvneta" name did not come from us, it came from Semihalf, via FreeBSD.
Many people are misinformed about being able to get reload images for Netgate platforms.  You perpetuate the myth, and I think only to gain advantage.

I perpetuate nothing. I responded to your email, sadly no response to that. So let me restate this in public - noone gives a horse shit about who's responsible for the interface naming brainfart. You are breaking stable releases because of this nonsense. 2.4.0 RC, 2.4.1, the 2.4.2 snapshots...

WTH you keep threatening contributors to this project What kind of advantage am I supposed to gain from this? Being threatened here, being threatened via email, as a reward for contributing tens of thousand LOCs to the project?

Go see a shrink doctor, ASAP. This paranoia is pathologic.

2
pfSense is still open source. Those who question this should probably learn more about it.

About what? Half-year outdated censored source code? Stop this, it's just harming the project...

3
2.4 Development Snapshots / Re: Update from 2.4.1 to 2.4.2 dev failed
« on: October 26, 2017, 06:19:06 am »
Try reinstalling with next snapshot. Or fix the buggy line yourself - https://github.com/pfsense/pfsense/commit/b0b70737ba38c5b7daca2ba779c5d71159e0ce05#diff-c3916603d3e9accb83275e3ccbddf6e6

Then there's another bug introduced and fixed: https://github.com/pfsense/pfsense/commit/c48651648ceea6bfa4cd83af815af26cabc7d8e1#diff-c3916603d3e9accb83275e3ccbddf6e6

And then there are probably other bugs, and you'll be better off leaving the 2.4.2 thing alone until someone does some QA actually, because this is getting absurd. Not sure which snapshot has both of these fixed, and similar issues would be avoided if someone actually at least tried to load the GUI after making the above broken code changes.

4
As I said BSD nor Apache license don't obligate Netgate to publish single line of code.

I'll be perfectly fine with them NOT publishing a single line of source code (and will seek alternative solutions) as soon as they stop advertising their product as opensource. You cannot really be half-pregnant, it's either open-source or it isn't. Not to mention that such false advertising is illegal.

5
OK, if I examine the squid config file between transparent and non-transparent modes, the only difference between the two files is the addition of these two lines in the "transparent" version of the config file:

That is actually NOT correct. Transparent == you do NOT configure the clients. And here's the code that does the job:

https://github.com/pfsense/FreeBSD-ports/blob/devel/www/pfSense-pkg-squid/files/usr/local/pkg/squid.inc#L2056

6
BSD License differs from GNU GPL! Netgate is NOT OBLIGATED to share any single line of code. do i like that: no, do i accept that: yes

This thread needs more pics  :P So far there's just one in the OP, so here's another from the 2.4.0 release announcement (it's exactly the same with 2.4.1).



Netgate clearly realizes that the source code is important for their customers and their users. And since this thread needs more pics, as said, this pretty much sums it up:


7
Cache/Proxy / Re: [error] open() failed (2: No such file or directory)
« on: October 25, 2017, 08:31:32 pm »
I've made a post in the pfBlockerNG forum since the error references 10.10.10.1 however I've been referred over here.

No idea why you have been referred here. nginx is not a proxy package.

8
Packages / Re: Running bind and DNS resolver at the same time
« on: October 25, 2017, 08:27:38 pm »
The PR has been lingering on GitHub for almost two months...

https://github.com/pfsense/FreeBSD-ports/pull/416

9
Why would I be forking the project (doesn't make a particular sense when there already is a fork out there, plus why'd I use buggy half-year out-of-date code for that)? And why should I be writing to someone to get access to source code for a project that advertises itself an open source, with repos on GitHub? Kinda absurd, no?

Forget the LAGG example, it's a matter of principle. People are using open source so that they avoid the vendor lock-in, so yeah, that's the exact opposite of where you are heading apparently. They want to able to fix the product themselves, or get it fixed by a third-party of their choice, or have it adapted/enhanced according to their needs, and they believe than access to the source code is an essential part of security (e.g., verify that bugs/vulnerabilities have been fixed properly in the source code). Heck, they want to avoid situations when a company goes out of business and they are left with expensive hardware that's unfixable.

10
As the patches to FreeBSD are matured to a state where they can be upstreamed to FreeBSD, we will do so.

@gonzo: Not exactly the answer I was hoping for. Not only it doesn't help with my LAGG issue, but much more importantly - a product that cannot be rebuilt from available source code is not exactly something that'd fit the definition of open source. There are tons of close source firewalls/routers out there, that's not what pfSense users are looking for, obviously, otherwise they'd just use them.

11
Well i'm not sure if your 10 minute timeframe is realistic.. (yes i have build 2.4dev in the past..) But even if so, you will be building a 2.4beta including bugs solved months ago..

Perhaps it somehow works for someone when the moon phase is right (plus some drops of virgin blood added). The scripts are a deliberate sabotage of that effort, though. The docs vanished ages ago and - as you noted - in the end you end up with outdated, broken system.

I'm not even interested in rebuilding pfSense as such ATM. I was merely trying to fix kernel panics with LAGG in NAS4Free. Hopeless, because I cannot get the damned patches which I know for fact that are being used here. Top secret open-source. Sigh.

12
I don't think so: https://forum.pfsense.org/index.php?topic=126627.msg757029#msg757029

This doesn't work once the storage dies, plus it doesn't work when you screw up that partition either. Again, silly games that serve no useful purpose beyond being a royal PITA for users who decided to spend their money on buying Netgate hardware. (No, you cannot take those images and recycle them for other ARM boxes, ARM is not an Intel PC, so it just doesn't work like that.)

I don't care about ARM and wouldn't buy any of those boxes from Netgate either due to the above reasons... this weirdo platform is something I'd happily ignore altogether (there's not much to write home about when it comes to ARM on routers, things like Cavium Octeon are whole lot more interesting when it comes to packet processing/UTM/DPI etc.) -- if only it didn't harm the vast majority of users. There's a bunch of fixes and improvements that didn't make it to 2.4, the reason often being that more testing is required. Then you go, and start messing with kernel behind the scenes, breaking the OS altogether in RC phase. After that gets fixed and the long overdue release finally goes out, you commit apparently untested super-intrusive stuff into the very first patch version, even knowing that it's broken before you actually release that. All of that due to some niche super-minority platform you started selling a couple of days earlier.

Sigh.

13
General Discussion / Where is the pfSense 2.4.x FreeBSD OS source code
« on: October 25, 2017, 02:59:25 am »
I'm seriously disappointed that this topic needs to be revived once again.

Reference:
- https://forum.pfsense.org/index.php?topic=137636.0
- https://forum.pfsense.org/index.php?topic=137940.msg755071#msg755071

P.S. Please leave the "Franco's waterboy" out of this thread. I've contributed 0 lines of code to OPNsense, I'm not on their forum and I've refused to join them after the fork. Per GitHub, I've contributed 1,545 commits to pfsense-packages, 211 commits to pfsense/pfsense and 527 commits to pfsense/FreeBSD-ports


I simply cannot keep recommending/implementing open-source solutions that are no longer open-source. And you cannot keep advertising something as open-source when it isn't.


14
for now i had to rename all igb.20 to igb1_20 to make it connect, why would they release it with such a bug

It was allegedly done because of some ARM nonsense where some genius decided to name the interface mvneta and they found that it was too long after beginning to sell hardware with those. (Those are the SG3100 units than can be recycled as paperweight once your one year support has ended and you need to reinstall, since there are no public ARM images available.)

Renaming interfaces is about the most critical thing you can mess with on a networking gear such as firewall. So, of course a minor bugfix release is an excellent opportunity to change those, completely untested and after 2.4 has been tested for ~1 year. Sigh.

Once again, reading the release notes is important: https://www.netgate.com/blog/pfsense-2-4-1-release-now-available.html

https://redmine.pfsense.org/issues/7981

Yeah, once again, noone sane makes and expects such changes at this time point.

15
Cache/Proxy / Re: SSL ERRORS ON GMAIL....
« on: October 24, 2017, 06:07:27 pm »
Set "Use Alternate DNS Servers for the Proxy Server" to whatever the clients are using.

Pages: [1] 2 3 4 5 ... 569