1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    Y
    You can run via SSH or Diagnostics -> Command prompt squid -k parse and paste output here.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey Would you mind sharing a bit about that setup? I understand your reluctance to promise anything if you are looking into pfblockerNG package maintenance.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    499 Topics
    3k Posts
    G
    Thanks @Popolou @Gertjan for the reply. TLDR; I just want to confirm that this isn't a pfSense/ACME bug. I'm just going to delete the deprecated cert and consider this matter closed unless this is a bug. FULL REPLY: Thanks @Popolou @Gertjan for the reply. Thanks for the info. I now understand what is going on with these certificates which is a win. I was expecting that pfSense would manage these certificates and clear out the ones that are no longer needed. No big deal as long as I know I can safely delete them. @Popolou said in How do I fix this expiring ACME Certificate?: @guardian Just check to see which certificates have been issued with the now defunct/expiring CA and if it is zero (which is highly likely), then you can delete it. Any new cert renewals will still take place and the appropriate CA chain will be downloaded and installed if required. You may find you have R10 and R11 (or newer) installed through this route. @Gertjan said in How do I fix this expiring ACME Certificate?: @guardian said in How do I fix this expiring ACME Certificate?: CN=R3 Euh, that one has been depreciated long time ago. Read : Thanks.... I actually found this and read it. @guardian said in How do I fix this expiring ACME Certificate?: Is there a place I can download a new CA certificate? Normally, you don't need to. If your pfSense is recent enough, you has them already. Not under "System > Certificates > Authorities" but in the FreeBSD Certificate storage folder, here /usr/share/certs/trusted/ Thanks for this info. It looks like the certs that I have in play have been downloaded, so I guess I will just delete the old cert and be done.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • A

    Cron with freeradius2 reset counter command

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N
    probably my mistake in the wiki. Try this. minute  hour    mday    month    wday          who                  command *          0        *    *          *          root        /bin/rm /var/log/radacct/datacounter/daily/used-octets-* Should reset the counter at 0 o'clock
  • B

    SNORT - Snort 2.9.2.3 pkg v. 2.2.1 process do not quit via update scripts or GUI

    Locked
    41
    0 Votes
    41 Posts
    14k Views
    B
    @ermal: I think that time is a factor here with your snort.sh. A service like snort needs its time to prepare itself for releasing and allocating new resources from a HUP so you have to take that into consideration. Furthermore i would be expecting a system log associated with that. How much time?  will that result in the memory usage dropping back down closer to it's original levels?
  • K

    Nrpe config issues

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    _Is the command you show what happens when the wait/critical boxes are empty? No need for a checkbox or button, if the boxes are empty the parameters could simply not be used._
  • jimpJ

    MOVED: Zabbix_agentd on 2.1

    Locked
    1
    0 Votes
    1 Posts
    874 Views
    No one has replied
  • S

    Squidguard timeout issue

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • chpalmerC

    Siproxd Configuration guide

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    G
    …. I just saw, that on the WAN interface UDP 16xxx is being blocked! Do I need to add a rule to pass it? Jul 4 03:00:53 WAN 217.xx.xx.xx:18113 91.xx.xx.xx:16399 UDP You had no rules at all configured! What is my mistake? regards Guenther
  • R

    FreeRadius2 not relaying DHCP info from DHCP Server

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    R
    Ah, I think I know what it is. The AP that I'm trying this on has "defective" firmware and I need to update it first. Turns out updating the firmware is causing me even more problems  :-\ Thanks!
  • S

    HAVP and IPSec

    Locked
    1
    0 Votes
    1 Posts
    883 Views
    No one has replied
  • J

    Squidguard blocking incoming Anonymous Proxy connections

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    J
    So sorry with the delay to replying I will take a look at that be interesting it's not a big problem though really, just I think some might be using some to spam my blog I suspect. Thanks any how.
  • B

    Squid local authentification not working

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    B
    Many thanks ! i was sure it's a bug…not it's working fine...but in this way: if that option is not enable and ip is not in list after authentification i got acess denied. It's working like this: ip in unrestricted list, option enable i got prompt for credentials authentification succesully and it's working !!! i assumed this is the good way working(for me it's fine like this) ? but still...local/others way of authentifications are made to bypass the ACLs list in particulary unrestricted ip's ? why it can not be a working proxy for whatever the ip is...and based on authentification ? Another thing, my proxy is on wan and it's working fine but it's strange that is working also on lan ! :D of course with my dynamic dns adress entered, it should work like this if proxy interface selected is wan and i'm entering from lan It's fine that is working now ! thanks a lot !!
  • K

    Squid & Squidguard

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    N
    Could you post screenshots of your Common ACL (targets open) Group ACL (targets open) The target you created squid can only block http websites when in transparent mode. for https you need squid in non-transparent mode.
  • A

    Problem manually editing bannedsitelist file for Dansguardian

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    AJungleDog, You will need to change your script to update dansguardian xml config using php instead of editing config files. take a look on dansguardian.php, it could be a good start to understand how to read and change dansguardian xml conf. att, Marcello Coutinho. ps: before any test, backup your config.
  • R

    LightSquid Segmentation fault access.log

    Locked
    16
    0 Votes
    16 Posts
    5k Views
    R
    Does he have an easier way to get an authentication UserID in my reports ? Thanks
  • K

    Portsnap not installed - cannot install it

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    K
    oki dokie thanks for the answer. i will do just that.
  • K

    Best ntop config?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    K
    Thinking, perhaps I just need to block broadcast or multicast or something? Is there an easy way to block broadcast traffic?
  • B

    Pfsense ERROR - The Remote Server returned an error: (417) Expectation Failed

    Locked
    6
    0 Votes
    6 Posts
    6k Views
    M
    i also facing same problem,.. 417 Expectation Failed
  • J

    Where is SoftFlowD?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    It's in the FreeBSD package repo, we don't have it on our site.
  • J

    PFFLOWD problems

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    You might uninstall and reinstall this, at some point in the last week or so I rebuilt that package as it was pulling the wrong version of the code. Alternately, there are instructions on the wiki for setting up softflowd.
  • G

    Redirecting Squid / SquidGuard logs to remote syslog

    Locked
    8
    0 Votes
    8 Posts
    42k Views
    P
    @gregober: In Squid, I think It is possible to use this configuration directive : access_log syslog:local:4 or access_log syslog:LOG_LOCAL4 This parameter has to be included in the configuration file… I personally verified that it was perfectly feasible to include this configuration directive in the "Custom Options" field of the Services > Proxy server configuration page of PfSense. Thanks to to that the settings survives a reboot. Once this is done, the messages are sent to a distant server provided you configured pfsense to do so (Status > System Logs > Settings)
  • W

    Cannot start snort after last update :( ByteExtract variable '^Authorization\x3A

    Locked
    12
    0 Votes
    12 Posts
    5k Views
    F
    The system log says: ... snort[3342]: WARNING: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules. ... Currently it looks as if this is the reason why snort does not want to work properly. Obviously, reinstallation did not work. After disabling the snort.org *.so rules and enabling the more or less corresponding emergingthreads.net rules, the system works as expected and offenders are blocked again. Does anybody know where the content from dynamicrules is supposed to come from? The packages from files.pfsense.org seem to contain only an example module.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.