1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    @Tom8 bitlife said in HAProxy: thank you very much. I will do.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    497 Topics
    3k Posts
    johnpozJ
    @wlp94611 I have exported some certs and never had an issue.. Let me export from 2.8.1, are you using the beta, or the RC I thought I saw mention it recently dropped..

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • gwhynottG

    Squid-reverse version 3.1.19_2 - not setting DSCP/QOS after upgrade.

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    gwhynottG
    Is anyone else using squid to mark DSCP/TOS vaules?  Did things break after an upgrade?  I downgraded my install and tired,  no good,  then re-upgraded..  I am still seeing these errors in the logs and none of my packets leaving the system are having their DSCP values modified any longer..  No amount of searching is turning anything up,  the error is seen in Mac OS X land quite a bit but i've yet to see one freebsd instance reported… thanks, greg 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 251: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 351: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 222: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 433: (22) Invalid argument 2012/04/02 10:49:40| comm_set_tos: setsockopt(IP_TOS) on FD 729: (22) Invalid argument 2012/04/02 10:49:43| comm_set_tos: setsockopt(IP_TOS) on FD 556: (22) Invalid argument 2012/04/02 10:49:44| comm_set_tos: setsockopt(IP_TOS) on FD 231: (22) Invalid argument
  • Z

    SquidGuard

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N
    Hi Zach, I know this is a late reply but thought I'd complete the thread in case someone else is looking for the same info… ;D You can set a Cron job to auto update blacklists. The process is described here: http://forum.pfsense.org/index.php/topic,35479.0.html :)
  • S

    Squid still on system after removal

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    N
    @marcelloc: I think the easiest way it(using firefox) install the package again and remove. Try this first and if it does not work go to command line and type: pkg_info You will find squid-2.xyz installed delete it and it dependencies with: pkg_delete -r squid-2.xyz But the correct way is to install and uninstall it using the GUI.
  • C

    VHosts - no service status even running in background

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    C
    looks like there is already a bug report for this: http://redmine.pfsense.org/issues/999 I've tried to fix it on my box with no luck other then the workaround. But I dont like messing with core files anymore ;-) …. I would think its a simply fix but i'm not a php programmer.
  • C

    Squid Cache Hit Rate.

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    marcellocM
    This can be espected as squid "engine" is not that good for dynamic/session pages. I saw it on one doc comparing squid and varnish. https://www.varnish-cache.org/trac/wiki/ArchitectNotes A test I did once was configuring a varnish daemon as proxy server sending to a squid as backend. The result was some times faster then squid itself. But I'm sure that there is some config options to improve cache hit.
  • D

    Problem SNORT 2.9.1 pkg v. 2.1

    Locked
    74
    0 Votes
    74 Posts
    25k Views
    T
    Forgot to update: #(ssp_ssl) Invalid Client HELLO after Server HELLO Detected suppress gen_id 137, sig_id 1 Of course it worked like a charm. No more kicks.
  • M

    Avahi still on system after removal

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • K

    SNORT 2.9.0.5 End Of Life

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    E
    I am not sure to whom you have sent money but not to me, not sure with cmb. If you send me the money for sure that will help since jamesdean is not anymore in the loop for this and not has spend time to make snort usable. Since you were willing to send money just send them to me and surely it will help get snort further forward.
  • V

    Snort ET eminating from pfsense 2.01?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    S
    If you want to check it is ntp, you can tick the box to log to a tcpdump file packets that match alerts.  Then get the tcpdump file off the pfsense box (it's in /var/log/snort) using something like winscp, open it in wireshark and take a look.  If it is ntp, it should be marked as such.  But it is using the ntp port (udp 123).  Malicious traffic does sometimes use well-known ports though in order to evade detection.  If you google the IP address though, there is some evidence that it is an ntp server.  But the reverse DNS is li153-120.members.linode.com and checking the IP for 0.uk.pool.ntp.org does not give this IP.  However, I started incrementing the number and it is listed as one of the IPs for 2.uk.pool.ntp.org.  So it does look legitimate (unless the server has since been comprimised and not removed from DNS - I suspect unlikely).
  • S

    Squid-reverse with SSL on 443

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    Hi Do you have a port redirection for 443 going to a webserver already in your nat rules ?
  • C

    Squid issues. (anything with a login)

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    gwhynottG
    @cylent: so the question is: when i hit save in the proxy server settings does it restart squid? i am fairly sure it does,  you can confirm by tailing the cache.log file where you'll see the squid process starting/stoping when you save your changes via the gui. (/var/squid/logs/cache.log) -g
  • F

    Squid use 100% disk

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    F
    1Gb ram and 128Mb squid
  • T

    [Snort] Can't view Alerts and Blocked page(s), get a blank page; PHP Fatal error

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    T
    @jclausen: I also got blank pages on alerts and blocked tab. I have tried to add: ini_set('memory_limit', '490M'); to snort_blocked.php and snort_alerts.php then i get this error: Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 319 bytes) in /usr/local/www/snort/snort_blocked.php on line 298 running: 2.0.1-RELEASE (i386) built on Mon Dec 12 18:24:17 EST 2011 FreeBSD 8.1-RELEASE-p6 You need to be using x64 install, to give this a try: @marcelloc: If you are using 64 bit version and have more then 512Mb of ram, you can try to include this code to increase php memory limit. You can try what worked for me. ie. do a fresh install of Snort
  • gwhynottG

    Reverse Proxy package - transparent proxy issues.

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    gwhynottG
    sorry forgot to update this thread.  it did work, and thank you very much.  8) -g
  • T

    Squid Install Corrupt - How to remove manually?

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    N
    Try to reinstall squid package from SYSTEM -> Packages If this does not work got to /usr/local/pkg/ and delete the squid* files. .inc and .xml Take a look at system log about what it is telling about squid. Diagnostics -> BAckup/Restore: Clear package lock reinstall all packages
  • ?

    Snort : Update Rules button not working with IE but working with Firefox

    Locked
    1
    0 Votes
    1 Posts
    877 Views
    No one has replied
  • V

    Snort[61250]: FATAL ERROR: Unable to open rules file "/usr/local/etc/snort

    Locked
    8
    0 Votes
    8 Posts
    5k Views
    D
    Same issue here and lowering the memory usage fixed the issue. OK, either Snort shut down when I was tinkering with my VPN or Snort restarted during an update. When I noticed it and tried to restart it I got the same error. Then I set the memory back to it's original settings it worked. I had originally been running it in AC mode and had set it to AC-STD. Now it's back to running fine in AC. I'm running 2.0.1 AMD 64 on a Dell PowerEdge server with dual Xeon 3.2 processors and 2GB of ram.
  • S

    OpenBGPD MD5 Password doesn't work

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    A
    Hi, Same problem here. Since upgrading to 2.1-DEVELOPMENT (amd64), built on Fri Mar 23 22:35:08 EDT 2012 I also need to use the "net.inet.tcp.signature_verify_input" trick, otherwise bgpd will not communicate. It never worked with password in the configuration, either TCP-MD5 key or password. Peter
  • R

    OpenVPN causing Snort to exit

    Locked
    8
    0 Votes
    8 Posts
    2k Views
    R
    @richie: @robi: Thanks. What hardware are you running these on? old AMD 2200 with 768MB of RAM.  It uses alot of memory but seems fine.  I have memory settings as AC-STD with custom whitelist and suppression list.  The whitelist is important because there is a setting that adds VPN addresses dynamically to the list. I just switched to AC-BNFA.  It's the default setting I should have used to begin with because memory consumption was up with AC-STD.  Now it went way down and it starts up much faster.  I read somewhere until initiation is complete Snort is not protecting you and that the end results of the different memory settings yield the same protection.  I'm also considering removing the Shellcode rules because I getting some false positives from certain websites.  In the meantime, I'm placing the ip's in the whitelist that I created earlier.
  • C

    Snort stopped working

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    V
    Hello Same for me after update snort package . Solved by "Reset" Button on Services: Snort: Global Settings  page. P.S. Do not forget to save yours Oinkmaster code
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.