1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    S
    @Smeg.Head Have you tried saving the log settings page as is? Years ago IIRC there was a bug there also where it needed saving. If pfSense is set to compress logs (should not on ZFS or slow CPUs) I wonder if it might be trying and timing out.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @nanda said in pfb_filter and pfb_dnsbl services are not running Pfsense 25.07.1: When I checked the status of the service, the firewall returned, "does not exist". as in on the Status -> Services page? or where specifically ? and yet it shows on the dashboard services widget.. And you said this was a fresh install so ... are there any errors in pfblockerNG 's error.log, dnsbl_parsed_error or py_error (Firewall -> pfBlockerNG -> Logs on the pfblockerNG -> General. make sure the Keep Settings option is enabled then head over to packages and try to reinstall the package (you may remove and install or just reinstall) see if you spot any install errors during the install then when complete you will need to change the masterfile / mastercat line again and then check the update page at Firewall -> pfBlockerNG -> Update should have a status showing the next scheduled cron event (if that is within a few minutes just wait for it to run). if it is more than say 20 minutes away or says not scheduled (or similar) then on the same update screen force Cron hit run. when that is complete check the status then reboot check the status

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    500 Topics
    3k Posts
    G
    @Gertjan well..... finally i created a new user for inwx and just gave him dns_management role only AND without 2FA. So now all is fine, my PFSense has the LE Cert as it should be. Thanks and kr Mike

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    609 Posts
    luckman212L
    The bugaboo that was affecting the FreeBSD 15 pkg repos has cleared, and the new builds seem to be finished. So, 1.86.4 is now landed in FreeBSD:15:amd64/latest ABI: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.86.4.pkg

  • Discussions about WireGuard

    699 Topics
    4k Posts
    S
    @Bob.Dig what's the right place?
Log in to post
Load new posts
  • ColdBrewC

    HAProxy - Include subdirectories in the HTTP Redirect

    10
    0 Votes
    10 Posts
    1k Views
    F
    @ColdBrew @viragomann @johnpoz This is an interesting discussion, and I’ve run into similar issues with HAProxy and subdirectory redirection. From what I understand, HAProxy should pass the entire path (including subdirectories) to the backend by default, as long as the backend is properly configured to handle those requests. A few things to check: Backend Configuration: Ensure the backend server (IIS in your case) is correctly set up to handle requests for the subdirectories. Sometimes, the issue might be with the backend’s routing or permissions. HAProxy Logs: Check the HAProxy logs to see if the requests are being forwarded correctly. If the logs show the requests reaching HAProxy but not the backend, it might be a routing or firewall issue. Firewall Rules: Double-check your pfSense firewall rules to ensure traffic on port 80 (or any custom port) is allowed to pass through to the backend server. If everything seems correct but it’s still timing out, you might want to test with a simpler backend (like a basic HTTP server) to rule out any IIS-specific issues. Let us know how it goes!
  • patient0P

    Email Reports PHP warning -> report not created

    10
    0 Votes
    10 Posts
    1k Views
    AMG A35A
    @patient0 Upgraded to 24.11 yesterday and had same problem your change to /usr/local/www/status_mail_report_edit.php fixed it. Thank you!!!!!!!!!
  • JSmoradaJ

    Is anyone working on a RustDesk package?

    2
    0 Votes
    2 Posts
    568 Views
    M
    @JSmorada I'm not using rustdesk, but there is a docker option if you don't want to spin up a VM.. https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/#install-your-own-server-with-docker
  • C

    Crowdsec finally comming to pfSense

    68
    2 Votes
    68 Posts
    18k Views
    Sergei_ShablovskyS
    @provels said in Crowdsec finally comming to pfSense: Have there been any more thoughts about including Crowdsec as an official pfSsense package? Upvoting this!
  • S

    BIND Package and RFC 2317 Classless IN-ADDR.ARPA delegation

    1
    0 Votes
    1 Posts
    233 Views
    No one has replied
  • I

    Prometheus node_exporter - does not show up in Grafana

    1
    0 Votes
    1 Posts
    331 Views
    No one has replied
  • I

    zabbix connection failures

    2
    0 Votes
    2 Posts
    415 Views
    A
    @isaaclondo09 SSH into your pfSense box and run this command: /usr/local/sbin/zabbix_agentd -f That will show any early output and the cause of the failure to start. Usually it will be a parameter error. What is the IP of your Zabbix server? It looks like the agent's the Server Active parameter is set to 192.168.13.148 for active checks but the server is rejecting the connection. Passive checks (from the server) are coming from 192.168.13.109 but the agent is rejecting them because the Server parameter is set to 192.168.13.190.
  • E

    How to run zenarmor locally in Pfsense?

    2
    0 Votes
    2 Posts
    492 Views
    M
    @enesas follow up with the zen armor team on an official pfsense package. https://www.zenarmor.com/contact
  • W

    [solved] FreeRADIUS 3.x package LDAP/OTP problem

    6
    0 Votes
    6 Posts
    2k Views
    W
    @lawern Good to hear :) I think I also updated it once or twice to be compatible, but we used it until we replaced the gateway. Until then I think there was no easy alternative to this.
  • M

    Telegraf Package needs an update

    1
    0 Votes
    1 Posts
    190 Views
    No one has replied
  • mtarboxM

    Email Reports WebGUI crashes February 2025

    5
    0 Votes
    5 Posts
    596 Views
    GertjanG
    @mtarbox said in Email Reports WebGUI crashes February 2025: https://github.com/pfsense/FreeBSD-ports/commit/c49098e2900a9211de44dc0b9937235ce9d638a2.diff Ah, ok, the pfSense-pkg-mailreport package. [image: 1739975511317-fe37f9ae-869e-4abe-ae82-918dfe2d5ac7-image.png] Package make less - or, AFAIK, not use of the patches system. If a patch exists fro them, then package is rebuild and you are proposed to update it.
  • R

    Using stunnel with Google LDAP

    solved
    3
    0 Votes
    3 Posts
    749 Views
    R
    After clearing the Protocol field in stunnel config, which I had originally set to ldap, saving the change, and restarting stunnel service, executing a connection test from the Toshiba MFD was successful. And after adding the Google Workspace server entry in the Toshiba MFD LDAP Client settings as a directory/service option (click Server Assignment button, also in MFD LDAP Client settings), Google Workspace directory searches from the Toshiba MFD are working as expected.
  • K

    How to block specific webpage and not a all website

    7
    0 Votes
    7 Posts
    1k Views
    GertjanG
    @KelvinU said in How to block specific webpage and not a all website: sounds NL, right? Born over there, exact. Living in France for the last 3 decades. @KelvinU said in How to block specific webpage and not a all website: though it came somewhat pretentious, right?! What makes you assume I'm a newbie? Lol, you first : what makes you presume that I assume you are a newbie ? But I get your point ^^ It's true, I am and I was pushing a bit. My point of view : About the proxy solution : me talking about planes was just an very accessible way to make you understand what the (imho) real question is. A lot of people fly planes. It's feasible. It just needs a lot of work. It's just that you were asking about why "/this/" isn't accessible to pfSense and/or anything else other then your browser and the web server on the other side. So I kicked of my way of saying : go have a look. I good have finished the question with one question back : do you know what https is ? (I sometimes do - as this is not a ). And I'm hoping I waked up your curiosity, that you dive into it, and then come back here and tell us how you did it. Because I'm still waiting as I never had the patience and/or time to use a proxy set up myself. Also, I don't have the age neither the young kids at home that motivates me being able to see my own traffic, let alone traffic off other people. That makes me feel very uncomfortable. @KelvinU said in How to block specific webpage and not a all website: and I've learned that we should never say, "No one. Not pfSense. Nobody. Not on planet Earth." and I fully agree with you. And we also enter into the "computer politics" now. So no more black and white, all becomes suddenly 'gray'. And it always was. If TLS (real time) decoding was possible, while the private key is unknown, this would mean "some one" could listen into your TLS connections at any time. I get it, it's the role of every big (governmental ?!) organization to let us know, the big public, that it's a scandal according to them, that they can't do their job right (protecting all of us, the big public), that they can't access your phone's traffic, can't see what you are saying (writing) to some one else. as national security is at stake here. So they say, your traffic is hidden and that's a problem for them - and this for us. edit : still looking for the country where the usage of TLS or comparable is forbidden by law ^^ And at the same time, somewhere hidden, down deep, in zone 51, they have this quantum computer that can tap into everything all ready using, probably, a back door key ? Maybe. And they won't say any one of course that they actually can I get that (except for tiktok of course). Let's give the public the impression they are safe, so the will "speak" freely, not knowing that some one listens in after all. If that capability was known, then Internet as a communication method would fall .... world economy would fall. But real time brut-forcing their way in ? Well ... do the math yourself ^^ Keep in mind : most of what I said above is "afaik" and "imho". @KelvinU said in How to block specific webpage and not a all website: I know a ton of GertJan Oula ... why even bother posting here - come and see me !? As I've questions also, and not only pfSense.
  • B

    Zabbix Proxy on 2.7.3

    7
    1 Votes
    7 Posts
    3k Views
    steve.scotterS
    I've been forced to upgrade to Zabbix 7.0 due to the previous LTS version 6.0 going EOL on February 28, 2025. (https://www.zabbix.com/life_cycle_and_release_policy) The Zabbix Proxies I have are also 6.0 LTS and I've just discovered there is no 7.0 package. I'm also seeing a lot of the following messages in my zabbix logs... 9868:20250208:120811.048 Proxy "FW-1" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.086 Proxy "FW-2" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.269 Proxy "FW-3" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.366 Proxy "FW-4" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.393 Proxy "FW-5" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.403 Proxy "FW-6" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.436 Proxy "FW-7" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.489 Proxy "FW-8" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.644 Proxy "FW-9" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.700 Proxy "FW-10" version 6.0.27 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.911 Proxy "FW-11" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. So I'm basically stuff. Rolling my Zabbix server back isn't an option due to EOL/compliance issues. And I seem unable to install the Zabbix 7 agent or proxy on pfsense. It seems as though the pfsense communication edition is dead?
  • L

    Do I Need to Revert Patches Before Upgrading pfSense?

    6
    0 Votes
    6 Posts
    898 Views
    GertjanG
    @leeroy said in Do I Need to Revert Patches Before Upgrading pfSense?: We don’t have any custom packages Make : [image: 1738773582966-61aef0a2-815f-46fa-b99f-95174dc0a65f-image.png] an exception. It's made by Netgate, for pfSense. Even if you don't think you need it, you need it. Probably because Netgate knows more about pfSense then we do
  • A

    Prometheus Node Exporter gives log errors - fix or suppress in log

    5
    0 Votes
    5 Posts
    2k Views
    N
    Adding this here rather than a new topic since this is what comes up vv google when looking for why uname and zfs are throwing errors in the pfSense system log Following the steps above from @ameinild does stop the messages from appearing, but only until you restart or touch the config in the ui. After digging around here github and looking for some overly complicated way to override the default conf, a definite was in order though... its so obvious once you see it, i.e. all of the selected options are all just flags in the config, and adding --no-collector.XX is just another flag, but from what I could find this wasnt called out anywhere, despite this issue being discussed in a number of forums. The solution is simply to add --no-collector.zfs --no-collector.uname to Extra flags and save. [image: 1738107043119-2b94e695-3dc2-4a2e-886e-87a09509605d-image.png] Which results in /usr/local/etc/rc.conf.d/node_exporter updated as follows, and the config persisting. [image: 1738107322479-a49b3815-2788-43c7-802b-fa395d1b4812-image.png]
  • I

    Packages showing as up to date - they are not. 2.7.2

    6
    0 Votes
    6 Posts
    734 Views
    S
    @iStuart said in Packages showing as up to date - they are not. 2.7.2: link that states what the latest version is? I don't think so. Usually it's discussed in the forum category here. There is https://www.patreon.com/pfBlockerNG but it isn't always posted there I think. Also https://www.reddit.com/r/pfBlockerNG/.
  • L

    cron package lead to boot issue

    3
    0 Votes
    3 Posts
    363 Views
    M
    I'm not seeing how the errors would trigger via the GUI - was the config.xml file manually modified?
  • T

    Suricata fails install

    9
    0 Votes
    9 Posts
    778 Views
    bmeeksB
    @TravisH said in Suricata fails install: @bmeeks That gave me the same errors, I might try a fresh install just to see if it has something else going on. Cheers I don't have any other suggestions, then. Those error messages appear to definitely originate from the pkg utility itself as it is creating the directories and copying the Suricata install files to the correct locations. The Suricata package is not even "alive" at that point (since it is in the process of being installed by the pkg utility). Have you monkeyed with any user permissions on the firewall? Can you remove and then successfully reinstall another package? What about trying to reinstall Snort again? What kind of hardware do you have? Is it something with an eMMC disk? Perhaps it has gone into "read only" mode ???
  • E

    haproxy does not start when pfsense start

    1
    0 Votes
    1 Posts
    494 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.