1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • P

    Freeradius user permission

    2
    0 Votes
    2 Posts
    865 Views
    V
    Hi I'm having the same problem. In addition I can say that the authorized user is able to delete the freeradius users
  • B

    Freeradius Bug

    1
    0 Votes
    1 Posts
    620 Views
    No one has replied
  • A

    Modsecurity 2.9

    1
    0 Votes
    1 Posts
    757 Views
    No one has replied
  • jimpJ

    MOVED: Postfix

    Locked
    1
    0 Votes
    1 Posts
    639 Views
    No one has replied
  • V

    FreeRadius: PEAP Auth only works if…

    1
    0 Votes
    1 Posts
    647 Views
    No one has replied
  • J

    PfSense with pfiprep, some firewall rules, and Snort

    3
    0 Votes
    3 Posts
    2k Views
    BBcan177B
    The script pfIPRep is now replaced by the package pfBlockerNG. https://forum.pfsense.org/index.php?topic=86212.0 https://forum.pfsense.org/index.php?topic=102470.0
  • Y

    Translate Cisco ACLs to SquidGuard ACLs?

    2
    0 Votes
    2 Posts
    741 Views
    J
    Squidguard is a web proxy so are you trying to copy web fitering over?
  • C

    Install openLDAP server on pfsense

    4
    0 Votes
    4 Posts
    8k Views
    C
    I have installed openLDAP in a separate box, right now I have the pfsense box with all the configs in place including squid and squid guard and another box with openLDAP. squid is configured as an transparent proxy because some of the employees use applications that don't support proxy configs  and terminal applications as well. in the squid config page I have noticed that you can't use transparent proxy with authentication.  Can you please tell be another way around it the propose here is to filter the internet traffic depending on user / group thank you
  • Z

    Manually configuring NUT

    2
    0 Votes
    2 Posts
    11k Views
    C
    I am using TS SHARA 1200 UPS, I have found a linux driver and copied to "/usr/pbi/nut-i386/bin/tsshara_usb" and created a link "/usr/pbi/bin/libexec/nut/tsshara_usb -> /usr/pbi/nut-i386/bin/tsshara_usb". I have added in the end of the file driver.list "TS Shara"      "ups"  "3"    "UPS 1200VA"    ""      "tsshara_usb". But I can not see the TS Shara option in the NUT settings. What am I doing wrong? :-\
  • S

    PFsense 2.2.6 release + freeradius cannot start after firewall reboot

    2
    0 Votes
    2 Posts
    797 Views
    M
    a mi tambien me pasa, revise pero no pude encontrar una opcion de inicio automatico
  • P

    Help please… update Squid service not start

    4
    0 Votes
    4 Posts
    1k Views
    T
    Keep an eye on it, as it may fill your drive like mine did. If I get a real solution figured out I'll try to let you know.
  • A

    Help in Ipguard setting

    4
    0 Votes
    4 Posts
    2k Views
    A
    Hello Mr Mowgli, You are suggesting I should bind the mac-id with ip address for super user using dhcp server configuration. But when you bind mac id to a specific ip it is only set as preferred ip. That means any one can set their machine with ip from range 192.168.7.250 .192.168.7.254 and get unrestricted internet access. Whereas with ipguard once the macid is linked with an ip normal user cannot set their ip in that range. I guess I have made my point clear. Thank you Ashima
  • Z

    Asterisk voicemail email feature?

    2
    0 Votes
    2 Posts
    1k Views
    Z
    I've actually managed to get this to work with the postfix module.  Setup your asterisk voicemail the way you want then install postfix and go to the postfix services configuration tab.  Under there make sure postfix is listening on the same interface asterisk is and also on loopback.  After that you need to either configure postfix as a full MTA or go under the domains tab, put in the domain name of all the email addresses you want to forward to and use an IP of a relay SMTP server that the pfsense box can use (I run a separate exim server on my network).  After that you have to install mailx via pkg add on command line.  Now once we've got all that setup, you need to configure some symbolic links in pfsense so Asterisk can get to them in their usual places (Because pfsense isn't your typical linux install). ln -s /usr/local/bin/mailx /usr/local/bin/mail ln -s /usr/local/sbin/sendmail /usr/sbin/sendmail If you've got all that setup properly the voicemail to email feature should snap into working.  It did for me! :)
  • S

    Unable to disable/delete pfB_Asia_v4 auto rule

    6
    0 Votes
    6 Posts
    2k Views
    RonpfSR
    The configuration should be at Firewall / pfBlockerNG / Country / Asia
  • J

    Snort and Syslog

    1
    0 Votes
    1 Posts
    702 Views
    No one has replied
  • S

    Syslog-ng TLS configuration help (2.1.5)

    6
    0 Votes
    6 Posts
    6k Views
    K
    Really surprised this is not a supported feature in the gui!
  • R

    Installation Fails: OpenVPN Client Export Package

    5
    0 Votes
    5 Posts
    4k Views
    R
    Johnpoz, thank you so much for your help. I solved my problem. A little backstory in mitigation: I have been futzing with converting a VMware VM to Hyper-V and I have created this VM about a dozen times over about 6 weeks of part-time effort punctuated by hospital stays. The problem was that instance I was working on was a LiveCD image, not a disk image. Works a whole lot better if you use a write-enabled storage medium.
  • A

    Has anyone heard of this?

    6
    0 Votes
    6 Posts
    2k Views
    KOMK
    No problemo.  If I remember right, the entire point of Let's Encrypt was to have an automated system that would renew your cert regularly without user intervention.  They supply software that does all of this for you.  There was talk about a FreeBSD port, but I don't know the current status.  Ad then after that, someone would have to create a pfSense package to integrate it into the system.  For now, it's just easier to use the pfSense self-signed cert if required, and get your own real certs for your web server and mail server behind pfSense.  They're pretty cheap.  if I can afford one, anyone can.
  • E

    Freeradius2 - Windows 10 Update 1511

    7
    0 Votes
    7 Posts
    4k Views
    jimpJ
    @David_W: In the fullness of time, pfSense 2.3 will be released and there will almost certainly be a FreeRADIUS package for it that does not have this issue. For now, with the push to get pfSense 2.3 released, issues with unofficial packages for pfSense 2.2.x may well be a lower priority for the developers. The FreeRADIUS package on pfSense 2.3-BETA is 2.2.9 and is working well. If someone needs to use FreeRADIUS 2.2.9, they can upgrade to pfSense 2.3 or spin up an additional pfSense instance using 2.3 to use as a RADIUS server if they're more comfortable using it in that capacity.
  • M

    Pfsense 2.2.6 captiveportal+squid3+check_ip.php problem solving

    1
    0 Votes
    1 Posts
    695 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.