1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    JonathanLeeJ
    @bmeeks your work outclasses so many individuals and developers. Your stuff is amazing. Cheers

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    Same issue on 25.07.1 pfBlockerNG-devel 3.2.7 Database Sanity check [ FAILED ] ** These two counts should match! ** ------------ Masterfile Count [ 26379 ] Deny folder Count [ 26378 ]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    702 Topics
    4k Posts
    P
    Yes
Log in to post
Load new posts
  • bmeeksB

    Snort 2.9.5.5 pkg v3.0.1 Update – Minor bug fixes

    65
    0 Votes
    65 Posts
    19k Views
    bmeeksB
    @fragged: @BBcan17: @fragged: Bills pull request has still not been accepted. The change you saw was this: https://github.com/pfsense/pfsense-packages/commit/048bb82a0e2c814da90816657ecedf59fedf8dbd Thanks for the update fragged. I thought that security issue on the Web GUI was fixed in the previous release? It still shows as 3.0.2 after this update. I'm not an expert with html/php, but it seems like this is a better fix for the same issue that was already fixed by Ermal before. Yes, this latest fix is an improvement over the first one.  Some more changes similar to this will be coming in the next Snort update to further harden the GUI code a bit.  It contains a lot of quite old HTML/PHP stuff that I had just left alone since it worked.  However, in today's more security conscious environment, some hardening is needed. Bill
  • V

    Squid 3.3.10 with SSL Filtering some web page are broken

    1
    0 Votes
    1 Posts
    688 Views
    No one has replied
  • BBcan177B

    Possible BUG in Snort custom.rules

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    @bmeeks: I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582 Bill Thanks Bill. I guess there is the changelog. Unfortunately after this upgrade, I dont see any of these changes. There are no new icons in the Alerts Tab, Clicking on a remove Block still brings it to the Lan interface. The Rules tab is not updated. Maybe this is still the previous release? Let me know if you want me to test anything. Thanks.
  • C

    SNORT - Unusual ping detected

    3
    0 Votes
    3 Posts
    3k Views
    C
    Thanks a lot Bill..!
  • keyserK

    Squid 3 package status

    1
    0 Votes
    1 Posts
    814 Views
    No one has replied
  • M

    Haproxy 1.4 content isn't secure

    3
    0 Votes
    3 Posts
    1k Views
    P
    Indeed like Jason writes its likely the page contains contents that it tries to read contents from http://something..  you might also want to give haproxy-devel a try as it natively supports ssl. And also as a possible workaround if the webserver url generation cannot be changed can have the backend connection created over ssl to the webservers.
  • K

    PPP Autodisconnect/Reconnect

    1
    0 Votes
    1 Posts
    634 Views
    No one has replied
  • ?

    Bug - Squid package log dir

    1
    0 Votes
    1 Posts
    473 Views
    No one has replied
  • A

    Zabbix2-proxy-2.0.8 pkg v0.7_1 on Netgate does not work, reference missing files

    4
    0 Votes
    4 Posts
    1k Views
    A
    It has to do with how the Netgate release of pfSense seems to be limiting the Zabbix2 packages to the 2.0.x branch. Perhaps the init scripts are not versioned or something. Installing the zabbix2-proxy-2.0.8 pkg v0.7_1 package but pulling the init script that has been updated for zabbix2-proxy-2.2.1 pkg v0.8_0. I know the Netgate release package repository lags behind a little, perhaps I can help get the zabbix2.2 updates fully tested so they can be released to the Netgate release.
  • panzP

    Sending "upsmon -c fsd" to NUT (Network UPS Tools).

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • I

    Install squid does nothing :(

    8
    0 Votes
    8 Posts
    2k Views
    I
    Thanks… And now it's worked. Really weird because I've installed and uninstalled many times, suddenly it appears. So I'm a happy camper, but odd that the GUI should report a successful installation when that doesn't seem to be the reality.
  • B

    Squid3

    1
    0 Votes
    1 Posts
    721 Views
    No one has replied
  • H

    Need help with a redirect loop in squidguard!

    1
    0 Votes
    1 Posts
    723 Views
    No one has replied
  • A

    Snort blocks many websites badly

    2
    0 Votes
    2 Posts
    5k Views
    bmeeksB
    @A999: Hi, I'm setting up a fresh pfSense box for proxying http traffic at my office. I installed Squid3-dev and snort (updated VRT community rules and ETOpen rules). I disabled "block offenders" in snort but as time goes by, it's still blocking many normal websites like: AWS, reddit, and many more photos sharing hosts. Description for those blocked hosts are "UNKNOWN METHOD" or "DOUBLE DECODING ATTACK" or "NO CONTENT-LENGTH" OR "TRANSFER-ENCODING IN HTTP RESPONSE". It would be great if somebody tell me what's wrong here and what I'd do to improvise. Thanks. Edit: snort are enabled on WAN interface, and it's also blocking download packages from psfense.org for same reason. Did you remember to stop/start the Snort process after you changed the blocking option from "on" to "off"?  If you uncheck "block offenders" and restart Snort, it won't block anything.  It will print alerts, but it won't block. The alerts you listed are considered to be common, known false positives from the HTTP_INSPECT preprocessor.  There is a long thread containing suggestions from experienced Snort users for suppressing false positives.  Here is a link:  https://forum.pfsense.org/index.php/topic,56267.msg300473.html#msg300473 Bill
  • M

    Squid Package status X how come ?

    2
    0 Votes
    2 Posts
    850 Views
    T
    Have you just installed (downloaded and added it to the menu system) it from the package menu? Then you have to go to the "Services" –> "Proxy Server" menu option and at least press the "save" button there at the bottom. This will basically create the config file and start squid.
  • J

    Snort time from alert to block

    18
    0 Votes
    18 Posts
    7k Views
    BBcan177B
    @jandohrmann: alert tcp $EXTERNAL_NET any -> any 25 (msg:"SMTP AUTH LOGON brute force attempt"; content:"AUTH LOGIN"; nocase; classtype:suspicious-login; sid:1000001; rev:2;) I didn't see the "content:"AUTH LOGIN" in the rule above. My bad. Thought you were blocking port 25 completely at first glance.
  • V

    Snort clearing block hosts ahead of schedule

    21
    0 Votes
    21 Posts
    10k Views
    R
    Then…  you've made my point. But thanks for sharing what you have. Rick
  • B

    Squid Reverse Proxy

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • E

    Snort doesn't stay running

    2
    0 Votes
    2 Posts
    722 Views
    bmeeksB
    @ethos101: Every time Snort updates its rules we need to manually start the service again.  The log says it's restarted, but it is not.  Where else can I look for trouble signs? Thanks Look in the system log for clues.  My first suspicion is a disabled preprocessor, and the new rule update suddenly has introduced a dependent rule.  Look for any messages about "unrecognized or unknown rule option" in the system log. Did you disable any preprocessors on the PREPROCESSORS tab, or have you left everything at the defaults from the initial installation? Bill
  • L

    Postfix - suddenly stopped working?

    4
    0 Votes
    4 Posts
    4k Views
    X
    I got the same issue and selecting interface(s) in the "Listen on" list instead of "listen on all interfaces/ip addresses" solves it.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.