1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @andrew_cb ChatGPT had the right idea but gave me 100 different places to put "load-server-state-from-file none". Your post was worth more than ChatGPT could ever offer!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    JonathanLeeJ
    @bmeeks your work outclasses so many individuals and developers. Your stuff is amazing. Cheers

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    Same issue on 25.07.1 pfBlockerNG-devel 3.2.7 Database Sanity check [ FAILED ] ** These two counts should match! ** ------------ Masterfile Count [ 26379 ] Deny folder Count [ 26378 ]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    702 Topics
    4k Posts
    P
    Yes
Log in to post
Load new posts
  • S

    SNORT problem

    2
    0 Votes
    2 Posts
    862 Views
    bmeeksB
    @sebna: Hi, I have changed by mistake SNORT settings in Alerts tab to show 3000 or 30000 and it is now refreshing to blank page so I cannot change it back to 300. How can I change it back to show only 300 or so if the GUI interface of Alerts tab does not load. pf 2.1, snort Installed: 2.9.4.6 pkg v. 2.6.0 Thanks, Well, first off that is an old version of Snort.  The current package is 2.9.5.5 v3.0.3.  I would suggest upgrading if possible.  If not here is how to change the value back manually. First, make sure you give it enough time to actually read 30,000 rows.  That could take several minutes on a slow box.  If you are satisfied that it actually won't come back to a displayed page, then you will need to manually edit the config.xml file to fix this. Click Diagnostics…Edit File from the pfSense menu. Browse to /conf and open the config.xml file in the editor window. Scroll down near the bottom of the file and locate the section for <snortglobal></snortglobal>.  In there are all the settings for Snort. Find the element tag <alertnumber>30000</alertnumber> Change the 30000 value to 250 and then save the change.  That should put things back to the default. Bill
  • S

    Proxy Server problem!!!

    2
    0 Votes
    2 Posts
    875 Views
    S
    How can help me,Please? ???
  • G

    Status of unbound on 2.1.x

    5
    0 Votes
    5 Posts
    1k Views
    D
    @grandrivers: there are also ipv6 issues with it on 2.1.1 if i enter ipv6 on gerneral tab complains about format of conf hopefully can start trying 2.2 before too long I have no issues with IPV6 and Unbound on 2.1 or 2.1.1.
  • F

    Snort not updading VRT ruleset

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB
    @fragged: I does download the paid rules. But what you were the OP was talking about in your first post was the Snort binary version. The Snort VRT tie the snort binary version to the rules version.  This means you can't use 2.9.6.0 rules with the 2.9.5.5 binary and vice-versa.  The installed binary must match up with the rules. An update to 2.9.5.6 Snort is on the way.  We are having some issues at the moment getting the binary package to build for 2.0.3 users of pfSense (the old *.tbz packages).  The new 2.1 PBI packages are working fine.  We don't want to release the new update until the binaries will work on both pfSense versions since both are supposed to be supported.  We should get this *.tbz package building problem worked out shortly, and then the new 2.9.5.6 binary and the updated 3.0.4 GUI package will be posted. I have not updated to 2.9.6.0 yet because doing so will lock out the free users of Snort VRT rules so they would not get updates until the end of February.  And because the binary version and rules version are tied together, that prevents me updating just for the paid-subscriber guys as well.  All things considered, it's probably not a bad idea to be one version behind "bleeding edge"… ;).  That way the bugs can get worked out. Bill
  • S

    AutoConfigBackup causes "error while uploading"

    4
    0 Votes
    4 Posts
    1k Views
    jimpJ
    Great. We have a potential fix in testing for that problem, it shouldn't be an issue in the near future.
  • S

    Help sending flows to an IPsec destination

    4
    0 Votes
    4 Posts
    972 Views
    S
    also tried setting the static route to 0.0.0.0/1 … flows still not making it.  I also did a pcap to confirm they are not making it.  I feel like I'm missing something simple......  :-\ EDIT: BAH. Nevermind. pfflowd works with the static route in place. I absolutely could not get softflowd to work over IPsec. I'm happy.
  • T

    Log Snort to sguil(Security Onion)

    6
    0 Votes
    6 Posts
    6k Views
    BBcan177B
    @tbaror: Thanks all for the answers , but Snorby would be a good solution if he had some alerting rules facility The Snorby package in Security Onion has alerting functionality.
  • H

    Dont work squid filter

    1
    0 Votes
    1 Posts
    875 Views
    No one has replied
  • S

    Mailreport filter syntax

    3
    0 Votes
    3 Posts
    3k Views
    S
    good stuff, thanks a lot! now i'll go find a way to get a pfblocker report in the mail too!
  • I

    Snort blocks many websites with "block offender" checked

    4
    0 Votes
    4 Posts
    3k Views
    bmeeksB
    @iraiam: @fragged: The HTTP preprocessor does fire a lot of false positives. You can either add the single rules to your suppress list or enable this setting: Disable Alerts from this engine configuration. Default is Not Checked. You can find it under the settings for your Interface -> <interface name="">Preprocessors -> HTTP Inspect / Server Configuration (click the E to edit)</interface> Thanks, I'll give that setting a try, I don't have time to deal with single rules at the moment, maybe at a later date. Take Centurylink.com; it generated 19 blocks from one session. I went through the logs and checked a quite few of the blocks manually and found no actual threats. it makes sense to me to block offenders, providing it detects actual offenders without all the false positives. The HTTP_INSPECT preprocessor is unfortunately very good at generating false positives.  Some of them are likely the fault of code in the preprocessor itself, but many are due to various web servers not adhering strictly to the standards.  No matter which is the real problem, it's a fact of like for IDS/IPS admins that false positives will occur.  Snort on pfSense uses the binary file produced by the Snort VRT, so any bugs in that code show up in pfSense. There is a thread that lists many of the known false-positives, and some users have shared their Suppress Lists.  You might want to try some of their shared settings.  Here is the link:  https://forum.pfsense.org/index.php/topic,56267.0.html
  • A

    Help understand cron script

    5
    0 Votes
    5 Posts
    1k Views
    A
    The third script now errors and says "Illegal variable name."
  • K

    Squid3 reverse proxy randomly fails…

    2
    0 Votes
    2 Posts
    851 Views
    B
    You are going to have to give us some information to work with. Like the access.log I think when it is not working. Does restarting the service fix it? What do you have to do to get it working again?
  • C

    Snort reverse lookup icon

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @Clear-Pixel: Why is it often times many IP's are missing the reverse DNS info? Is it a DNS server with a poorly compiled DNS list? It would seem the IP would be out of compliance if no Name was attached? There are a fairly significant number of the "spammer" and other blacklisted IPs that do not resolve via DNS lookups.  Not really surprising when you realize these guys don't want to be found… ;) Bill
  • N

    SQStat 403

    Locked
    10
    0 Votes
    10 Posts
    6k Views
    jimpJ
    Posting this here since the thread is very high in search results for the sqstat 403 error: This is because the IP address querying the status from squid is not listed as an external cache manager. To find the IP in use, enable squid logging, try to access sqstat, and then run run: # grep "403.*active_requests" /var/squid/logs/access.log You will find lines such as this: 1390930259.701      0  192.168.1.1 TCP_DENIED/403 1410 GET cache_object://localhost/active_requests - NONE/- text/html Then go to Services > Proxy Server, on the Access Control tab, and add the IP from that line to the External Cache Managers box, e.g. 127.0.0.1;192.168.1.1; Save there, and for good measure go back to the main tab on squid and press save again, and then you should be able to access sqstat. If that alone does not work, and you have a filter such as squidGuard installed, make sure you have "localhost" listed in a whitelist or have access open from the LAN IP of the firewall itself.
  • B

    Sarg Vs Lightsquid

    2
    0 Votes
    2 Posts
    4k Views
    D
    @berrick: From my limited use of both these packages it seems they do the same thing, is this correct? Which is better sarg or lightsquid? regards Depends on your wishes. LightSquid easier, Sarg has more features.
  • R

    Squid No longer able to access my network from the outside.

    1
    0 Votes
    1 Posts
    502 Views
    No one has replied
  • M

    Allow HTTPS traffic straight out through WAN with squid?

    2
    0 Votes
    2 Posts
    961 Views
    jimpJ
    By default the firewall won't touch HTTPS with squid in transparent mode. Make sure your firewall rules allow access on the LAN interface from your LAN subnet to anywhere on port 443. So long as the rules pass it and squid doesn't touch it, it will go right out.
  • T

    Dansguardian 2.12.0.3 Signal 11

    89
    0 Votes
    89 Posts
    42k Views
    R
    Just figured out that the 2.12.0.6 version of DG that Marcello compiled does not have PCRE support… or at least that is my guess on the problem. It does not execute and of the regular expression functionality - such as URL regular expression modifications. Would anyone with a dev environment (Marcello?) be willing to compile the 2.12.0.6 or 2.12.0.7 version with PCRE? Or, for that matter, e2guardian (I'd be willing to mod the UI to get it working)? Thanks in advance!
  • W

    Pfblocker + memory limit

    2
    0 Votes
    2 Posts
    1k Views
    BBcan177B
    I am not sure if SquidGuard is the same as pfBlocker for the max table entries, but I would assume so. Did you edit the System:Advanced:Firewall/NAT  "Firewall Maximum Table Entries"
  • KOMK

    Speedtest.net Upload Test Fails with Squid/SquidGuard Enabled

    4
    0 Votes
    4 Posts
    2k Views
    B
    @KOM: 1. pkg_info: bsdinstaller-2.0.2013.0911 BSD Installer mega-package gettext-0.18.3 Going to need the rest of the information still ;)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.