1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N
    @andrew_cb Thank you very much for this, I just tried your proposed solution and it did work! That was driving me crasy! Way simpler than deleting the haproxy_server_state file.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @rasputinthegreatest said in pfBlockerNG not logging anything by default?: its made up of multiple sources so it does make sense that it resolves some of these weird private hosts An public NTP pool like pool.ntp.org would not list host names with weird random paddings that reference local devices. "domaincontroller-gPHvwjYS.local,192.168.1.86" is a reverse PTR, and is requested by one of your local devices. Why , I don't know. @rasputinthegreatest said in pfBlockerNG not logging anything by default?: I find them in pfblockerNG dns_reply log under Logs No URLs there, only host names. [image: 1754736735409-c09607c2-c95a-4971-bdb4-f63fe08bebe8-image.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    M
    This is still an issue as of 2.8.0 / 25.07, and it drives me crazy. Gateway failure works as expected, the wireguard tunnels will fail over to the backup gateway and continue on as normal, but will never recover once the failed gateway comes back online. While a reboot will (usually) fix it, I usually just go into my routing settings and mark the secondary gateway as down, forcing it to revert back to the primary... the users tend to dislike it when I reboot the firewall in the middle of the day
Log in to post
Load new posts
  • K

    Squid3 reverse proxy multi-SSL sites

    Locked
    3
    0 Votes
    3 Posts
    10k Views
    marcellocM
    take a look on this post: http://forum.pfsense.org/index.php/topic,53701.msg287417.html#msg287417
  • M

    Reverse proxying (Squid) 80 request to 443 internal web server?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    M
    anyone out there?
  • T

    Mod_security unbelivably slow

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    T
    DNS forwarder is not in use (is disabled). pfSense is configured to use two back-end DNS servers, has always worked fine. The primary is listed first, the secondary second. The back-end web server CNAME was recently added to the Primary DNS since traffic needed to be routed via host header, not with a path. The slave immediately updated its zone. There was a power failure overnight Sunday morning, and when UPS ran out all servers were shut down until power was restored. Testing from a remote location right now, its serving up the robots.txt file as fast as 102ms. Probably restarting something resolved the issue, though since the whole farm was restarted its impossible to know what specifically did it. Hopefully it stays resolved!
  • D

    Bypass Squid Proxy.

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    marcellocM
    Just remove the "*" and insert .phobos.apple.com on squid whitelist. Do you use transparent proxy?
  • M

    Snort Issue false PSNG_UDP_FILTERED_PORTSCAN

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    I
    FaceTime also generates this alert.
  • perikoP

    Transparent proxy changes?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    Squid do not implement https transparent proxy but dansguardian does on 2.12. The bad news is that client browsers reject dansguardian "fake" cert on current compilation/package.
  • L

    Haproxy_full sticky connections

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N
    Hello Cookies is not enabled by default in HAproxy. you can add " cookie XXXX insert indirect nocache " in Advanced pass thru Box in FrontEnds , Then configure your server with cookies in server Tab. It work`s great. check HAproxy Document for more info http://cbonte.github.com/haproxy-dconv/configuration-1.4.html
  • C

    HELP: HAProxy

    Locked
    24
    0 Votes
    24 Posts
    15k Views
    N
    I was bewildered with " Advanced pass thru "`s  name actually . Thanks again marcelloc for your help
  • G

    Squid not showing up on gui after install

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    G
    OMG. Not cool. Sorry everyone. I was expecting to see "squid" in the services menu .. it's proxy server. wow, just wow, i know better.
  • T

    Mod_security: rules and forwards?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    T
    Well, didn't really answer the critical part of the question, but I seemed to have figured it out. The rule should allow all source IP, all sorce port to the public IP the proxy is listening on as the destination IP with a destination port of 80.
  • U

    Skype - impossible to block…

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    F
    I have a problem with Skype blocking. I don't and I am using pfSense 2.0.1 and Snort 2.9.2.3 pkg v. 2.5.1. Either you enable the rules in pua-p2p, or use the default ET set of rules.
  • K

    Send Squid request to a designed gateway/nic

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    K
    If you dont use FailOver or LoadBalance, you can just add tcp_outgoing_address WAN2_IP on squid custom options.
  • P

    Question about pfsense and Ntop

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P
    I'm talking about ntop >summary > traffic. At "Global TCP/UDP Protocol Distribution" is where i want to list what uses most bandwidth first. Now FTP is listed first, but ftp haven't used more then 202.5KBytes, Facebook on the other hand, has used 771.4 MBytes. We do not want to start with proxy yet, because then we will have to configure about 250 machines to go through the proxy. And that we do only have time for when it's summer vacation for the students.
  • T

    Snort 2.9.2.3 pkg v. 2.5.1 blocks certain white listed IPs

    Locked
    13
    0 Votes
    13 Posts
    4k Views
    T
    Sorry for the delay. We have the same issue and it is causing us major problems. We have an internal server that scans web sites known as a security risk so we generate alot of Snort alerts. However, our internal LAN servers are getting blocked by Snort on the virtual IP (IP the server has on the Internet). We have put the virtual IP range in the white list and we have set the "Add Virtual IP Addresses to the list" option on. Yet still our virtual IPs get blocked by snort (they appear in the Snort blocked list). What can be done to fix this? Any help would be much appreciated!!
  • D

    How to customise main.cf file of Postfix Forwarder in complicacy

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    @DQM: Can you show me how to do it in details, Marcello? I am a Networker not Programer  >:( If you do not understand php, then it could not be done. It will be easy to break the script and mess up your pfsense.
  • F

    LCDproc-dev

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    Hello. Well, the SDECLCD is doing s.th. But does only display lcdproc…
  • D

    Arpwatch issues

    Locked
    6
    0 Votes
    6 Posts
    6k Views
    D
    Nice, thank you phil.davis for pushing it to github, I have a github acc but didnt know about that repository. now its just a few more bugs left  ::) the mail part is very important, I had this package running on a lan-party last week and forgot about it. when I checked the report I saw my server's mac-address on 3 ip-adresses, it was because i used linux-vserver but if it had been an arp poisoning I would not have notices untill I got ssl-warnings and slow network :P
  • F

    Not Sure If Snort is Updating Rules?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    bmeeksB
    True that the "free" or "registered user" rules are updated much less frequently than the "paid" or "subcriber" rules are.  The subscription rules are generally updated daily except across weekends. I can definitely report the behavior with the cron job rules update is consistent if you logout of the GUI and wait for the job to run.  Apparently the various values from the config.xml file are normally stored in an array variable called "$config" within the GUI.  The cron job now uses the same PHP page to perform its rule updates as the GUI manual method does, and the values are supposed to be available within that "$config" array variable (it's a global array, apparently).  Looks to me that once you log out of the GUI and any cached info expires, the cron job is then left with no values in the "$config" array.  One of those missing values is the Oinkmaster Code to use for the rule download.  With that parameter missing, the rules download does not happen. It seems that if you change the time the cron job is to run, and you hold an active web session open during the scheduled cron run, then everything works fine.  My guess is this happens because the "$config" array is still populated with an active GUI session. This will probably need Ermal to take a look and see if it can be fixed.
  • B

    Snort 2.9.2.3 pkg v. 2.5.1 on pfSense 2.1 snapshots

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    B
    The more I look at this, I think it is the program check_reload_status that is causing Snort to spawn multiple, duplicate instances.  I'm going to kill the service for now and see if Snort stops misbehaving.  If so, I'll turn on auto-update again and see if Snort still behaves. I'll post results. UPDATE Just realized there are six instances of check_reload status running.  Think I just found the problem.  Now, does anyone know what is responsible for spawning this program?  I don't see it in crontab or in rc.d… at least, not directly. Also, when I try to kill any of these instances of check_reload_status, I get an "Operation not permitted" message.  Yea.
  • D

    Mod_security

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.