1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N
    @andrew_cb Thank you very much for this, I just tried your proposed solution and it did work! That was driving me crasy! Way simpler than deleting the haproxy_server_state file.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @rasputinthegreatest said in pfBlockerNG not logging anything by default?: its made up of multiple sources so it does make sense that it resolves some of these weird private hosts An public NTP pool like pool.ntp.org would not list host names with weird random paddings that reference local devices. "domaincontroller-gPHvwjYS.local,192.168.1.86" is a reverse PTR, and is requested by one of your local devices. Why , I don't know. @rasputinthegreatest said in pfBlockerNG not logging anything by default?: I find them in pfblockerNG dns_reply log under Logs No URLs there, only host names. [image: 1754736735409-c09607c2-c95a-4971-bdb4-f63fe08bebe8-image.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    M
    This is still an issue as of 2.8.0 / 25.07, and it drives me crazy. Gateway failure works as expected, the wireguard tunnels will fail over to the backup gateway and continue on as normal, but will never recover once the failed gateway comes back online. While a reboot will (usually) fix it, I usually just go into my routing settings and mark the secondary gateway as down, forcing it to revert back to the primary... the users tend to dislike it when I reboot the firewall in the middle of the day
Log in to post
Load new posts
  • L

    Did something change recently with snort output? (alerts)

    Locked
    1
    0 Votes
    1 Posts
    987 Views
    No one has replied
  • M

    Squid + squidguard + havp and radioparadise streaming.

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    M
    Hi Again… False positive , yesterday from denmark , the radio was very hard to reach , but today it's just fine...   Sorry from my incompentence.... /Best Michael
  • C

    Mod Security (Reverse proxy with SSL)

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    H
    Hello, I got it working. It seems it's not possible to do reverse proxy on 443 and 80. I had to remove port 80 to get it working. On proxy server settings is set port to bind to 443. I removed  the port 80 site proxy (with a config for port 80 and 443 it didn't work). You have to enter the file name only for certificate files (with full path it will search for /usr/local/apache22/etc/usr/local/apache22/etc/cert_file according to the log) So i think there is a typo in the path they given under the option. You have to put your certificate files in /usr/local/etc/apache22/ instead of /usr/local/apache22/etc/ When you add full path name apache will not run and there is no proxy at all. You must not add a port forward in the NAT Greetings.
  • V

    Changing $HOME_NET in Snort

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • R

    Lcdproc hd44780 rs-232 error

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    Thanks Michele, I installed the beta LCDproc pkg, and my service started!  ;),  these are the settings I have now, [image: 8hIW9.png] which is great but I still see no activity on the lcd itself when the service started it created this .conf file : [server] DriverPath=/usr/local/lib/lcdproc/ Driver=CFontz Bind=127.0.0.1 Port=13666 ReportLevel=3 ReportToSyslog=yes User=nobody Foreground=no ServerScreen=no GoodBye="Thanks for using" GoodBye="    pfSense     " WaitTime=2 ToggleRotateKey=Enter PrevScreenKey=Left NextScreenKey=Right ScrollUpKey=Up ScrollDownKey=Down [menu] MenuKey=Escape EnterKey=Enter UpKey=Up DownKey=Down [CFontz] Device=/dev/cuau1 Size=16x2 Contrast=350 Brightness=1000 OffBrightness=50 NewFirmware=no Reboot=no " here is what my logs say about the LCD: [image: 0jrZM.png] I've tried changing port speeds, content, but no luck…any clues ? Thanks
  • M

    Squid 3 HTTPS (ssl connect) pages loading slowly / after retries

    Locked
    7
    0 Votes
    7 Posts
    19k Views
    marcellocM
    I've included this dns_v4_first option on squid3 pkg v 2.0.5_4 general tab. [image: squid3_dns_v4_first.png] [image: squid3_dns_v4_first.png_thumb]
  • C

    Country IP Blocks is considering offering free ACLs to pfblocker users

    Locked
    14
    0 Votes
    14 Posts
    7k Views
    L
    @CIPB: It's always worth discussing in order to see what can be worked out. Possibilities: Allowing pfBlocker devs occasional access to freshen up the lists in pfBlocker. Allowing individual pfBlocker users to register w/ CIPB and receive some sort of list access in return. Allowing pfBlocker to regain it's former access to CIPB lists, in trade for publishing a CIPB logo/badge on the pfBlocker tab/page in pfSense. (Probably needs approval by marcello/tommyboy and/or others) That's what I have off the top of my head.
  • M

    Help with ntop please!

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • H

    SNORT 2.9.2.3 WONT START AFTER UPGRADE

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    P
    Hi, I have the same (similar) problem. When I enter [2.0.1-RELEASE][admin@fire.box]/root(2): /usr/local/etc/rc.d/snort.sh start I get the following error message pgrep: Pidfile `/var/run/snort_pppoe03086.pid' is empty Any clue? Matthias
  • M

    Broken pfsense by installing freeradius2 and how to recover?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    M
    Thanks a lot for the hint regarding the conf/config.xml . I did not know pfsense can be configured with the help of only this file :O and that it is versioned automatically (now i have also found the corresponding backup/restore option in the web interface). Had a whole bunch of old config files and after reseting to factory defaults i could again connect to the web-interface and from there (what i really liked) load one of the old configs from which i knew they worked. Great!
  • A

    [help] Setup reverse proxy with authentication

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A
    Actually don't worry, I setup a IPSec vpn instead
  • gwhynottG

    Package request - xymon

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    gwhynottG
    @SeventhSon: Looks cool, might be handy in some situations :) If you hacked it into pfSense, can you give us an idea what you needed to do to get it running? sure but its standard stuff.. 1. log into via ssh,  drop to the cli 2. type:  setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/ 3. type: pkg_add -r xymon-client then you can configure it. -g
  • B

    SquidGuard Blocking Issue

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    B
    Thanks for the document , I have noticed it.. and it works fine now ../ sorry for asking such trivial question
  • K

    New Snort Package - Issues & Suggested Fixes

    Locked
    20
    0 Votes
    20 Posts
    22k Views
    H
    (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE suppress gen_id 120, sig_id 3 (http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED suppress gen_id 120, sig_id 6 (http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE suppress gen_id 120, sig_id 8 (smtp) Base64 Decoding failed. suppress gen_id 124, sig_id 10 (smtp) Quoted-Printable Decoding failed suppress gen_id 124, sig_id 11 (smtp) 7bit/8bit/binary/text Extraction failed. suppress gen_id 124, sig_id 12 Thank You I also received those http_inspect alerts. Pfsense 2.0.1 X64 + Snort 2.9.2.3 pkg v. 2.5.1 I also had to add these as well: #(http_inspect) UNKNOWN METHOD - 0 suppress gen_id 119, sig_id 31 #(http_inspect) SIMPLE REQUEST suppress gen_id 119, sig_id 32
  • perikoP

    Squid wpad and android issue.

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    jimpJ
    The Opera browser supports adding a proxy in (See opera:config) but it doesn't seem to support autoconfigure. Firefox has options for it in about:config
  • _

    Snort reinstall and new failing: libpcre.so.1: unsupported file layout

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    H
    @jimp: Try this: uninstall, then from the shell: pkg_delete -f snort* pcre* Then try to reinstall. I checked the version of PCRE on the package server, and the one required by snort is built for amd64 so I'm not sure how you'd have pulled in the wrong one. THANK YOU VERY MUCH! your instructions helped me to get Snort Running again  :D I'm running Pfsense 2.0.1 X64 with Snort 2.9.2.3 Pkg 2.5.1 Link to my post: http://forum.pfsense.org/index.php/topic,52854.0.html Thanks again
  • U

    Squid & Squid Guard not starting after install

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    P
    The minimum pfSense version required for Squid is now 2.0.n I guess that the 1.2.3 package installer code doesn't have the code to check that, so it let you install it. The code in squid.inc is checking for version "2.0" to use pkg install dir names, it assumes that if you are not on 2.0.n that you are on a later version e.g. 2.1-BETA0 which uses pbi installer. So you are getting those messages about it trying to find dirs with "pbi" in the name. I would advise installing pfSense 2.0.1 and then install packages…
  • F

    SquidGuard doesn't obey safesearch settings

    Locked
    1
    0 Votes
    1 Posts
    950 Views
    No one has replied
  • N

    2.0.1 - Snort won't start - New Install

    Locked
    24
    0 Votes
    24 Posts
    12k Views
    B
    Bumping this thread. I updated to 2.1-dev from 2.0.1 a couple of days ago. Using AMD64 build with the latest packages. Snort won't start with the configuration I had setup from before. Error message is the FATAL ERROR: Failed to initialize dynamic preprocessor: SF_DNS (IPV6) version 1.1.4 (-2) which definitely means it's having an issue with the IPv6 part of "Enable DNS Detection" preprocessor. Only catch is that if you disable the preprocessor, it's not actually disabling it. Steps to reproduce: Create a new snort interface (Defaults are fine) enable snort. Everything works fine. Disable snort. Edit the interface, go to the preprocessors tab, check the box for "Enable DNS Detection" and save the changes Try enabling snort again, and it crashes with the error message. Edit the interface, go to the preprocessors tab, uncheck the box for "Enable DNS Detection" and save the changes Try to start snort again, and the error message still appears. You can keep creating new rules and they will keep working as long as you don't enable that preprocessor. I was able to enable the HTTP inspect one, need to test the others yet.
  • L

    Configpath

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    L
    Thanks marcelloc, I've looked at the ipguard xml in addition to squid and spamd. In the ipguard xml, the only difference appears to be the format (I've seen both formats out there so I assume both are valid). <configpath>['installedpackages']['syslogngobjects']['config']</configpath> VS. <configpath>installedpackages->package->ipguard</configpath> Is my understanding correct, that I can provide a custom configpath (one that differs from the name of the syslogng_advanced.xml file) and expect pfSense to put the config in the respective area of the config.xml file?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.