1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @keyser That is normal - the download of the GeoIP asn data is randomized (once when the system is setup) Why it runs at different times on different boxes. When you schedule pfblocker to run at 2:00 all the ASN files are then already local and not downloaded again. Put it another way, the older version would download every ASN file, every time, pfblocker ran an update via cron. so if you ran pfblocker hourly, you would be downloading ASN data file for your selected ASNs every time it ran the cron job ran. Now the download only happens once (at the preselected randomized time) and you get every ASN available ) You can run the pfblolcker cron updates as many times as you like and they will not download anything (Geo /ASN) related. it will just update those lists from the local data. You can even add a "new" ASN to your selection, and it will already be available. on a 2100 this ASN database download (as you noted is logged in the extras.log) takes all of 15 seconds here. I would likely never see a CPU hit specifically related to this download. Download Process Starting [ 08/14/25 07:45:01 ] /usr/local/share/GeoIP/asn.mmdb 200 OK /usr/local/share/GeoIP/asn.csv.gz 200 OK ASN Lookup Table has been updated [ 08/14/25 07:45:05 ] Download Process Ended [ 08/14/25 07:45:16 ]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @jimp said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: While we do not deliberately break such configurations, if you install a package from unsupported repositories and they replace or mess with base system dependencies, then there is no telling what will break over time like this. Understood - thank you very much for the clarification. I need crowdsec though... and there are no official support yet. I don't mind reinstalling the system, it takes reasonable amount of time, unless I found netinstaller fails to connect to my pppoe which tripled the time of restoration. For that I have no explanation and it is obviously not related to the dependencies, but that's offtopic in this thread.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    595 Posts
    E
    Updated CE 2.7.2 to 1.86.2_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.2_1.pkg Freshports

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Strangely enough, checking the system 4 days later, I now see that Wireguard service is reported running! The last thing I did 4 days ago was to disable Wireguard service monitoring by the Service Watchdog. Anyway, even when it was reported stopped at first, 4 days ago, the tunnels were working flawlessly. Very strange. I will keep an eye on it.
Log in to post
Load new posts
  • J

    No Logs in Light squid report…

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D
    http://forum.pfsense.org/index.php/topic,49680.0.html
  • A

    Snort 2.9.1 pkg v. 2.0.2 wont start, no real info

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    G
    Found a bug. If pfsense changes IP (I'm using as xDSL bridge mode), snort goes down. The only solution (AFAIK) is by logging at WEB GUI and manually restart it. Of course, should'nt be like this.  Solution?
  • P

    Squid not logging traffic, configuration issue?

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    P
    I don't know about 2.0.1. I have an issue with 2.1 but after an update, it worked like it should.
  • C

    Developer vs community package list?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    C
    We support all the packages as best we can for support customers under their purchased hours. We're not necessarily all-knowing experts on every single one of them, but we know all of them to some degree, and can generally figure out anything we don't know. The main difference under commercial support on packages vs. base system is we can't vouch for the quality of packages. We'll fix any base system issues that are encountered (which is rare) at no cost to the customer, but can't provide any such assurance with any package other than our AutoConfigBackup. If a customer has an issue with a package and wants to put their purchased time towards fixing it, we can almost always accommodate, we just can't do it for free like we do for the base system.
  • E

    Squid status

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    marcellocM
    @ezyclie: So can i do this: http://forum.pfsense.org/index.php/topic,14609.0.html with embedded system? without loosing the changes? If you are going to do this on console, follow the steps doing a rc.conf_mount_rw before changes and a rc.conf_mount_ro after changes. on embedded /var is flushed every boot but looking the steps, I can see only changes to files on /usr dir. att, Marcello Coutinho
  • M

    Quagga OSPF problems [SOLVED (Sort of…)]

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    After a series of reboots it's all working now. I'm not thrilled by the stability here, but hey, I am running 2.1-DEVELOPMENT so I guess I can live with it for now :) Any ideas of when 2.1-STABLE will be out? I read a lot about IPv6 Launch Day, and that's not very far away.
  • J

    Need some help on Snort testing

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    S
    I believe that many of those rules are designed to alert when icmp traffic sourced from EXTERNAL_NET destined for HOME_NET.  So in order for those rules to alert,  a successful ping has to occur that matches those conditions. When I was testing snort,  I was pinging from a lan interface to a lan interface.  Since neither was from a network associated with EXTERNAL_NET I would never see an alert.  In order to get an alert to fire, I modified both EXTERNAL_NET and HOME_NET variables in one of the icmp rules to read "Any".  This way, you don't have to be concerned with where your traffic originates from.
  • K

    Snort 2.9.0.5 EOL

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    C
    I also wonder where this issue currently stands?  I had no issue adding and enabling rules, but I'm new to this so I'm unable to determine if the rules are current or truncated to support the EOL version.
  • C

    Transparent AV?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C
    Thanks for the tips!  I tend to agree that firewall-based AV isn't really that useful, especially with so many sites using HTTPS these days. I have no experience with clamAV, but our client-side ESET performs quite well, so maybe I'll leave well enough alone rather than get into Squid, etc.  (something else I have no experience with) Thanks for the tip regarding pfBlocker, we currently use DynDNS for content filter at only $10/year, but it's DNS-based so easy to bypass for intermediate users.  This might be the answer I was looking for, though!
  • F

    Squid not 'squidding'

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    "Do not cache" does not mean "block". It ist just not caching this sites. To block (filter) sites you need additional tools like squidguard or dansguardian. But please update your old system to an actual pfsense version like 2.0.1
  • Q

    Squid Blocking Web Access

    Locked
    19
    0 Votes
    19 Posts
    39k Views
    Q
    Any update? I've tried using Dansguardian with a firewall rule redirecting port 80 instead of Squid/SquidGuard intercept mode. This seems to work so far. Wondering if I should just stick with D then? Not really clear on the difference between the two softwares. Thanks for your help.
  • M

    Open-VM-Tools-8.8.1

    Locked
    8
    0 Votes
    8 Posts
    6k Views
    C
    Does the stable version support vmxnet2?  Ideally I'd like to run vmxnet3, but this is my first run with pfSense so I'm trying to KISS.
  • M

    What would it take? (FreeRADIUS on 2.1)

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    M
    Thanks, I'd tried that package, but I hadn't seen the thread link, I posted in there. It'd be really great to get this working!
  • N

    Delet log files in imspector

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    K
    thanks it worked for me.. and i didnt break my pfsense LOL. anyway thanks for the expertise.
  • N

    PfSense Snort for Dummies?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    J
    @Nonsense: Does one have to register to subscribe to the Emerging Threats rules (if so, then how?) or just place a check in the Install Emergingthreats rules box on the Global Settings page? Right, no registration, just check the ET box, select the auto-update frequency interval, and save. You may need to manually update the rules, or stop/start snort to download then initially. After updating review the categories enabling those of interest under each interface. I think that's about all you need to do.
  • M

    [SQUID] comm_old_accept: FD 20: (53) Software caused connection abort

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    M
    Hi, Still can't find the cause - so when I get an open slot, I'll just try re-installing the whole system from scratch and see if it stops. This system only serves 40 users or so, and I never get anywhere near the size limit of MBUF or state table. I run it on a P4 3GHz with 2GB RAM, 40GB HDD and very seldomly the CPU goes above 10% and memory never above 40%. So I don't think it is a performance issue either. Might it be a faulty RAM module? Cheers, MrsPotter
  • C

    IMspector install failure on 2.0.1-Release

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    C
    Thank you very much marcelloc! Worked like a charm :-)
  • R

    Incorporating the DHCP wpad setting into the UI

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    HELP: Varnish3

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    marcellocM
    The doc ends on the same point: Yep, you got it exactly. Varnish does not handle SSL itself. If it receives a request that is SSL encrypted it will pass it directly to Apache. For us though, we have the load balancer decrypt/encrypt and all traffic between Varnish and Apache is normal HTTP (but we keep using a different port number so we can tell if the page will eventually be secured). and suggests the same "when time permits solution" _]Another way to handle SSL is Another way to handle SSL is to put pound (http://www.apsis.ch/pound/) in front of varnish for port 443 and do lightweight SSL decryption and then you get the benefit of Varnish for even the SSL encrypted traffic._ The only thing that I can include in this package is the pass trough function. But IIRC, all servers should have the same config/sites to share the same ip as varnish can't see the request it self, just a ssl connection.
  • A

    Pfsense + Squid + Squidguard +transparent

    Locked
    7
    0 Votes
    7 Posts
    8k Views
    marcellocM
    @albokos: I'm digging out the .pac file solution, i've a good one it works when store locally on a pc now i try to set it to be accessible via the pfsense web server. pac proxy configuration has a lot of good points, including filtering ssl urls. good choice.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.