1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    Y
    You can run via SSH or Diagnostics -> Command prompt squid -k parse and paste output here.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    JeGrJ
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix. Yeah, that may be, but if you install packages with dependencies on the console rather then the package manager, those may have (old) dependencies for specific versions. So if that crowdsec package has a dependency on an older pfsense base package or something like that and you install any other package (like Acme) which may collide with that, the package manager makes a decision to solve the conflict. Not always the most sane one - sure - but that's like any other distro out there. Manually installing packages on the console always may get you into dependency hell :) Just saying, because now it was acme, next time it could easily be some other package triggering such an effect. Cheers

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • W

    Squid 3 + Guard 3 blocking all http?

    8
    0 Votes
    8 Posts
    7k Views
    W
    @finalcut: squidguard(web filtering) work with squid3 (as poxy) after you install squidguard and choose which to block and which allow you should then save then go to the first tab of squidguard and click apply and then save from squid3 you must add the allowed subnet for example 192.168.1.0/24 in addition to choose lan interface and 3128 as port also there is tow type of proxy non-transparent (you should add the ip and the port in each browser(firefox it be or any other flavor ) for user transparent you shouldn't add the ip and port in the browser but you choose it from squid configuration Cheers will test it soon.
  • J

    Cannot Uninstall squid 2.7.9_3

    3
    0 Votes
    3 Posts
    1k Views
    J
    Reset to factory defaults and started over before I saw your post. But thank you for the reply. jclarkv
  • J

    Sarg 2.3.6_2 with squid3 3.1.20 on pfsense 2.1.5

    1
    0 Votes
    1 Posts
    936 Views
    No one has replied
  • R

    Setting up Bind

    2
    0 Votes
    2 Posts
    2k Views
    C
    If you turn on DNS to listen on WAN, then you want to hide version as precaution to avoid targeted attacks. This would make it easier for attackers to figure out what your BIND is vulnerable to if vulnerable based on version number. I recommend only listen on your internal networks. You don't want to expose your internal zones to the internet and/or get flooded by people using your DNS server. Notify is used if your BIND is the primary DNS server and you have slave DNS servers configured in Zone(s). If notify is enabled, it will immediately notify the slave servers when changes occur to the zone(s). This will help keep your DNS servers in sync quicker. You will only need this if you are setting up DNS zones.
  • G

    Looping Squid Auth

    3
    0 Votes
    3 Posts
    882 Views
    S
    Anything? Stuck on the same problem… I'll try to use squid3, maybe it works
  • T

    Gui status for dashboard squid3

    1
    0 Votes
    1 Posts
    581 Views
    No one has replied
  • X

    Squid custom fields

    7
    0 Votes
    7 Posts
    2k Views
    X
    I found that just %Hs work and puts in the status code.  I really appreciate your help.  It seems that everything is working now.
  • K

    Squid3 or Squid2 … Your thoughts...

    3
    0 Votes
    3 Posts
    1k Views
    K
    Thank you for your input. I will test with v3 and see. If it has antivirus, maybe I can skip having HAVP installed…
  • R

    Unable to get Squid transparent proxy to accept traffic on its own

    1
    0 Votes
    1 Posts
    973 Views
    No one has replied
  • E

    SNORT sending emails about cron

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @spudy12: Ah okay so it's nothing to worry about? I just assumed as it was sending an alert it was something that was not good (to much of that with my NAS lately) Also my Alert list is being spammed with (http_inspect) UNKNOWN METHOD Is there anyway to limit the number of these logged or turn it off altogether? Cheers! The cron e-mail is a never-mind.  Just spam.  I will see if I can get rid of in an upcoming update. As for the http_inspect alert, those are very common.  So common, in fact, that I wonder why the rule authors even keep them in their packages.  But since they do, my advice is either disable the rule or suppress it.  A suppressed rule still "fires", but Snort eats the alert.  A disabled rule never wastes CPU time being used to inspect against traffic, since disabled rules are not loaded.  Which to use is your call as admin.  I have chosen to disable the rule.  You can do that either on the RULES tab by selecting Preprocessor Rules in the drop-down, or (easier method) find the alert on the ALERTS tab display and click the red X icon to add the rule to the forced disabled list. Bill
  • K

    Package Site Down??

    8
    0 Votes
    8 Posts
    1k Views
    DerelictD
    ESF: Please kill your AAAA records until this is fixed.
  • bmeeksB

    Suricata 2.0.3 pkg v2.0.1 Update – Release Notes

    29
    0 Votes
    29 Posts
    4k Views
    bmeeksB
    The promised bug fix update for Suricata has been posted.  I started a new thread with those Release Notes.  The update to package version 2.0.2 from 2.0.1 addresses the bugs identified in this thread.  All are fixed except one, which is not actually a bug.  The Suricata Dashboard Widget will remember which column it was in when the package is uninstalled and reinstalled, but it will always position itself at the bottom of that column.  This happens because when Suricata is removed, the Dashboard Widget must also be removed or errors will result from missing files.  A package upgrade on pfSense actually performs an uninstall and then reinstall.  So the Dashboard Widget is removed during the uninstall step and then reinstalled when the package is.  However, it is not possible for the widget to position itself back exactly where it was before.  It will go to the bottom of the column where it was previously located. Bill
  • A

    Unable to update package and reinstall package

    4
    0 Votes
    4 Posts
    2k Views
    K
    Adjusted my hosts file and success! Thank you!
  • T

    HAVP on 4G NanoBSD

    5
    0 Votes
    5 Posts
    2k Views
    S
    I know this is an old thread but I though this would be a good topic to bring back from the dead since it is the first result in Google.  Could we use something similar to what is suggested at http://www.zeroshell.org/forum/viewtopic.php?t=1916.  This is the pertinent part: Step 0 - Disable your HAVP proxy using the GUI, in the case it is currently enabled. Step 1 - (Ignore) Step 2 - The following command have to be both executed in the Zeroshell's shell AND added to your pre-boot scripts (through the Zeroshell's GUI):     > mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp Step 3 - Re-enable your HAVP proxy using the GUI.
  • S

    Squid not working after ip address change

    8
    0 Votes
    8 Posts
    3k Views
    J
    I had been trying and failing to set up squid and squidguard when my LAN was set up to use 172.31.1.0/24. I reset to factory defaults and left all at 192.168.1.0/24 and the installation went fine.
  • M

    Sqid3-dev squidguard time based filtering stops

    1
    0 Votes
    1 Posts
    640 Views
    No one has replied
  • I

    Postfix - Zombie Blocker persistent whitelist cache

    2
    0 Votes
    2 Posts
    1k Views
    B
    ilvipero, Sorry for the delay in replying.  The package doesn't cache the domain.  It caches the IP address of the sending server. The postscreen cache (where previously seen IPs are stored)  is held in /var/db/postfix/postscreen_cache.db A reboot should not affect that - I've even backed it up and restored it to a fresh install. You can see what IPs are in there with postmap -s btree:/var/db/postfix/postscreen_cache Are you running an embedded install of pfSense?
  • H

    Snort 2.9.6.2 pkg v3.1.2 not logging Alerts

    31
    0 Votes
    31 Posts
    5k Views
    bmeeksB
    @highlandpeak: Bill, Thanks for the hard work. BAM If your configuration is still muddled up and giving you problems, send me a PM and I will work with you offline to get it fixed.  Essentially what was happening to you is the Snort PHP code was getting confused by the duplicate UUIDs for different interfaces and wound up trying to "start" the wrong one (one that is already started).  That's why one of your interfaces was giving a SOFT RESTART notice.  Its UUID matched one of your earlier configured interfaces (most likely the one it was cloned from).  Snort uses that UUID to differentiate interface instances. Bill
  • G

    Snort & Barnyard2 Logging to mySQL - Bug in config file when name contains space

    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB
    @Grandmaster: No problem at all Bill. Thanks for all the work. Normally I'd not use spaces for exactly this sort of reason but for some reason my thumbs took over on this one and typed a space - The thumbs have been duly admonished, put back in their box and I am now using a sensor name without a space and typing with only eight fingers. But as it got me scratching my head I thought I'd report it as a bug in case another person also has rogue thumbs or it crops up in some other manner. Cheers James I just tested and Barnyard2 itself won't honor any spaces in the config file (even when the string containing them is quoted).  So I added validation logic to the SAVE code that checks for spaces in the Sensor Name and throws a validation error if any are found.  I was able to sneak this fix into the current Suricata update that is under review by the pfSense developer team.  I will also add it to the next Snort update. Again, thank you for the report. Bill
  • H

    Stunnel

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.