1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • N

    Transparent Proxy Mode

    13
    0 Votes
    13 Posts
    3k Views
    N
    @wcrowder: Easiest way to have external proxy on another host on pfSense. Place this in /usr/local/www/wpad.dat on your pfSense router. function FindProxyForURL(url,host) {     // If the requested website is hosted within the internal network, send direct.     if (isPlainHostName(host) ||         shExpMatch(host, "localhost") ||         shExpMatch(host, "*.crowderfarm.local") ||         isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||         isInNet(dnsResolve(host), "127.0.0.0", "255.255.0.0"))         return "DIRECT";     return "PROXY 192.168.10.8:3128"; } ```. Add a <host override="">on DNS forwarder: Host: wpad Domain: crowderfarm.local IP addres: 192.168.1.1 Description: WPAD Autoconfigure Host Or you can simply point your browsers to the configuration file in connection settings by clicking "Automatic Proxy Configuration URL" in Firefox for example and entering "http://192.168.1.1/wpad.dat". Of course you have to set these settings to match your network.</host> So it means we need to manually select "Proxy Auto-Discovery" option in the browser even after placing this code in pfsense router?
  • R

    Squid , NAT using Virtual IP Pool

    1
    0 Votes
    1 Posts
    752 Views
    No one has replied
  • D

    Snort / Suricata Widget feature request

    11
    0 Votes
    11 Posts
    2k Views
    bmeeksB
    @Supermule: The customer has a fixed IP and it puzzles me as well. Is the fixed IP address IPv4 or IPv6?  And I assume the IP is confirmed to be in the PASS LIST for the interface.  You can verify that by going to the INTERFACE SETTINGS tab for that interface and then clicking the "View List" button beside the PASS LIST drop-down.  The IP address should be in there. Do you have confirmed alerts with that customer's IP address in either SRC or DST where there was no block inserted?  Might take correlating some dates and times to figure that out.  I'm trying to determine if perhaps there is a problem with the binary patch that reads the processes the PASS LIST internal to the Snort binary.  For example, it might be that the logic inside the binary is not always accurately matching the IP address with the PASS LIST and thus might insert a block when it was not supposed to. Bill
  • R

    Can't Remove / Re-install Snort

    24
    0 Votes
    24 Posts
    7k Views
    BBcan177B
    There is a table called "Snort2c" which you can see in Diagnostics:Tables If the file is there, you can open it and click the "all" icon at the bottom to clear it. If Snort is installed, you can clear the table by going to the Snort:Blocked Tab and hitting the "Clear" Icon.
  • J

    Snort not running on interfaces at startup

    9
    0 Votes
    9 Posts
    2k Views
    bmeeksB
    @justsomeone: 24 gig RAM, possibly a memory setting in the BIOS is affecting it? though if AC-BNFA-NQ performs the best, maybe I should leave it. It's been stated here on the forum several times by several folks that the best setting is AC-BNFA-NQ.  Some of the other settings can quickly chew up RAM unless lots of optimizations are done, but the Snort package does not support in the GUI all the fine-tuning required. Bill
  • U

    [Solved] OpenVPN Client Export Utility not installed correctly?

    2
    0 Votes
    2 Posts
    1k Views
    U
    This issue was probably due to issues with the package repository that day. Tried to set up the export utility today, and it worked fine even though there have been no changes to the utility since I last tried it.
  • V

    Squid non transparent - User permission question

    1
    0 Votes
    1 Posts
    687 Views
    No one has replied
  • L

    Transparent Proxy'ing IPv6

    2
    0 Votes
    2 Posts
    2k Views
    L
    It seems that if I add http_port [2001:xx:xx:94a::1]:3128 acl localnet src 2001:xx:xx:94a::/64 Into the Custom options on the General tab it nows listen to the ipv6 IP correctly.  However, the transparent proxying on ipv6 doesn't seem to work.
  • E

    Manually Downloading and Installing Packages

    3
    0 Votes
    3 Posts
    14k Views
    E
    @networkinggeek: This post might help you, have a look at it. https://forum.pfsense.org/index.php?topic=69370.0 Thanks for the reply! That's too bad… Sounds like there's no way to do it locally and have it show up in the Gui. Well, at least there's a way to do it through SSH rather than the WebGui... That'll likely be more reliable. Thanks for the link!
  • chaseC

    PfSense 2.1.4 + Snort 2.9.6.2 pkg v3.1.1 + IPv6 /64 == snort is unable to start

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    The fix for this has been submitted and is awaiting review and approval by the pfSense Core Team.  The request has been posted for 23 days as of today.  I sent a friendly reminder e-mail today asking the team for an estimate on when this will be merged. Here is the active Pull Request:  https://github.com/pfsense/pfsense-packages/pull/692 The problem is the interface domain tagged onto the end of the Link-Local address.  That trips up Snort (and Suricata).  The coming fix strips that off when adding Link-Local addresses to HOME_NET and PASS LISTS.  There is really no workaround so long as you enable and use IPv6 on your interfaces. Questions Is there a workaround and/or recommended correction for the FATAL ERROR (see Detail)? Why does snort add trusted DNS servers to HOME_NET, as opposed to creating a new variable to specifically track DNS behaviors explicitly by naming the DNS servers there? There are three interfaces on my pfSense firewall that are "Tracking" the WAN IPv6 DHCPv6 request for an IPv6 /60 delegation prefix.  Comcast is assigning of those internal interfaces an IPv6 /64 address space.    When IPv6 addresses get rotated, will snort automagically restart to pick up changed IPv6 address assignments for HOME_NET? You can uncheck the box for including DNS servers in HOME_NET if you don't want them there.  You can instead add them via an Alias on the VARIABLES tab in Snort.  First create an alias under Firewall…Aliases containing your DNS server or servers, then put that alias name in the DNS Servers box on the VARIABLES tab. No, there is not way for Snort to magically restart on its own if you get new IPv6 addresses.  However, there is some logic in pfSense that will restart packages when there is an IP change on the WAN.  That may trigger what you want. Bill
  • U

    How to clear, reset or Delete Squid Config?

    5
    0 Votes
    5 Posts
    20k Views
    U
    @jimp: @KOM: SSH in and delete /var/squid, /usr/local/pkg/squid.* and /usr/local/pkg/squid_. Don't delete /usr/local/pkg/squid* or you will lose your Squidguard settings, if it's installed. The settings are in config.xml, not there, so you can remove "/usr/local/pkg/squid*". If you want to reinstall the packages after, make sure to reinstall squid first before trying to reinstall squidGuard. As for the settings, if you want to remove those, try this from Diagnostics > Command in the PHP Execute box: $squid_sections = array("squid", "squidnac", "squidcache", "squidauth", "squidextauth", "squidtraffic", "squidupstream", "squidusers"); foreach ($squid_sections as $sec) { if (is_array($config['installedpackages'][$sec])) unset($config['installedpackages'][$sec]); } write_config("Removed Squid"); Or to remove squid, squidguard, lightsquid, and anything else with 'squid' in its package name: foreach (array_keys($config['installedpackages']) as $sec) { if (strpos($sec, "squid") !== false) unset($config['installedpackages'][$sec]); } write_config("Removed all squid-related settings"); Not perfect but it should get the job done. Either that, or backup the config, edit the settings out, then restore. it works! thanks a lot!
  • H

    Problems with Squid3-dev, Dansguardian, Snort

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @HSeffers: Hi there, I am running a pfsense for years now. To get a real fresh system, I want to rebuild completely. So running a "temp" pfsense in VM, just to do all the proper settings etc, before moveing config to live system. I did install on the new system, squid3-dev and Dansguardian with NAT redirect for port 80. Dansguardian then redirects to Squid. Everything works well, until I install Snort and activate the Snort interface WAN. I did set it up with the same rules and settings as on actual running live system, where btw. no Dansguardian is installed But when I then try to open a web site on port 80, I get the following error message in the browser (i.e.: www.computerwoche.de): Der folgende Fehler wurde beim Versuch die URL http://www.computerwoche.de/ zu holen festgestellt: Verbindung zu 2a01:138:a028:0:62:146:83:75 Fehlgeschlagen. Das System antwortete: (65) No route to host Der Zielhost oder das Zielnetzwerk ist momentan nicht verfügbar. Bitte wiederholen sie die Anfrage. Ihr Cache Administrator ist Basically it looks like there appears an IP6??? I disabled IP6 on the pfsense and wonder now what is happening there. HTTPS sites work still fine as they are not redirected through Dansguardian. For testing, I did enforce in one browser to use squid directly as HTTPS proxy and also works fine. So I wonder, if there is anybody out having an idea about this issue??? Disabling the Snort interface and all works well. It looks like to me like the combination of Snort and Dansguardian not loving each other… A push into the right direction would be really appreciated :) Thanks Holger Did you have Snort in blocking mode?  If so, did you check the ALERTS and BLOCKED tabs in Snort to see if had blocked traffic?  Without some initial startup tuning, Snort can be very aggressive in blocking some web sites that send out quasi-malformed HTTP traffic.  Most of the time these are just false positives, but they result in a block anyway.  There is a thread here in the Packages sub-forum you can search for that includes a suggested SUPPRESS LIST setup for Snort that avoids the most common false positive events. Here is a link:  https://forum.pfsense.org/index.php?topic=56267.msg300473#msg300473 Bill
  • P

    Limiting access to websites published via Squid3

    1
    0 Votes
    1 Posts
    558 Views
    No one has replied
  • T

    Sarg Reports Constantly Need Forced Schedules (Squid)

    5
    0 Votes
    5 Posts
    1k Views
    T
    Does anyone have any ideas?
  • F

    Kaspersky cause problem with squid on pfsense

    1
    0 Votes
    1 Posts
    718 Views
    No one has replied
  • N

    Squid3-dev Transparent Mode Error

    1
    0 Votes
    1 Posts
    561 Views
    No one has replied
  • D

    Haproxy freeze during installation " HAProxy, update configuration"

    2
    0 Votes
    2 Posts
    925 Views
    P
    Where you already running a haproxy-devel 1.5dev versions before or the stable 1.4 ? For a possible easy solution you might try uninstalling the package, and then installing it again. If that doesn't work, download a config backup, remove the <haproxy>section and restore the config file (make sure you know how XML should be formatted). Then try to install again.. As for troubleshooting it would be nice if you could change the /usr/local/pkg/haproxy.inc file and include some more lines with 'debugging' info like this between where that last line of logging is generated, and where the next one doesn't show.: $static_output .= "HAProxy, debugging step 1\n"; update_output_window($static_output); Then from a developer shell option 12 on the console run these commands: global $pkg_interface; $pkg_interface = "X"; include_once('haproxy.inc'); haproxy_custom_php_install_command(); exec And check the output generated to at which debugging step the processing 'stops'.. Then please report back.</haproxy>
  • E

    New antivirus package and working squid?

    1
    0 Votes
    1 Posts
    801 Views
    No one has replied
  • A

    Install ntopng on pfsense 64bit have error.

    3
    0 Votes
    3 Posts
    1k Views
    F
    it does not see my lan nic
  • M

    NTOP Problem ?

    26
    0 Votes
    26 Posts
    17k Views
    J
    @Cino: try ntopng instead, just came out so their could be bugs… report any in the link below https://forum.pfsense.org/index.php?topic=80461 Wow! Thank you so much for sharing this! I thought ntop is dead. For some reason its not showing up in packages. I'll ask in main thread.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.