1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox you could always turn off save settings on squid and squid guard and delete the package and reinstall. You could also manually remove the config from the xml file. Those are also options but I think the fresh firmware is the best approach. It does work on that version I got it going.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    I took some days before reporting again... Since then I installed: 25.07.1-RELEASE (amd64) built on Fri Aug 15 20:42:00 CEST 2025, and the issue re-appeared but did not (yet) clear by itself. Wireguard works well, that system has only one tunnel with another site, using interface assigned mode. I depend on it, and it works flawlessly. Yet the wireguard configuration page, its status page as well as the services widget on the dashboard, all report the Wireguard service as stopped, with the usual icon to start it. On the dashboard the gateways widget shows Pending for the IPv4 and IPv6 wireguard gateways. On the other hand, and it is logical as the packets do flow through the tunnel, the Wireguard widget on the dashboard shows the tunnel up with traffic. To be complete, the watchdog service, if wireguard is configured there, spend its life at detecting wireguard stopped and attempting to start it, which does not work. The other side of the tunnel is still on 25.07-RELEASE (amd64). I'm reluctant to upgrade that side too, with fear to loose the wireguard tunnel altogether. Aren't there any logs from that wireguard package? I can't find anything of that kind.
Log in to post
Load new posts
  • B

    Squid Build Options & Apple Caching

    1
    0 Votes
    1 Posts
    737 Views
    No one has replied
  • N

    PfBlocker Un-Clean Uninstall

    2
    0 Votes
    2 Posts
    747 Views
    K
    I had a question/request. The pfblocker dashboard widget conveniently shows the status of the block list as well as a packet count of hits. This is very valuable for determining what is happening as far as blocks. But it resets quite often automatically which prevents me from seeing over a long period of time what block lists are being hit. Anyway to prevent it from resetting, except when I want to clear it?
  • D

    SquidGuard issue - blocked javascript hangs pages

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • A

    Squid and Dansguardian not working

    23
    0 Votes
    23 Posts
    10k Views
    Q
    Ive managed to work through this thread, with input and learnings from a few others and finally have a working squid / dansguardian setup. Ive found a strange issue in that everything works great for the first ten minutes or so, then web surfing becomes slower before eventually stopping. If I shortcut the localhost chain (NAT 80 -> DG 8080 -> Squid 3128 -> Web) by setting my proxy direct to Squids 3128 port everything resumes as normal. If I restart Dansguardian things return to normal as well so it appears to be some kind of memory leak / cache / buffers filling up type issue. Any ideas? Ive killed squids caching along the route of debugging this matter and that didn't help.
  • P

    Snort Pass List not auto created

    3
    0 Votes
    3 Posts
    1k Views
    bmeeksB
    @propel: I'm new to the Snort configurations, 1st time installing and using it. In snort, ' A Default Pass List ' was not automatically created. Do I actually need to create one then? Usually, in a home network setup, you do not need to create or set any specific Pass List.  The "defaults" that Snort will use if you do not create or set a list are generally sufficient.  It will not block your LAN IP block, or DNS servers, your default gateway nor your WAN IP address.  If you have multiple directly-connected networks (for example, DMZ, multiple LANs, VPNs, etc.), then they will be included as well.  You only need to create a Pass List when you have specific external hosts or networks you don't ever want blocked, or you have some internal hosts that are not on directly-attached networks that you don't want blocked. Bill
  • P

    Https connection getting stuck in squid for random clients

    1
    0 Votes
    1 Posts
    744 Views
    No one has replied
  • A

    Custom SquidGuard error [How-To]

    3
    0 Votes
    3 Posts
    5k Views
    P
    Nevermind, i'm dumb heh. got it working.
  • A

    HAVP proxy blocking an application

    5
    0 Votes
    5 Posts
    1k Views
    A
    It's been a while since I've had to address this issue.  I can resurrect old threads :) Now the pfSense is on version 2.1.4 and I'm still getting the same outbound blocking when I have HAVP enabled. Ideas?
  • A

    New HTTP+HTTPS Proxy / DNS Filter Package

    8
    0 Votes
    8 Posts
    3k Views
    A
    @networkinggeek please submit a support ticket and we'll get you straightened out. @Hollander we are working out some kinks but we intend to be in the main package repo. @rjcrowder & @Hollander We use a cloud based categorization service that has over 500 million urls categorized. We've made it so you can install the package and be filtering https traffic within 5 mins.
  • S

    Snort uses up all memory (12GB) [SOLVED]

    34
    0 Votes
    34 Posts
    14k Views
    S
    Thanks :)
  • C

    Strange SquidGuard problem.

    3
    0 Votes
    3 Posts
    1k Views
    C
    @golmaal: Maybe I haven't understood your problem correctly, but this may help: SquidGuard (and the firewall rules too) works on the basis of first-match. The filtering rules do not cascade. Let us say you have Group ACL X and Group ACL Y (in that order) and then Common ACL. When someone accesses the Internet, SquidGuard tries to first match it with Group ACL X. If the match is positive (i.e. if the IP or the user belongs to Group ACL X), the Group ACL X will apply to it irrespective of your Common ACL and other Group ACL. Once the match is positive, it won't filter it using any other Group ACL or Common ACL. If the first match fails, it will try to  match it to Group ACL Y; if it matches, Group ACL Y will apply to it. If there are no matches, Common ACL will apply. So you need something like this: Group ACL X: Block Porn, Block P2P, Allow All Group ACL Y: Allow All Common ACL: Block All I will try this as soon as I get time to use mess around with it again.. Thanks for the reply.  I will post what I find. DrClaw
  • A

    Separate squid cache drive/partition?

    4
    0 Votes
    4 Posts
    1k Views
    A
    Ok. So, I realized that 40 MB is just a teensey bit small for this kind of thing. I purchased 2 CF-style microdrives with PCMCIA adapters. I'll find a use for the other on someday, but for now, I am using one of the Microdrives (each drive is 2 GB) for the cache.
  • W

    NUT UPS with blazer_usb wont start

    2
    0 Votes
    2 Posts
    1k Views
    W
    Nobody?  :-\
  • M

    Squid Proxy Maximum object size

    4
    0 Votes
    4 Posts
    11k Views
    T
    I don't believe this had a separate topic in the old forum, here is a summary of the steps. The cachemgr.cgi page is a symbolic link to the file in the PBI folder. And external cache manager as your local box in the squid config. You create a symbolic of "cachemgr.cgi" in the /usr/local/www folder. Link that to "/usr/pbi/squid-amd64/libexec/squid/cachemgr.cgi" (or i386 when you installed 32-bit pfsense) Then add your pfsense box ip as a external cache manager in the Proxy server -> local cache ->"External Cache-Managers" (it works for me) Then you should be able to browse to http://pfsense-ip/cachemgr.cgi (login info is the same as the pfsense gui) (or you could need to edit "/usr/pbi/squid-amd64/etc/squid/cachemgr.conf" and change localhost to your pfsense-ip) With https you may need to add the portnumber https://pfsense-ip:666/cachemgr.cgi (whatever port your pfsense https responds to)
  • arrmoA

    Darkstat Settings Lost on Upgrade

    3
    0 Votes
    3 Posts
    1k Views
    arrmoA
    Makes sense, thanks!
  • M

    Squid3 clean install: no internet access

    8
    0 Votes
    8 Posts
    2k Views
    KOMK
    No idea.  Everyone goes for squid3-dev because that's the one that supports transparent HTTPS intercept.
  • M

    OpenVpn - Multiple instances

    4
    0 Votes
    4 Posts
    1k Views
    C
    I had enabled modem gui access from the firewall and had created an additional interface on WAN as per instructions given on https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewal …l hence there were two interfaces WAN & Modem Access which were having the same mac id, until ver 2.1 OPNVPN never created multiple instances but post 2.1.1-2.1.4 OPNVPN created multiple instances, then I removed the modem access and ( deleted modem access interface) and every thing worked fine.
  • A

    SSL Offloading with squid3 + HAProxy

    7
    0 Votes
    7 Posts
    3k Views
    A
    Well, ok I see what you mean. Thank you very much !
  • A

    Syslog-ng configuration

    9
    0 Votes
    9 Posts
    14k Views
    A
    thank you for your help  ;D
  • Z

    Squid authentication + Dansguardian (not NTLM)

    5
    0 Votes
    5 Posts
    2k Views
    R
    @ZGruk: You have to configure the proxy settings to point directly to dansguardian (port 8080) instead of port forwarding from 80 to 8080. Sorry for the thread resurrection. I'm not clear how to do this. Is the setting changed in squid? Or is it a firewall/NAT rule that I have to write. Any chance you (or anyone) can post more detailed steps. Thanks!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.