1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox There is a problem that is no longer active use this http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz [image: 1755878578167-screenshot-2025-08-22-at-09.02.53-resized.png] This blacklist is great they also take submissions I send stuff all the time.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    603 Posts
    W
    @totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

  • Discussions about WireGuard

    697 Topics
    4k Posts
    H
    I figured out the issue. I missed adding the 3rd locations Lan to the static routing. Now all is working perfect.
Log in to post
Load new posts
  • bmeeksB

    Snort users – how would you like "templates" to work in the Snort package?

    12
    0 Votes
    12 Posts
    2k Views
    S
    If you use a file then it could be replicated across locations and you will always have a config file with you. Why not opt for both? Do as the core team wants and put an extra option in the GUI for creating a snort conf file.
  • belleraB

    SquidGuard bug ordering categories

    10
    0 Votes
    10 Posts
    3k Views
    belleraB
    [SOLVED] 1. Commented lines:   402         #file_put_contents($conf_file, $conf);   403         #file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard_configurator.inc 2. Modified pass line at: /usr/pbi/squid-i386/etc/squid/squidGuard.conf /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf 3. [Apply] button to reconfigure squidGuard without writing a new squidGuard.conf In general I only need to modify my lists. So, the trick will work without troubles for me.
  • S

    Exclude IP from HAPV

    2
    0 Votes
    2 Posts
    820 Views
    P
    Try doing the following: Go to Services > Proxy Server > Access Control Then, in the Unrestricted IPs, type in the Roku's IP Address and test this out to see if it works. As for HAVP, under the HTTP Proxy tab, go to the whitelist and enter in *.netflix.com to exclude the site from scanning the site for viruses.
  • T

    HAVP for pfSense 2.1

    6
    0 Votes
    6 Posts
    2k Views
    S
    I too had a problem with pfS2.1-x64 with clamAV not starting and havp crashing.  After reading other posts I tried using the command "freshclam" from the console and got a gid/uid error for the /var/db/clamav directory.  I issued the command "chmod -R 0777 /var/db/calmav" and tried freshclam again with success.  I then issued the command "service calmd start" with success.  It has now been running for 4 hours. . . After posting this message I got to looking at the /var/db directory and noticed that most directories listed have a root:wheel ownership as opposed to clamav which has a havp:havp ownership.  I hope this info might be of some help.
  • S

    IMspector 20111108 pkg v 0.3.1

    1
    0 Votes
    1 Posts
    594 Views
    No one has replied
  • belleraB

    Squid3-devel installation fails

    4
    0 Votes
    4 Posts
    1k Views
    belleraB
    :-[ :-[ :-[ :-[ Now, after 15-20 times worked! Perhaps because I rebooted the machine before installing a new time? :) :) :) :)
  • bmeeksB

    Snort 2.9.5.6 pkg v3.0.4 Update – Release notes and change log

    75
    0 Votes
    75 Posts
    18k Views
    bmeeksB
    @Cino: think i found another bug. I have 2 sensors for my WAN, one for blocking and another just for alerting. I've disabled my alerting interface but it still is starting when the service/router is restarted. If I re-save the disabled sensor, it brings it down I think I know what the problem is and will fix it in the next release.  I have the new 2.9.6.0 package almost ready.  Thanks for the bug report. Bill
  • E

    Squid 3-dev + squidguard issue at restart

    1
    0 Votes
    1 Posts
    898 Views
    No one has replied
  • S

    Huge issue with squid reverse proxy

    1
    0 Votes
    1 Posts
    603 Views
    No one has replied
  • G

    Anxiety-inducing snort alert

    12
    0 Votes
    12 Posts
    4k Views
    C
    Generally speaking, the shellcode signatures tend to trigger a lot of false positives on many networks, so I'd take that one less seriously than the malicious user agent, which is less likely to be a false positive (though certainly not impossible).
  • C

    Packages moved to their own server and HTTPS

    3
    0 Votes
    3 Posts
    1k Views
    C
    v1.2.3 packages are no longer supported, that's almost a 5 year old release now, and 6 releases behind current within a few days when 2.1.1 is released. There isn't any reason you can't upgrade them. That said, ones that worked a couple weeks ago should still work now. We're not intentionally breaking them (yet), but some are broken because they now require PHP 5. My first guess is maybe something about those systems is preventing them from fetching files via HTTPS. Go to a command prompt and run: fetch https://packages.pfsense.org/packages/config/filer/filer.xml see if that succeeds. If not, try: fetch http://packages.pfsense.org/packages/config/filer/filer.xml
  • M

    Understanding Squidguard logs and unblocking something

    8
    0 Votes
    8 Posts
    2k Views
    M
    I'm surprised I haven't had many responses yet. Is this because so few people use squid proxy? So, in an effort to be proactive I took a packet capture of the 10-15 seconds when my son is logging into the game that seems to have a problem with squid proxy. There are two public ip addresses involved in that transaction, but I don't really know what to do with that information. I'm willing to gather additional data if there is someone out there who would be willing to help. I realize my issue is not life or death, but I truly want to learn about squid transparent proxy and this is hindering my progress. I think it's safe to say I'm being patient. Anyone, please??
  • BBcan177B

    PfBlocker IP Count

    3
    0 Votes
    3 Posts
    987 Views
    BBcan177B
    I already moved four of the large Blacklists to a cron job running a bash script, mapped pfBlocker to a local .txt file which does that process as you so eloquently described. Shrunk the list by 50% already. I use a remote syslog (ELSA) and it would be nice to have the pfSense syslogs incorporate the Rule that Blocked/Rejected/Passed the event. I heard this might be fixed in 2.2? Also having a "hit count" would help this process. I have spent alot of time on the Blacklists. Different locations get hit with different attacks. Various lists help to protect different aspects of the network. If I had more PHP knowledge I would attempt to write some code to add some more functionality to pfBlocker. Convert /32 to /24 as an option per list Deduping based on Primary lists taking precedence Hit Count Log showing completion of list updates Previous IP count, post update IP count .csv and other file format download options (I Fixed that temporarily with a bash Script)
  • D

    Snort adds hosts to blocklist but not blocking traffic

    3
    0 Votes
    3 Posts
    2k Views
    bmeeksB
    @DmitriyTitov: Hello! I'm new to pfSense and snort and I got a task to block P2P traffic. I've installed snort package, downloaded rules and enabled snort-p2p and emerging-p2p rules. I've enabled snort on LAN interface and checked "Block Offenders" and left block "Both" IP addresses. Also I've disabled all "Decoder" and "Preprocessor" rules because I've had IMAP related alerts and don't want to block hosts based on these rules. I've started uTorrent BitTorrent client on my workstation and I nstantly had a lot of records at "Alerts" and "Blocked" tab,  but I see that my uTorrent still downloads traffic from the peer that is added to blocked! So I have visualy working instant of snort, but it doesn't actualy block traffic. Where to search for answer? Thanks in advance! Another thing to consider, the automatic "default" whitelist for Snort includes all locally attached networks.  This means, for instance, that your LAN IP addresses will not get blocked even when they generate an alert.  Now if they go out to an external host, that external host should get blocked.  To ensure this happens, though, you must click the KILL STATE checkbox on the Interface Settings tab for the interface running Snort.  Otherwise the initial packet will establish "state" for the connection and all further traffic for that session bypasses the firewall.  So even though Snort might insert a block, if an entry for the session is in the state table, traffic will continue to flow around the block via the open state table entry.  Killing state when inserting a block is how Snort can get around this.  But killing state is a manual choice of the user. Bill
  • U

    Sarg not displaying reports

    3
    0 Votes
    3 Posts
    1k Views
    U
    So finally i was able to generate the reports . the problem was on configuration …. If someone else has the same problem with me ... On the general tab select only the American or European format . DO NOT SELECT the weekly On the schedule tab You can use the below args … TODAY -d date +%d/%m/%Y YESTERDAY -d date -v-1d +%d/%m/%Y WEEK AGO -d date -v-1w +%d/%m/%Y-date -v-1d +%d/%m/%Y MONTH AGO -d date -v-1m +01/%m/%Y-date -v-1m +31/%m/%Y
  • K

    TinyDNS (dns-server) package creating incorrect NS records

    1
    0 Votes
    1 Posts
    927 Views
    No one has replied
  • L

    SQUID+HAVP causes frequent disconnects/reconnects for Outlook (office365)

    2
    0 Votes
    2 Posts
    2k Views
    G
    Hi, I have the same setup and facing similar issue as Lemb. I've also added the list of IP's and URL's of office 365 provided by Microsoft (http://blogs.technet.com/b/neiljohn/archive/2012/01/26/office-365-proxy-server-exclusion-list-office-365-service-url-s.aspx) to whitelist of HAVP Antivirus, still facing the same issue. Outlook looses connectivity to Exchange server and reconnects very frequently. If HAVP is uninstalled, everything  works fine. And Lemb, as I noticed you've posted this issue in December 2013. It's been 3 months that you've faced this issue, have you been able to find a solution or workaround for this issue? Please help. Thanks & Regards, Gautham B
  • Q

    Squid3 w/ SquidGuard3 Transparent Mode

    3
    0 Votes
    3 Posts
    1k Views
    Q
    @loupalladino: What is logged in access.log and squidGuard.log when you make the attempt with transparent enabled? Hi loupalladino, Thanks for the response. Sorry for the delay. I tried checking the logs under: /var/squid/logs /var/squidGuard/log but I do not see any errors in either. Under access.log I do see the requests I've made. Also note I tried removing all squid. Even when under pkg_delete and removed anything left behind. Re installed just Squid3 and turned on transparent mode and the problem still exists… Thoughts? Thanks
  • S

    Squid3-dev update

    11
    0 Votes
    11 Posts
    3k Views
    belleraB
    @marcelloc: Some forum users reported that squidguard3 is not working with squid3-dev. I did not had time to test it because I do not use squidguard. Working… https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286 https://forum.pfsense.org/index.php?topic=73740.0 (Spanish Forum)
  • M

    Adding rules through putty

    3
    0 Votes
    3 Posts
    1k Views
    BBcan177B
    Do not edit rules from the Command Line. You can severely break pfSense if you make a mistake. All Snort Rule changes should be made from the Web GUI. (Change the WAN to LAN depending what you are trying to achieve) Step 1- Snort:WAN Interface EDIT:WAN Categories and make sure that ET Policy has a checkbox. If not select and restart the interface. Step 2- Snort:WAN Interface EDIT:WAN Rules (Select ET Policy Category) CTRL-F (search for dropbox to enable the rules that are already defined) And enable/disable the rules this way. If you want to create a local rule, you would enter the rule Snort:WAN Interface EDIT:WAN Rules - Custom.rules
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.