1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @keyser if you want the less random more static time this: the code that needs to be changed is in pfblockerng.inc best to make yourself a patch file and apply it that way , so if the package is reinstalled (updated) or whatever. you can just "verify" the patch and just reapply. I ran with this (but different time) under 24.11 when I upgraded to 25.07 just verified and re-applied the patch. if you want look to look at at the code for the lines being changed just above that "if statement" is the comment // Define pfBlockerNG MaxMind/TOP1M/ASN Cron job name the patch whatever you like and set these behaviour options [image: 1755355045857-screenshot-2025-08-16-at-10.35.14-am.png] This is the patch contents (made just for you to hit the time before 2am) --- pfblockerng.inc.orig 2025-08-16 10:30:40 +++ pfblockerng.inc 2025-08-16 10:29:52 @@ -10669,8 +10669,8 @@ if ($pfb['enable'] == 'on') { $pfb_gcmd = "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> {$pfb['extraslog']} 2>&1"; // CRON hour is randomized between 0-23 Hour to minimize effect on Servers - $pfb_gmin = '0'; - $pfb_ghour = rand(0,23); + $pfb_gmin = '35'; + $pfb_ghour = '1'; $pfb_gmday = '*'; $pfb_gmonth = '*'; $pfb_gwday = '*'; In this I changed the time from the random top of the hour to 1 35 am (just before your 2am pfblocker update and with time to spare. However, I would recommend anything that is not at the top of the hour (0) minutes as that is when almost everything else gets scheduled.) FWIW. I also changed the "top" of the hour on my system so the pfblocker cron setting so that everything is offset by 30 minutes, and therefore don't conflict with other jobs that are also at 0 minutes (as most are) If you make this change on the dialog, then you might need to change the above, so it runs at say 1 15 am (adjust accordingly to suit your needs) pfblocker general page cron settings GUI [image: 1755356115122-screenshot-2025-08-16-at-10.53.11-am.png] next time it creates the job it will schedule it for the now not so random time of your choice. If you want to adjust the time and the patch has been applied, revert - edit the patch times (minutes/hours) only - then reapply. (unlikely you want to change the day month or week day, but if you did you would need a modified patch)

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: maybe uninstall Crowdsec when applying other updates first. It seems like it doesn't help at least from what I see on my system... it changes something.. so it must be definitely reported to their github. I have never experienced that before and crowsec was installed.. maybe with 2.8.0 something have changed

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    596 Posts
    V
    With Tailscale, I just recommend sticking with the FreeBSD15 version. Yes, it may currently work using the FreeBSD 14 package despite being on 15, but any number of other updates could result in that not being the case anymore. Not to mention the fact that any updates newer than 1.84.2_1 don't really impact functionality for what people would be using Tailscale for with PfSense so updating past that is not an absolute necessity. I run 1.86.4 on my desktop+phone and 1.84.2_1 on my pfsense router. Phone commonly uses the PfSense router as an exit node and there's no difference for PfSense. TL;DR: Better to be safe than sorry and stick with the FreeBSD 15 version even if it's not the latest version of Tailscale.

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Strangely enough, checking the system 4 days later, I now see that Wireguard service is reported running! The last thing I did 4 days ago was to disable Wireguard service monitoring by the Service Watchdog. Anyway, even when it was reported stopped at first, 4 days ago, the tunnels were working flawlessly. Very strange. I will keep an eye on it.
Log in to post
Load new posts
  • A

    Bandwidthd giving errror

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    A
    i have re-installed bandwidthd and it is working now. However, I ended up using ntop cause that is the only bandwidth monitoring that support multi-wan.
  • N

    Help: Add External Cache

    Locked
    1
    0 Votes
    1 Posts
    776 Views
    No one has replied
  • T

    Squid ssl-bump

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    marcellocM
    @Nachtfalke: Further forum user marcelloc is working on a web GUI based ssl-bump feature but he needs some more time and donations. There is a thread on the forum I do not have at the moment. It's here http://forum.pfsense.org/index.php/topic,58368.0.html :)
  • P

    Best way to whitelist Imdb's website from Snort?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    bmeeksB
    @lpallard: Hi, I am having a hard time preventing www.imbd.com from being blocked by Snort. In Snort's blocked list I see: 72.21.203.211 (http_inspect) INVALID STATUS CODE IN HTTP RESPONSE - 04/06-00:54:05 72.21.215.52 (http_inspect) INVALID STATUS CODE IN HTTP RESPONSE - 04/05-02:31:37 I wonder if these errors are serious?  I believe not, and I'd like to prevent Snort from blocking www.imdb.com based on these alerts.  I dont want to add this type of alert  ((http_inspect) INVALID STATUS CODE IN HTTP RESPONSE) to a general whitelist because a malicious website could use it in the future.. SO how can I add an exception for imdb.com ??? The whitelist tab allows only the IP address.  Is it good enough? Thanks This is going to be tricky because I suspect a site like that probably has multiple IP addresses (like a server farm).  If they all resolve to a single IP, then you can create an Alias for the web site and then add that alias to a whitelist.  Do this under Firewall…Aliases.  Then go to the Whitelist tab in Snort and either add that alias to an existing whitelist, or create a new white list containing the alias.  If this is your first whitelist, be sure to leave the defaults in place where it automatically whitelists your WAN IP, gateways and DNS servers. My personal observations of HTTP_INSPECT is that it is entirely too "picky".  I know it is based on the RFC standards and such, but it just seems to complain about too many legitimate web sites.  I have a pretty long list of Suppression Rules for some of these HTTP_INSPECT errors. Bill
  • P

    Whitelist in SquidGuard not working

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    P
    Very good dvserg !  I thought it was "Allow" but "Whitelist" did it! Thanks!
  • C

    Lightsquid Graph 500 Server Error Resolution

    Locked
    10
    0 Votes
    10 Posts
    10k Views
    C
    Please note that the perl package location has changed. Use to update link: pkg_add -rvf ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/perl.tbz
  • L

    Samba4 package and extend services with pfsense

    Locked
    9
    0 Votes
    9 Posts
    24k Views
    C
    @Luiz: @churnd: I am very interested in this.  Do you have something I can test, or maybe some brief instructions.  The main thing I'm interested in is providing a Samba4 PDC for my home network. Good morning, who want to experiment with the functionality of Samba4 acting as a member of AD and making authentication transparent to the ad via ntlm, can deploy the package by the script below (via command execution -> Diagnostics: Execute command): fetch -o - -q http://www.mundounix.com.br/~gugabsd/pfsense/teste/samba-teste-amd64.sh | sh This will install Samba4 there and a lot of work … do not worry, after running it, will appear in the option menu Samba4 services and the option to authenticate via ntlm in squid. (to operate, install squid 2 first before running this script) For now, it is 100% functional act as MEMBER, other'm developing, mainly to serve as part of the AD server. ATTENTION BUT, FOR THE LOVE OF GOD!! DO NOT TURN IT IN PRODUCTION ENVIRONMENT, I'm releasing a mere interest and development of opnion guys ... If you need to put this into production yesterday, contact me via consultancy (www.mundounix.com.br) Thanks Thanks for this.  I hope your work keeps up.  I don't have a use for setting up a member yet as I need a PDC, so not running it yet.  Tried it out in a VM & it seemed to install OK.  Didn't get past that since I have no PDC to join.  Keep up the good work.  Thanks.
  • L

    Wpad, squid3 not working

    Locked
    23
    0 Votes
    23 Posts
    11k Views
    L
    pfSense -> DG -> Squid3 now working via DHCP/wpad and assorted rules (NAT rdr squid port to DG, LAN pass to lighttpd serving wpad, LAN pass any to DG, LAN block http and https), with a few issues to resolve. My main hurdle was thinking to make Squid listen on pfSense's box's IP and localhost (previously just pfSense's IP), and make DG's parent proxy IP localhost instead of pfSense box IP. My main issues with DG I'll ask about in the appropriate thread.
  • S

    Missing snort.sh

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    G
    All I can say is: listen to Bill! ;) Glad you solved it.
  • D

    Squid in transparent mode do not forward packets through a bridged interface

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A
    Yes it does work… with some tweaking... Here's what i did, create bridge between LAN and WAN, assign interface to Bridge, set ip to bridge interface set firewall to bridge interface to any any allow, set ip interface on LAN and WAN to none. Enable bridge to 1 on Advanced/System Tunables. Set default gateway on bridge interface. Set NAT to manual and erase all rules. Sometimes i do loose connectivity to the ip on the bridge interface, if that happens, go to console and reassign ip on the bridge again from there, that fixes the issue. Don't forget to set you default gateway again. Bridge part all set, now install squid and set it to transparent and set your ACL. Now on the stations using squid set the default gateway to be the ip of the bridge interface of PfSense. Now transparent proxy should work, look at the squid access.log and everything should go trough the proxy. In my case i wanted to make sure that if PfSense were to be down or crashed, the users still had a working gateway. So i defined my L3 switch to be the users default gateway, set up RIP on the L3 switch and on PfSense in a way that if PfSense is up and running the default gateway to the switch is PfSense's bridge interface, but in case it goes down or it's offline, the gateway of the switch changes to my router's interface. If you do this make sure that the default gateway on your PfSense bridge interface it's your internet Router and not the L3 switch, or else you will have a loop on the router redirects. Hope this helps, If anyone has a better solution please post.
  • bmeeksB

    New Snort pkg 2.5.5 – Read Before you Update to Understand Changed Defaults

    Locked
    23
    0 Votes
    23 Posts
    6k Views
    K
    Bill, I am going to keep my replies going forward in the topic you linked so everything is together. As you can see in that post there I am having to redo the tests for you.
  • K

    Sqstat realtime doesn't work

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    fixed today, Just reinstall the package and test again.
  • F

    Building of UTM from snort + havp + Squid Guard + Squid – need help

    Locked
    6
    0 Votes
    6 Posts
    8k Views
    bmeeksB
    @firefox: How do I turn them in a state of logging mode ? For Snort, it's easy.  On the If Settings tab for your Snort interface, uncheck the box that says "Block Offenders".  The default is Unchecked unless you clicked it during configuration.  I don't know about the other packages.  They may not have a "logging only" mode.  Hopefully some other folks more knowledgable of those packages will chime in. Bill
  • N

    Is BandwidthD working on newest release getting an error on boot

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • S

    2.0.3 Release and SNORT/update

    Locked
    17
    0 Votes
    17 Posts
    5k Views
    bmeeksB
    @DigitalDeviant: Snort is not restarting. I figured it had something to do with: Apr 16 12:06:18    kernel: pid 10971 (snort), uid 0: exited on signal 4 OK, had to do a quick reload of my memory for UNIX signals.  Signal 4 seems to mean SIGILL which translates into "Illegal Instruction". There are two common ways to get this.  One is to have the wrong architecture code, and the other is some really bad corruption of a program.  I did find several references to early C++ compilers on FreeBSD producing faulty code when attempting to optimize for Pentium 4 (P4) CPUs, but I hardly think that applies here.  I'm more inclined to think some really incompatible library got sucked in, or the Snort binary or a library it uses got corrupted during installation. At this point I recommend removing Snort using the "X" icon on the Installed Packages tab, and then reinstalling from the Available Packages tab. Bill
  • G

    Do I really need Snort??

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    bmeeksB
    @greenpoise: Hi Bill, Thanks for your response.  After 48 days of struggles, I just went back to my simple router. I wanted to love Pfsense but it just didnt work. It was too unstable. Granted I had the 2.1 version because it is what worked for my hardware (which actually was not fancy at all). For some reason the 2.0 version didnt accept my Drives. But I will give you a brief on how I left it. I would not get any error messages. Internet Traffic would just stop moving. I removed packages and rebooted. I went to bare basics. But nothing. I could stop snort and it would come back up. Sooo. thats how i left things. I found Pfsense to be faster than Untangle..free as opposed to Untangle..but in a production environment, I couldnt achieve reliability, something well needed…Thanks again!!! I really think your chosen hardware may have been the core problem and not pfSense itself.  I've found it to be rock-solid stable.  The fact you mentioned you had to run 2.1 because of your hardware indicates to me you were on or slightly beyond the bleeding edge of new hardware that pfSense supports.  If that is correct, then stability problems would not be unexpected. I run pfSense on SuperMicro hardware.  In my case for home, it's just a simple Atom CPU with 4 GB of RAM and a SATAII hard drive.  My particular SuperMicro board has Realtek on-board NICs, but thankfully they are the older series with better support (albeit not outstanding throughput if I had a super high speed connection, but I don't). So before you totally close the book on pfSense, maybe give it try on firmly supported hardware.  There are several suggestions in the Hardware forum here. Bill
  • D

    Barnyard not starting after Snort rules update

    Locked
    18
    0 Votes
    18 Posts
    8k Views
    bmeeksB
    @digdug3: Some events were listed twice in both the System log and the MySQL database, but they are valid. Just ignore my previous message. Yes, I always use only the Snort Start/Stop button. FYI: Just updated to 2.0.3 and Snort is also installed flawlessly! Think you solved the Barnyard not starting issue. Thanks for all your effort! If you ever need help testing something let me know. My Barnyard2 restart problem also seems to be solved.  At least the last rules update went off fine. I hope that file copy error I found and fixed over the weekend solved the Barnyard2 problem. Bill
  • V

    Mod_security - no rules

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Snort on LAN interface

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    How to configure HAVP and squid

    Locked
    9
    0 Votes
    9 Posts
    7k Views
    F
    First of all thanks for the help Secondly After the installation of snort or squidguard I did not add any site to the list of blocked Not in snort or squidguard The only thing I can think of is the snort rules But turning off the snort sites were not yet available So I turned off the squidguard and still not yet available I'm not much of it but I Once you install a package The package adds {I guess} system settings that might block access to the Internet That at some point I had no internet access So I used the Recovery on the Subject of the guide I found online I think this guide is aimed at people with more extensive knowledge I think that was missing quite a few steps This is not a problem to find a guide to Each of the packages But not all together :-\ Bummer Regarding the installation guide you prepared Could upload it here?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.