1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N
    @andrew_cb Thank you very much for this, I just tried your proposed solution and it did work! That was driving me crasy! Way simpler than deleting the haproxy_server_state file.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    Hi all. Just wondering if I’m the only one that noticed this after upgrading to 25.07 and pFblocker 3.2.7: I have my pfBlockerNG set to update every night at 02:00am and it does (like it also did before). But after the upgrade I also have a pfBlockerNG PHP script running at about 16:00 on one box and 19:00 on another. The command is: /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng-php dcc(php) This process eats a lot of CPU, about 1 minutes worth of one core @ 100% on my 6100 and one core @ 100% for about 5 minutes on the less powerfull 2100 box (This is 50% of the 2100 CPU power). It seems it does a GEOIP update as that is the only thing thats referenced in the extras.log of pfBlockerNG. Why is this suddently so different from running on 24.11? And why is this not done at 02:00 when its scheduled to update?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    P
    SOLVED. Turns out nothing wrong with my tunnel setup and not due to CGNAT. The reason PING works and other traffic doesn't is due to packet size and MTU. Something on the wireless network means that the default MTU doesn't work, forcing a smaller MTU to 1280 on pfSenseB fixed this. This Reddit thread has more details of this issue: https://www.reddit.com/r/WireGuard/comments/qmsa2n/ping_works_but_sites_arent_loading/
Log in to post
Load new posts
  • P

    2.1 and Snort with IPv6

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    P
    Am I the only one seeing this issue? Can someone with a 6RD setup comment on their snort success please?
  • G

    PfBlocker doesn't come up after update

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    @marcelloc: @Gradius: I need to log into WebGUI and enable it manually everytime I perform an update. Every time pfblocker is uninstalled(during update or not) it's disabled to prevent rules and aliases errors @Gradius: This never happened before 2.0.1 (even on 1.2.3). Pfblocker on 1.2.3??? I did it together with tommyboy only for 2.x or later
  • L

    Too many HAVP processes consume too much memory

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    2.1 with Squid3 - How to reset the config of a deleted package?

    Locked
    13
    0 Votes
    13 Posts
    12k Views
    T
    I want to note that in 2.1, squid3 seems not work with "dynamic content" checked. Thanks for all.
  • F

    Snort Rules Update Problem

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    Yes, indeed I could try out the custom.rules. I have overlooked this feature.
  • M

    Snort Preprocessors block IPs from HOME_NET

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    well thats another problem. the whitelisted ip's are not being blocked, only if you enter a CIDR like 192.168.20.0/24, i had to type all 256 ips into an pfsense alias to prevent my subnet from being blocked (because of blocking "both", dst and src(which can change in some rules)) currently i tuned most of the preprocessors by removing the check marks in the configuration page and entered a different preprocessor configuration in "Advanced configuration pass through". Works very good, but I turned most of the preprocessor alerts to reduce false alerts.
  • A

    Dansguardian service fails to start

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    marcellocM
    @asterix: ok, what would be the pkg_delete command for removing pcre 8.3? yes, maybe with -f .
  • M

    Squidguard ACL problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    Not sure if this is implemented in squidguard GUI of pfsense but have a look here: http://www.squidguard.org/Doc/authentication.html But squidguard GUI allows IP addresses as source and hostnames as source. If you know the hostnames of the users than add these hostnames to a group.
  • J

    [Solved]squid, multi SSL reverse proxy

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    J
    Thank you Marcelloc !!! it's working well now ;)
  • K

    SquidGuard problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    After you deleted the blacklists etc. please go to your Group ACL, edit the ACL and check that the targets on your "Target List" is "–-" Do the same on the "Common ACL" tab - set all to "---" and click save. Then on the "General Settings" click save and then Apply. Now all "old" blacklist entries should be removed. But I am sure you want to use squidguard to block something but you need to explain more, what you want to do, provide screenshots and or IPs which should be blocked or allowed and so on so that we can help you to configure squidguard.
  • J

    Squid Allowed Subnets?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    Quickest way is to alter the default access rule. Change http_access deny all to http_access allow all in squid.conf and squid.conf.default Please be sure this is really what you want to do as the proxy will be noticed if you open it up to the internet.
  • R

    Proxy server: Local users

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    R
    that's was my first option, i was just hoping that i could find another way since i just starting to learn php.  it  will take time for me to create this script and i need to find the solution asap.. by the way thanks for your help. another thing, i am wondering regarding the local user of pfsense. there is a local user for system admin - under system: user name and for the web filter which is squid guard it is using local user but i think it is both local user since the username are reside in same server. is it possible to since this users?
  • A

    URLBlacklist (bigblacklist) not extracting how Dansguardian wants

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    marcellocM
    @awsiemieniec: the URL BL db server knew I downloaded it too many times and punished me by limiting the bandwidth to next to nill. That's  why I preffer to download it manually and copy it to pfsense.
  • Q

    Squid/Dansguardian incorrectly proxying and failing sites across VPN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @Quinten: I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first. You dns config options are using internal dns server? did you tried to disable dns forwarder service on pfsense?
  • E

    Dansguardian: stop blocking sites by regular expressions

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    marcellocM
    @elemay: this doesn't work, also if i disable all the blocking stuff under the 'URL' tab i still get blocked. Can you check on dansguardian conf files what you get on urlregex lists for this group?
  • G

    Netflow issue using pfflowd or softflowd

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    Fixed issue. Had an IP conflict.
  • J

    Squid3 problems

    Locked
    24
    0 Votes
    24 Posts
    8k Views
    J
    Well major issues here… first ISP issue then after they finally came back online I find out there is some sort of failover that my GM added me into. So now im limited to 10Mbps till a new card is installed in his failover box. So I might have to scrap my whole setup/squid may just end up being a basic router... Or nothing. Thanks for all the help, if something changes in the next few days and I get everything I had before back I will try your fix and report back. Or I will create another post and start over new. Again thanks! Josh
  • ?

    2.1 and Suricata

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    ?
    In basic terms, a next-generation firewall applies deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS)…. snort IDS has poor performance.
  • Y

    Squid Local Database

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    R
    HOw can the user change his own password in this Proxy server: Local users?
  • _

    Snort 2.9.2.3 pkg v. 2.5.2 dies on IP change

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    _
    thank for that advice, but the logs didnt show a (maybe failed) update, when the IP changes, it only and quietly dies. Without any further notice. :( Last log-entries were always the IP-change, then as next entry something like  "snort quitting" - nothing more. But what i see the last days is that sometimes it doesnt die on IP-change. hmmm. Hard to resolve, i think.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.