1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    fireodoF
    @tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    X
    I also crashed my system yesterday with an ACME update. I can't say whether I had Crowdsec installed or not. But I've tried things like that in the past, so it's quite possible.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    598 Posts
    E
    Updated CE 2.7.2 to 1.86.4 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.4.pkg Freshports

  • Discussions about WireGuard

    694 Topics
    4k Posts
    H
    I have Wireguard installed on my firewalls. I have about 12 firewalls and most of them connect back to the main firewall which allows the connection to the servers in the main building. I setup a tunnel on each and then added each location as a peer on the Main firewall. This seemed to work except that the gateway. unde3r Monitor IP it only allows one IP address. So the first one works and shows connected fine, but the other 2 are red and do not connect. Everything seems to work until I added a 3rd peer and then the 1st peer showed as if it was offline even though it looked fine and I was able to connect to devices on that network. Am I supposed to add multiple gateways to the Main firewall so that shows as up? Is this the right way for the tunnels between the buildings which need access will work - By adding a tunnel at that location and just adding a peer to the main location?
Log in to post
Load new posts
  • M

    Pfsense embedded as hotspot: squid logging to syslog

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    jimpJ
    Check the doc wiki (link in my sig) for the phpservice package, the example talks about the snort log but you should be able to use the same method to direct the squid log to syslog as well.
  • N

    Squid AD LDAP authentication

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    Can you open a feature request ticket under pfSense packages to have this added? It shouldn't be hard to do, but may have to wait until some developer time opens up (or someone submits a patch)
  • S

    Snort preprocessor blocking but nothing in alerts

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    What pfsense version are you running? If it's v.2 Beta, check Snort > Alerts tab if the "Default is On" option is ticked.
  • T

    Snort no tabs Rule, Categorie and Serveur

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    Squid in transparent mode + PPTP Issue

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    Squid log rotation. Basic infos

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    C
    Thanks for your help guys
  • S

    IMSpector V2

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    Anyone ?
  • S

    Igmpproxy noworking

    Locked
    67
    0 Votes
    67 Posts
    58k Views
    E
    The first packet indeed looks weird. Can you send me off-list: packet captures from downstream and upstream for the same time frame. what you see in System->Logs for the same time frame. Regarding 2.0 - several people reported that igmpproxy worked for 2.0 though I've never tested it.
  • P

    How i install nod32,avg,avira on pfsense?

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    Cry HavokC
    To what end?  What do you want to do with them? Oh, and you'd install them by following the instructions that came with them.
  • V

    Proxy filter

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    Ntop 4

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    I don't know, I'm not sure I've heard of anyone trying. If it works on FreeBSD, the chances are good that it would work on pfSense, so long as you don't need GUI integration.
  • V

    Bock URL ????

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    cyber7C
    Hi vinhk20119 the short answer, YES… The long answer: Install SQUID/SQUIDGUARD and do it though this. Kind regards Aubrey Kloppers
  • R

    Squid - Dynamics CRM client blocked

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    R
    sorry, this actually started again - if anyone has any ideas on what it could be please post up Thanks
  • L

    Debian proxy + pfsense Squid guard is it possible ?

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    D
    1. Install & configure pfSense. 2. Install configure & Squid, setup you debian proxy as parent for Squid. 3. Install configure & squidGuard All examples exists in the forum and FAQ.
  • H

    Bandwidthd Day changing

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • cyber7C

    Squid - How to stop loggin a single ip? - SOLVED!

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • V

    How to make a crontab for backup aliases, rules everyday?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    B
    This pretty much outlines your options: http://doc.pfsense.org/index.php/Remote_Config_Backup
  • L

    Squid - reverse proxy?

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    L
    well, after a while i give up as time was precious. i then spotted the apache server with mod security package (reverse proxy etc) and decided to have a go at this. out went squid and in came apache (this is on an alix 2d3 with cf) i had this horrible feeling that it was too much for the poor old alix and this was confirmed by the amount of packages etc that it installed with it. the alix started to creak and i couldn't access the web config. it became so unresponsive, i couldn't hardly do anything with it. so, from the shell….. lots of pkg_delete -f -a with lots of /etc/rc.conf_mount_rw after about 7 runs, i finally clear everything out so no packages. i even delete the remaining traces of them. i'm on the net but no web configurator. a check of the logs reveals missing dependancies. no prob's, i have another pfsense and i copy the missing shared files over. but still, no web configurator. it's starting to beat me now. i have a config backup etc so i keep ploding away. everything is working fine but the web configurator. ummm, check the config and i can't see any port under webgui so i add a <port>443 in front of</port> thinking that's why i couldn't get onto it. crash.... now i'm really stuffed, no web either now. i'm off the net with a few choice words. i now remember, i tried an upgrade to v2 and had that on the other slice (silly me, why didn't i duplicate it back to 1.2.3 before all of this? lesson learnt! won't happen again!) maybe time to upgrade to v2 as i have this other slice....... no, i get the usual probs with it not remembering vlans etc. no prob's, i will configure it with minimal lan and from there, install backup config. no, it's beat me again with "a scalar value error" and just won't let any lan be configured under v2. shock horror..... i don't want to remove the cf card and reinstall etc. i'm not on the internet at this time and i haven't got a copy of pfsense with me. so, now i'm back into the config and removing the <port>443 and pfsense is back up but still no web config. and then it hit me....... try an upgrade with v1.2.3 on the v2 slice that doesn't work. so i upgrade this slice to 1.2.3 and voila...... pfsense is backup and running with web config. phew! moral of the story? 1. have a working opposite slice & config backup before adding any packages 2. don't go against your better judgement (me by loading apache etc on an alix) unless you have time to spare 3. don't panic. sit back and think it out and you can get there in the end. you learn a bit too! now.... how can i waste my next sunday?</port>
  • B

    Snort update issue

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    B
    Is nobody else seeing this, I notice another post relating to this but for pfSense V1.2.3, the common factor is the Snort package version. I had to manually install the rules but this isn't my first choice of ways to pass the time. I'd appreciate it if anyone running V1.35 could try to update and post the result (PS although my version says 1.35 on the package page the package reports v1.34 - and yes I have re-installed three times).
  • S

    Snort, Help Blocking Anonymous Proxy Usage

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    L
    have you also tried using opendns as your forwarders? then just set a firewall rule that only opendns can be used. i find opendns quite effective and it's another layer for them to try and overcome.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.