1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: I’m surprised to see in my logs only one blocked IP, which is related to my TrueNAS I'll decode this one : @jeremyc311 said in pfBlockerNG-devel 3.2.8 service pfb_dnsbl don't start: Aug 5 09:01:14,1770008712,bxe1,LAN,block,4,17,UDP,192.168.2.13,116.147.64.181,51765,51413,out,Unk,pfB_PRI1_v4,116.146.0.0/15,ET_Block_v4,Unknown,truenasr740,null,+ Traffic, coming into LAN, from a LAN device (192.168.2.13 = your TrueNAS) going to a Chinise ( 116.147.64.181 ) Brazilian ( 177.72.195.114 - = next line ) was blocked by the "pfB_PRI1_v4" list. That's probably good thing ? ( ! ). Up to you to discover why your NAS should initiate connections to these countries. A NAS can go outside for maintenance purposes, for example to look for updates of it's system. These could be located anywhere of course. The GeoIP IP created a rule for you. How and where do you use that this rule ?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @jwt said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: installed or upgraded? 2.7.2 was installed first from iso then upgraded to 2.8 then config restored - that resolved the issue. @jwt said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: more details here would be good. no details - unfortunately installer doesn't provide any logs or troubleshooting info, except "unable to contact netgate servers" during install. Despite same PPPoE username and password specified in the initial prompt as used during normal operations.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    595 Posts
    E
    Updated CE 2.7.2 to 1.86.2_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.2_1.pkg Freshports

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Since my upgrade to 25.07-RELEASE (amd64) built on Tue Jul 22 22:24:00 CEST 2025 FreeBSD 15.0-CURRENT, on one end of my most important tunnel, the tunnel still works fine, but the pfSense GUI keeps reporting the service as stopped. I had to remove its monitoring from the Service Watchdog which was also trying to start it, without success. Yet the trafic flows correctly. I'm holding off upgrading my other boxes. Is there something I could do to help diagnose?
Log in to post
Load new posts
  • F

    LDAP with Squid

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    Typically options such as LDAP support that create added dependencies on fairly 'heavyweight' libraries are disabled by default in FreeBSD ports - and are therefore disabled in the FreeBSD package. This is to avoid pulling in a load of unnecessary baggage that many will not use, also there are at least four options for the OpenLDAP client libraries (2.3 or 2.4; in either case with or without SASL). The www/squid30 port does have an LDAP option that you can set, but you'll need a FreeBSD box (or virtual machine) to build a suitable package, and you're on your own so far as getting the LDAP features going in pfSense.
  • D

    Squid and "Do not cache" option

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    ?
    In squid < 3.0, you want the no_cache directive. Usage  no_cache deny|allow aclname Description A list of ACL elements, which, if matched, cause the reply to be immediately, removed from the cache. In other words, use this to force certain objects to never be cached. Default acl QUERY urlpath_regex cgi-bin ? no_cache deny QUERY The word 'DENY' is to indicate the ACL names, which should NOT be cached Example acl DENYPAGE urlpath_regex Servlet no_cache deny DENYPAGE The DENYPAGE acl assures that the url containing Servlet will NOT be cached.
  • J

    Spamd listening port?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    J
    And thus my spam increase issue thanks to comcast blocking 25 both ways.  Thanks for the info.
  • J

    Flush/Clear SQUID Cache.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    [p3scan] Target ip error!

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    N
    @NicolaPaone: @ron: firewall, It will be a few days possibly, but I'll put together a new update to the p3scan package shortly that fixes your issue.  I got approval from the original pfSense package maintainer to take over the maintainership, and I've been working on an update to the package.  The issue you are seeing is that the original p3scan-pf port does not correctly account for the packet redirect when using the PF redirection (i.e. the code doesn't look up the original sender IP address correctly in the TCP packet when using it in transparent mode, and it then sees itself as the original packer sender which loops).  The issue has nothing to do with the pfSense package, and is a bug in the base p3scan port to FreeBSD.  I have fixed it and have it working on one of my systems now.  I just need some time to get the patches together. I also have an update to the ClamAV pfSense package coming too that goes with this for AV scanning.  I'll have to get someone in the coreteam to post the updates when they are ready. Regards, Ron Hello everyone, I too found the bugs in question … I even tried to compile the package p3scan, but nothing ... Under linux (debian), no problem ... everything works the first blow. I believe both bugs p3scan for BSD. If I may give you a hand, I'm happy to collaborate with you. Let me know .... @Ron news???
  • C

    IMSpector: Whitelist full access not working for MSN

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Changing ftp local packages???

    Locked
    15
    0 Votes
    15 Posts
    16k Views
    X
    I don't know what dependancies exist with my pb so which command is dangerous ?
  • C

    Does IMSpector in Pfsense supports to mail out the LOG ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    You would have to write a shell script. If using file logging the logs would be stored in /var/imspector
  • P

    Snort memory leak ?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P
    You were right, the first time I increased memory I did not add enough Finally, I add 400M Memory and is working fine now, thanks for your help
  • X

    Can't install WGET package (or other one)

    Locked
    11
    0 Votes
    11 Posts
    15k Views
    X
    In the beginning I want to correct my problem starting, because I can not install any package. (I am not against the use of fetch)
  • B

    LightSquid Configuration / DNS Name Issues

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    D
    Check working with 'Demo  - return AUTHNAME, else DNSNAME, else IP  ' But any changing 'IP resolve method (future)' option take effect for new refreshing.
  • E

    Squid configuration

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC
    (This belongs in the Packages forum) Yes, there is a GUI - try installing Squid and have a look.
  • F

    Browse with our without proxy settings

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    I think this is the awnser: As you can see, pressing reload in Netscape (and some other browsers) doesn't simply re-fetch the page, it forces the cache not to serve the cached page. Many people doing tests of how the cache increases performance simply press reload, and believe that there has been no change in speed. The cache is, in fact, re-downloading the page from the origin server, so a speed increase is impossible. To test the cache properly you need two machines setup to access the cache, and a page that does not contain do not cache me headers. Pages that use ASP often include headers that force Squid not to cache the page, even if the authors are not aware of it's implications. So, to test the cache, choose a site that is off your local network (for a marked change, choose one in a different country) and access it from the first machine. Once it has download, change to the second machine and re-download the page. Once the page has downloaded there, check that the page is marked as a 'HIT' (in the file called access.log - the basics of which are covered earlier in this book). If the second accesses were marked as misses, it is probably because the origin server is asking Squid not to cache the page. Try a different page and see difference the cache makes to browsing speed. Many people are looking for an increase in performance on problem pages, since this is when people believe that they are getting the short end of the stick. If you choose a site that is too close, you may only be able to see a difference in the speed in the transaction-time field of the access.log.
  • J

    Squid working?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    F
    I've the same thing. When I go to sites were are pictures to download with a slideshow, and I go back to the same URL, it seems that the pictures are not comming from the proxy but directly from the internet. Can this be a bug?
  • D

    SquidGuard update

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    D
    @Monoecus: I noticed one typo in the explanations above the blacklist sections: 4-all rule('allow' ro 'deny') should be an 'or' right? Besides, I saw that the Shallalist has been updated with new categories. Thanks must be "4-all rule('allow' or 'deny')" About Shallalist - this not my work  ???.
  • S

    New version of snort

    Locked
    12
    0 Votes
    12 Posts
    6k Views
    J
    Did you guys figure this out? I'm getting the same error now. It happens while snort is loading the rules, right after startup.
  • G

    SQUID 2.6.18.1 / cannot browse specific pages ?

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    G
    Coming back to the reply of "Perry" Also i can confirm the problem http://www.squid-cache.org/bugs/show_bug.cgi?id=2342 Collected the data and as fare what i can see it is a http 1.0 / http 1.1 problem (Attach doc's) Is the http 1.0 / http 1.1 problem caused by the server or by SQUID or by PFSense I have to apologize but I am not a network specialist and do use SQUID somehow as "blackbox" regards Günther
  • B

    HOWTO : configure freeradius

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    What are you wanting to do with FreeRADIUS? Are you trying to do something with the pfSense captive portal, or are you wanting to use it for wireless network authentication? There's many ways to configure FreeRADIUS - but only you know what you want to do. I don't use FreeRADIUS on pfSense, but I do maintain the FreeRADIUS packages for FreeBSD (which, amongst other things, underpins FreeRADIUS on pfSense) and I use FreeRADIUS on one of my FreeBSD servers. When I get the time, I will try to set up the pfSense FreeRADIUS package to see what it can do - but I have so many things to be getting on with at present.
  • M

    Manual download of Snort rules

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    Ah well, thanks. :-) I'll try Snort on some better hardware.
  • M

    Transparent bridge mode to DMZ, and NAT to private LAN, and Snort?

    Locked
    2
    0 Votes
    2 Posts
    7k Views
    M
    Well, I've got pfSense bridging the WAN to the DMZ whilst NATting the Private LAN. So far so good. I'm trying to get Snort working now. I must say that pfSense is an excellent firewall; it is remarkably flexible and has a vast range of configuration options. Well done!!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.