Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M

    @Laxarus This worked for me as well. Though I had to search the web how to edit the file (the easiest way).

    Therefore:

    Addition for anyone struggling to find where to edit files on your pfsense system.

    Go to Diagnostics --> Edit File --> insert the location of the file:

    /usr/local/pkg/pfblockerng/pfblockerng.sh

    Go to line number 1232 by filling it in the Go to line field.

    That line should read:

    s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})"

    replace only (leave the rest intact):

    masterfile

    to

    mastercat

    Then follow the above instructions from @Laxarus https://forum.netgate.com/post/1219635

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    572 Posts
    A

    We have a very basic configuration between three locations. All are running Netgate firewalls (1x 4100, 1x 6100 & 1x 4200). All are on the latest firmware (03.00.00.01-2Ct-uc-15) and system versions (24.11-RELEASE).

    The local subnets are as follows:
    4100 - 192.168.5.0/24
    4200 - 192.168.4.0/24
    6100 - 192.168.1.0/24

    The VPN traffic between the 4100 and 4200 is functioning 100% as expected

    The traffic between 6100 and the 4100 works going from the 4100 subnet (192.168.5.0/24) to the 6100 subnet (192.168.1.0/24)

    Traffic from the firewall (i.e. the 6100 device) to the 4100 subnet works (i.e. I can ping any device on the 192.168.5.0/24 subnet from the 6100 firewall) but I cannot ping any device on the 4100 (192.168.5.0/24) subnet from any device on the 6100 subnet (192.168.1.0/24) - other than from the firewall itself.

    All routes are correct, but it seems that traffic from the 192.168.1.0/24 subnet hits the firewall and then gets lost - traceroute shows that it goes off into the internet.

    Note too that the 6100 has IPsec VPN configured on it as well

    Suggestions would be appreciated

    Attached is a zipped pdf file with the relevant screenshots
    Relevant screen shots.zip

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • System Patches Package v2.2.20_1 / v2.2.11_17

    Pinned
    12
    12 Votes
    12 Posts
    3k Views
    S

    There are new system patches available (2.2.21), maybe I miss the announcement here...
    https://github.com/pfsense/FreeBSD-ports/commit/8ffb307ed8845ebeeba2d00f258fd51256d0e756

    Yes I do...
    https://forum.netgate.com/post/1214795

  • DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    13k Views
    jimpJ

    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2

  • Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O

    PRTG

  • 0 Votes
    5 Posts
    84 Views
    bmeeksB

    @aaronouthier said in Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.:

    Ok, so I've been researching the topic. It seems SO has an integration for PFSense. However, the FreeBSD implementation of Syslog is not optimal for this purpose, as mentioned above.

    Although I am comfortable with CLI Linux, I am effectively a Newbie with regard to BSDs.

    My next question is: What would be the least invasive method as far as the PFSense Box to export just the Suricata logs? I believe I saw an option to log to a Unix Socket. Would that be helpful coupled with something like Netcat? I'm not necessarily looking for help with such a feat, just wondering if such would likely be fruitful, or am I just chasing the infamous wild goose?

    I recommend exporting the EVE JSON log as that will be the most comprehensive. To export to a UNIX socket, change the EVE OUTPUT TYPE setting to UNIX socket. You will need to manually create the socket and give it a name. It will be up to you then to "receive" the socket data stream and redirect it elsewhere (seems you want it remote for your case to Security Onion).

  • Introduce openvpn-auth-oauth2 as pfSense package

    2
    0 Votes
    2 Posts
    67 Views
    A

    @cdal

    This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)

  • How to update to the latest Telegraf version

    9
    0 Votes
    9 Posts
    1k Views
    R

    @rocket

    Updated July 20-2025

    pfsense 24.11 - Telegraf freebsd-15

    pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

    pfsense 2.7.2 - Telegraf freebsd-14

    pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

    https://www.freshports.org/net-mgmt/telegraf/#history

  • Updated PIMD package (beta)

    1
    0 Votes
    1 Posts
    61 Views
    No one has replied
  • pfSense-pkg-WireGuard removal failed!

    1
    0 Votes
    1 Posts
    31 Views
    No one has replied
  • 0 Votes
    1 Posts
    29 Views
    No one has replied
  • New widget for the official speedtest.net cli version.

    6
    4 Votes
    6 Posts
    942 Views
    A

    @ameinild Yes, I just confirmed at home that it is still working. I had some icon error right after install, but this seems to be fixed now. 👍

  • crowdsec

    30
    0 Votes
    30 Posts
    1k Views
    dennypageD

    @Zermus said in crowdsec:

    It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it.

    I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.

  • Installing sudo or nano issues?

    13
    0 Votes
    13 Posts
    403 Views
    w0wW

    @MrWhatZitTooya666 said in Installing sudo or nano issues?:

    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-core",
    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-pfSense_v2_8_0",

    looks good.

    Try Forced pkg Reinstall

    https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

    To forcefully reinstall all packages, take the following steps:

    Make a backup Clean the repository and forcefully reinstall pkg, repo data, and the upgrade script: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade Force a reinstall of everything: pkg-static upgrade -f

    Review the list of changes and enter y to proceed

    Manually reboot the firewall

  • Main pfsense package is removed

    1
    0 Votes
    1 Posts
    76 Views
    No one has replied
  • Telegraf and Grafana Dashboards

    5
    4 Votes
    5 Posts
    2k Views
    Sergei_ShablovskyS

    Recently (May-Jun 2025) Grafana received a HUGE update (even possible to saying “reworked from scratch” because some fundamental changes made): from more closely integration with GitLab CVS and making the database abstraction layer to tabs, custom and dynamic dashboards and interactive elements.
    After some time of stagnation, “new Grafana” start to receive a real most asked and usable updates. Just look at this!

    With this new updates Your Grafana’s dashboard for pfSense receive a REALLY USEFUL FORM !

    P.S.
    And personally I need to note that pfSense Dashboard lost their actuality because in Grafana You may receive more usable, dive-in-detailed, much more detailed and granulated, interactive view and (in some cases, more important than view) strongly secured user authentication scheme.

  • 0 Votes
    31 Posts
    2k Views
    johnpozJ

    @dennypage nice! I think the running 3 instances and filtering vlans on 0 (untagged traffic) would eliminate any sort of bogon because the source IP range is different than the actual network being seen on.

  • Telegraf on PFsense Error

    13
    0 Votes
    13 Posts
    588 Views
    P

    @gm2005fl that's great news, and very useful information for those of us (i.e me!) not realising there are different versions InfluxDB :)

  • HA proxy with ssl

    4
    0 Votes
    4 Posts
    236 Views
    R

    @Gertjan said in HA proxy with ssl:

    not mail.contose.com.

    @Gertjan I have 2 isp and mail.contose points to those ip addresses and MX. I am using a linux mail server. I have a DV cert installed on each server. for my web server I have added the following:

    f12dc686-bf5e-4470-893e-fe8317269460-image.png

    6940d697-2a2b-4945-b93b-535c91cf9676-image.png

    and the default backend for that rule is httpswww-copy

  • 0 Votes
    7 Posts
    1k Views
    fireodoF

    @jimp

    Hi,

    as far as I know the lcd driver (LCDd) is connected to the display via USB/Serial/Parallel but the lcdproc process is connected to the driver in this way:

    Bind=127.0.0.1 Port=13666

    Extract from pfctl -ss:

    lo0 tcp 127.0.0.1:20639 -> 127.0.0.1:13666 ESTABLISHED:ESTABLISHED lo0 tcp 127.0.0.1:13666 <- 127.0.0.1:20639 ESTABLISHED:ESTABLISHED

    So there could be a possibility to loose connection when states get killed ... IMHO (If I'm wrong please correct)

    EDIT: I cleared all states and this made the lcdproc also to loose connection flooding the syslog. After restarting lcdproc all fine again.

    Regards,
    fireodo

  • Install OpenRTSP on pfSense

    4
    0 Votes
    4 Posts
    327 Views
    johnpozJ

    @heavymetalforever78 pfsense can for sure run on 1gb of ram - and other VMs could run on far less.. I have both a 2.8 vm and a 24.03 vm running on my nas, they only get 1GB each, etc.

    Don't try running some type 2 VM, run something like esxi or proxmox or something on the hardware..

    To be honest if your goal is a NVR - get an actual NVR.. They use very little power, and are not all that expensive. I see some on amazon for like 60 bucks.. You would have to add some HDD.. but how much can a 2 or 4TB disk cost these days?

    Trying to use your "firewall" as your everything box is never a good idea.

  • TFTP Server WAN Interface

    1
    0 Votes
    1 Posts
    143 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.