Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    573 Posts
    luckman212L

    For 25.07 RC, this worked for me (run sh first)

    [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • System Patches Package v2.2.20_1 / v2.2.11_17

    Pinned
    12
    12 Votes
    12 Posts
    3k Views
    S

    There are new system patches available (2.2.21), maybe I miss the announcement here...
    https://github.com/pfsense/FreeBSD-ports/commit/8ffb307ed8845ebeeba2d00f258fd51256d0e756

    Yes I do...
    https://forum.netgate.com/post/1214795

  • DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    13k Views
    jimpJ

    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2

  • Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O

    PRTG

  • 0 Votes
    5 Posts
    86 Views
    bmeeksB

    @aaronouthier said in Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.:

    Ok, so I've been researching the topic. It seems SO has an integration for PFSense. However, the FreeBSD implementation of Syslog is not optimal for this purpose, as mentioned above.

    Although I am comfortable with CLI Linux, I am effectively a Newbie with regard to BSDs.

    My next question is: What would be the least invasive method as far as the PFSense Box to export just the Suricata logs? I believe I saw an option to log to a Unix Socket. Would that be helpful coupled with something like Netcat? I'm not necessarily looking for help with such a feat, just wondering if such would likely be fruitful, or am I just chasing the infamous wild goose?

    I recommend exporting the EVE JSON log as that will be the most comprehensive. To export to a UNIX socket, change the EVE OUTPUT TYPE setting to UNIX socket. You will need to manually create the socket and give it a name. It will be up to you then to "receive" the socket data stream and redirect it elsewhere (seems you want it remote for your case to Security Onion).

  • Introduce openvpn-auth-oauth2 as pfSense package

    2
    0 Votes
    2 Posts
    68 Views
    A

    @cdal

    This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)

  • How to update to the latest Telegraf version

    9
    0 Votes
    9 Posts
    1k Views
    R

    @rocket

    Updated July 20-2025

    pfsense 24.11 - Telegraf freebsd-15

    pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg

    pfsense 2.7.2 - Telegraf freebsd-14

    pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg

    https://www.freshports.org/net-mgmt/telegraf/#history

  • Updated PIMD package (beta)

    1
    0 Votes
    1 Posts
    68 Views
    No one has replied
  • pfSense-pkg-WireGuard removal failed!

    1
    0 Votes
    1 Posts
    34 Views
    No one has replied
  • 0 Votes
    1 Posts
    29 Views
    No one has replied
  • New widget for the official speedtest.net cli version.

    6
    4 Votes
    6 Posts
    945 Views
    A

    @ameinild Yes, I just confirmed at home that it is still working. I had some icon error right after install, but this seems to be fixed now. 👍

  • crowdsec

    30
    0 Votes
    30 Posts
    1k Views
    dennypageD

    @Zermus said in crowdsec:

    It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it.

    I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.

  • Installing sudo or nano issues?

    13
    0 Votes
    13 Posts
    404 Views
    w0wW

    @MrWhatZitTooya666 said in Installing sudo or nano issues?:

    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-core",
    "pkg+https://pkg.pfsense.org/pfSense_v2_8_0_amd64-pfSense_v2_8_0",

    looks good.

    Try Forced pkg Reinstall

    https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

    To forcefully reinstall all packages, take the following steps:

    Make a backup Clean the repository and forcefully reinstall pkg, repo data, and the upgrade script: pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade Force a reinstall of everything: pkg-static upgrade -f

    Review the list of changes and enter y to proceed

    Manually reboot the firewall

  • Main pfsense package is removed

    1
    0 Votes
    1 Posts
    77 Views
    No one has replied
  • Telegraf and Grafana Dashboards

    5
    4 Votes
    5 Posts
    2k Views
    Sergei_ShablovskyS

    Recently (May-Jun 2025) Grafana received a HUGE update (even possible to saying “reworked from scratch” because some fundamental changes made): from more closely integration with GitLab CVS and making the database abstraction layer to tabs, custom and dynamic dashboards and interactive elements.
    After some time of stagnation, “new Grafana” start to receive a real most asked and usable updates. Just look at this!

    With this new updates Your Grafana’s dashboard for pfSense receive a REALLY USEFUL FORM !

    P.S.
    And personally I need to note that pfSense Dashboard lost their actuality because in Grafana You may receive more usable, dive-in-detailed, much more detailed and granulated, interactive view and (in some cases, more important than view) strongly secured user authentication scheme.

  • 0 Votes
    31 Posts
    2k Views
    johnpozJ

    @dennypage nice! I think the running 3 instances and filtering vlans on 0 (untagged traffic) would eliminate any sort of bogon because the source IP range is different than the actual network being seen on.

  • Telegraf on PFsense Error

    13
    0 Votes
    13 Posts
    590 Views
    P

    @gm2005fl that's great news, and very useful information for those of us (i.e me!) not realising there are different versions InfluxDB :)

  • HA proxy with ssl

    4
    0 Votes
    4 Posts
    238 Views
    R

    @Gertjan said in HA proxy with ssl:

    not mail.contose.com.

    @Gertjan I have 2 isp and mail.contose points to those ip addresses and MX. I am using a linux mail server. I have a DV cert installed on each server. for my web server I have added the following:

    f12dc686-bf5e-4470-893e-fe8317269460-image.png

    6940d697-2a2b-4945-b93b-535c91cf9676-image.png

    and the default backend for that rule is httpswww-copy

  • 0 Votes
    7 Posts
    1k Views
    fireodoF

    @jimp

    Hi,

    as far as I know the lcd driver (LCDd) is connected to the display via USB/Serial/Parallel but the lcdproc process is connected to the driver in this way:

    Bind=127.0.0.1 Port=13666

    Extract from pfctl -ss:

    lo0 tcp 127.0.0.1:20639 -> 127.0.0.1:13666 ESTABLISHED:ESTABLISHED lo0 tcp 127.0.0.1:13666 <- 127.0.0.1:20639 ESTABLISHED:ESTABLISHED

    So there could be a possibility to loose connection when states get killed ... IMHO (If I'm wrong please correct)

    EDIT: I cleared all states and this made the lcdproc also to loose connection flooding the syslog. After restarting lcdproc all fine again.

    Regards,
    fireodo

  • Install OpenRTSP on pfSense

    4
    0 Votes
    4 Posts
    329 Views
    johnpozJ

    @heavymetalforever78 pfsense can for sure run on 1gb of ram - and other VMs could run on far less.. I have both a 2.8 vm and a 24.03 vm running on my nas, they only get 1GB each, etc.

    Don't try running some type 2 VM, run something like esxi or proxmox or something on the hardware..

    To be honest if your goal is a NVR - get an actual NVR.. They use very little power, and are not all that expensive. I see some on amazon for like 60 bucks.. You would have to add some HDD.. but how much can a 2 or 4TB disk cost these days?

    Trying to use your "firewall" as your everything box is never a good idea.

  • TFTP Server WAN Interface

    1
    0 Votes
    1 Posts
    144 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.