1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • L

    FreeRADIUS - pfsense user privileges

    1
    0 Votes
    1 Posts
    848 Views
    No one has replied
  • D

    Snort fatal error on start

    63
    0 Votes
    63 Posts
    15k Views
    bmeeksB
    @amiracle: I found that if you disable the HTTP Inspect component, that ignores the IIS Unicode map and starts Snort without issue. Here's how you disable it: Snort Interface -> Edit your Interface, (mine is named WAN)-> Select the <wan>Preprocs tab, navigate to the HTTP Inspect section and UNCHECK it. That will allow your snort IDS to start back up without issue. I'm running pfSense 2.1.5 with Snort 2.9.7.0 pkg v.3.2.1 on a 4GB CF Card. Additional Troubleshooting: I tried to just limit the webservers in the HTTP Inspect section to just inspect an Apache Web server, and ignore IIS completely.  That did not work and it just failed again, so I just disabled the HTTP inspect section entirely. Error Messages: After enabling Snort via the WebUI, I received the following error message - Dec 21 23:29:57 my.pfsensefirewall.com Dec 21 23:30:00 snort[99416]: FATAL ERROR: /usr/pbi/snort-amd64/etc/snort/snort_xxxx_em0/snort.conf(166) => Did not find specified IIS Unicode codemap in the specified IIS Unicode Map file. ```</wan> You are going to experience more issues with disabling the HTTP_INSPECT preprocessor.  Snort and Suricata are becoming too "big" to install and update reliably on Nano installs of pfSense.  I strongly encourage Snort and Suricata users to stick with full installs on either conventional hard disks or SSD.  Both packages need plenty of free disk space to work (and free RAM). Bill
  • Q

    Stunnel client config in GUI.

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Snort on vpn connections??

    4
    0 Votes
    4 Posts
    2k Views
    bmeeksB
    You may get additional preprocessor or decoder alerts due to the packet structure.  Just add suppress list entries for those. Bill
  • bmeeksB

    Snort 2.9.7.0 – Preview of new OpenAppID feature

    27
    1 Votes
    27 Posts
    18k Views
    bmeeksB
    @Supermule: But it should be so easy if PfSense had Layer 7 inspection built in?? ISA Server had it and it worked like a charm. Tell it to block facebook and it did…Like Snort is doing now, but somehow much more elegant if you know what I mean. I would expect some collections of common app rules to start appearing as this feature becomes more widespread.  Sourcefire (Cisco) just open-sourced this technology in Snort 2.9.7.0.  That's why info is currently scarce. Today it is a little awkward to use because you must write your own rules. OpenAppID uses Lua scripts for the app detection coding.  It might could be adapted into the pf L7 filter one day, but I'm not sure. Bill
  • K

    Lightsquid package?

    3
    0 Votes
    3 Posts
    945 Views
    K
    @marcelloc: Did you tried sarg? No, I haven't, but that's exactly what I'm looking for.  Thanks! Which Squid packages are compatible?
  • T

    [Solved] Google http Problem

    2
    0 Votes
    2 Posts
    798 Views
    T
    Got it Problem was sthat some computer had the name www.google.ch  :P Changed settings of the DNS resolver –> Unchecked "Register DHCP leases in DNS forwarder" and "Register DHCP static mappings in DNS forwarder" cheers Thafener
  • O

    Installation of squidGuard-squid3 FAILED!

    2
    0 Votes
    2 Posts
    1k Views
    KOMK
    System - Advanced - Miscellaneous - Package settings - Package signature - Do NOT check package signature
  • C

    Squid TCP_MISS 100% of the time

    8
    0 Votes
    8 Posts
    3k Views
    H
    same on me.. TCP_MISS always.. :( [image: squid3.jpg] [image: squid3.jpg_thumb]
  • A

    HAVP and sky on demand proxy servers

    1
    0 Votes
    1 Posts
    683 Views
    No one has replied
  • P

    How do sent squid3-dev log to system log or syslog?

    1
    0 Votes
    1 Posts
    472 Views
    No one has replied
  • A

    Block Youtube http and https

    7
    0 Votes
    7 Posts
    1k Views
    A
    Dear it is not blocking https. let me know any other method.
  • G

    BIND Legacy name server ID

    3
    0 Votes
    3 Posts
    943 Views
    G
    Even better, can do the following to disable BIND Legacy name server ID all together. hostname none;
  • bmeeksB

    Preview of two new feautures in upcoming Suricata 2.0.4 pkg v2.1 update

    4
    0 Votes
    4 Posts
    5k Views
    marcellocM
    @charliem: And then change ntopng, suricata, and bind and pfblocker, varnish , pfsense, ….  ;D
  • A

    Email reports - receiving empty email report

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Use the full path to commands. The report doesn't use the search path. So those should be running /usr/local/sbin/smartctl
  • M

    Unbound causing problem

    2
    0 Votes
    2 Posts
    591 Views
    jimpJ
    Is this with the package on 2.1.x, or on 2.2? If it's on 2.2, try posting on the 2.2 board and not the package board.
  • W

    Snort 3.0

    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB
    Yes, I will keep tabs on Snort 3.0.  Hopefully it will make it into pfSense.  The only reason I say "hopefully" is to hedge things in case there is some fundamental kernel level incompatibility or something (not likely, but not impossible). It looks like it will be a while since it is in an early ALPHA stage.  Multithreading Snort with a more "automatic" configuration sounds quite interesting! Bill
  • M

    Squid 3 Not caching.

    4
    0 Votes
    4 Posts
    1k Views
    M
    I am totally lost now. I am not sure why is it not caching anything. The pages are displaying perfectly but nothing is cached. Is there something else that need's to be configured to get the caching working?
  • K

    HTTP to HTTPS Redirect not Working Externally Throught WAN

    1
    0 Votes
    1 Posts
    753 Views
    No one has replied
  • A

    Bandwidthd 2.0.1_5 pkg v.0.5 can't start

    2
    0 Votes
    2 Posts
    932 Views
    N
    I'm posting as I came across the same issue, and figured out the solution. The system log tells you the start/stop script /usr/local/etc/rc.d/bandwidthd.sh Login to the shell, can find out which config file is being used, in my case /usr/pbi/bandwidthd-amd64/bandwidthd/etc/bandwidthd.conf then read the file with line numbers : less -N /usr/pbi/bandwidthd-amd64/bandwidthd/etc/bandwidthd.conf I had : filter ip which should be: filter "ip" <<< double quotes Change using web interface, and it will work. I hope this helps someone regards CJ
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.