1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox I don’t think so, to be honest with you I am on an older version also. Just make sure you do the patch package and install all the system patches.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • D

    Squid does ignore firewall (routing)rules

    1
    0 Votes
    1 Posts
    644 Views
    No one has replied
  • ?

    Pfsense: Snort configuration advice wanted

    3
    0 Votes
    3 Posts
    1k Views
    bmeeksB
    I agree with Wolf666.  Enabling Snort on the LAN for a home firewall is the best choice.  You don't usually have any unsolicited inbound traffic allowed on a home setup, so Snort on the WAN does not really help any more than having it just on the LAN.  What you are more worried about is an internal machine picking up malware and/or that malware calling home to the mother ship for additional instructions.  Snort on the LAN would see this and alert you.  Plus, if you configure the blocking IP to BOTH on the SETTINGS tab for the interface, then the far-end of the conversation will be blocked but the LAN end will not be as it is generally in the default PASS LIST unless you change something.  However, you will see the local IP address as well as the far-end IP in the alert. Bill
  • J

    Snort Blocking IP addresses in my trusted alias list

    2
    0 Votes
    2 Posts
    911 Views
    bmeeksB
    @JohnKap: Hi all. I have an alias set up "Trusted_IPs", with a list of IP addresses I want snort to ignore - 3 in total. Under the Pass Lists tab, I have created a single pass list and included the "Trusted_IPs" alias. (see attached). Snort will block an IP address in the trusted alias list, error messages are: (http_inspect) UNKNOWN METHOD - 11/07/14-09:24:08 (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE - 11/07/14-09:54:34 I have restarted both snort & pfsense to ensure cache's are cleared and tables are updated, yet snort will continue to block. Any ideas what I've overlooked. thanks The best course of action here is to disable those rules entirely.  Click the X beside the GID:SID on the ALERTS tab. That will permanently disable them.  They are well known false positives. The reason you still see blocks may be because of the setting for WHICH IP TO BLOCK on the SETTINGS tab for the interface.  If set to BOTH (the new default), then your PASS LIST IP should not be blocked, but the other end of the conversation will be blocked and thus communcations will still be stopped. Bill
  • H

    Snort UDP Filtered Portscan with OpenVPN

    4
    0 Votes
    4 Posts
    3k Views
    bmeeksB
    @Heli0s: If that's the case, is there a good way to protect my network from port scans? I've tried a few online port scans and some are picked up and some are not. Not that I am aware of.  On the other hand, if you have a carefully configured firewall that allows only exactly what is necessary to get in, why worry about a port scan?  If those ports are not open, so what?  What seems to happen a lot recently is the port scan preprocessor is overly sensitive and triggers on some normal and harmless stuff.  I think in an attempt to reduce the sensitivity and prevent those false positives, some of the older port scans are no longer detected.  So all in all the utility of the port scan preprocessor seems to be degrading in my view. If you still want to use it, then you will need to tinker with all the settings for the preprocessor.  That's why I added them to the GUI several revisions back.  They will allow you to tweak it so maybe it works for you without triggering on too many false positives. Bill
  • T

    Squid3 mutual authentification with client certificate

    9
    0 Votes
    9 Posts
    10k Views
    A
    HEllo I made a patch for reverse-proxy squid3-dev package to allow the peer authentification by certificate. the patch add in the general menu a section to choose the CA autority and the CRL. I didnt find way to call the regeneration of the crl after the crl was modified there are no hooks for that in crl manager the work arround is to save again the reverse-proxy config or to make a php script for the crontab who call squid_regenerate_crl() Regards squid_reverse_inc_patch.txt squid_reverse_general_xml_patch.txt
  • J

    Squid and the Limiter

    6
    0 Votes
    6 Posts
    3k Views
    M
    https://forum.pfsense.org/index.php?topic=59600.30
  • M

    Any news on updates for the Zabbix 2.2 Packages?

    10
    0 Votes
    10 Posts
    3k Views
    B
    Ok, thank you for your reply. I never built a pfSense package before, good to know how it works. Hope the next version will have fixed the glitches and the default will be fine.
  • S

    SNORT Alerts

    9
    0 Votes
    9 Posts
    3k Views
    bmeeksB
    @FlashPan: Thanks bmeeks, I have a small lan but have only ever listened on my Wan interface. Are you saying it's better to listen on Lan just so you can see which internal client is being targeted or responding to something dodgy? I would have thought you would want Wan with all or most rules as it's better to capture or stop elements before it reaches your Lan interface? Hope I'm not starting a Lan, Wan War here now  :P My view for home users is it's better to analyze the LAN traffic so you can easily track down any internal problems by IP address.  Since the usual default for home users is "deny all unsolicited inbound" traffic on the WAN, there is not a huge risk for something coming in that an internal host did not first ask for.  Or stated another way, properly configured and not loaded down with tons of packages, your pfSense firewall itself  (the WAN IP) presents a very limited attack surface.  The bigger worry in my view is all the hosts on the internal networks.  Those are the ones that will be visiting potential problem web sites, downloading files, and opening possibly malicious e-mails. Bill
  • S

    Snort Whitelist question

    3
    0 Votes
    3 Posts
    968 Views
    S
    Thanks Bill, I'll see if I can edit any additional rules or just wait for the newer version.
  • A

    PfBlocker only for a ip range in our network ?

    2
    0 Votes
    2 Posts
    472 Views
    F
    Set pfBlocker to alias only and add firewall rules by hand. Edit: Firefox + Cookie for pfSense forum = Broken for me :|
  • ?

    HAProxy intermediate certificates (unknown issuer, missing chain)

    5
    0 Votes
    5 Posts
    7k Views
    M
    jimp's solution/workaround worked for me. thx
  • H

    Can't update pfSense packages

    3
    0 Votes
    3 Posts
    688 Views
    H
    That worked! Thanks!
  • V

    MailReport

    3
    0 Votes
    3 Posts
    2k Views
    luckman212L
    Having an alert sent out for power-related issues would indeed  be quite useful I think!  Also to tie in to this, it's good to get the alert for gateway failures but I do think it would be beneficial to also get an 'alert' when the failed gateway goes back online
  • D

    Asterisk codec g729 installation

    2
    0 Votes
    2 Posts
    3k Views
    D
    Has anyone succeeded in making G729 run on pfSense??
  • M

    Questions on Status - Squid

    2
    0 Votes
    2 Posts
    771 Views
    F
    One Of the best post i ever seen in this great forum squid is the "most wanted directly after pfsense " stable squid3-dev copy will add significant change to thew whole PFSENSE WORLD
  • H

    Snort destination LAN IP

    2
    0 Votes
    2 Posts
    914 Views
    W
    The only way is to run snort also in LAN (as I do). I use the same rules for both WAN and LAN. There is a long sticky thread with some advises on that.
  • B

    Alix 2d13&pfsense&freeswitch

    1
    0 Votes
    1 Posts
    577 Views
    No one has replied
  • S

    MAilscanner 4.84.6 pkg v.0.2.10 doesn't start

    9
    0 Votes
    9 Posts
    2k Views
    W
    Thanks for the fast reply. It worked for me, thanks
  • E

    Squid-dev 3, squidguard and icap issue recap

    2
    0 Votes
    2 Posts
    897 Views
    E
    Additional : I am using squid in transparent mode
  • F

    Squid transparent proxy blocks skype calls

    8
    0 Votes
    8 Posts
    3k Views
    F
    Skype appears to use HTTPS for much of its connectivity. I expect that it exchanges keys for the call over HTTPS before switching to UDP with encrypted payloads or something like that to send the audio/video. Disabling for specific destination IPs isn't practical - I would have to know what IP addresses any of my friends had who I wanted to call/talk to.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.