1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    Y
    You can run via SSH or Diagnostics -> Command prompt squid -k parse and paste output here.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    JeGrJ
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix. Yeah, that may be, but if you install packages with dependencies on the console rather then the package manager, those may have (old) dependencies for specific versions. So if that crowdsec package has a dependency on an older pfsense base package or something like that and you install any other package (like Acme) which may collide with that, the package manager makes a decision to solve the conflict. Not always the most sane one - sure - but that's like any other distro out there. Manually installing packages on the console always may get you into dependency hell :) Just saying, because now it was acme, next time it could easily be some other package triggering such an effect. Cheers

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    606 Posts
    M
    @yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good

  • Discussions about WireGuard

    697 Topics
    4k Posts
    lvrmscL
    Same here. It started after I installed 25.07. Then it settled down by itself after a few days. It started again after upgrading to 25.07.1. WireGuard works fine (it merely connects to the remote site from this one). However, I am refraining from upgrading the remote, because if the 'service' does not start, I fear it will not listen to incoming connections, which would leave me in a difficult situation. The other topic I had opened before finding this: https://forum.netgate.com/topic/198449/25.07-release-amd64-wireguard-service-reported-stopped-yet-tunnel-trafic-clearly-is-ok
Log in to post
Load new posts
  • C

    Enable module ecap for squid3

    1
    0 Votes
    1 Posts
    754 Views
    No one has replied
  • W

    Strange IP in Squid.conf

    1
    0 Votes
    1 Posts
    633 Views
    No one has replied
  • J

    Transparent HTTP/HTTPs filtering with NSFilter

    11
    0 Votes
    11 Posts
    3k Views
    J
    Just wanted to update the thread to let everyone know that we have added support for pfSense 2.2, the installation is exactly the same as the previous versions.  Here is a brief rundown of current features: DNS Filtering:   Domain name categorization using realtime cloud categorization service   User/Group/IP based policies   Local Domain Override (*New, overrides DNS lookups to alternate server for specified domains, ie mydomain.com uses 192.168.1.1 vs 8.8.8.8 for everything else).   Customizable Block Pages HTTP/HTTPS filtering:   URL categorization using realtime cloud categorization service   Transparent mode supported   User/Group/IP based policies   Force Safesearch (Google/Yahoo/Bing)   Youtube for Schools   URL Black/White lists   Content Type Black/White lists   File Pattern Black/White lists   Customizable Block Pages Authentication:   LDAP integration   Domain Controller Agent (In development, this will allow users to automatically authenticate to NSFilter when logging in successfully to the domain). Please let us know if there are any features you would be interested in trying or like to see about having added to NSFilter, we are always looking to improve. Also if there are any of you testing 2.2 if you would like to give NSFilter a try, we would love to get some more data points on running on the new platform. Thanks, Adam
  • F

    Exclude user from safe search

    2
    0 Votes
    2 Posts
    506 Views
    F
    ;D I found the solution : for safe search the Common ACL group take the precedence over Group ACl so you need to disable it in Common ACL and apply it in whatever group inside Group ACl that's work for me
  • M

    SquidGuard ACL

    3
    0 Votes
    3 Posts
    871 Views
    M
    You get a happy face karma for your efforts.  Thanks.  8)
  • V

    Squid and Firewall Rules - FailOver(Help)

    1
    0 Votes
    1 Posts
    481 Views
    No one has replied
  • denningsrogueD

    Snort Reinstall Failure!

    4
    0 Votes
    4 Posts
    965 Views
    bmeeksB
    @pfff: Hi Thank you so much Bill for all your great work on Snort and Suricata! I ran into a problem 1-2 months ago with Snort before I switched to Suricata and just never found the time to report it. I was updating Snort and the installation script proceeded as usual to remove the old package but then my internet connection failed and the new package couldn't be downloaded and the installation aborted leaving me with no Snort at all. Perhaps it would be better to download the package first and only then proceed with the actual installation. I'm not sure if this issue is still present or related to the above post because I can't see the screenshot but I thought I'd report it. Suricata is working great, thanks again. The process for downloading and installing packages is handled by the pfSense core code.  The packages themselves have no control over that.  There have been suggestions for improvements in this area posted on the pfSense Redmine Bug Tracking site.  One of those suggestions was to first download and verify the new package before removing the old one. Bill
  • P

    Blinkled stops working since upgrading to 2.1

    5
    0 Votes
    5 Posts
    1k Views
    N
    Hi, Has anyone found a fix for the problem?.  I have pfsense 2.1.5-Release with Blinkled 0.4.3.  It installed without problems and run for a few days before the Led 2 or 3 will stopped working or blink continuously for no reason. I need to reboot the unit or go to the Blinkled interface page and click "Save" to get it working again.  This will fail again in a few days time.
  • N

    Varnish on NanoBSD pfSense

    2
    0 Votes
    2 Posts
    564 Views
    N
    No one can answer this simple question? :-[
  • L

    Snort not working

    5
    0 Votes
    5 Posts
    2k Views
    L
    @bmeeks: @laptopdude90: @bmeeks: @laptopdude90: Snort is only detecting http_inspect. It's always 'http_inspect: UNKNOWN METHOD' or 'http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE'. I've tried using IDSWakeup, which didn't trigger anything. I also tried an online port scanner, which didn't trigger anything. I have set snort up listening on the WAN port. I should probably note that my ISP requires me to set up a virtual WAN port on VLAN 35, and that is what snort is listening on. Screenshots: http://imgur.com/a/BtYoq Yes, I have updated the rules, and I have restarted Snort. Those are very common false positives.  Did you read the threads here in the Packages sub-forum about generating a Suppress List so that the known false positives don't trigger?  Search this forum for threads about Suppress List generation. Do you have blocking enabled on your interfaces?  You set this on the INTERFACE settings tab. Bill The problem isn't the false positives, it's the fact that they're the only things that trigger. What do you mean about this blocking interfaces thing? Where do I find it? 1.  From the pfSense menu, choose Services…Snort. 2.  When the Snort tabs appear, either double-click on a selected interface or click the "e" icon to edit that interface. 3.  The action in #2 above will open a new set of tabs for that specific interface's configuration.  On the SETTINGS tab you will find checkboxes for enabling the blocking of offenders. You can see what blocks have been put in place by clicking the BLOCKED tab. Where do you have Snort configured? Is it on the WAN interface or another one?  And how specifically did you run the IDSWakeup test?  Did you run that from a remote machine and target the firewall interface where Snort was running?  Depending on where you browse to and the amount of traffic on your network, it is quite common to have few Snort alerts.  For instance, on my home LAN where Snort is configured on the WAN and LAN, I get maybe one LAN alert per week because there is just me and my wife surfing and we have only a few favorite sites we visit.  On the WAN side I get a number of alerts per hour from some IP blacklists using the IP REPUTATION preprocessor. Bill Blocking is turned off. Snort is configured on the WAN interface. I ran the test from my father's network on my linux laptop, directed toward my IP.
  • T

    Squid3-dev SSL MITM Proxy Mode Not Working

    1
    0 Votes
    1 Posts
    840 Views
    No one has replied
  • F

    Cron Package - Add label to scheduled command?

    1
    0 Votes
    1 Posts
    549 Views
    No one has replied
  • 2

    How do I get squid to work with OpenVPN clients

    1
    0 Votes
    1 Posts
    775 Views
    No one has replied
  • R

    Slow speed on "some?" pages. SQUID

    3
    0 Votes
    3 Posts
    1k Views
    R
    Hi, thanks for your replay. I changed "Memory cache size" from 8 to 512, and after that it started loading pages at exceptional speed, then changed it back to 8 just to test and it kept loading the page fast. Weird behavior since i have the "Hard disk cache system" to null this whole time, Anyway its working fine and i have no idea why  :-X :-\ Thanks for the help.
  • R

    FreeRadius 2.X & OTP Authentication

    4
    0 Votes
    4 Posts
    2k Views
    R
    Sorry I can't remind what I've done to make it works. It was a misconfiguration very stupid…  Can you show me your configuration I will tell what's different with mine.
  • C

    Add packages to pfs 2.1.5?

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    You should probably use the 8.3 link instead for future pkg adds. When you install a pkg, you might need to run the following command (your reboot also fixed it) after you install the pkg for the pkg to be accessible. rehash
  • S

    Bacula-client service fails to start on boot

    4
    0 Votes
    4 Posts
    3k Views
    D
    My fix: mkdir /usr/local/bacula/ chown bacula:bacula /usr/local/bacula Run vipw from the command line and adjust the home directory for bacula to be the above mentioned directory. That is insufficient to get the correct WorkingDirectory value in bacula-fd.conf file. The path, /var/db/bacula is hardcoded at https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc Is that the problem?  I believe so.  If I edit /usr/local/pkg/bacula-client.inc and put the new path in there, the correct configuration is saved. In addition, all instances of BACULA_LOCALBASE . /etc/bacula-fd.conf in /usr/local/pkg/bacula-client.inc needs to be BACULA_LOCALBASE . /etc/bacula/bacula-fd.conf NOW it runs: [2.1.5-RELEASE][admin@pfsense.unixathome.org]/cf(110): ps auwx | grep bacula root    6659  0.0  0.3 28864  5756  ??  Is  12:56PM  0:00.00 /usr/pbi/bacula-amd64/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/etc/bacula/bacula-fd.conf root    9672  0.0  0.1  6088  1400  1  R+  12:56PM  0:00.00 grep bacula In addition, the code seems to append -dir to the Director Name via pkg_edit.php?xml=bacula-client.xml&act=edit&id=0 Hope this helps to fix this bug.
  • G

    Snort 2.9.6.2 update 3.1.2 stopped working

    18
    0 Votes
    18 Posts
    2k Views
    G
    Hi, I don't know how, but it took a while, now is working fine as I had it before. Solved!
  • L

    New package submitted for OSSEC server

    8
    0 Votes
    8 Posts
    5k Views
    E
    hello all, that's good news, I'm waiting to test this package where I can download ?
  • Z

    Youtube Dyanamic and Update Caching breaks caching

    1
    0 Votes
    1 Posts
    768 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.