pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

4k Topics

21k Posts

F

@JonathanLee @JonathanLee said in Squidguard problem after upgrading from version 2.7.2 to version 2.8.0: you could always turn off save settings on squid and squid guard and delete the package and reinstall I tried this and it still doesn't work. Unfortunately, I think I'll have to reinstall. I want to download the pfsense 2.8.0 installation file But it seems that it has changed because it requires registration and a network connection during installation Is there a way to download and install version 2.8.0 without registration Like in previous versions ??
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

2k Topics

16k Posts

M

Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

571 Topics

3k Posts

D

@Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.
pfBlockerNG

Discussions about the pfBlockerNG package

3k Topics

20k Posts

K

@jrey said in pfBlockerNG syslog logentries to remote SIEM: @keyser I so want to answer this, but then at the same time (no I don't) ... pfblocker using syslog messaging in real time. no tailing of files, no other packages, just code. Huuuh? That seems very very interesting I noticed your name in other posts around the forum where you seemed to be QUITE proficient at coding/developing. Are you by any chance considering involvement in developing and refining the pfBlockerNG package? It would be SO great if you are looking into adding native syslog to the pfBlockerNG package - or an easy workaround that does not require additional packages and “temporary” edits in files that does not survive service restarts or pfSense updates. Here’s that you will fill me/us in on the solution you are using to your Greylog - please, pretty please with sugar on top
UPS Tools

Discussions about Network UPS Tools and APCUPSD packages for pfSense

101 Topics

2k Posts

D

@jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

496 Topics

3k Posts

R

@provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.
FRR

Discussions about the FRR Dynamic Routing package on pfSense

294 Topics

1k Posts

Y

said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1
Tailscale

Discussions about the Tailscale package

90 Topics

606 Posts

M

@yobyot I've SSHed into pfsense and for the sake of testing I've simply run the command: tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense Note the preauthorized=true and ephemeral=false I gave this key all permissions (temporarly as I just wanted to verify it's working) of course I had to register the tag used also in the ACL tags pane: https://login.tailscale.com/admin/acls/visual/tags so far so good
WireGuard

Discussions about WireGuard

697 Topics

4k Posts

L

I took some days before reporting again... Since then I installed: 25.07.1-RELEASE (amd64) built on Fri Aug 15 20:42:00 CEST 2025, and the issue re-appeared but did not (yet) clear by itself. Wireguard works well, that system has only one tunnel with another site, using interface assigned mode. I depend on it, and it works flawlessly. Yet the wireguard configuration page, its status page as well as the services widget on the dashboard, all report the Wireguard service as stopped, with the usual icon to start it. On the dashboard the gateways widget shows Pending for the IPv4 and IPv6 wireguard gateways. On the other hand, and it is logical as the packets do flow through the tunnel, the Wireguard widget on the dashboard shows the tunnel up with traffic. To be complete, the watchdog service, if wireguard is configured there, spend its life at detecting wireguard stopped and attempting to start it, which does not work. The other side of the tunnel is still on 25.07-RELEASE (amd64). I'm reluctant to upgrade that side too, with fear to loose the wireguard tunnel altogether. Aren't there any logs from that wireguard package? I can't find anything of that kind.

I

Snort rule disable and enable button not working/all rules enabled/rule format

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

3k Views

I

one possible cause for this that i have found: I was testing the cron command that updates the rules by running it manually. The first time i got a few duplicate SID warnings. I went and disabled a few rules and re-enabled them and ran it again and got a bit different output. Line 15 is: enablesid Line 19 is: disablesid I then went and disabled/reenabled a few more rules, and when i ran the update command i got more of the WARNING: line xx in your oinkmaster_blah.conf is invalid. All of the warning lines were either "enablesid" or "disablesid" with nothing more. Each time i disabled a rule and ran the update, it would add one more "disablesid" to the /usr/local/etc/snort/snort_<interface_id>/oinkmaster_<interface_id>.conf file and each time i enabled a rule and ran the update it would add one more "enablesid" to the same file. I'm not sure how this relates to the problem, but it seems like snort is not able to keep track of which rules are enabled/disabled properly and when it merges the updates with the current rules it formats them in a way that the web interface cannot handle. Output below and the oinkmaster_blah.conf at the bottom: first time: [2.1-DEVELOPMENT][admin@pfsense]/root(19): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log WARNING: duplicate SID: 3017 (discarding old) WARNING: duplicate SID: 17462 (discarding old) cp: /usr/local/etc/snort/generators: No such file or directory cp: /usr/local/etc/snort/sid: No such file or directory rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory ls: /tmp/snort.sh.pid: No such file or directory rm: /tmp/snort_download_halt.pid: No such file or directory second time: [2.1-DEVELOPMENT][admin@pfsense]/root(19): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log WARNING: duplicate SID: 3017 (discarding old) WARNING: duplicate SID: 17462 (discarding old) cp: /usr/local/etc/snort/generators: No such file or directory cp: /usr/local/etc/snort/sid: No such file or directory Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring Copying rules from /usr/local/etc/snort/rules… 76 files copied. Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Processing downloaded rules... WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev' disabled 0, enabled 0, modified 0, total=18870 Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Comparing new files to the old ones... done. Updating local rules files... done. rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory ls: /tmp/snort.sh.pid: No such file or directory rm: /tmp/snort_download_halt.pid: No such file or directory third time: [2.1-DEVELOPMENT][admin@pfsense]/root(24): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log WARNING: duplicate SID: 3017 (discarding old) WARNING: duplicate SID: 17462 (discarding old) cp: /usr/local/etc/snort/generators: No such file or directory cp: /usr/local/etc/snort/sid: No such file or directory Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 16 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 17 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 18 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 20 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 21 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 22 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 26 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 27 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 28 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 29 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 30 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 31 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 32 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 33 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring Copying rules from /usr/local/etc/snort/rules… 76 files copied. Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Processing downloaded rules... WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev' disabled 0, enabled 0, modified 0, total=18870 Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Comparing new files to the old ones... done. Updating local rules files... done. rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory ls: /tmp/snort.sh.pid: No such file or directory rm: /tmp/snort_download_halt.pid: No such file or directory fourth time: [2.1-DEVELOPMENT][admin@pfsense]/root(33): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log WARNING: duplicate SID: 3017 (discarding old) WARNING: duplicate SID: 17462 (discarding old) cp: /usr/local/etc/snort/generators: No such file or directory cp: /usr/local/etc/snort/sid: No such file or directory Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 16 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 17 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 18 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 20 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 21 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 22 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 23 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 27 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 28 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 29 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 30 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 31 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 32 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 33 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 34 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring WARNING: line 35 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring Copying rules from /usr/local/etc/snort/rules… 76 files copied. Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Processing downloaded rules... WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev' disabled 0, enabled 0, modified 0, total=18870 Setting up rules structures... WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually! WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually! done. Comparing new files to the old ones... done. Updating local rules files... done. rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory ls: /tmp/snort.sh.pid: No such file or directory rm: /tmp/snort_download_halt.pid: No such file or directory [2.1-DEVELOPMENT][admin@pfsense]/root(35): cat /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf ########################################### # # this is auto generated on snort updates # # ########################################### path = /bin:/usr/bin:/usr/local/bin update_files = .rules$|.config$|.conf$|.txt$|.map$ url = dir:///usr/local/etc/snort/rules enablesid enablesid enablesid enablesid enablesid enablesid enablesid enablesid enablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid disablesid</interface_id></interface_id>
M

Snort[55970] exiting

Watching Ignoring Scheduled Pinned Locked Moved
17

0 Votes

17 Posts

6k Views

M

I've been running 2.0-RC3 (i386) built on Sat Sep 10 17:10:54 EDT 2011 for 2 days, 03:19 w/ no exits and limited rule categories. So far so good. I'm hopeful that 2.0 final will workout fine since seeing swinn's post. [image: snort-categories-firewall.jpg] [image: snort-categories-firewall.jpg_thumb] [image: snort-categories-firewall2.jpg] [image: snort-categories-firewall2.jpg_thumb]
N

Lusca crashing on latest RC

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

4k Views

N

@marcelloc: if it is squid, take a look at cache.log for detailed error message That's where it was taken from.
D

Install python in nanobsd

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

2k Views

M

danesco, I know it's not the best answer you want to see but did you try to write it in php? If you use xmlrpc or just a php to change config file it will work and php is native in pfsense. att, Marcello Coutinho
A

[squidGuard ] block youtube, but video embedded in whitelisted websites

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

2k Views

J

Last time we looked at this (when a support customer asked) it looked like all of the youtube content, whether it was hosted or not, came from the same CDN. So there was no way to block videos from youtube but allow certain embedded videos.
J

Ntop is out of date?

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

4k Views

J

You didn't give nearly enough information to even guess at what help. Are you on 1.2.3? 2.0? i386? amd64? What version of ntop is running? Also just because it's unsupported by ntop does not mean it doesn't function correctly and do what needs to be done.
T

Prevent Squid from Caching?

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

3k Views

J

If you use squidguard or some of squid's access control/limiting features, then it's definitely normal. It is very common to run squid with no caching (use the null cache option mentioned by Tikimotel) especially on ALIX if you just want to use squidguard for controlling web access.
W

Setting up transparent proxy on LAN server

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

2k Views

C

Have you tried searching the forum? There have been any number of threads on this, including this one. The standard for telling clients what proxy to use is called WPAD. It is trivial to set up and just about all modern browsers support it.
T

Unbound-ipblocklist-countryblock errors

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

M

After rebuilding my pfSense system I tried reinstalling Country Block; it says the service is running, but I can get to websites hosted in Taiwan and Korea, so it doesn't seem to really be working. I guess I'll wait for the next version.
I

Two Packages I'd like to see developed

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

1k Views

T

http://forum.pfsense.org/index.php/topic,6.0.html
D

SNORT update problem

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

4k Views

E

I am not sure the status of snort on 1.2.3 but on 2.0 it works out.
A

Squid Guard Rewrite expression

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

2k Views

D

Try this Pattern (http://.//.) replace \1/
C

VPN Interface

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

1k Views

J

No, there isn't anything like that. You could look at running something like openvpn-als/adito on an internal box but AFAIK there isn't a good solid open source browser-based SSL VPN that is feasible to install on pfSense.
H

Snort does not start, period.

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

3k Views

N

I am running 2.0-RC3 (amd64) and snort seems to be running fine after the last reinstall (uninstall then install) fixed the port scan blocking .
A

Snort fatal error after upgrade - Stream5

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

5k Views

M

Uninstall and reinstall took care of it - it's running again. Thanks for your help ermal !!
N

Snort Port Scan

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

V

skype didn´t block, too.
A

Bug in Snort?

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

2k Views

E

Check the other thread.
B

Snort rules version versus Snort version – not matching up anymore ??

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

4k Views

E

Continue on the other thread please.
S

IP-Blocklist Issues… Maybe Bug.

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

1k Views

S

Anther issue that i found is that I can not delete under the white list tab the entry's using chrome. I have to use firefox to do it. Running Slackware 13.37 x86_64
S

IP-Blocklist white list help

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

974 Views

S

Done Thanks.

308 / 464