1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    KOMK
    @jucelio_rosa Squid runs on 2.8.1 but there was a library bug IIRC. If you manually start squid then check the system log, do you see this error? The command '/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf' returned exit code '1', the output was 'ld-elf.so.1: /usr/local/sbin/squid: Undefined symbol "_ZTVNSt3__117bad_function_callE"'

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @Gertjan said in is something wrong with pfBlockerNG?: "is something wrong with my pfBlockerNG?". First off, thanks for the detail reply. After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. I understand what you are saying & hinting "maybe something is wrong with my settings" - my response is this: Everything was working before i upgraded the pfsense software to " 25.07.1-RELEASE (arm64)" -- Before the update my DNSBL Mode was set as "unbound python mode" and everything worked. Here is my "inference" - something broke in pfBlockerNG after the upgrade and I cannot 100% point to what that setting (my) is? I will observe for some days how this change in DNSBL mode works out and report the findings.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    642 Posts
    C
    For pfSense+ Version 25.0.7 FreeBSD 15.0-CURRENT: I had a recent issue after upgrading Tailscale to 1.90.4 and afterwards rebooting pfSense. Tailscale would not authenticate. After researching, I found a solution and a suggested workflow for future upgrades. First, I was able to get Tailscale to re-authenticate by executing the following commands (Tailscale Service was offline after the reboot): service tailscaled stop tailscale logout sysrc tailscaled_enable="YES" service tailscaled start tailscale up So that you know, here is the AI-generated one-liner for future upgrades on 25.x FreeBSD 15.0-CURRENT systems. I will test with the next available upgrade package: "service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-X.Y.Z.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-X.Y.Z.pkg && rm -f tailscale-X.Y.Z.pkg && sysrc tailscaled_enable="YES" && service tailscaled start && tailscale up && tailscale version && tailscale status"

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • D

    LigHTTPD services shows "Not running"

    1
    0 Votes
    1 Posts
    484 Views
    No one has replied
  • B

    PFSense 2.1.3 AVAHI issue

    2
    0 Votes
    2 Posts
    1k Views
    D
    Hi, if the installation breaks after a specific time, it is usually a timeout issue. This happens in the "extracting" phase, because no data is sent over the wire. This is a problem I had. Avahi is relatively large and last long, so this can happen easily. You could still install a package on command line. Regarding AirPrint: Avahi is able to announce services (like an AirPrint printer) to devices, but there needs to be a CUPS Printer Spooler doing the actual print job and conversion to the actual Wifi printer, in case it is not able to do this by itself. Unfortunately you are not able to edit the services directly, but you can edit the files either thru the WebUI or via SSH. You can find the files here: usr/pbi/avahi-i386/etc/avahi/services By default, Avahi on pfSense announces SSH and SFTP. Regards, Darko
  • H

    SquidGuard and URL Blacklist

    11
    0 Votes
    11 Posts
    19k Views
    KOMK
    You can change the size via System - Advanced - Miscellaneous - RAM Disk Settings. Edit:  Removed bogus advice to not increase RAM disk on nano. See this thread: https://forum.pfsense.org/index.php?topic=80410.0
  • J

    Squid3-dev SSL Bump Exclusions

    1
    0 Votes
    1 Posts
    969 Views
    No one has replied
  • bmeeksB

    Snort 2.9.6.2 pkg v3.1.1 Update – Release Notes

    59
    0 Votes
    59 Posts
    13k Views
    bmeeksB
    @chemlud: @Supermule: When pinging from Scandinavia we get this: PING files.pfsense.org (208.123.73.81): 56 data bytes 64 bytes from 208.123.73.81: icmp_seq=0 ttl=50 time=152.243 ms So we dont get a mirror on the package files… My ping goes to the same IP. …to me this whole story is kind of VERY disturbing... For Nano image boxes, make sure you have at least 200 MB of free space in /tmp.  The package manager code gets tripped up if it runs out of space to unpack and install a package.  That might be what's happening to you. There was also a problem a few days ago with the SHA256 checksum files not getting uploaded to the packages servers.  The developer team pushed a fix for that I noticed a few days ago. Bill
  • R

    Dansguardian broken - can't get alternate repository working

    20
    0 Votes
    20 Posts
    5k Views
    M
    @mschiek01: This should work for you.  I just tried it on one of my boxes. Again this for a 64bit box. 1. Install the broken package with the package manager. 2. from the command line "pkg_info" you will see dansguardian 2.12.0.3_2 is installed. 3. from the command line "fetch http://files.pfsense.org/packages/amd64/8/All/dansguardian-2.12.0.3-amd64.pbi" 4. from the command line "pbi_add –no-checksig -f dansguardian-2.12.0.3-amd64.pbi" 5. from the command line "pkg_info" you will now see dansguardian-2.12.0.3_1 is installed. 6. reboot. 7 from the command line "/usr/local/bin/php /usr/local/www/dansguardian.php fetch_blacklist"  download and reapply blacklist. 8 go back through and resave each configuration page. Ever since doing this, Dansguardian no longer shows up on my pfSense GUI as a service.  Any idea why?  I've tried uninstalling the package and re-installing.  The process looks to be completing successfully, but it doesn't show up.
  • F

    Squid3-dev pfsense 2.1.4 x64

    6
    0 Votes
    6 Posts
    1k Views
    KOMK
    Like I said earlier, squid3-dev can be a real pain.  What are you trying to do that you couldn't do with Squid 2.7.9?  If you look at the system log (Status - System logs - System - General), is there anything about squid in there (use the filter to show just lines with 'squid' in them)?
  • J

    Squid3-dev pfsense 2.1.4 x64 LDAP "fix"

    1
    0 Votes
    1 Posts
    983 Views
    No one has replied
  • KOMK

    Squid3-dev, SSL-filtering and certificates

    11
    0 Votes
    11 Posts
    6k Views
    J
    Hey KOM, I used QLProxy and these instructions and it works great: http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/ You have to do a bit of console work but it is worth it. 199 euros per year for a big organization is a really good deal especially since all the site categories are being updated daily. 12 earos per year for personal use is a really good deal. Just need to setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.3-release/Latest/  to get python/apache loaded. Jim
  • A

    Attn Devs: pfSense 2.1.x pkg_add broken again

    11
    0 Votes
    11 Posts
    5k Views
    N
    Does someone is able to install any package under 2.14-RELEASE ? Nothing working for me. Ending up with lib* files not found etc (Case for Xauth)
  • iorxI

    [SOLVED] "Available Packages" hangs after HAVP dashboard widget

    6
    0 Votes
    6 Posts
    1k Views
    B
    @iorx: Anything I can do to help isolate the issue? No idea? I'm out of idea's for the moment. (tried a lot, found nothing conclusive) I have 4 systems at hand, all on the same level (2.1.4), different breeds (nano/full) and also 2 ISP's. 2 of them give no issue, on 2 other it does not work. Also, I've just lost connectivity again to the forum (it did not resolve so no access for more than 10min) So I'm still suspecting it to be an issue with the server? In meantime I think it's a better idea to wait for someone from ESF to feedback with news or instructions…
  • M

    Snort & snorby

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @master9712: Hi I wanna to integrate Snort on pfsense to snorby on ubuntu. Can you help..! To feed Snort data to Snorby, enable Barnyard2 on the Snort interfaces on your pfSense box.  Do this on the BARNYARD tab.  Enable MySQL DB output on the BARNYARD tab in Snort and provide the database connection credentials.  That's all on the pfSense side. There are some How-To documents you can find from a Google search for setting up Snorby on Ubuntu. Bill
  • M

    Quagga zebra and ospfd restarting whenever a package restart is triggered

    2
    0 Votes
    2 Posts
    2k Views
    M
    I kept digging around in the forums looking for a way forward on this and came across this thread https://forum.pfsense.org/index.php?topic=76597.0 which was helpful. I was puzzled as to why an address change had been detected (based on the log entry in my previous post) when it is the same and is actually static from the ISP in this case.  Looking at rc.newwanip the "ip address change" message is a little misleading in that it would seem (I don't know PHP so I am mostly going off the comments here) when all dynamic interface types (PPPoE in my case) come up a reload of lots of things, including all packages, is always triggered regardless of the IP address. In my case I do not believe any of the packages that I have installed (Bacula, Squid, Squid Guard and Quagga) need to be reloaded when the WAN interface comes up, but I understand that there are packages that do need reloading. Does it make sense to have an option on a per package basis to enable/disable a reload on at least a WAN, or possibly any, interface state change? I would not have thought though that Quagga should ever be reloaded just because an interface changes state? As per the above mentioned thread I have commented out the call to restart_packages() in rc.newwanip to see if that resolves my issue without introducing any other issues. Thanks Mike
  • S

    Snort ignoring passlist after update

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    Happens to everyone at some time or another …  :)
  • N

    Redirction loop with SquidGuard rewrite option

    1
    0 Votes
    1 Posts
    624 Views
    No one has replied
  • D

    Can't access ISP's IPv6 DNS servers (pfblocker issue?)

    2
    0 Votes
    2 Posts
    1k Views
    D
    Problem resolved. My IPv6 was released by my ISP, for some reason. Hence, I couldn't ping ANY IPv6 addresses, I just noticed the DNS issues first. After a restart of the cable modem, and pfsense box, everything is operating as expected.
  • C

    Add packages using pkg_add

    2
    0 Votes
    2 Posts
    1k Views
    C
    Any one? Nobody knows?
  • S

    Same error with Snort and Suricata

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @supermega: Hi guys I'm trying to implement an IDS/IPS system on my pfsense box. For me  it's doesn't matter if I use Snort or Suricata in the future. I started first with snort and because snort wasn't working I tried suricata. I have seen that both packages gave me back the same error. If I start snort or suricata (interface only or trough status –> service) the services doesn't start. (nothing happen, red cross stays there) Following error if I try to start Suricata via shell: [2.1.4-RELEASE][root@XXX-pfs-1.XXX.local]/root(13): /bin/sh /usr/local/etc/rc.d/suricata.sh start 7/8/2014 – 16:22:27 - <info>- This is Suricata version 1.4.6 RELEASE 7/8/2014 -- 16:22:27 - <info>- CPUs/cores online: 2 7/8/2014 -- 16:22:27 - <info>- Live rule reloads enabled 7/8/2014 -- 16:22:27 - <info>-- allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24 7/8/2014 -- 16:22:27 - <info>-- preallocated 65535 defrag trackers of size 120 7/8/2014 -- 16:22:27 - <info>-- defrag memory usage: 9437064 bytes, maximum: 33554432 7/8/2014 -- 16:22:27 - <info>-- AutoFP mode using "Active Packets" flow load balancer 7/8/2014 -- 16:22:27 - <error>-- [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)] - failed to parse address "fe80::250:56ff:fe9e:43df%em0" 7/8/2014 – 16:22:27 - <error>-- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - failed to parse address var "HOME_NET" with value "[8.8.8.8,10.0.0.0/24,10.0.0.252/24,10.0.2.0/24,10.0.2.252/24,10.0.3.0/24,10.0.3.252/24,10.0.4.0/24,10.0.4.252/24,10.0.5.0/24,10.0.5.252/24,10.0.6.0/24,10.0.6.252/24,10.0.7.0/24,10.0.7.252/24,10.0.8.0/24,10.0.8.252/24,10.0.9.0/24,10.0.9.252/24,127.0.0.1,172.16.0.0/16,172.16.1.252/16,192.168.1.0/24,192.168.77.0/24,194.246.118.118,212.25.27.51,212.25.28.55,212.25.29.73,212.25.29.74/32,2001:XXX:40:304::dead:beef,2001:XXX:80::dead:beef,2001:XXX:XXX::1fe/120,2001:XXX:XXX::2fc/120,2001:XXX:XXX::3fc/120,2001:XXX:XXX::4fc/120,2001:XXX:XXX::5fc/120,2001:XXX:XXX::6fc/120,2001:XXX:XXX::7fc/120,2001:XXX:XXX::8fc/120,2001:XXX:XXX::9fc/120,2001:XXX:XXX::100/120,2001:XXX:XXX::200/120,2001:XXX:XXX::300/120,2001:XXX:XXX::400/120,2001:XXX:XXX::500/120,2001:XXX:XXX::600/120,2001:XXX:XXX::700/120,2001:XXX:XXX::800/120,2001:XXX:XXX::900/120,2001:4860:4860::8888,fd34:fe56:7891:2f3a::/64,fe80::250:56ff:fe9e:43df%em0]". Please check it's syntax 7/8/2014 – 16:22:27 - <error>-- [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - basic address vars test failed. Please check /usr/pbi/suricata-amd64/etc/suricata/suricata_29766_em1/suricata.yaml for errors On snort I doesn't get any messages but I saw the same error (failed to parse address) in previous versions of snort. In the System Logs I'm not able to see any errors from snort or suricata. Hopefully somebody can help me out. regards supermega</error></error></error></info></info></info></info></info></info></info> There is currently an issue with IPv6 Link Local addresses in both packages.  I have a fix for Snort posted that is awaiting review and approval by the pfSense Developer Team.  Hopefully they can get it approved and posted in a few days. I also have a fix for Suricata in the works that will come out with the next update. If you know how to transfer files over to your firewall via scp (secure copy), then PM me and I can send you the Snort fix and you can help me test it. Bill
  • panzP

    SNORT (spp_frag3) Fragmentation overlap (again and again and again)

    8
    0 Votes
    8 Posts
    8k Views
    bmeeksB
    @panz: Sorry, I didn't ask my question with the right words. Q: is there a method to setup SNORT in a manner that it will alert me for fragmented packets even if I disabled the frag3 engine detection? No, that frag3 engine is where those alerts come from. Bill
  • P

    Privileges by Groups of user

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    Well, Squid and SquidGuard are common FOSS packages for doing caching and filtering, so you could actually download those packages and try for yourself.  Or, you could use a search engine to read up on the documentation to get most of your answers. Yes, you can create custom groups.  No, there is not just one common profile/group.  Look into Group ACL.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.