Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • zabbix-agent4 not running on 32xxx port needed to connect to docker

    2
    0 Votes
    2 Posts
    698 Views
    W

    @inack1986 It seems that you have encountered an issue while trying to install the agent on port 32961, which is the local port for Docker. It appears that the agent crashes when you attempt to use this port, while it runs without any issue on port 10050, but there is no server listening on this port.

    There could be several reasons for this problem, including a configuration issue or a conflict with another service running on the same port. One possible solution would be to check the configuration settings for the agent and ensure that it is set up correctly to listen on the desired port. You may also want to verify that there are no other services using the same port, which could cause conflicts and prevent the agent from running properly.

    If the problem persists, it may be helpful to reach out to the support team for the agent to see if they can provide further assistance in resolving the issue.

    I hope this helps, and please let me know if you have any further questions or concerns.

  • Mailreport rich formatting and graphs

    1
    0 Votes
    1 Posts
    476 Views
    No one has replied
  • Installed packages were not restored

    3
    0 Votes
    3 Posts
    679 Views
    J

    @steveits said in Installed packages were not restored:

    previous stable version

    Good morning. "previous stable version" is already selected and pfsnse pings it, but the problem persists.

  • pfBlockerNG, Windows 11 And Avast Association?

    1
    0 Votes
    1 Posts
    329 Views
    No one has replied
  • Pre-Installed Packages (Auto-installed)?

    9
    0 Votes
    9 Posts
    2k Views
    S

    @william-mandell Not sure what "devel" you're discussing...am not seeing that searching this page...? The BIOS version of the device is unrelated to the pfSense software version.

    The dev version of pfSense now would be 23.05, if that's even available yet.

    There is a package for updating firmware that exists for some Netgate hardware, if there is (ever?) an update available. Search the package list for "firmware." I don't have an 1100 to look at...we've sold 2100, 3100, or higher model numbers.

  • Missing Packages

    Moved
    4
    0 Votes
    4 Posts
    906 Views
    T

    @rcoleman-netgate Thank you very much, we will try to re-upload the backup file.

  • AWS SSM Agent for pfsense

    2
    1 Votes
    2 Posts
    832 Views
    M

    I am in the same situation.
    Since that now we have pfsense plus at aws marketplace (and we pay for this), would be great that the mantainer of this AMI could provide the SSM agent as part of solution as a builtin package or available in packages list.

  • nTopNG Geolocation support

    1
    0 Votes
    1 Posts
    441 Views
    No one has replied
  • No available packages at all!

    7
    0 Votes
    7 Posts
    2k Views
    S

    @bmeeks said in No available packages at all!:

    older flavors of that hardware family having a really small boot partition or something that is too small to hold the most recent boot code from 23.01. Not sure I have all of those facts 100% correct, but that is the general flavor

    That's about it. The criteria is not clear to me, whether it is age or UFS file system, but it was failing to write to the EFI partition with an out of space error, thus booting fails.

    Older 1100/2100 devices with UFS had a small 800KB EFI partition. Newer with ZFS have a 200 MB EFI. I do not know if there was any overlap, or, technically, if Netgate officially confirmed the small partition as the only cause. The above was Netgate speculation in threads over the weekend of release.

    Per those threads from a week ago, Netgate had been unable to replicate the issue, even "knowing" the conditions for it to happen. Makes it hard to detect in beta testing, or diagnose.

  • Snort best practice to Unblock

    5
    0 Votes
    5 Posts
    1k Views
    bmeeksB

    @john24634 said in Snort best practice to Unblock:

    Does stop nort disables completelly the IDS?

    No, Snort blocks by telling pfSense to place an IP address in a system-created pf table called snort2c. Once an IP is placed in that table, a hidden firewall rule created by pfSense at startup blocks that IP address until it is removed from the table. Stopping nor restarting Snort alters anything in that table once the IP is placed there initially. Stopping Snort prevents any additional IP addresses from being added to that table, but it does not remove any that are already present.

    There are fours ways to clear an IP from that table and thus "unblock" that address.

    Use the Remove Blocks button on the BLOCKS tab of Snort. Configure the Remove Blocked Hosts Interval setting on the GLOBAL SETTINGS tab of Snort. That will remove blocked hosts at the interval shown providing that host has produced no further traffic during the interval period. Clear the entire snort2 table contents using the option under DIAGNOSTICS > TABLES. Reboot the firewall. All pf tables are RAM constructs and are thus automatically cleared out when the firewall reboots.
  • Solved - nmap

    5
    0 Votes
    5 Posts
    1k Views
    J

    @jimp
    Uninstalling the nmap package and then editing the config.xml to remove the NMap entry fixed the duplicate entry in the menu.

    Thanks for your help.

  • PIMD capabilities insufficient

    8
    0 Votes
    8 Posts
    2k Views
    S

    @vollans Thanks! I ended up thinking I could get just PIMD working, but apparently I still do need the Avahi running with PIMD. Chromecast and samsung speakers were not able to do discovery without Avahi running, and PIMD is doing the messages broadcasting for everything else. Still don't really understand fully PIMD vs Avahi, but I seem to need both running for things to work properly. I just flipped Avahi back on and everything is running fine now, and no more capabilities messages from the post I just submitted.

  • 0 Votes
    1 Posts
    484 Views
    No one has replied
  • unable to ping ip on vlan interface

    3
    0 Votes
    3 Posts
    1k Views
    K

    I recently read an article about why you should choose sports paramedics from Valhalla Medics for your events, and I must say that I am thoroughly impressed - https://www.valhallamedics.com/the-best-emt-set-medics-for-your-events/ . The article provided valuable information about the pros of hiring Valhalla Medics, including their highly skilled and experienced paramedics who are equipped to handle any medical emergency. The article also provided contact information for the company, making it easy to get in touch with them. I highly recommend Valhalla Medics for anyone in need of professional and reliable medical support for their event.

  • "System Patches" package question

    7
    0 Votes
    7 Posts
    1k Views
    F

    @jimp Perfect, thanks! :)

  • Packages don't restart after reboot on 23.01

    Moved
    1
    0 Votes
    1 Posts
    458 Views
    No one has replied
  • "Filer" package doesn't allow editing

    2
    0 Votes
    2 Posts
    718 Views
    4

    @gwaitsi fixed in 23.01

  • Grafana GeoIP dashboard

    1
    0 Votes
    1 Posts
    760 Views
    No one has replied
  • PowerdXX

    1
    1 Votes
    1 Posts
    629 Views
    No one has replied
  • 0 Votes
    2 Posts
    1k Views
    jimpJ

    You likely have a pkg dependency problem. Either due to loading a package from a non-Netgate repository or mismatched packages from different versions (for example, if you are on 2.6.0 but have the update branch set for 2.7.0 snapshots). It can't make changes to the packages because in doing so it wants to remove a package upon which the base install of pfSense depends.

    You'll need to remove any packages that came from repositories other than the pfSense 2.6.0 repository.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.