1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @ha11oga11o What version of pfSense is this system running?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    713 Topics
    4k Posts
    M
    I have my wiregaurd up and running and can ping from firewall to devices on the vlan but cannot get clients to ping each other.
Log in to post
Load new posts
  • K

    PPP Autodisconnect/Reconnect

    1
    0 Votes
    1 Posts
    643 Views
    No one has replied
  • ?

    Bug - Squid package log dir

    1
    0 Votes
    1 Posts
    475 Views
    No one has replied
  • A

    Zabbix2-proxy-2.0.8 pkg v0.7_1 on Netgate does not work, reference missing files

    4
    0 Votes
    4 Posts
    1k Views
    A
    It has to do with how the Netgate release of pfSense seems to be limiting the Zabbix2 packages to the 2.0.x branch. Perhaps the init scripts are not versioned or something. Installing the zabbix2-proxy-2.0.8 pkg v0.7_1 package but pulling the init script that has been updated for zabbix2-proxy-2.2.1 pkg v0.8_0. I know the Netgate release package repository lags behind a little, perhaps I can help get the zabbix2.2 updates fully tested so they can be released to the Netgate release.
  • panzP

    Sending "upsmon -c fsd" to NUT (Network UPS Tools).

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • I

    Install squid does nothing :(

    8
    0 Votes
    8 Posts
    2k Views
    I
    Thanks… And now it's worked. Really weird because I've installed and uninstalled many times, suddenly it appears. So I'm a happy camper, but odd that the GUI should report a successful installation when that doesn't seem to be the reality.
  • B

    Squid3

    1
    0 Votes
    1 Posts
    731 Views
    No one has replied
  • H

    Need help with a redirect loop in squidguard!

    1
    0 Votes
    1 Posts
    725 Views
    No one has replied
  • A

    Snort blocks many websites badly

    2
    0 Votes
    2 Posts
    5k Views
    bmeeksB
    @A999: Hi, I'm setting up a fresh pfSense box for proxying http traffic at my office. I installed Squid3-dev and snort (updated VRT community rules and ETOpen rules). I disabled "block offenders" in snort but as time goes by, it's still blocking many normal websites like: AWS, reddit, and many more photos sharing hosts. Description for those blocked hosts are "UNKNOWN METHOD" or "DOUBLE DECODING ATTACK" or "NO CONTENT-LENGTH" OR "TRANSFER-ENCODING IN HTTP RESPONSE". It would be great if somebody tell me what's wrong here and what I'd do to improvise. Thanks. Edit: snort are enabled on WAN interface, and it's also blocking download packages from psfense.org for same reason. Did you remember to stop/start the Snort process after you changed the blocking option from "on" to "off"?  If you uncheck "block offenders" and restart Snort, it won't block anything.  It will print alerts, but it won't block. The alerts you listed are considered to be common, known false positives from the HTTP_INSPECT preprocessor.  There is a long thread containing suggestions from experienced Snort users for suppressing false positives.  Here is a link:  https://forum.pfsense.org/index.php/topic,56267.msg300473.html#msg300473 Bill
  • M

    Squid Package status X how come ?

    2
    0 Votes
    2 Posts
    878 Views
    T
    Have you just installed (downloaded and added it to the menu system) it from the package menu? Then you have to go to the "Services" –> "Proxy Server" menu option and at least press the "save" button there at the bottom. This will basically create the config file and start squid.
  • J

    Snort time from alert to block

    18
    0 Votes
    18 Posts
    7k Views
    BBcan177B
    @jandohrmann: alert tcp $EXTERNAL_NET any -> any 25 (msg:"SMTP AUTH LOGON brute force attempt"; content:"AUTH LOGIN"; nocase; classtype:suspicious-login; sid:1000001; rev:2;) I didn't see the "content:"AUTH LOGIN" in the rule above. My bad. Thought you were blocking port 25 completely at first glance.
  • V

    Snort clearing block hosts ahead of schedule

    21
    0 Votes
    21 Posts
    10k Views
    R
    Then…  you've made my point. But thanks for sharing what you have. Rick
  • B

    Squid Reverse Proxy

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • E

    Snort doesn't stay running

    2
    0 Votes
    2 Posts
    733 Views
    bmeeksB
    @ethos101: Every time Snort updates its rules we need to manually start the service again.  The log says it's restarted, but it is not.  Where else can I look for trouble signs? Thanks Look in the system log for clues.  My first suspicion is a disabled preprocessor, and the new rule update suddenly has introduced a dependent rule.  Look for any messages about "unrecognized or unknown rule option" in the system log. Did you disable any preprocessors on the PREPROCESSORS tab, or have you left everything at the defaults from the initial installation? Bill
  • L

    Postfix - suddenly stopped working?

    4
    0 Votes
    4 Posts
    4k Views
    X
    I got the same issue and selecting interface(s) in the "Listen on" list instead of "listen on all interfaces/ip addresses" solves it.
  • M

    So many issues

    12
    0 Votes
    12 Posts
    5k Views
    bmeeksB
    @MilesDeep: I will do what you recommend with regards to rule sets. One last thing on this topic,  you write:  As for your question on IPS Policy (Balanced, Security, Connectivity), that only shows up when you have enabled the download of the Snort VRT rules. We have enabled to download the Snort VRT rules.  Where do I (globally, I hope) set the IPS Policy? You can select an IPS Policy on the RULE CATEGORIES tab for the Interface in the Snort menu.  So click Services…Snort and then select the Snort interface you want to edit by clicking the small e icon next to the interface.  Next, in the bottom row of tabs that appears, click RULE CATEGORIES.  You should see a dropdown selection like the one pictured in the attachment to this post. Bill [image: IPS-Policy-Selection.jpg] [image: IPS-Policy-Selection.jpg_thumb]
  • Z

    HAVP + Snort: connect() failed: Operation not permitted

    2
    0 Votes
    2 Posts
    2k Views
    bmeeksB
    @Zosimo: Current setup pfSense 2.1-RELEASE (i386) FreeBSD 8.3-RELEASE-p11 snort 2.9.5.5 pkg v3.0.3 HAVP antivirus 0.91_1 pkg v1.01 squid Network 2.7.9 pkg v.4.3.3 Squid is configured as a transparent proxy, and HAVP as the parent for Squid (and set accordingly in the config). Snort is not configured to block sites when an alert is triggered, but is apparently doing so anyways. The system log files show Feb 12 13:22:12 havp[55759]: connect() failed: Operation not permitted Feb 12 13:22:01 havp[44820]: connect() failed: Operation not permitted Feb 12 13:22:00 havp[44820]: connect() failed: Operation not permitted Feb 12 13:21:59 havp[44820]: connect() failed: Operation not permitted Feb 12 13:21:08 havp[77462]: connect() failed: Operation not permitted Feb 12 13:21:06 havp[78132]: connect() failed: Operation not permitted Feb 12 13:21:05 havp[44591]: connect() failed: Operation not permitted Feb 12 13:19:37 havp[57273]: connect() failed: Operation not permitted Feb 12 13:17:21 havp[55759]: connect() failed: Operation not permitted It would seem that I am having the same issue as the OP in this post: https://forum.pfsense.org/index.php/topic,18725.0.html. Was this ever fixed? Snort should not block anything if you have the "block offenders" checkbox unchecked on the Interface tab.  If you think Snort is the cause, simply stop the Snort process by clicking the green arrow icon on the Snort Interfaces tab and waiting for it to turn to a red X.  At that point Snort is dead and not blocking anymore.  Try your connection then.  If it still fails, then Snort is not your problem. Another way to check if Snort is the cause is to click on Diagnostics…Tables and select the snort2c table in the dropdown list.  If no IP addresses show up, then Snort is not blocking.  All blocked IPs by Snort get put in the snort2c table that you can view under Diagnostics…Tables.  If an IP address is not in that table, then Snort is not blocking that IP. Bill
  • F

    Pfsense proxy in paralell with Mikrotik

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • M

    HAVP not found, fail clamd

    3
    0 Votes
    3 Posts
    1k Views
    Z
    Actually, this happens because the HAVP config expects to find the following files at /var/run/clamav: clamd.sock clamd.pid The thing is, in pfSense those files are found in /var/run, which is why the package can't find them. Moreover, there seems to be no way to change the path in the config file (and I read somewhere this was hardcoded into the scanner). The current workaround for this is creating this directory and linking the files together. mkdir /var/run/clamav ln -s /var/run/clamd.sock /var/run/clamav/clamd.sock && ln -s /var/run/clamd.pid /var/run/clamav/clamd.pid The problem is that these files get lost on every reboot. I've tried modifying the service startup script to check for this automatically, but have had no luck so far. Hope this helps
  • R

    Help with NTP

    4
    0 Votes
    4 Posts
    2k Views
    ?
    There is a recently launched NTP attack on a large number of servers, dunno how many are left working properly. Last I heard was a 400gbps ddos. The reason removing pfblocker allowed it to work was that the attack was a coverup for an infiltration of some servers, who were subsequently identified as compromised and added to pfblocker's lists. MNSHO
  • P

    Pure ftp package

    1
    0 Votes
    1 Posts
    716 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.