1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    LaxarusL

    I am trying to use a rule to whitelist ips for a specific backend in my frontend.

    Basically use the X backend, if the host matches xxx.com and ip is whitelisted in a pfsense defined ip alias list.

    The problem is I am using the Cloudflare proxy and need to inspect the CF-Connecting-IP.

    And to do that I am using Custom ACL like this

    req.hdr(CF-Connecting-IP) -f /var/etc/haproxy/ipalias_Allowed_IPs.lst

    The Alias is defined in the firewall named Allowed_IPs.

    But this list does not get created unless I use something standard like "Source IP matches IP or IP Alias". Is there another way to refer to the created Aliases so that they are created properly?

    The workaround for this is to create a dummy acl with "Source IP matches IP or IP Alias" that does nothing but it is not a good solution.

    Edit: One more thing, I noticed is, when the alias list is updated, this does not get reflected to the HAProxy lists in /var/etc/haproxy/ until HAProxy is restarted.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    S

    oh ok. Thanks again

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M

    Hello,
    I found this in the error log. Wondering how serious that is:

    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/1/25 20:00:24 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/2/25 20:00:24 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/3/25 20:00:24 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/4/25 20:00:24 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/5/25 20:00:03 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/6/25 20:00:10 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/7/25 20:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/8/25 20:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/9/25 20:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/10/25 20:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/12/25 08:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/13/25 08:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/14/25 08:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/15/25 08:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/16/25 08:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/17/25 08:00:08 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/18/25 08:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/19/25 08:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/20/25 08:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/21/25 08:00:05 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/22/25 08:00:04 ]
    [PFB_FILTER - 17] Failed or invalid Mime Type: [application/octet-stream|0] [ 06/23/25 08:00:05 ]

    UPDATE:
    as per suggestion from a previous post with a different but similar error, I added
    'application/octet-stream',
    to the file /usr/local/pkg/pfblockerng/pfblockerng.inc

    Hope this helps.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    98 Topics
    2k Posts
    J

    So far everything is stable without me changing anything else. Who knows why....

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    492 Topics
    3k Posts
    I

    @Gertjan Thank you for the directions. I will have a look this evening and post some logs. I tried it using my current PAT Token for my domain. The cert is for a website, not for a VPN-Server. :-)

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    B

    Hi,

    We are running 25.03-BETA and running into the issue of FRR and BGP processes disconnecting at the control level. It mitigates itself in BGP being stuck in the active state from the GUI and FRR point of view (even vtysh thinks so), while the BGP process is actively keeping the connection in the background. No routes are being populated into the routing table, but these are being announced as confirmed by our peer:

    Nothing in routing, BGP neighbor is active, so no routes should be in.

    10.206.238.225 4 65228 0 2309 0 0 0 never Active 0 Odido BGP via

    So far it looks good, but the session is already established:

    >>> tcpdump -i ipsec2 07:23:11.642870 IP 10.206.238.225.bgp > 10.206.238.226.49408: Flags [P.], seq 2440502671:2440502690, ack 2016892785, win 11, options [nop,nop,md5 shared secret not supplied with -M, can't check - 2ed14f304978416f8007afca427f988d], length 19: BGP 07:23:11.642939 IP 10.206.238.226.49408 > 10.206.238.225.bgp: Flags [.], ack 19, win 131, options [nop,nop,md5 shared secret not supplied with -M, can't check - 078b7005ba698e2b636e70eb2c37e234], length 0 >>> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ... frr bgpd 76872 22 tcp4 10.206.238.226:49408 10.206.238.225:179 The FRR restart doesn't help: /usr/local/etc/rc.d/frr restart Stopping watchfrr. Waiting for PIDS: 2357. Starting watchfrr. [58970|mgmtd] sending configuration Waiting for children to finish applying config... [59017|zebra] sending configuration [59963|bgpd] sending configuration [61500|staticd] sending configuration [61157|watchfrr] sending configuration [59017|zebra] done [58970|mgmtd] done [61157|watchfrr] done [61500|staticd] done [59963|bgpd] done

    The BGP process ID 59963 is different from 76872!!!

    >>>> ps -ax | grep 76872 76872 - Ss 0:02.09 /usr/local/sbin/bgpd -A 127.0.0.1 -F traditional -d 62041 0 S+ 0:00.00 grep 76872 >>>> sockstat -4 USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS ... frr bgpd 76872 22 tcp4 10.206.238.226:49408 10.206.238.225:179

    After killing the process, restarting the FRR, and checkign for the traffic and routes:

    >>> kill -KILL 76872 >>> ps -ax | grep 76872 21650 0 S+ 0:00.00 grep 76872 >>> /usr/local/etc/rc.d/frr restart Stopping watchfrr. Waiting for PIDS: 88383. Starting watchfrr. [27380|mgmtd] sending configuration [27540|zebra] sending configuration [28677|bgpd] sending configuration Waiting for children to finish applying config... [27380|mgmtd] done [30560|staticd] sending configuration [30405|watchfrr] sending configuration [27540|zebra] done [28677|bgpd] done [30560|staticd] done [30405|watchfrr] done >>> ps -ax | grep bgp 11708 - Ss 0:05.87 /usr/local/sbin/bgpd -A 127.0.0.1 -F traditional -d 31648 0 S+ 0:00.00 grep bgp >>> tcpdump -i ipsec2 07:31:08.709787 IP 10.206.238.225.bgp > 10.206.238.226.26294: Flags [P.], seq 1180140056:1180140117, ack 3799507337, win 11, options [nop,nop,md5 shared secret not supplied with -M, can't check - d6b2c0bac2ebb8cf1058d365224d4c5c], length 61: BGP 07:31:08.709850 IP 10.206.238.226.26294 > 10.206.238.225.bgp: Flags [.], ack 61, win 131, options [nop,nop,md5 shared secret not supplied with -M, can't check - 9dec3ac243f71d5f90e285627b2cd9e5], length 0 >>> show bgp summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc 10.206.238.225 4 65228 3 494 5 0 0 00:00:48 4 5 Odido BGP via >>> show bgp ipv4 unicast Network Next Hop Metric LocPrf Weight Path *> 10.204.50.4/32 10.206.238.225 0 65228 ? *> 10.204.50.12/32 10.206.238.225 0 65228 ? *> 10.204.52.4/32 10.206.238.225 0 65228 ? *> 10.206.238.192/27 0.0.0.0 0 32768 ? *> 172.27.0.0/16 10.206.238.225 0 65228 ? >>> netstat -rn ... B>* 10.204.50.4/32 [20/0] via 10.206.238.225, ipsec2, weight 1, 03:42:44 B>* 10.204.50.12/32 [20/0] via 10.206.238.225, ipsec2, weight 1, 03:42:44 B>* 10.204.52.4/32 [20/0] via 10.206.238.225, ipsec2, weight 1, 03:42:44 B>* 172.27.0.0/16 [20/0] via 10.206.238.225, ipsec2, weight 1, 03:42:44

    Did anyone see anything like it? We could've lived with the BGP down and no routes, but it is announcing, and the traffic is being expected on the wrong interface in the destination FW.

    Regards

  • Discussions about the Tailscale package

    86 Topics
    558 Posts
    chudakC

    @yobyot said in "Tailscale is not online" problem:

    I'm late to the party but unless I misunderstand this thread it's not about Tailscale not starting up but instead about the auth key expiring.

    Auth keys are good for a maximum of 90 days. If you reboot pfSense on day 91, Tailscale will not come up and the "API" error will be generated (it's actually an auth key expired error).

    Thus, unless you never reboot pfSense, starting with the 91st day, you must re-generate an auth key and input it to Tailscale even if you have key expiry disabled.

    What makes this worse, IMHO, is that the longer you go between reboots, the more obscure the problem. So, Tailscale is not a reliable service because it cannot survive a reboot after 90 days.

    This occurs on both CE 2.7.2 in a Protectli Vault Proxmox VM and on a real SG-1100 running Plus 24.11 (packages as distributed with those releases).

    I wish TS would introduce a new feature "a la Acme update" so that this would be done automatically.

  • Discussions about WireGuard

    684 Topics
    4k Posts
    M

    Hi,

    I have the following setup:

    device c --> 5G (CGNAT) --> internet <--> pppoe fiber <--> device F

    device F: using pppoe fiber internet, changes public IP's once every week, has a dynamic dns name registered device C: using a 5G connection, behind CGNAT, has no DNS name registered

    These are 2 pfsense installs with a site-to-site link in between.
    Peer config representing device C in device F is configured as dynamic (IP not known / behind CGNAT).
    To handle public IP address changes of device F, I am running a watchdog script on device C that restarts the wireguard service in pfsense on device C when the IP of device F changes (using periodic DNS lookups to detect a change in IP).

    I have noticed though that in some cases, after the wireguard service restart on device C the endpoint address shown for device F is its not the new IP, but its previous IP address.
    In this case, I even tried doing wg set tun_wg0 peer <key> endpoint <newip>:port, which is briefly reflected in the output of wg show but then the peer's IP switches back to the previous (now not valid) IP in the wg show output.
    Obvisouly, in this state, the link is not operable. As expected, neither end shows any recent handshakes.
    Curiously though, on device C, both the sent and received (!!!) size keeps increasing.

    Looks almost like if the wireguard client on device C continued to receive valid wireguard traffic from the old IP address and updated the peer endpoint address automagically.

    No matter if I restart the wireguard service on either end, does not help. The only remedy seems to be restarting the 5G modem itself - possibly triggering some CGNAT state resets.

    Anyone experienced similar behavior? Seems like a broken CGNAT implementation? T-Mobile HU is the carrier.

Log in to post
Load new posts
  • Z

    This topic is deleted!

    1
    0 Votes
    1 Posts
    9 Views
    No one has replied
  • B

    How do I restore my package conf files

    4
    0 Votes
    4 Posts
    468 Views
    bmeeksB

    @patient0 said in How do I restore my package conf files:

    ping pfsense-plus-pkg.netgate.com
    ping: cannot resolve pfsense-plus-pkg.netgate.com: Address family for hostname not supported
    Can you connect to the internet at all, like ping 1.1.1.1? From that message it does look as if DNS is not working on your system.

    You can't ping the package server like that directly. That hostname is actually a DNS text service record that ping does not know how to resolve. You must ask the DNS client to resolve the service record (SRV) using that hostname. The pkg utility knows how to do that, but ping does not.

  • N

    Avahi Settings for an Epson ET-3850 Printer

    1
    0 Votes
    1 Posts
    151 Views
    No one has replied
  • D

    Mailreport

    2
    0 Votes
    2 Posts
    491 Views
    M

    @Danil-0 said in Mailreport:

    Hi.
    I configured SMTP (System/Advanced/Notifications) on 587 port. The test included in the pfSense configuration works, the mail is sent and received but using Email Report the mail is rejected on server side. You can find log from server below.

    postfix/submission/smtpd[1935]: NOQUEUE: reject: RCPT from unknown[my ip]: 554 5.7.1 <unknown[my ip]>: Client host rejected: Access denied; from=<user1@domain.com> to=<user2@domain.com> proto=ESMTP helo=<pfsense.domain.arpa>

    Why then does the test mail work? What's different with the Email Report?

    Thanks for help.

    Estou com o mesmo problema. Vc conseguiu resolver?

  • A

    Snort block notifications script (third party script)

    11
    0 Votes
    11 Posts
    5k Views
    NogBadTheBadN

    @sikita

    This is what I use for suricata, you may be able to tweak it a bit:-

    Screenshot 2025-03-26 at 16.51.03.png

    grep ^`date -v-1d "+%m/%d/%Y"` /var/log/suricata/suricata_igb0*/alerts.log | awk -v OFS='\t' -F "\[\\*\\*\]" '{a[$3]++;} END {for(i in a) print a[i],i}' | sed 's/]//g' | sed 's/\[//g' | sort -r ; echo grep ^`date -v-1d "+%m/%d/%Y"` /var/log/suricata/suricata_igb0*/alerts.log ; echo
  • J

    Bind Update from 9.17 to 9.20

    2
    0 Votes
    2 Posts
    373 Views
    patient0P

    @jeffry-maynard bind 9.20 is in pfSense+ 25.03-BETA.

  • ColdBrewC

    HAProxy - Include subdirectories in the HTTP Redirect

    10
    0 Votes
    10 Posts
    744 Views
    F

    @ColdBrew @viragomann @johnpoz

    This is an interesting discussion, and I’ve run into similar issues with HAProxy and subdirectory redirection. From what I understand, HAProxy should pass the entire path (including subdirectories) to the backend by default, as long as the backend is properly configured to handle those requests.

    A few things to check:

    Backend Configuration: Ensure the backend server (IIS in your case) is correctly set up to handle requests for the subdirectories. Sometimes, the issue might be with the backend’s routing or permissions. HAProxy Logs: Check the HAProxy logs to see if the requests are being forwarded correctly. If the logs show the requests reaching HAProxy but not the backend, it might be a routing or firewall issue. Firewall Rules: Double-check your pfSense firewall rules to ensure traffic on port 80 (or any custom port) is allowed to pass through to the backend server.

    If everything seems correct but it’s still timing out, you might want to test with a simpler backend (like a basic HTTP server) to rule out any IIS-specific issues.

    Let us know how it goes!

  • patient0P

    Email Reports PHP warning -> report not created

    10
    0 Votes
    10 Posts
    675 Views
    AMG A35A

    @patient0 Upgraded to 24.11 yesterday and had same problem your change to /usr/local/www/status_mail_report_edit.php fixed it. Thank you!!!!!!!!!

  • JSmoradaJ

    Is anyone working on a RustDesk package?

    2
    0 Votes
    2 Posts
    389 Views
    M

    @JSmorada I'm not using rustdesk, but there is a docker option if you don't want to spin up a VM..

    https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/docker/#install-your-own-server-with-docker

  • C

    Crowdsec finally comming to pfSense

    68
    2 Votes
    68 Posts
    15k Views
    Sergei_ShablovskyS

    @provels said in Crowdsec finally comming to pfSense:

    Have there been any more thoughts about including Crowdsec as an official pfSsense package?

    Upvoting this!

  • S

    BIND Package and RFC 2317 Classless IN-ADDR.ARPA delegation

    1
    0 Votes
    1 Posts
    168 Views
    No one has replied
  • I

    Prometheus node_exporter - does not show up in Grafana

    1
    0 Votes
    1 Posts
    266 Views
    No one has replied
  • I

    zabbix connection failures

    2
    0 Votes
    2 Posts
    328 Views
    A

    @isaaclondo09

    SSH into your pfSense box and run this command: /usr/local/sbin/zabbix_agentd -f

    That will show any early output and the cause of the failure to start. Usually it will be a parameter error.

    What is the IP of your Zabbix server?
    It looks like the agent's the Server Active parameter is set to 192.168.13.148 for active checks but the server is rejecting the connection.
    Passive checks (from the server) are coming from 192.168.13.109 but the agent is rejecting them because the Server parameter is set to 192.168.13.190.
  • E

    How to run zenarmor locally in Pfsense?

    2
    0 Votes
    2 Posts
    381 Views
    M

    @enesas follow up with the zen armor team on an official pfsense package.

    https://www.zenarmor.com/contact

  • W

    [solved] FreeRADIUS 3.x package LDAP/OTP problem

    6
    0 Votes
    6 Posts
    2k Views
    W

    @lawern Good to hear :) I think I also updated it once or twice to be compatible, but we used it until we replaced the gateway. Until then I think there was no easy alternative to this.

  • M

    Telegraf Package needs an update

    1
    0 Votes
    1 Posts
    168 Views
    No one has replied
  • mtarboxM

    Email Reports WebGUI crashes February 2025

    5
    0 Votes
    5 Posts
    467 Views
    GertjanG

    @mtarbox said in Email Reports WebGUI crashes February 2025:

    https://github.com/pfsense/FreeBSD-ports/commit/c49098e2900a9211de44dc0b9937235ce9d638a2.diff

    Ah, ok, the pfSense-pkg-mailreport package.

    fe37f9ae-869e-4abe-ae82-918dfe2d5ac7-image.png

    Package make less - or, AFAIK, not use of the patches system.
    If a patch exists fro them, then package is rebuild and you are proposed to update it.

  • R

    Using stunnel with Google LDAP

    3
    0 Votes
    3 Posts
    501 Views
    R

    After clearing the Protocol field in stunnel config, which I had originally set to ldap, saving the change, and restarting stunnel service, executing a connection test from the Toshiba MFD was successful.
    And after adding the Google Workspace server entry in the Toshiba MFD LDAP Client settings as a directory/service option (click Server Assignment button, also in MFD LDAP Client settings), Google Workspace directory searches from the Toshiba MFD are working as expected.

  • K

    How to block specific webpage and not a all website

    7
    0 Votes
    7 Posts
    722 Views
    GertjanG

    @KelvinU said in How to block specific webpage and not a all website:

    sounds NL, right?

    Born over there, exact.
    Living in France for the last 3 decades.

    @KelvinU said in How to block specific webpage and not a all website:

    though it came somewhat pretentious, right?! What makes you assume I'm a newbie?

    Lol, you first : what makes you presume that I assume you are a newbie ?
    But I get your point ^^
    It's true, I am and I was pushing a bit.
    My point of view :

    About the proxy solution : me talking about planes was just an very accessible way to make you understand what the (imho) real question is.
    A lot of people fly planes. It's feasible. It just needs a lot of work.
    It's just that you were asking about why "/this/" isn't accessible to pfSense and/or anything else other then your browser and the web server on the other side. So I kicked of my way of saying : go have a look.
    I good have finished the question with one question back : do you know what https is ? (I sometimes do - as this is not a ).
    And I'm hoping I waked up your curiosity, that you dive into it, and then come back here and tell us how you did it. Because I'm still waiting as I never had the patience and/or time to use a proxy set up myself. Also, I don't have the age neither the young kids at home that motivates me being able to see my own traffic, let alone traffic off other people. That makes me feel very uncomfortable.

    @KelvinU said in How to block specific webpage and not a all website:

    and I've learned that we should never say, "No one. Not pfSense. Nobody. Not on planet Earth."

    and I fully agree with you.
    And we also enter into the "computer politics" now. So no more black and white, all becomes suddenly 'gray'. And it always was.
    If TLS (real time) decoding was possible, while the private key is unknown, this would mean "some one" could listen into your TLS connections at any time.
    I get it, it's the role of every big (governmental ?!) organization to let us know, the big public, that it's a scandal according to them, that they can't do their job right (protecting all of us, the big public), that they can't access your phone's traffic, can't see what you are saying (writing) to some one else. as national security is at stake here. So they say, your traffic is hidden and that's a problem for them - and this for us.
    edit : still looking for the country where the usage of TLS or comparable is forbidden by law ^^
    And at the same time, somewhere hidden, down deep, in zone 51, they have this quantum computer that can tap into everything all ready using, probably, a back door key ? Maybe. And they won't say any one of course that they actually can I get that (except for tiktok of course). Let's give the public the impression they are safe, so the will "speak" freely, not knowing that some one listens in after all. If that capability was known, then Internet as a communication method would fall .... world economy would fall.

    But real time brut-forcing their way in ? Well ... do the math yourself ^^

    Keep in mind : most of what I said above is "afaik" and "imho".

    @KelvinU said in How to block specific webpage and not a all website:

    I know a ton of GertJan

    Oula ... why even bother posting here - come and see me !?
    As I've questions also, and not only pfSense.

  • B

    Zabbix Proxy on 2.7.3

    7
    1 Votes
    7 Posts
    2k Views
    steve.scotterS

    I've been forced to upgrade to Zabbix 7.0 due to the previous LTS version 6.0 going EOL on February 28, 2025. (https://www.zabbix.com/life_cycle_and_release_policy)

    The Zabbix Proxies I have are also 6.0 LTS and I've just discovered there is no 7.0 package.

    I'm also seeing a lot of the following messages in my zabbix logs...

    9868:20250208:120811.048 Proxy "FW-1" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.086 Proxy "FW-2" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.269 Proxy "FW-3" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.366 Proxy "FW-4" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.393 Proxy "FW-5" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.403 Proxy "FW-6" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9861:20250208:120811.436 Proxy "FW-7" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.489 Proxy "FW-8" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.644 Proxy "FW-9" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9. 9866:20250208:120811.700 Proxy "FW-10" version 6.0.27 is outdated, only data collection and remote execution is available with server version 7.0.9. 9868:20250208:120811.911 Proxy "FW-11" version 6.0.22 is outdated, only data collection and remote execution is available with server version 7.0.9.

    So I'm basically stuff. Rolling my Zabbix server back isn't an option due to EOL/compliance issues. And I seem unable to install the Zabbix 7 agent or proxy on pfsense.

    It seems as though the pfsense communication edition is dead?

    😢

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.