1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • P

    2.1 and Snort with IPv6

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    P
    Am I the only one seeing this issue? Can someone with a 6RD setup comment on their snort success please?
  • G

    PfBlocker doesn't come up after update

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    @marcelloc: @Gradius: I need to log into WebGUI and enable it manually everytime I perform an update. Every time pfblocker is uninstalled(during update or not) it's disabled to prevent rules and aliases errors @Gradius: This never happened before 2.0.1 (even on 1.2.3). Pfblocker on 1.2.3??? I did it together with tommyboy only for 2.x or later
  • L

    Too many HAVP processes consume too much memory

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    2.1 with Squid3 - How to reset the config of a deleted package?

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    T
    I want to note that in 2.1, squid3 seems not work with "dynamic content" checked. Thanks for all.
  • F

    Snort Rules Update Problem

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    Yes, indeed I could try out the custom.rules. I have overlooked this feature.
  • M

    Snort Preprocessors block IPs from HOME_NET

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    well thats another problem. the whitelisted ip's are not being blocked, only if you enter a CIDR like 192.168.20.0/24, i had to type all 256 ips into an pfsense alias to prevent my subnet from being blocked (because of blocking "both", dst and src(which can change in some rules)) currently i tuned most of the preprocessors by removing the check marks in the configuration page and entered a different preprocessor configuration in "Advanced configuration pass through". Works very good, but I turned most of the preprocessor alerts to reduce false alerts.
  • A

    Dansguardian service fails to start

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    marcellocM
    @asterix: ok, what would be the pkg_delete command for removing pcre 8.3? yes, maybe with -f .
  • M

    Squidguard ACL problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    Not sure if this is implemented in squidguard GUI of pfsense but have a look here: http://www.squidguard.org/Doc/authentication.html But squidguard GUI allows IP addresses as source and hostnames as source. If you know the hostnames of the users than add these hostnames to a group.
  • J

    [Solved]squid, multi SSL reverse proxy

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    J
    Thank you Marcelloc !!! it's working well now ;)
  • K

    SquidGuard problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    After you deleted the blacklists etc. please go to your Group ACL, edit the ACL and check that the targets on your "Target List" is "–-" Do the same on the "Common ACL" tab - set all to "---" and click save. Then on the "General Settings" click save and then Apply. Now all "old" blacklist entries should be removed. But I am sure you want to use squidguard to block something but you need to explain more, what you want to do, provide screenshots and or IPs which should be blocked or allowed and so on so that we can help you to configure squidguard.
  • J

    Squid Allowed Subnets?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    Quickest way is to alter the default access rule. Change http_access deny all to http_access allow all in squid.conf and squid.conf.default Please be sure this is really what you want to do as the proxy will be noticed if you open it up to the internet.
  • R

    Proxy server: Local users

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    R
    that's was my first option, i was just hoping that i could find another way since i just starting to learn php.  it  will take time for me to create this script and i need to find the solution asap.. by the way thanks for your help. another thing, i am wondering regarding the local user of pfsense. there is a local user for system admin - under system: user name and for the web filter which is squid guard it is using local user but i think it is both local user since the username are reside in same server. is it possible to since this users?
  • A

    URLBlacklist (bigblacklist) not extracting how Dansguardian wants

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    marcellocM
    @awsiemieniec: the URL BL db server knew I downloaded it too many times and punished me by limiting the bandwidth to next to nill. That's  why I preffer to download it manually and copy it to pfsense.
  • Q

    Squid/Dansguardian incorrectly proxying and failing sites across VPN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @Quinten: I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first. You dns config options are using internal dns server? did you tried to disable dns forwarder service on pfsense?
  • E

    Dansguardian: stop blocking sites by regular expressions

    Locked
    4
    0 Votes
    4 Posts
    5k Views
    marcellocM
    @elemay: this doesn't work, also if i disable all the blocking stuff under the 'URL' tab i still get blocked. Can you check on dansguardian conf files what you get on urlregex lists for this group?
  • G

    Netflow issue using pfflowd or softflowd

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    Fixed issue. Had an IP conflict.
  • J

    Squid3 problems

    Locked
    24
    0 Votes
    24 Posts
    9k Views
    J
    Well major issues here… first ISP issue then after they finally came back online I find out there is some sort of failover that my GM added me into. So now im limited to 10Mbps till a new card is installed in his failover box. So I might have to scrap my whole setup/squid may just end up being a basic router... Or nothing. Thanks for all the help, if something changes in the next few days and I get everything I had before back I will try your fix and report back. Or I will create another post and start over new. Again thanks! Josh
  • ?

    2.1 and Suricata

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    ?
    In basic terms, a next-generation firewall applies deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS)…. snort IDS has poor performance.
  • Y

    Squid Local Database

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    R
    HOw can the user change his own password in this Proxy server: Local users?
  • _

    Snort 2.9.2.3 pkg v. 2.5.2 dies on IP change

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    _
    thank for that advice, but the logs didnt show a (maybe failed) update, when the IP changes, it only and quietly dies. Without any further notice. :( Last log-entries were always the IP-change, then as next entry something like  "snort quitting" - nothing more. But what i see the last days is that sometimes it doesnt die on IP-change. hmmm. Hard to resolve, i think.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.