1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • R

    Dansguardian package fix to properly update blacklists

    Locked
    8
    0 Votes
    8 Posts
    7k Views
    marcellocM
    Just reinstall the package  ;)
  • A

    LightSquid URLs

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • jimpJ

    HEADS UP: NUT package update may require settings change if using remote access

    Locked
    6
    0 Votes
    6 Posts
    11k Views
    M
    I also updated nut package, but have problem with upssched right now… :( upsmon[3752]: UPS monk@127.0.0.1 on battery upssched[30216]: Timer daemon started upssched[30216]: Unknown command on socket: upssched[30216]: arg 0: 15START upssched[30216]: arg 1: onbatt upssched[30216]: arg 2: 15 upssched[30215]: read confirmation got [ERR [/quote] looks like not only my problem http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1051099.html is there any chance to downgrade package?
  • perikoP

    Captive portal+freeradius+user can have different amount of time?

    Locked
    13
    0 Votes
    13 Posts
    5k Views
    N
    @periko: I had read a lot of docs but, is working, but is not counting the time right. Someone here has this setting working? Thanks!!! You could try running freeradius in debug mode from console with "radiusd -X" and then pay attention on the accounting packets. The CP must send the time attribute to the RADIUS server and it must be sent for the correct user. CP is sending accounting packets every minute so the time must only increase by 60 seconds. Perhaps you can try with pfsense 2.1 an compare if CP is working better with the newer code.
  • M

    Is there a problem in the repository?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    M
    I have installed a fresh PFSENSE 2.01, i386 today. Installed SQUIDGUARD with no problems what so ever! Thank you very much!
  • A

    [cron] pingtest script works from the shell, but not when called via cron

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A
    Thank you very much! That was the problem indeed :) Thanks!
  • S

    Squid tcp_outgoing_address

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • K

    Squidguard

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    If squid is running in transparent mode and the website is httpS then you cannot block it. If it is httpS you have to run squid in non-transparent mode. SquidGuard can only block what squid is seeing. To make sure your config works in general just block a simple webpage with http and test.
  • D

    Ntop - How to display internal IP making request to an external site

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    E
    You can see what IP's have talked to what IP's, but if you want more detail than that your best option is to setup squid as a transparent proxy, and then use LightSquid and/or SARG which will geerate some pretty detailed reports of what computers/IP's have accessed what web sites, and will give exact URL's and whatnot.
  • J

    Squid.conf question

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J
    :o I Had Planned On Doing This, I Can't Give You The Software As Its Paid (A Bit Of Google Searching You Can Find It) But I Will Do A Write-up On The Process Give Me A Few Days As It Is A Pain In The Butt Most Guides Are Pretty Outdated.
  • Q

    SNORT 2.9.2.3 pkg v. 2.5.1 Interface Stops

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    Q
    Thanks for the info igor I had figured by upgrading (which deinstalls) this would do the same. Tried uninstalling, rebooting, and then installing again and so far my interface has remained up! :) I will keep in an eye on it over the next while but looks like that did solve it. Cheers!
  • S

    Dropbox website through squidguard

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • R

    Delete cache squid in pfsense 2.0.1

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @randy7: Hello fellow command to delete the cache of squid full.thanks. the same way you do on any linux/unix squid server. stop the service, rm -rf on squid cache dir (default on pfsense to /var/squid/cache) start squid.
  • C

    Squid3 dynamic content caching for YouTube

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N
    You can add all the options you need by hand using the "custom options" box. So if you need just a part of an option the GUI offers then enable it on the GUI, check the "squid.conf" file for the syntax you need and then go to GUI again, disable it there and add the part you need by hand in the "custom options" box. The GUI ist just a helper :-)
  • A

    Squidguard: Forcing Youtube's Safety On option

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    B
    Yes, thats what I am wondering about, what rules would need to be entered. This is the safequid rule, maybe it could be adapted somehow? <profile><enabled>true</enabled> <profile_tracing>true</profile_tracing> <host>youtube.com</host> <portrange></portrange>            <urlcommand></urlcommand> <requestheader></requestheader>            <responseheader></responseheader>            <month active="false"></month>             <day active="false">1,31</day>            <weekday active="false"></weekday>             <hour active="false">0,23</hour>             <minute active="false">0,59</minute>             <matchmode>absolutetime</matchmode>             <addprofiles>UNSAFE_YOUTUBE</addprofiles></profile>         <profile><enabled>true</enabled> <profile_tracing>true</profile_tracing>             <profiles>UNSAFE_YOUTUBE</profiles> <portrange></portrange>            <urlcommand></urlcommand> <requestheader>Cookie:.*PREF=.*f2=8000000</requestheader>            <responseheader></responseheader>            <month active="false"></month>             <day active="false">1,31</day>            <weekday active="false"></weekday>             <hour active="false">0,23</hour>             <minute active="false">0,59</minute>             <matchmode>absolutetime</matchmode>             <addprofiles>SAFE_YOUTUBE</addprofiles>             <removeprofiles>UNSAFE_YOUTUBE</removeprofiles></profile> <rewrite><enabled>true</enabled>         <rewrite><enabled>true</enabled> <profiles>UNSAFE_YOUTUBE</profiles> <pattern>Cookie: ([^\r\n]*)</pattern>             <replace>Cookie:$1; PREF=f2=8000000;\r\n</replace>             <which>client</which></rewrite></rewrite>
  • B

    Need direction

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • I

    Snort 2.9.2.3 pkg v. 2.5.1 Whitelists

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    _
    great, that saved my life :) Had the same problem a while and didnt find a solution.
  • M

    Can't add suppression rules anymore…

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    M
    Just tried this in my virtual machine. Its true, if you delete wansuppress oder parts of it, you cannot add further sids to this suppress list… Try to reinstall the snort package.. hope that helps
  • A

    Snort: S5: Session exceeded …. errors

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    AhnHELA
    Been discussed before but still havent seen a resolution. http://forum.pfsense.org/index.php/topic,51810.msg277499.html#msg277499
  • V

    Snort Whitelist Problem (2.9.2.3 pkg v. 2.5.1)

    Locked
    15
    0 Votes
    15 Posts
    88k Views
    J
    The WhiteList don't works for me too. Neither with networks or single IP adress. I'm using PFSense 2.0.1 with Snort 2.9.2.3 pkg v.2.5.1. After some days searching for solution I found a workaround that worked for me. Add in Suppress List the networks in CIDR notation like that (example with 3 networks in supress list working as WhiteList): suppress gen_id 0, sig_id 0, track by_src, ip [xxx.xxx.xxx.xxx/29,yyy.yyy.yyy.yyy/28,zzz.zzz.zzz.zzz/28]
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.