1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • Q

    Squid 3 - Reverse Proxy

    Locked
    15
    0 Votes
    15 Posts
    11k Views
    Q
    awesome thanks I'll look forward to it. Cheers!
  • B

    Quagga OSPF GUI producing alittle wrong ospfd.conf

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    B
    Thx alot for Version 0.99.20.1 v0.5 works perfekt. regards m
  • O

    Snort ignores the netlist

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    OK - I see.  So if you enter a CIDR into the dialog box then it IS a NETLISH.  whereas a single IP represents a WHITELIST only.
  • _

    Snort 2.9.3 v2.4.0 no alerts, no blocking…

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    _
    deinstalled snort, installed it newly, did a reboot after updating, snort started, but still no alerts nor blocking… :( But at all the overhaul was great! Behaves much better!!!! edit: snort started reporting alerts, but still no blocking :(
  • C

    Snort blocking ISP

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    M
    @ermal: Just reinstall and should behave better. Ermal, so far (since updating), it appears to have resolved my ISP gateway issue.  Thanks.
  • M

    Snort 2.9.2.3 pkg v. 2.4.1 Issues

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    E
    Reisntall to 2.4.2 and all should be ok.
  • E

    Sarg doesn't work

    Locked
    20
    0 Votes
    20 Posts
    9k Views
    B
    I just wanted to jump in and let people know if what my experience was; I installed Sarg and had the same issue. I tried all that was suggested in this thread and didn't find resolution. What seemed to work for me (and quite possibly is not the best solution) was to remove the Sarg package, connect to pfSense with WinSCP, navigate to usr/local and delete the sarg-reports directory. When I re installed the Sarg package, the reports worked fine. Just my 2c.
  • gwhynottG

    MailScanner - perl modules missing?

    Locked
    16
    0 Votes
    16 Posts
    12k Views
    I
    In a fresh install with just Mailscanner and Postfix Forward works OK Guilherme
  • A

    Re: Squid with identd lookups - SOLVED!

    Locked
    15
    0 Votes
    15 Posts
    15k Views
    marcellocM
    @chowtamah: By this setting, whether https traffic goes through squid? In transparent mode, never.
  • K

    Difference between packages: HAProxy and HAProxy-full

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @kdillen: what is the difference between the 2 HAProxy packages ?  (HAProxy and HAProxy-full) The HAProxy-full is the 1.0 gui version with some improvements made by community, including doc.pfsense.org updates The HAProxy is the 1.2 gui version, working basically with http only. Both exists because 1.2 was published without improvements made on 1.0 att, Marcello Coutinho
  • R

    Lightsquid fails to uninstall

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    R
    Okay, that did the trick. I reinstalled squid. Then I was able to remove lightsquid and finally remove squid. Thanks for the help.
  • C

    Snort 2.9.2.3 pkg v. 2.3.0 Issue Thread

    Locked
    22
    0 Votes
    22 Posts
    6k Views
    E
    Is this afetr a snort soft restart(with HUP signal)?
  • johnpozJ

    Vnstat2 with pfsense 2.1 snapshots?

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    C
    sweet! i'm going to copy my post and start a new topic shortly… wanted to make sure it worked  ;) before giving it out to the masses. ps  Click on the pfSense GUI link... brings you back into the web interface
  • _

    Snort 2,923 v2.3.0 supress things…

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    D
    I agree with Cino, font size is too small to edit when browser is set to 100%. (Firefox)
  • G

    Re: Snort 2.9.2.3 pkg v. 2.3.0 webGui unaccessible

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    G
    Thanks for that I've got my web interface back and all is good.
  • rcfaR

    Ntop fontconfig error?

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    jimpJ
    OK, it was a PBI build issue but one that was easily solved, I was just missing a flag to tell it to use the fonts in the PBI rather than the system fonts. I rebuilt ntop and all of the fonts and the font config file should all be present now. Give it another try.
  • D

    Snort 2.9.2.3 pkg v. 2.2.4 crashes over non existent rules

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D
    Tested with Snort 2.9.2.3 pkg v2.3.0 and it works. No more issues.
  • C

    Bandwidth Usage/Statistics Question

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    A
    Yes You can let it auto create sensors ant it should probe and find the servers and make snmp sensors . I think the newest version lets you add credentials so it can probe deeper and bring back more info such as cpu load disk status as well as traffic. Or you can manually add a sensor too a device (pf box) Need to add the device first. and add a filter so so each sensor watches for only 1 IP A simple filter is IP[192.168.2.40] set flow time out too 6 or 10 minutes. But try the auto create wizard first. If you put in the user/pw for the servers you might get all the info you need and more from that.
  • T

    Which HAVP Version for 2.01

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    F
    Platform on package manager means the minimum pfsense version required.
  • C

    Auto Backup Process

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C
    So I found the command which the package was using "bsdtar". I created a small script to generate the backup files and set up a cron job to run the backup every evening. Finally I set up rsync to create backed up files of the backup file on a separate server. Backup Script: #/bin/bash cd /home/user/backup mv -v pfsense_backup.tar.gz pfsense_backup_old.tar.gz bsdtar -c -z -f /home/user/backup/pfsense_backup.tar.gz /cf/conf /var/db/rrd /usr/local/bandwidthd /var/squid/logs /var/lightsquid/report Cron Job: 0  2  *  *  *  root  /bin/sh /home/user/pfsense_backup.sh  Hope this helps someone out  :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.