1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S
    @shady28 Are you maybe looking at IP block list feeds vs DNSBL feeds?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • C

    [Lightsquid & Squid] full link for user.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    D
    No, LS group URL's by domain.
  • R

    HAVP Antivirus with different scanners

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    R
    Well, a quick hack is done in a few minutes but of course I would prefer a real integration. The only problem I see is that it might need regular updates because as far as I can say the linux/netbsd scanners of the different third party av scanners look like changing a lot. Due to the licence problem it might also need the users to install it using the ssh console. Not perfect but… I wouldn't mind as long as it works once the installation is done.
  • N

    PfSense and Ntop Q

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    N
    Thanks.  That fixed the problem.
  • D

    Could Squid/Squid3/etc. consolidate live streams?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    I'm not sure if squid3 with dynamic contents enabled can handle this. An option to test may be a varnish daemon configured as proxy in front of squid cache. http://forums.freebsd.org/showthread.php?t=4962
  • R

    Not sure if bug - pfBlocker - pfctl Cannot allocate memory

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    R
    @marcelloc: It's not a bug, you need to: empty/disable your lists Increase Firewall Maximum Table Entries on system -> advanced -> firewall/nat re enable pfblocker lists Yep, there it was.. config defaulted to 200K and I didn't even notice it. There is a bug, though. After deleting lists, the table isn't being updated correctly. Reproducing is pretty easy, but iffy - add 5 lists, delete the 3rd. Aliases update correctly, but file table does not - instead it acts as though list 5 was deleted instead of list 3. Only happens sometimes though.
  • M

    Dansguardian not working after reboot

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    The fix is not working for me …
  • I

    PFsense postfix how to

    Locked
    6
    0 Votes
    6 Posts
    16k Views
    marcellocM
    @lovin_it: Is there any way to use pfSense with postfix with my config? I am a little bit confused because I have found no thread concerning my problems with the POP3-matter… This package has no pop3 fetch integration and will not work with your full custom config. You can merge your config using custom options. To use postfix on you system without the gui, follow these steps: Remove postfix package On console/ssh, install postfix binaries using pkg_add -r http://files.pfsense.org/packages/amd64/8/All/postfix-2.8.7%2c1.tbz(amd64 version) Install filer package and open it`s gui (diagnostics -> filer) add postfix startup script to filer config(it will load current file) Edit default startup status from NO to YES and save file create your postfix config file and select startup script to run after file changes Not easy but not impossible too  :)
  • A

    Install Package from the shell

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    marcellocM
    @alexand3r: I've unzipp the tar.gz but now I do not know how I can install it on the pfsense, the command install or make install doesn't seem to work and after several searches over the web I couldn't find a way to do this. It is on freebsd ports, you do not need to compile it http://www.freebsd.org/cgi/ports.cgi?query=Csync2&stype=all get the tbz package from freebsd archive: i386 http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/All/ amd64 http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/All/
  • M

    WPAD not working

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    mohandshamada, I think you need a rule before this http deny rule allowing access to lan_address at http port. If users can't access wpad file they can't get access to proxy. att, Marcello Coutinho
  • L

    Freeradius - 802.1x lan auth

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    N
    Some NAS do a "fake" MAC-Auth. They put the mac address of the host as username and password. If that's the fac then you need to add this "user" in freeradius -> users
  • J

    Facebook Ads

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    J
    I'm still working on figuring this out.  It seems like squidGuard won't block frames properly.  Adblock seems to remove frames and shift the content whereas squidGuard creates the frame but makes it blank. I'm loading easylist in to squidGuard using the following method: http://forum.pfsense.org/index.php?topic=19756.0 Can someone tell me if the following Facebook entries in the expressions file are correct? –--------------------- ||facebook.com/whitepages/wpminiprofile.php?partner_id= facebook.com###fbPhotoSnowliftAdsSide facebook.com###home_sponsor_nile facebook.com##.ego_spo facebook.com##.fbEmu facebook.com##.fbEmuBlock facebook.com##.fbEmuEgo facebook.com##.fbEmuEgoUnit facebook.com##.fbEmuLink facebook.com##.fbPhotoAdsCol facebook.com##.fbPhotoSnowboxAds facebook.com##.fbTimelineSideAds facebook.com##a[ajaxify^="/ajax/emu/end.php?"] facebook.com##a[href^="/ajax/emu/end.php?"] –--------------------- I'm wondering if the conversion filter (regex.sed) is working properly ("cat easylist.txt | sed -f regex.sed > expressions").    My regex.sed file is as follows: /@@./d; /^!./d; /^[.]$/d; s#http://##g; s,[.?=&/|],\&,g; s##.#g; s,$.$,,g; –---------------------
  • J

    Squid Error Footer

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    OK I figured this out.  All you have to do is put a comment open at the ending of the error file.  i.e.
  • perikoP

    Squid_ldap_auth AD user password issues.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    perikoP
    I'm working to see why went the users have special characters it has issues. Thanks for your info Gloom, see u latter!!!
  • S

    How to troubleshoot dansguardian

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    try to run dansguardian on console to see if it returns a config error
  • D

    Http https traces who? When ? What ?

    Locked
    1
    0 Votes
    1 Posts
    685 Views
    No one has replied
  • A

    Unsupported packages on unsupported architectures

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A
    @cmb: USB flash has the same write limits as CF. Agreed, however if the USB flash drive exceeds the max. number of writes that it can handle, it will crash and burn without crashing the entire firewall in the process. At worst it would stop showing up as a drive, and pfSense could fall back to using the flash RAM to store the files. In theory, that is. :-) @cmb: The only option would be to add an external hard drive for such storage, which is difficult and not supported for a variety of reasons, primarily because the partitions can't easily be split up in the fashion that would be required. Hmm.. I'm interested in the background on why external drives aren't supported, but I have a feeling that goes outside the scope of this post. If you're so inclined, PM me with the details. If not, I certainly understand. For the sake of argument, let's forget about external storage entirely. What about network-based storage? For instance, what if I could hypothetically mount a NFS or SMB share from pfSense to a NAS device, like FreeNAS? In that scenario the amount of storage would be virtually limitless since squidguard/squid log files are not large in the grand scheme of file storage. As you can see, the gears in my head are turning. These devices are incredibly useful. pfSense is incredibly useful. If there's any way to overcome the finer points of using the appliance instead of a PC, I'm all about it. Thanks (as always) in advance!
  • J

    Snort: Rules with flow:established won't trigger alerts?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Z

    Squidguard problems on some websites with multiple slashes

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    Snort: List of blocked IPs not cleaned up

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    T
    @Cino: re-appy the Global Settings page and Interface Edit: If Settings page. This should re-create the missing cron job I was having the same issue, following the above worked for me as well. Thanks
  • F

    Help with package freeradius simultaneous connections

    Locked
    4
    0 Votes
    4 Posts
    5k Views
    N
    Your post is difficult to understand for me.  ;) If your NAS supports "account"ing then Simultaneous-Use will work. If you use pfsense Captive portal then try with "Disable concurrent logins".
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.