1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi again, an once again sorry to bother. Also, the Peer can ping the Server IP but not the Wireguard IP, same with I try to ping from Wireguard the peer - not successful. Other question is, if the handshake is successful should not this work?
Log in to post
Load new posts
  • I

    SPAMD in Blacklist Mode Broken?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I should say that unchecking the box STOPS all e-mail from being delivered unless its' on the whitelist. (I'm assuming because the rules aren't re-written it's trying to send it to spamd internally, which isn't on) Changing the rules just gets them re-written on reboot obviously so that's no dice either.. Chris
  • C

    Patch to include SMTP server name to SpamD package

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    I
    @iced98lx: Are you using the developer release? I'm on 1.2.1 rc3 and after installing patch the command gpatch is not found… Nix that- reboot and now i can use gpatch.
  • C

    SpamD: Add DNSWL's legitimate SMTP servers to whitelist

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    Comrax: doing excellent work here!! I'm updating to RC3 just so i can use this and the other patch you released to SPAMD!! Are you running greylisting or just white/black?
  • I

    Changing SPAMD to Listen on an IP Address vs an Adapter

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • K

    Spamd whitelist/blacklist strange behavior

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • P

    BGP problems

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    D
    looks like you are binding bgpd on one subnet. here's a bgpd.conf that works with the latest pfsense version. (note that I set the announce on the group level, you can do this on the neighbor level also, also I like to define things even tho they are the default - just for my own sanity) AS 12345 holdtime 60 listen on 127.0.0.1  #try this to so solve your binding problem router-id 111.111.111.111 network 123.123.123.0/24 group "upstream" {         announce self         announce capabilities yes         set localpref 90         softreconfig in yes         softreconfig out yes         neighbor 63.169.230.189 {                 descr "Sprint Upstream"                 remote-as 1239                 depend on em1                 max-prefix 270000         }         neighbor 204.9.204.29 {                 descr "US Colo Upstream"                 multihop 3                 remote-as 32743                 depend on em2                 max-prefix 270000         } } group "any2_peers" {          announce self          announce capabilities yes          depend on em3          set localpref 110          softreconfig in yes          softreconfig out yes          neighbor 206.223.143.33 {                 descr "WV Fiber"                 remote-as 19151                 max-prefix 4000         }         neighbor 206.223.143.79 {                 descr "Peer 1 Networks"                 remote-as 13768                 max-prefix 2000 }         neighbor 206.223.143.63 {                 descr "Singapore Telecom"                 remote-as 7473                 max-prefix 20000         } } Sample filter section: Filter Section First deny everything from all deny from any deny to any Allow to/from our peers All groups  must be listed here to receive and send updates allow from group upstream allow to group upstream allow from group any2_peers allow to group any2_peers Filter out Default Route, RFC1918 and other IANA reserved IP blocks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 +++++++++++++++++++++++++++++++++ hope this helps
  • J

    Multiple subnets with Bandwidthd

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    C
    Same phenomena here… Anyone can shed more light on this? and how to correct the situation? I am running pfSense 1.2.1-RC2.
  • D

    SNORT BLOCKING EVERYTHING

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    NUT and UPS via USB

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    G
    I was also having problems with the nut package in 1.2.1 RC2 and a APC ES-350 using a usb cable. I was able to resolve the issue by running a search and replace on "nut.xml"  and replacing all instances of "newhidups" with "usbhid-ups" Hope that helps GP P.S as always it would be a good idea to make a backup of "nut.xml" before you start!
  • B

    VmWare Package - 1.2 Release but can't see it?!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    B
    @GruensFroeschli: This is the post for you :) http://blog.pfsense.org/?p=293 I assume from that it's only available as a package in 1.2.1? :-) I tried to go to the doc page mentioned in my first post and create an account in order to edit the doc to make it clear that this is only available for 1.2.1 and upwards. However the only option is to log in, not to create an account! Could some kind soul please edit this page to make it clear which version(s) it applies to?
  • G

    Trouble shooting 1.2.1 RC2 Snort Pkg Rule update

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    I have searched the forums several times, thank you. I am using the "ac-bnfa"  mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation). It's weird in that my first install it worked fine.  I had to reinstall on new hardware and it stopped working. I have reinstalled half a dozen times with no luck. In another post a delay to allow for the interfaces to come up was sugguested.  I have tried turning automatic updates off to provide that delay with no luck. Can anyone at least provide a manual method of updating as a work around? Well after two days it ran successfully! I have no clue why.  Please ignore post
  • G

    GEO Filtering

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    Interesting idea - you might start a bounty and see if anyone else latches onto this.
  • F

    Problem in squid while on failover

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I believe that Squid does not support a multi-wan environment (load balance/failover). I will check on this and get back to you…
  • C

    Question about BandwidthD

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    LightSquid and 500 - Internal Server Error

    Locked
    21
    0 Votes
    21 Posts
    14k Views
    D
    @ipnet: Hello all, I get the 500 Internal Server Error when I try to get the graphics from Lightsquid. I followed this thread and made it up to the point where the conclisions are that the libperl.so file has to be replaced. Well, the link http://diskatel.narod.ru/libperl.so (mentiones early in this thread) seems not to exist any more. Anybody knows where can I get this file from ???? Best regards Pls restore you lib back and look lastest recomendations http://forum.pfsense.org/index.php/topic,11594.15.html –- Possible close this topic - here not actual information?
  • Z

    Snort2c source code

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    Z
    snort2c it's not part of snort official package. The main site of the project is at http://snort2c.sourceforge.net but I think that the version included in pfsense is a modified one (according to the cvs logs).
  • R

    Restoring with packages

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    D
    @running: Since i have reset config and reinstalled packaged do i still have access to that log? If not i will tire to re create the problem this week and let you know Thank you! LS need squid log's SG must have installed blacklist
  • P

    Why does the Transp. Proxy asks for password?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    H
    hadi57 i had this problem of the username and password appear whenever somone opens web page, if i use the upstream proxy.
  • B

    Samba on Pfsense

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    GruensFroeschliG
    http://forum.pfsense.org/index.php/topic,10201.0.html
  • S

    Squidguard - manually rebuild databases

    Locked
    8
    0 Votes
    8 Posts
    11k Views
    D
    Think you mean the squidguard_conf.xml in usr/local/etc/squidguard? Information file for debug.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.