1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    580 Posts
    T
    @Gertjan Thanks. This is a compiled binary the tailscale vpn network mesh using wireguard. So this is s definite no then.

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • W

    NUT Driver DummyUPS Device File

    1
    0 Votes
    1 Posts
    154 Views
    No one has replied
  • P

    FreeRadius + Captive Portal "Amount of Time" Problem

    17
    0 Votes
    17 Posts
    3k Views
    GertjanG
    @mustafa-azzam said in FreeRadius + Captive Portal "Amount of Time" Problem: But I have another question now .. when radius is running, the command (radius -X) will not run? Radius is a process you can see as a "server process". Golden rule : on one and the same system, you can have on ONE server process that listens to a determined port. So, if you launch "FreeRadius" using the pfSense GUI, you have a radius process runnin. Example, right now, on my pfSense : [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ps ax | grep radius 83839 - Is 0:18.74 /usr/local/sbin/radiusd 21455 0 S+ 0:00.00 grep radius As you know, it's easy to check what ports it's using. When I launch another, second radius process, it will bail out.
  • VeldkornetV

    gwled using high amounts of CPU on APU2

    1
    1 Votes
    1 Posts
    311 Views
    No one has replied
  • J

    Squid & Squid Guard block pages

    2
    0 Votes
    2 Posts
    343 Views
    KOMK
    No. This is just how it is for https connections.
  • N

    Python client library for FauxAPI available on PyPi

    1
    0 Votes
    1 Posts
    445 Views
    No one has replied
  • J

    Avahi - OpenVPN missing from deny interfaces

    7
    0 Votes
    7 Posts
    1k Views
    J
    @grimson Thanks! Didn't know about that widget... I've added it to my dashboard :) Some sort of built-in alerting would be good though. I just found this custom script another user wrote to alert on available system and package updates https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts
  • Y

    OpenBGPd not able to use prefix-set

    4
    0 Votes
    4 Posts
    570 Views
    Y
    @jimp said in OpenBGPd not able to use prefix-set: I can't remember if support for that is in FRR, but OpenBGPD is pretty much a dead end these days on FreeBSD (and especially pfSense). More than likely what you want to do can be done without much more effort on FRR. Thanks for the suggestions, I am new to FRR and looks really interesting, will for sure explore this in testing and see if we can make the transition. @biggsy said in OpenBGPd not able to use prefix-set: From what I can find prefix-set was introduced with OpenBSD 6.3 (released in April 2018). The FreeBSD version is old compared to the one in OpenBSD. Seem you are correct and that OpenBGPd on freebsd is far outdated and without the new prefix-set features :(
  • L

    i need something like fail2ban do on linux on pfsense or backend servers

    6
    0 Votes
    6 Posts
    751 Views
    L
    @nogbadthebad said in i need something like fail2ban do on linux on pfsense or backend servers: e the backend servers running any form of BSD, look here if they are:- thanks for reply!
  • T

    How to specify a non-standard mysql-Port in the Banyard2 configuration?

    1
    0 Votes
    1 Posts
    136 Views
    No one has replied
  • V

    Package unavailable

    3
    0 Votes
    3 Posts
    633 Views
    jimpJ
    The doc I'm linking is for upgrade troubleshooting but since upgrades and packages both use the same mechanism to pull info, this section is relevant to figuring out why you can't see packages, too: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#force-pkg-metadata-update
  • G

    What is the status of ARPWATCH package?

    1
    0 Votes
    1 Posts
    150 Views
    No one has replied
  • KoDaK

    [arpwatch package] Ignore VRRP/CARP traffic

    1
    2 Votes
    1 Posts
    351 Views
    No one has replied
  • fireodoF

    LCDProc multiple instances after packages restart

    10
    0 Votes
    10 Posts
    1k Views
    fabricioguzzyF
    @stephenw10 said in LCDProc multiple instances after packages restart: Steve I will give it a try.. Thanks Much Steve!! Fabricio.
  • marcellocM

    Mailscanner + spamassassin + clamav package

    313
    0 Votes
    313 Posts
    308k Views
    D
    @marcelloc Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings: MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731 Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder. Runas user on MailScanner.conf and clamd.conf is postfix. Also mailscanner logs display syntax errors: Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file: Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93 Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84 Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87 Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90 Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf. Please Help.
  • marcellocM

    Sarg package for pfsense

    467
    0 Votes
    467 Posts
    570k Views
    Y
    @marcelloc Hello, Marcelo: Do you know how to install SARG in Hello, Marcelo: Do you know how to install SARG in pfsense 2.4.4, FreeBSD 11.2-RELEASE-p3 ? Thanks, Yosvany
  • K

    Not able to download Snort Signature on Pfsense

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB
    You must have a valid Oinkcode subscription code. You can have either a free registered code or a paid subscription code. You must obtain the code from the Snort.org web site. Next, if you are running any type of RAM disk configuration on your firewall, make sure you have at least 256 MB of free space in the /tmp directory (and preferably up to 512 MB free). Snort needs available free disk space to download the rules tarballs and unpack them during the update process. Running out of space on /tmp will cause all kinds of weird errors. Look at the pfSense system log to see if any errors show up there related to disk space. P.S. -- the only way to tell if disk space was an issue is to review the system log. When the update process finishes (either successfully or with a failure), it will clean up behind itself and delete the files and sub-directories it created in /tmp. So simply looking at the dashboard disk space widget will not reveal the problem.
  • P

    Secure logging to external server

    3
    0 Votes
    3 Posts
    525 Views
    bmeeksB
    @pipetennathan said in Secure logging to external server: Incase anyone else is stuck on this, I found the solution. Posted it here: https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6 This is a great solution as Barnyard2 has not been well supported in recent years by its developer. You could almost call it "dead" in a manner of speaking. It is likely that at some point down the road Barnyard2 will be pulled from the Snort and Suricata packages.
  • wgstarksW

    Snort blocking all torrents

    10
    0 Votes
    10 Posts
    4k Views
    bmeeksB
    @rango said in Snort blocking all torrents: I can try to disable Auto flow bit rule. Is it as easy as disable by the rule itself? My hardware has nothing to do with it. It's 2.4Ghz Quad core intel i5 processor with 4gb of ram able to run encryption at ~300Mbps. Without snort package it runs correct. It's snort component do it but since p2p and policy is not enabled i'm puzzled what rule or which component is doing this. If an additional auto-flowbit rule is alerting, it will show up on the ALERTS tab. But note that when in blocking mode, every Snort alert results in a corresponding block of the IP address unless that IP is in a Pass List. And a block will not "slow down" traffic, it will completely stop it. So I continue to be puzzled by your statement that Snort "slows down bandwidth to a few kb/sec". If Snort rule blocks are the issue, the traffic would completely stop: not just slow down.
  • H

    Snort stop working

    snort
    7
    0 Votes
    7 Posts
    3k Views
    Frequency295F
    I was confused on how to do this so after I figured it out I thought I would share. Click Services, Snort Edit the non functional snort interface e Click %Interface% Rules Click the drop down for Category: and choose GPLv2_community.rules Wait for it to load and disable x Sid: 49090 SERVER-SAMBA at the bottom of the page Save & Apply Then back on the Snort Interfaces tab you should now be able to start x snort on the Interface
  • T

    Is it possible to combine OTP and LDAP authentication with FreeRadius ?

    1
    0 Votes
    1 Posts
    241 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.