1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    R
    @Gertjan I have not set that in Unbound. No Python Module is active there. I saw that in another thread but I don't think it will change anything. Also which of these settings for the unbound python mode should be enabled here? [image: 1754379047075-settings.png] I also have no script to select under Unbound: [image: 1754379337036-unbound.png]

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    582 Posts
    dennypageD
    @Gertjan said in can I install a FreeBSD 14 pkg on a FreeBSD 15 pfSense?: If the package contains binaries : forget it. The ABI is different. It's not a hard and fast rule like that. It depends upon what the binary is, what dependencies it has, and how everything was compiled. I am currently running a binary package, which was built on FreeBSD 14.2-RELEASE, on pfSense 25.07 (FreeBSD 15.0-CURRENT) without issue.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    F
    Hi again, to be honest: I guess, I did not remember exactly what I did 2 years ago. May I was mistaken by the interface name opt2 because the SG-3100 has a physical port OPT1 and I mixed up physical and virtual names. The goal was to use 2 different tunnels, one for the mobile clients and one for the site-2-site connection. And now all is running in that way . Regards
Log in to post
Load new posts
  • valnarV

    Just want pfSense to shutdown when UPS goes to battery

    2
    0 Votes
    2 Posts
    1k Views
    dennypageD
    Using NUT on pfSense you have a couple of options: Directly monitor the UPS via SNMP The NUT client can talk to a remove apcupsd server. Given a choice, I would choose option 1 as this works regardless of whether the Windows system is functioning or not. I can't speak to apcupsd on pfSense.
  • C

    Http-buffer-request

    5
    0 Votes
    5 Posts
    678 Views
    johnpozJ
    " a field for HTTP options to be injected into the header. " No as it states its where you put in options to passthru to the frontend.. This common theme on all packages and or services in pfsense.  There are gui settings for the obvious stuff… but more advanced features can be put into a custom box that are added to the conf file, etc. Look fired up a frontend - put your option in the box, check out the cfg file..  See attached pic you can also put that option in global or default section, etc. [image: frontendoptions.png] [image: frontendoptions.png_thumb]
  • C

    Is Snort ignoring host names in pass lists?

    9
    0 Votes
    9 Posts
    5k Views
    L
    Hi BBcan177, Questions:- (1) Will it work on Suricata? (2) I have the passlist in place. Will the script wipe the passlist? If so, I want the passlist + the script run together. Is it possible?? (3) if multiple hostnames, how can I do it? If you use the pfctl -t xxxx -T delete, it just delete the IP from the block list. eventually, the ip will be blocked again. It is the other way around. How can I update the passlist ip using script? @BBcan177: I didn't test it, but try this in an sh script Create new script vi myip **#!/bin/sh MyIp="$(host -4 my.hostname.com | grep -oEw -e "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}" -e "[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}")" pfctl -t snort2c -T delete $MyIp** (Save and exit) :wq (make script executable) chmod +x myip
  • msrachelchenM

    Snort configuration on 1Gbps/1Gbps uplink?

    7
    0 Votes
    7 Posts
    1k Views
    bmeeksB
    @msrachelchen: I ended up using Suricata instead. Though with cpu pinning, the load is still pretty intense atm Looking pretty juicy, 19.82 MB/s. Though most of the “CPU usage” went to NIC queues State Table: 47% (3987752/8500000) Load average: 9.39, 9.96, 9.60 CPU usage: 68% Nothing is running except Unbound, pfblockerng (DNSBL), IPSec and Suricata. I haven’t started HAProxy and TC yet… Suricata is multi-threaded whereas the current Snort release is still single-threaded.  That can help a little under high loading.  The new 3.x BETA versions of Snort are multi-threaded.  Once the 3.x tree goes to RELEASE, it will get pulled into pfSense. Bill
  • vallumV

    FreeRadius3 With WindowsAD 2008 as User Backend.

    2
    0 Votes
    2 Posts
    480 Views
    vallumV
    Any one using this feature?
  • S

    Bandwidthd - Display Hostnames in Main Table

    2
    0 Votes
    2 Posts
    662 Views
    J
    Unfortunately, bandwidthd is no longer maintained, its last update was more than 10 years ago. I have made the modification myself to the bandwidthd source code and display the hostname next to the IP address, in addition, I also updated the maximum IP listed in the HTML from 20 to 50. 20 IPs were probably a lot back in 2005, but these days 50s are probably the norm. If you are comfortable with compiling c code, I can attach my changes here.
  • G

    DHCP Web List

    1
    0 Votes
    1 Posts
    331 Views
    No one has replied
  • D

    Feature request - Cron package - add a Name and/or Notes field

    1
    0 Votes
    1 Posts
    288 Views
    No one has replied
  • D

    Having trouble installing php72-7.2.1.txz package

    2
    0 Votes
    2 Posts
    489 Views
    GertjanG
    Hi, Your lucky. The answer is simple. You can't do that. pfSense is using itself PHP for the GUI. There are probably many lines in the scripts of the GUI that wouldn't be compatible with PHP 7.2. Btw : this is like asking how to install core Windows 10 files on a Windows 8 PC. Experts can't (and won't ask the question).
  • L

    Deny Video Streaming

    1
    0 Votes
    1 Posts
    441 Views
    No one has replied
  • G

    Postfix Backup MX

    13
    0 Votes
    13 Posts
    3k Views
    jimpJ
    The only downside of not having a backup MX is having to wait hours (4+) for retries to come through, or longer if it's a prolonged outage. It's not the end of the world, though, messages will be resent. If you botch the backup MX config then it could be worse. You could accidentally reject mail and never receive it, or let even more spam through on a continuing basis. The best backup MX is an exact duplicate of your primary mail server hosted off-site.
  • R

    Can snort block torrent streaming?

    2
    0 Votes
    2 Posts
    494 Views
    bmeeksB
    I don't know the answer definitively, but you can install it and try it out.  I would set it up in IDS (non-blocking) mode first and let it run a week or two in order to get a feel for the kinds of alerts generated.  Expect to see quite a bit of alerting related to the HTTP_INSPECT preprocessor.  You can search the IDS/IPS sub-forum here in Packages to find threads about configuring Snort. Bill
  • D

    LAN is not passing through Squidgard

    2
    0 Votes
    2 Posts
    526 Views
    vallumV
    @Dezireman25: Hi All! Just want to ask for your help. I install 2.4.2 pfsense and add squid, squidguard and lightsquid packages. I followed some instructions in youtube (https://www.youtube.com/watch?v=W2gy1bLHm5o) and do some research but LAN did not pass through my squidguard. Squid and squidguard services are running. When i check using proxy test my internet users are not going through squidguard. please help TIA 1st :- You need to allow your LAN Subnet in squid:- Squid  Proxy Server  > ACLs >  Allowed Subnets (put your LAN subnet here) 2nd :- in squidguard by default everything is blocked , you need to allow some list:- SquidGuard Proxy Server > Common ACL  > target Rules List >Target Categories > (default is deny at bottom , allow specific list as required)
  • M

    HAProxy, websockets, "timeout tunnel" and the defaults section

    3
    0 Votes
    3 Posts
    6k Views
    B
    Found your post whilst trying to fix a similar problem. I managed to get things to work with your hint. I simply added the "timeout tunnel 3600s" under the relevant backend -> advanced settings -> backend pass thru
  • arrmoA

    Python 3?

    5
    0 Votes
    5 Posts
    2k Views
    U
    Hi, The linked post doesn't mention anything regarding Python 3. It's just about installing mitmproxy in a Python 2.7 virtualenv. Could you maybe give a brief explanation how you got python 3 on pfsense in the first place? Thanks.
  • H

    Debugging Email Reports

    1
    0 Votes
    1 Posts
    530 Views
    No one has replied
  • Raul RamosR

    Traffic Totals - All VLANS collects Parent Interface data? (Solved)

    5
    0 Votes
    5 Posts
    799 Views
    Raul RamosR
    I do the question before because i do not want to reset the data and could be other problem. Disabling and resetting and/or disable graphing and maybe not needed to delete and reinstall the package seams solve the problem. Maybe a broken déjà vu but i thin i have tried this before, months ago. Anyway thanks for the feedback and solutions, i should know this. I will wait couple of hours and put a solved on the topic if this stay good.
  • L

    Bind 9.11 error in pfsense 2.33

    8
    0 Votes
    8 Posts
    3k Views
    johnpozJ
    Don't cross post, and dig up threads from year ago.. What part in your zone file do you think is correct about this? @ IN NS 192.168.1.1. So you think its ok to put in an IP for your NS record?
  • S

    LightSquid Issue - lightsquid_web services won't start

    1
    0 Votes
    1 Posts
    524 Views
    No one has replied
  • M

    FreeRADIUS 3 with Active Directory Authentication and Authorization?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.