1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    578 Posts
    T
    Re: How to update to the latest Tailscale version? I am on latest released Netgate 6100 pfSense PLUS v24 ( pfSense_plus-v24_11_amd64-pfSense_plus_v24_11 ) pkg config abi FreeBSD:15:amd64 pkg -vv | grep -A 3 "pfSense:" pfSense: { url : "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", enabled : yes, priority : 0, cat /usr/local/etc/pkg.conf ABI=FreeBSD:15:amd64 ALTABI=freebsd:15:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-key.pem } This firewall is obviously running on FreeBSD 15 no longer on 14. But can I use the freshports link for FreeBSD 14 amd64 quarterly which is at tailscale 1.86.2 or can I only go up to version tailscale 1.84.2_1, and need to wait until they have a version of tailscale 1.86.2 or higher for the FreeBSD 15? Would it be good enough to tell it to ignore the OSVERSION? export IGNORE_OSVERSION=yes Note: use of 14 and not 15 ? pkg add https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg service tailscaled restart tailscale up

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • P

    Snort not working for me (again)

    Locked
    30
    0 Votes
    30 Posts
    10k Views
    P
    OK, found and fixed the problem. If you have a wireless connection (opt1) bridged with LAN and you leave the IP address blank in the IP configuration box on the opt1 interface it causes the problems I was having. You have to un-bridge the connection put a (fake?) ip address in and then re-bridge the connection. That seems to fix it, although I need to give it a proper test
  • N

    Snort Feature Request: Advanced Options text field.

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S
    @Numbski: Thanks Scott, on a Sunday no less.  :o I've been working all weekend on pfSense anyways, no biggie.
  • N

    Snort Bug: HOME_NET line being mis-written. Comma at string end.

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    N
    Bug opened, but closed.  Thanks for that. :)  Now if only I could figure out why /var/db/whitelist winds up being such a mess for me. :(  It doesn't work right at all unless I manually clean it up after each reboot.  It appears to keep dumping duplicates into the file, and unless I sort network large to small, it's no good. That, and I have a network, x.x.x.0/24 for I have in /var/db/whitelist, but snort keeps adding x.x.x.11 to the blocklist.  Unless I put x.x.x.11/32 in there as well, it keeps getting blocked.
  • G

    Package that block ports

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H
    You can see pen connections at diagnostics>states if that helps.
  • M

    Idea for New Package: PBNJ

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    @mrquintopolous: I just started using pfSense on an internal firewall where I work, and it works pretty nice. Good work guys! So I had an idea to extend pfSense with the capabilities of PBNJ (http://pbnj.sourceforge.net/). Basically, I think it would be a cool feature to be able to automatically scan your LAN machines with nmap and see changes over time and maybe even be alerted when a machine has a new port open. That way, an admin can jump on figuring out why this happened. In an attempt to figure out the internals of pfSense and waste time, I have been fiddling with getting PBNJ installed on the pfSense box. Without the ports system, it requires the following steps: pkg_add -r perl pkg_add -r <various 6="" perl="" modules,="" around="">3) One of the dependencies, p5-Nmap-Parser is not in the packages, so it requires downloading the tarball, extracting, installing etc. This requires a pkg_add -r gmake extract PBNJ, perl Makefile.pl, gmake, gmake install, gmake test Maye more that I subsequently forgot. Pretty involved, maybe installing ports and going from there would have been smarter. Anyways, I was wondering: Do people on this forum think that this would be a useful thing to have in a pfSense box? If so, is installing perl too much? i.e., would it be better to rewrite something similar in php? Would anyone be interested in making a package / ui frontend for it with me? I hope to hear your thoughts.</various> Not as involved as you would think.  Check out the squid package which in turns install perl.  Theres a number of packages that install multiple dependencies and then setup the package.  I don't see anything that would change this situation for this package. Check out http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pkg_config.xml?rev=1.407 and http://pfsense.com/cgi-bin/cvsweb.cgi/tools/packages/
  • G

    Are there any "packet sniffers" available?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    S
    Recent snapshots have a tcpdump GUI component.
  • B

    Squid Proxy Sever Blacklist

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    ?
    Please be a LOT more specific about what you're talking about.
  • P

    Iperf Installation problem

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    M
    Working for me, thanks a lot!
  • L

    MiniUPnPd and My Network Places

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    H
    I vote him for package maintainer of the year!  ;D
  • M

    Pure-FTPD

    Locked
    21
    0 Votes
    21 Posts
    10k Views
    M
    thank you very much!
  • A

    Bleeding Threats Support in SNORT

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Gateway AV and Snort

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    B
    Yes, that is true. I'm out of work right now, but if I was working I'd offer $50 and then possibly more once it was done. $30-$50 for me is my starting place for things. However I have to work though and hopefully by the end of Feb I can start a new job. If there's not a gateway AV for pfsense when I am back to work then I will be offering a bounty for it. At least I hope I can afford to do that. You guys who work on pfsense really do a good job on the UI and stuff.
  • B

    No packages work for me

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    B
    Everything is working good. The issue was I guess you had to select LAN/WAN in that window. I don't remember what area that is. Like settings area for the package or something. I had to fiddle with it a while untill I understood it better since there is no documentation for anything. I also did upgrade to the latest snapstop as suggested and it's good so far. Thank you!!
  • M

    Squid does´nt start

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    D
    I think I finaly fixed this today in version p15
  • Z

    Packages offline

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    Double check your boxes by sending a ping to google or yahoo in the terminal.  I haven't ever had a problem with the package system that didn't involve me forgettting about something.
  • F

    SQUID Problem.

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    D
    See the other 10 page long squid thread. set a space in the unrestricted and banned fields and it should work then. Commited version p9 just now.
  • S

    Pfsense

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H
    The packages that exist for this are not finished/working atm. If you have some knowledge feel free to fix/finish them.
  • B

    Squid help

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    J
    I'm guessing there is a language barrier, try your forum language and post there if it is listed, you should have more luck, but all in all this is NOT setup to work correctly yet
  • M

    Squid Whitelist URL Capacity

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D
    The current squid whitelisting and blacklisting should work starting from version p8. So you can try what size the limit is now :-)
  • B

    Squid log to a remote server

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    B
    I found a command who can do the job : tail -f /log/squid/access.log | logger -p "local4.info" & To work syslog must be configured tu send "local4.info" to the remote server.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.