1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    578 Posts
    T
    Re: How to update to the latest Tailscale version? I am on latest released Netgate 6100 pfSense PLUS v24 ( pfSense_plus-v24_11_amd64-pfSense_plus_v24_11 ) pkg config abi FreeBSD:15:amd64 pkg -vv | grep -A 3 "pfSense:" pfSense: { url : "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", enabled : yes, priority : 0, cat /usr/local/etc/pkg.conf ABI=FreeBSD:15:amd64 ALTABI=freebsd:15:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-key.pem } This firewall is obviously running on FreeBSD 15 no longer on 14. But can I use the freshports link for FreeBSD 14 amd64 quarterly which is at tailscale 1.86.2 or can I only go up to version tailscale 1.84.2_1, and need to wait until they have a version of tailscale 1.86.2 or higher for the FreeBSD 15? Would it be good enough to tell it to ignore the OSVERSION? export IGNORE_OSVERSION=yes Note: use of 14 and not 15 ? pkg add https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg service tailscaled restart tailscale up

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • A

    I don't know the antivirus has start?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    A
    Hi, When I go to "Service"–>"Clamav" The page show a follow error: Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 326 How I to do? Thanks a lot.
  • T

    Re: Transparent Squid and Traffic Shaping!!

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    ?
    http://forum.pfsense.org/index.php?topic=1352.0
  • C

    Squid install problem

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    http://forum.pfsense.org/index.php?topic=1352.0
  • N

    Updated packages

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    The installed package tab will show new versions.
  • B

    Package installation

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    B
    OK, so that's the case thnx! I'll try BETA 4 :)
  • N

    Unable to communicate to pfSense.com

    Locked
    3
    0 Votes
    3 Posts
    7k Views
    N
    I found out why it wasn't working. The "Allow DNS server list to be overridden by DHCP/PPP on WAN" option was enabled in the "System: General Setup" menu.
  • S

    Freeradius

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S
    FreeRADIUS is marked as broken.  Surely you dont' expect something marked as broken to work!?
  • F

    Pfflowd non correctly counts

    Locked
    12
    0 Votes
    12 Posts
    7k Views
    B
    @freeseacher: @billm: It's likely that pfflowd is only counting stuff that matches state.  Retransmits that got dropped for whatever reason likely don't add to the flow numbers it retains. pfflowd gets it's data from pfsync - I don't believe it maintains a table of inflight flows, I'm pretty sure it gets it's data from the state teardown messages.  So, the data comes directly from the PF state entry which means only data that pf forwarded itself. –Bill rules for pf was pass any in keep-state pass any out keep-state is there someting to miss ? Yes, my point ;) Not all packets in a given TCP flow will be considered "in state".  Consider out of window packets, out of sequence window packets (stuff that's been ack'd and had data past it acked, but was retransmitted all the same).  "normal" TCP communications do have packets that will get blocked.  I'm reasonably confident that those packets will not cound against the PF byte count for that flow.  The easiest way to determine that is to see if the PF byte count more closely matches that of the file(s) that were transferred.  If it's under, then there's a bug somewhere, if it's over, but over by less than the other accounting types (ng_netflow is going to get all packets regardless of whether pf blocks it) then it's not a bug per se, you just have to understand what/where you're monitoring. –Bill
  • L

    Error when installing STUNNEL

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    L
    thanks a lot Sullrich, it's OK now  ;)
  • ?

    Antivirus for PFsense

    Locked
    2
    0 Votes
    2 Posts
    7k Views
    S
    Fernando is working on it but there is no ETA.
  • R

    ClamAV

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    R
    Hi, I have made a clamav package, it's not complete as yet and I have not added any web gui for starting or stopping or for other options in config files. As of now you can just test it from command line by running clamscan. The actual use for clamscan is for havp. As of now havp has experimental FreeBSD support and I am working on packaging it for FreeBSD. In the mean time pl test the clamav package. This is my first stab at packaging some thing for pfSense, so there will be lot's of things that can be improved. raj I am posting the clamav section from pkg_config.xml and the package configuration files.           <package><name>clamav</name>           <website>http://www.clamav.net/</website>           <descr>Opensource anti virus</descr>           <category>Services</category>           <config_file>http://agni.linuxense.com/packages/config/clamav.xml</config_file>           <depends_on_package_base_url>http://ftp13.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All</depends_on_package_base_url>           <depends_on_package>clamav-0.87.tbz</depends_on_package>           <version>0.1</version>           <status>BETA</status>           <maintainer>raj@linuxense.com</maintainer>           <configurationfile>clamav.xml</configurationfile>           <logging><facilityname>clamav</facilityname>                 <logfilename>clamav.log</logfilename></logging></package> config.xml <packagegui><name>clamav</name>         <version>0.1</version>         <title>ClamAV: Settings</title>         <include_file>/usr/local/pkg/clamav.inc</include_file>         <service><name>clamav</name>                 <rcfile>/usr/local/etc/rc.d/clamav.sh</rcfile></service>         <additional_files_needed><prefix>/usr/local/pkg/</prefix>             <chmod>0755</chmod>             http://agni.linuxense.com/packages/config/clamav.inc</additional_files_needed>         <custom_php_install_command>clamav_install_command();</custom_php_install_command>         <custom_php_deinstall_command>clamav_deinstall_command();</custom_php_deinstall_command>         <custom_delete_php_command>sync_package_clamav();</custom_delete_php_command>         <custom_php_resync_config_command>sync_package_clamav();</custom_php_resync_config_command>         <custom_add_php_command>sync_package_clamav();</custom_add_php_command></packagegui> clamav.inc function sync_package_clamav() {         conf_mount_rw();         config_lock();         global $config;         $start = "/usr/local/sbin/clamd &\n";         $stop  = "/usr/bin/killall clamd\n" .         "sleep 2";         write_rcfile(array(                           "file" => "clamav.sh",                           "start" => $start,                           "stop" =>  $stop                           )                     );         conf_mount_ro();         config_unlock();         mwexec("killall -HUP cron");         mwexec("/usr/local/etc/rc.d/clamav.sh stop");         mwexec("/usr/local/etc/rc.d/clamav.sh start"); } function clamav_install_command() {         global $config, $g;         mwexec ("mkdir -p /var/db/clamav");         mwexec ("/usr/local/bin/freshclam");         sync_package_clamav(); } function clamav_deinstall_command() {         global $config, $g;         conf_mount_rw();         unlink_if_exists("/usr/local/etc/rc.d/clamav.sh");         unlink_if_exists("/var/db/clamav/daily.cvd");         unlink_if_exists("/var/db/clamav/main.cvd");         unlink_if_exists("/var/db/clamav");         conf_mount_ro(); } ?>
  • C

    Command Line package installation

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    D
    and this command line wiil not work? php pkg_mgr_install.php?id=packagename
  • A

    SpamD - add to whitelist working ?

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S
    Yep, thats about it in a nutshell.
  • A

    Spamd - Add spam trap E-mail address: + nextMTA

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S
    @Aderium: Add spam trap E-mail address: if I add a spamtrap email called spamtrap@mydomain.com do I also need to create such user in my email server ? No, basically if a email address is the to: address then SpamD knowns to add this servers IP to the trapped database and then further connections from that mail server will be trapped in a great tarpit which looks like a 110 baud modem communication, wasting the cpu cycles of the mail server in question.  It's neat. @Aderium: nextMTA my internal ip address for mailserver is 10.1.10.10  is this the IP I would add to nextMTA ? Yep.
  • S

    SpamD outlook button

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H
    Install http://pfsense.com/~sullrich/SpamDOutlookAlpha/SpamD.msi . It will add the outlook plugin. You also need to have SpamD package installed at your pfSense of course.
  • R

    Might I suggest breaking out the packages to their own directories

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    B
    @ronnieredd: Excuse me? Why am I making you click dozens of forums? Did I do something wrong? If so, I'm sorry. Please do elaborate. 13 packages plus the existing dozen or so forums makes for dozens of forums.  I'm old enough to remember and use BBS's, yet I still prefer email - I can sort and filter my inbox based on what I choose to read.  Which means more time spent on email worth replying to.  More forums split the attention the developers (who are still the primary support - although a few souls have certainly stepped up and chipped in on the support from) leaving us with less time to write code.  Until a package becomes enough of a nuisance filling the existing packages forum, it's really not worth splitting it out. –Bill PS. wut sullrich and hoba said
  • R

    Variables for spamd

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S
    %A expands to the IP in the blacklist. Since each blacklist is added individually then you know what database url to insert for each response. I couldn't locate any other variables in http://www.openbsd.org/cgi-bin/man.cgi?query=spamd.conf&sektion=5 but if you come across any others, please let me know.
  • M

    Squid - Disable Access Log Patch

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    B
    @msamblanet: Thanks - patch form Sorry for all the questions for a fairly trivial patch - hopefully as my current work project calms down I can offer something of more substance… Commited.  Thanks –Bill
  • M

    Securing Package CGIs?

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    B
    @msamblanet: OK - thanks - I have a better sense where things are going now…as you have seen in my other email, I took the first pass option of forcing users to enable the cachemgr so you have to choose to accept the risk... If I ever find enough free time I am qualified to write the module you propose - but time is always the trick...my hat is off to you - I don't know how you (and many other good OpenSource authors) find the time to do this... An option I was toying with overnight was how one could make a PHP wrapper so that the cgi was kept outside the web directory and content was in an iframe or similar with the PHP wrapper handlng security - would even allow us to keep the pfsense menus on the screen :)  ...unfort my PHP is pretty weak (I'm just an old Asm/C/C++ dev turned Java in the current day/age) - so I don't know how hard doing the CGI calls from PHP would be...can't imagine it's too bad but caveat coder Hmmm…that's actually not a half bad idea.  I dunno about an iframe, but we could probably allow auth.inc to do it's job and use passthru() or something to run a cgi.  I'll have to think about that a bit. --Bill
  • D

    Install other packages

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    D
    Ok, thks Success to you in work
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.