pfSense Packages

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Subcategories

Cache/Proxy

Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

2801
Topics

16342
Posts

H

Hi guys, I have a bit of a problem with web filtering. I have an opnsense setup with a layer 3 switch where inter vlan routing is happening. The opnsense is connected to the layer 3 switch through a point to point connection..I have setup web filtering on the opnsense but it blocks all traffic ..Im able to ping 8.8.8.8 from the command promt and also ping google.com meaning resolution is working fine but not able to open web pages.. Kindly assist on how to resolve the issue.
IDS/IPS

Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

1507
Topics

9856
Posts

@p54 said in URLHaus - Anyone have a mod already?: for me it does not work at all according to the instructions linked above. just i overwrite the custom.rules with the following script: #!/bin/sh fetch -o /usr/local/etc/suricata/rules.local/urlhaus_suricata.tar.gz https://urlhaus.abuse.ch/downloads/urlhaus_suricat a.tar.gz tar xvfz //usr/local/etc/suricata/rules.local/urlhaus_suricata.tar.gz -C /usr/local/etc/suricata/rules.local/ rm /usr/local/etc/suricata/rules.local/urlhaus_suricata.tar.gz rm /usr/local/etc/suricata/suricata_32296_igb1.300/rules/custom.rules mv /usr/local/etc/suricata/rules.local/urlhaus_suricata.rules /usr/local/etc/suricata/suricata_32296_igb1.300/rules/cus tom.rules chown root:wheel /usr/local/etc/suricata/suricata_32296_igb1.300/rules/custom.rules chmod 644 /usr/local/etc/suricata/suricata_32296_igb1.300/rules/custom.rules under cutsom.rules was nothing to see and after the refresh the custom.rules had shrunk to 0 kb :/ anybody still some tips for me? BR Guys, Snort and Suricata on pfSense are GUI applications! That means everything is configured within the GUI, stored in the config.xml of the firewall, and then written out to the pertinent configuration and rules files each time Suricata or Snort is started. So all those changes you make via a CLI session are immediately overwritten the instant you go back into the GUI and start Suricata or Snort. Custom rules must be entered from the RULES tab in the GUI. They are then stored in config.xml as Base64-encoded text. That text is read back out and written to the custom.rules file each time the GUI is used to start Suricata or Snort. If you absolutely must have those rules, then you have to make an edit to the PHP source code files of the package. And be aware that change will be overwritten the next time you update or otherwise reinstall the package. You will need to manually edit the file /usr/local/pkg/suricata/suricata_yaml_template.inc and include a path to your URLHaus rules file in that template. The template is used to create the suricata.yaml file for each interface. Be warned that if you are not familiar with PHP coding syntax, you can very easily break your Suricata installation.
Traffic Monitoring

Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

385
Topics

1924
Posts

T

Dug into this a bit more today and created https://redmine.pfsense.org/issues/10911 The script tag after </html> was rendered that way in 2.4.4. However Firefox is logging JavaScript error "e.indexOf is not a function" in the frame-resize script after the 2.4.5 upgrade.
pfBlockerNG

Discussions about the pfBlockerNG package

1347
Topics

10895
Posts

A

@serbus I removed RAM disk and it works correctly. I also opened a bug report for this in the bug tracker. Thank you very much for your time and your help, greatly appreciated. Laurent.
ACME

Discussions about the ACME / Let’s Encrypt package for pfSense

234
Topics

1463
Posts

@1reason said in Unable to get cert with Namesilo: With the manual method I pushed "issue" to get the text and then uploaded it to namesilo, Then pause. Tale a windows cmd prompt, or better, the pfSense console prompt, and do a simple check first : Check if you have a sub domain called .well-known and a TXT record "/acme-challenge" for each ( ! ) of your domain name servers : You'll get a list like : ns3. your-domain.tld. ns1. your-domain.tld. ns2. your-domain.tld. For each nsx, do : dig @nsx.your-domain.tld. dig .well-known.acme-challenge.your-domain.tld TXT This should return the unique token that Letenscrypt gave you, the token you stored manually into the TXT record .well-known.acme-challenge.your-domain.tld When you use the automatic mode the first (couple of) times, you should introduce a delay using acme.sh the "--dnssleep 300 " parameter. This give you 5 minutes to test if the master DNS server, which was updated by the acme.sh API script, and if the slave DNS name servers have synchronised, as this is never been done 'right away'. If this https://www.varstack.com/2017/12/08/Automating-HTTPS-certs/ is still valid and actual, then at least 15 minutes or 900 seconds are needed : you find it out during the manual 'dig' spam testing : as soon as the TXT record ".well-known.acme-challenge.your-domain.tld" pops up, you have the (average) delay. @1reason said in Unable to get cert with Namesilo: am repeating things over and over You are testing using the LE test stage server, right ? If not, LE will blacklist you for an hour, day or more.
FRR

Discussions about the FRR Dynamic Routing package on pfSense

114
Topics

518
Posts

M

Stuck on "Active" and not getting "established" with nothing in the log makes me think: Did you open 179/tcp on the firewall so these 2 IP addresses can talk to each other on 179/tcp ? Or the interfaces that you try to BGP over have the box "Block private networks and loopback addresses" ticked thus filtering your RFC1918 traffic.

pfSense Packages

Subcategory for FRR
• jimp

2

2
Votes

2
Posts

298
Views

No one has replied
1

DNS Broken for pkg.pfsense.org
• 10101000

3

0
Votes

3
Posts

2014
Views

https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
R

Packages wishlist?
• rds_correia

649

0
Votes

649
Posts

334339
Views

E

I wish that the mailreport package could filter based on keywords and only email when it finds them. Or maybe if log not empty for the gateways and routing logs. cat /var/log/system.log | grep -iE 'fail|err|warn'
R

Log Archiving Plugin/Mailreport Package
• RobEmery

1

0
Votes

1
Posts

2
Views

No one has replied
G

Speedtest CLI. Run speedtest on pfSense box
• getrav

104

0
Votes

104
Posts

41721
Views

@Exilewolf It was a fun exercise, but the results are so variable that I don't think the data is really worth the bits it's printed on. The big dip to the right was easily recognized without the data. It was a local outage. FWIW, this data was gathered from a server behind the FW and not just the FW. I have a 300/20 line.
P

TFTP package only works through the GUI
• pffan

5

0
Votes

5
Posts

790
Views

The latest pkg improvements:
V

Grafana Dashboard using Telegraf with additional plugins
• VictorRobellini

48

3
Votes

48
Posts

2562
Views

E

@VictorRobellini said in Grafana Dashboard using Telegraf with additional plugins: @erbalo So you want the big graph to be bits per second and the smaller one to be bytes per second? If so, it should be really easy to do. Just look at the Queries and Visualizations when you edit the graph. Thanks , it solved now. I have added *8 after the bytes) Another question: When i look this graph, it is not really my montly WAN download and upload. It updates well and working but is not correct. What is going wrong here? SELECT sum("bytes_recv") / 1000000 FROM "net" WHERE ("host" =~ /^MYROUTERNAME.MYROUTERDOMAIN$/ AND "interface" =~ /^ipx0$/) AND time >= 1598911200000ms GROUP BY time(30m) fill(previous)
B

How can I get this UDP relay package for casting across VLANs?
• burntoc

36

0
Votes

36
Posts

187
Views

T

Just wanted to follow up on this thread quick and mention that this is still tool is working great for me without any issues (despite several reboots of the firewall since the initial install and configuration). A great alternative to Avahi if one is looking to get Google Home speaker groups to work. Even though I have not been able to try this out yet, it may also be a suitable alternative for pimd to get Sonos speakers to work.
P

SARG -x SARG: Cannot set the locale LC_ALL to the environment variable
• Periquito

1

0
Votes

1
Posts

4
Views

No one has replied
A

I made a WireGuard package for pfSense
• Ascrod

146

14
Votes

146
Posts

21581
Views

W

@wion @wion said in I made a WireGuard package for pfSense: Greetings to all! And immediately I apologize for my English. Dear Ascrod, the wireguard service does not start if I specify several Allowed IPs in the peer settings. If one is Allowed IPs, then the service starts. I'm using 2.4.5-RELEASE-p1 (amd64) FreeBSD 11.3-STABLE the problem was adding subnet 172.20.0.0/20. Until I changed the mask to / 16, the service did not work
K

zabbix proxy issues?
• killmasta93

1

0
Votes

1
Posts

4
Views

No one has replied
F

Fetching package: connection reset by peer
• float

89

0
Votes

89
Posts

55
Views

F

It started working after I changed those settings and unbound restarted. This was the only option that changed.
M

NUT and APC SMT1500RM2U?
• mattlach

3

0
Votes

3
Posts

7
Views

M

Alright. Second never mind. Turns out it works with both NUT and apcupsd. Looks like I just plugged the UPS cable into an usupported USB3 port. When I moved it to one of the USB2 ports, everything seems to be working again.
D

no SNMP-V3 trap/inform server field in net-snmp
• DepressedAdmin

2

0
Votes

2
Posts

11
Views

Please create a feature request for this package: https://docs.netgate.com/pfsense/en/latest/development/requesting-new-pfsense-features.html
M

packages for 2.2.16 version
2.2.16 • • Milan Dobes

11

0
Votes

11
Posts

53
Views

see how easy stay current.. 2.5 will be out sometime here not too long.. I would think.. So make sure you updated to it before 3.6 is out ;)
J

OpenVPN + FreeRadius with specified IP in free radius log incorrect ip inlog file
• jacol

2

0
Votes

2
Posts

8
Views

J

I changed the logging to level 4 and can not see the correct ip, Issue resolved
N

Modification of /usr/local/etc/rc.d/tftpd.sh What can go wrong?
• nomadmd1

3

0
Votes

3
Posts

22
Views

Feature request created: https://redmine.pfsense.org/issues/10893
S

TFTP server
• slim2016

10

0
Votes

10
Posts

747
Views

N

In case someone comes here looking for solution via search engine continue here: https://forum.netgate.com/topic/156706/modification-of-usr-local-etc-rc-d-tftpd-sh-what-can-go-wrong
N

pfBlockerNG DNSBL Feeds and EasyList no default list?
• nasheayahu

4

0
Votes

4
Posts

21
Views

J

@nasheayahu said in pfBlockerNG DNSBL Feeds and EasyList no default list?: Okay thanks, I shall do that. Can I save my current settings I've done so far and reload them or I would just have to start over? You should be able to save your settings.
D

LCDproc on HP PROCURVE MSM760?
• DV0381

1

0
Votes

1
Posts

7
Views

No one has replied
M

LCDproc on Watchguard XTM 5 series with pfSense 2.4.4
• mtnhansen

30

0
Votes

30
Posts

515
Views

Unless you have a load of packages it should pass more than that, especially if you've replaced the CPU. But this is not the right thread for that discussion, better to open a new thread in Hardware or General. Steve
T

Status_Traffic_Totals Loading Slow
• techman2005

1

0
Votes

1
Posts

7
Views

No one has replied
Finding pfSense on WAN, using Zeroconf
• cmcqueen

2

0
Votes

2
Posts

11
Views

@cmcqueen said in Finding pfSense on WAN, using Zeroconf: I access the pfSense web config via its WAN interface (on my LAN Not a good test test set up. You should bring a collection of devices, if not all of them, - your "test environment" - and hook them all up to a LAN on pfSense. Then test that LAN segment - and pfSense. You'll be having a router-after-router setup which is for outgoing (== Internet) traffic completely transparent. Making WAN accessible is not part of real set up. The exception might be : testing a NAT rule (while IPv4 lasts). "Zeroconf" (whatever it actually is) needs ports to be open and/or redirected to some LAN (pfSense) based device with a running service that implements Zeroconf. That will normally never be the case as you do not want the Internet to "Zeroconf" your installation. Keep in mind that pfSense is a firewall and router : nothing from a WAN perspective can be seen. Shut down the firewall part, define routes on your main LAN's router (the one that hands out a WAN IP to pfSense) and set up pfSEnse as a basic router. @cmcqueen said in Finding pfSense on WAN, using Zeroconf: how can I find the pfSense address? If the initial LAN works well, the DHCP (client) request made by pfSense to the upstream ISP router registers it's DNS name 'pfsense' into the upstream LAN DNS (your ISP router). So, as soon as it is powered on, you could use it's name : Typically, when you type ping pfsense on a PC on the ISP LAn, it (the ISP router) would resolve 'pfsense' to pfSense's IP first, and then starts to ping to this IP. But nothing will happen ... no reply. You have to add a firewall rule on the pfSense WAN interface so it can actually receive these ICMP requests - and thus reply.
H

squidGuard not upgrading
• hollister

9

0
Votes

9
Posts

50
Views

H

Running on 2.4.5-RELEASE-p1 Same problems again trying to upgrade squidGuard to 1.16.18_7 I think I am giving up trying to update these packages (squid and squidGuard) Had a hard time even uninstalling them. The best I can tell 0. reboot Dashboard - Services Status - stop right away (c-icap, Clamd and squid) uninstall Watchdog uninstall squidGuard uninstall squid reboot
F

(No) Available Packages
• fropz

5

0
Votes

5
Posts

26
Views

Also do some checks using these : pfsense manual package maintenance
S

Possible bug in Arpwatch
• StefanC

1

0
Votes

1
Posts

9
Views

No one has replied
Samba package
• humaxoid

4

0
Votes

4
Posts

39
Views

H

the points in setting up a separate server: -it's not a massive security risk -it's faster, safer & easier to setup a new VM, then it is to fuck with your only way out to the internet
S

Trying to use pi-hole when connected via OpenVPN to home
• SeanKane

5

0
Votes

5
Posts

28
Views

S

@Gertjan - I get that. I have seen that. My concern is this used to work, but suddenly it stopped, and I started seeing this message in the logs. Maybe this question should be posed in an OpenVPN forum?
G

SSDP packets across vLANs.
• girkers

3

0
Votes

3
Posts

19
Views

@girkers said in SSDP packets across vLANs.: HA is broadcasting to 255.255.255.255:9999 9999 is not SSDP... That must be something specific to tplink. That is broadcast sure, but its not SSDP. Can't you just manually enter the IP address of the devices?
Telegraf Working plugin list
• kiokoman

3

1
Votes

3
Posts

77
Views

haproxy https://github.com/influxdata/telegraf/tree/master/plugins/inputs/haproxy [[inputs.haproxy]] servers = ["socket:/tmp/haproxy.socket"] the socket is already created by haproxy package
P

ng_etf
• Phantom_Stage

7

0
Votes

7
Posts

39
Views

T

I believe he is referring to assigning those NICs as interfaces in pfSense (e.g. through the Web Gui -> Interfaces -> Assignments). You should only have the WAN (ngeth0) a LAN (that is not the one the RG is hanging off of), and any other OPT interfaces you may have (that are not igb0/igb1).
N

problem. installed pfsense
• nubwo

2

0
Votes

2
Posts

10
Views

Hi, The answer starts here : https://www.pfsense.org/download/ Where did you get that old version from ? Surely not the official source. Now you know that you use an old pfSense version, you're close to the final answer : when a new version comes out, there are some notes. See here https://www.netgate.com/blog/pfsense-2-4-5-release-p1-now-available.html and focus on "Upgrade Notes". You will find Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade.> So : upgrade pfSense first. That's easy as it can upgrade itself. Visit the pfSEnse dachboard : it will tell you it needs an update. If you want to use packages, that's not some optional choice any more. So, go ahead. Again, read the Notes first. Always. For every new version. For ever. Then installing packages won't be an issue any more. Btw : see it like this : do not install a "Windows 10" app on a "Windows 7 or 8" PC. That won't work. Added to that : packages are mostly written by volunteers. The always 'support' the latest version, not all the xxx older versions (to much work).
K

pimd - doesn't appear to work
• kmarston

2

0
Votes

2
Posts

20
Views

T

Hi @kmarston Have you tried enabling "Allow IP Options" on the network segments you wish to pass multicast traffic between? https://docs.netgate.com/pfsense/en/latest/book/firewall/troubleshooting-firewall-rules.html#review-rule-parameters Also, after making PIMD configuration changes, you may need to clear (reset) your firewall states as well for them to properly go into effect. Hope this helps.
K

help me plese!!!
• khuntomriddle001

2

0
Votes

2
Posts

24
Views

The full doc is here: https://docs.netgate.com/pfsense/en/latest/book/ Netgate hangout about RADIUS and LDAP: https://www.youtube.com/watch?v=n2Z3rr4W2xw -Rico
K

how can i increase disk space of my pfsense VM
• keeshpat

5

0
Votes

5
Posts

20
Views

Upgrade to 2.4.5-p1. It's a VM, there is no reason to stay on such an old version. If it's a 32-bit VM, you'll need to make a new 64-bit VM and redeploy, and when you do, just give it a larger disk. Alternately: Increase the size of the disk in the hypervisor touch /root/force_growfs Reboot the VM I can't remember when that was added, might have been after 2.3.x.
K

Snort is causing issue
• keeshpat

2

0
Votes

2
Posts

16
Views

N

Check your DNS is working, also you really need to update to 2.4.5-p1.
Has anyone ever gotten stunnel to work?
• Spearfoot

1

0
Votes

1
Posts

17
Views

No one has replied
D

Pfsense Squid Proxy web filtering issues
• devendra

3

0
Votes

3
Posts

13
Views

D

Yes, it's third party plugins but after installed squid plugins then issues will be occurs not showing squid proxy web filtering options on services of pfsense
D

Bind
• danredcar

3

0
Votes

3
Posts

21
Views

D

@Gertjan I played with the freeze and thaw, then figured it was time for a step back. Uninstalled Bind Cleaned all the files /cf/named/* /usr/local/etc/named /etc/named/ did a reinstall of package Rebooted STopped Bind Layed out the zone Started Bind (An things worked) I think part of the trick was to configure zones with bind stopped) But hard to tell, thank yo for your advice
W

Using zabbix-proxy with multiple networks
• W5Ofwur1xtOmtk9ZBO

1

0
Votes

1
Posts

8
Views

No one has replied

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

1 / 212

Cache/Proxy

IDS/IPS

Traffic Monitoring

pfBlockerNG

ACME

FRR

Subcategory for FRR • jimp

DNS Broken for pkg.pfsense.org • 10101000

Packages wishlist? • rds_correia

Log Archiving Plugin/Mailreport Package • RobEmery

Speedtest CLI. Run speedtest on pfSense box • getrav

TFTP package only works through the GUI • pffan

Grafana Dashboard using Telegraf with additional plugins • VictorRobellini

How can I get this UDP relay package for casting across VLANs? • burntoc

SARG -x SARG: Cannot set the locale LC_ALL to the environment variable • Periquito

I made a WireGuard package for pfSense • Ascrod

zabbix proxy issues? • killmasta93

Fetching package: connection reset by peer • float

NUT and APC SMT1500RM2U? • mattlach

no SNMP-V3 trap/inform server field in net-snmp • DepressedAdmin

packages for 2.2.16 version 2.2.16 • • Milan Dobes

OpenVPN + FreeRadius with specified IP in free radius log incorrect ip inlog file • jacol

Modification of /usr/local/etc/rc.d/tftpd.sh What can go wrong? • nomadmd1

TFTP server • slim2016

pfBlockerNG DNSBL Feeds and EasyList no default list? • nasheayahu

LCDproc on HP PROCURVE MSM760? • DV0381

LCDproc on Watchguard XTM 5 series with pfSense 2.4.4 • mtnhansen

Status_Traffic_Totals Loading Slow • techman2005

Finding pfSense on WAN, using Zeroconf • cmcqueen

squidGuard not upgrading • hollister

(No) Available Packages • fropz

Possible bug in Arpwatch • StefanC

Samba package • humaxoid

Trying to use pi-hole when connected via OpenVPN to home • SeanKane

SSDP packets across vLANs. • girkers

Telegraf Working plugin list • kiokoman

ng_etf • Phantom_Stage

problem. installed pfsense • nubwo

pimd - doesn't appear to work • kmarston

help me plese!!! • khuntomriddle001

how can i increase disk space of my pfsense VM • keeshpat

Snort is causing issue • keeshpat

Has anyone ever gotten stunnel to work? • Spearfoot

Pfsense Squid Proxy web filtering issues • devendra

Bind • danredcar

Using zabbix-proxy with multiple networks • W5Ofwur1xtOmtk9ZBO

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter

Subcategory for FRR
• jimp

DNS Broken for pkg.pfsense.org
• 10101000

Packages wishlist?
• rds_correia

Log Archiving Plugin/Mailreport Package
• RobEmery

Speedtest CLI. Run speedtest on pfSense box
• getrav

TFTP package only works through the GUI
• pffan

Grafana Dashboard using Telegraf with additional plugins
• VictorRobellini

How can I get this UDP relay package for casting across VLANs?
• burntoc

SARG -x SARG: Cannot set the locale LC_ALL to the environment variable
• Periquito

I made a WireGuard package for pfSense
• Ascrod

zabbix proxy issues?
• killmasta93

Fetching package: connection reset by peer
• float

NUT and APC SMT1500RM2U?
• mattlach

no SNMP-V3 trap/inform server field in net-snmp
• DepressedAdmin

packages for 2.2.16 version
2.2.16 • • Milan Dobes

OpenVPN + FreeRadius with specified IP in free radius log incorrect ip inlog file
• jacol

Modification of /usr/local/etc/rc.d/tftpd.sh What can go wrong?
• nomadmd1

TFTP server
• slim2016

pfBlockerNG DNSBL Feeds and EasyList no default list?
• nasheayahu

LCDproc on HP PROCURVE MSM760?
• DV0381

LCDproc on Watchguard XTM 5 series with pfSense 2.4.4
• mtnhansen

Status_Traffic_Totals Loading Slow
• techman2005

Finding pfSense on WAN, using Zeroconf
• cmcqueen

squidGuard not upgrading
• hollister

(No) Available Packages
• fropz

Possible bug in Arpwatch
• StefanC

Samba package
• humaxoid

Trying to use pi-hole when connected via OpenVPN to home
• SeanKane

SSDP packets across vLANs.
• girkers

Telegraf Working plugin list
• kiokoman

ng_etf
• Phantom_Stage

problem. installed pfsense
• nubwo

pimd - doesn't appear to work
• kmarston

help me plese!!!
• khuntomriddle001

how can i increase disk space of my pfsense VM
• keeshpat

Snort is causing issue
• keeshpat

Has anyone ever gotten stunnel to work?
• Spearfoot

Pfsense Squid Proxy web filtering issues
• devendra

Bind
• danredcar

Using zabbix-proxy with multiple networks
• W5Ofwur1xtOmtk9ZBO