1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Hello Fellow Netgate Community Members, Can someone please confirm if the Squid package status page issue is corrected in the latest version of pfsense plus? Thank you I would love to update but I am stuck because of this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    S
    @btspce said in Suricata on Pfsense: pulled the updates I did not look for packages at the time but for a short while on Tuesday 25.11 was available to all. https://forum.netgate.com/topic/198787/what-is-it-25.11.a.20250916.0600/

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    A
    @tinfoilmatt I don't understand, where and what to add?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    612 Posts
    E
    Updated CE 2.7.2 to 1.88.1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.88.1.pkg Freshports

  • Discussions about WireGuard

    703 Topics
    4k Posts
    H
    @TommyMoo Ok, I did a reboot and it worked for a bit. The status report also showed the info like yours, but then after a few minutes it dropped again. I will do the package update, I am running pfSense 2.8.1
Log in to post
Load new posts
  • jimpJ

    System Patches Package v2.2.23

    Pinned
    1
    7 Votes
    1 Posts
    2k Views
    No one has replied
  • 1

    DNS Broken for pkg.pfsense.org

    Pinned Locked
    3
    0 Votes
    3 Posts
    17k Views
    jimpJ
    https://forum.netgate.com/topic/115789/pkg-pfsense-org-appears-to-be-dead/2
  • R

    Packages wishlist?

    Pinned
    661
    0 Votes
    661 Posts
    2m Views
    O
    PRTG
  • C

    FreeRadius or something else, for MFA without a PIN code?

    6
    0 Votes
    6 Posts
    651 Views
    N
    @johnpoz I understand your point, and I get that it might seem like an unnecessary complication, but I don’t see why I should avoid enabling OTP on a corporate VPN connection just because you find it inconvenient. Today, all MFA systems rely on OTPs in addition to username, password, and trusted devices. Personally, I don’t find entering an OTP code inconvenient at all. In fact, considering that the average user usually checks “remember credentials,” I strongly believe OTP should be mandatory. Any preset password or static code can be compromised — OTPs cannot. I firmly believe in this approach. If you disagree, that’s your personal opinion — valid or not, others will decide.
  • L

    net-snmp on Netgate 7100 cluster - firmware 25.07.1-RELEASE

    3
    0 Votes
    3 Posts
    846 Views
    S
    see https://forum.netgate.com/topic/198800/solved-pkg-upgrade-not-found-required-by-pkg running on ssh this command fixed my problem. pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade for me the problem is solved.uuu
  • E

    iperf3 on 25.07.1-RELEASE

    5
    0 Votes
    5 Posts
    2k Views
    E
    you're right, I'm still confused about where to find it. The red flag remains, probably just a minor bug
  • K

    This topic is deleted!

    1
    0 Votes
    1 Posts
    505 Views
    No one has replied
  • H

    crowdsec

    36
    0 Votes
    36 Posts
    7k Views
    Z
    @keyser My "security engine" which is the server that receives all the logs and makes decisions, can be run on a separate server. That is my exact setup so I can run my own web/php front end. As per the the url block list, or EDL since I'm entrenched in Palo terminology, doesn't do the log analysis and crowdsec reporting. Different strokes for different folks I guess.
  • M

    Arpwatch - flip flop notifications not suppressed

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    LCDproc Looses Connection - Restarting service Fixes but goes down again shortly after

    11
    0 Votes
    11 Posts
    6k Views
    fireodoF
    @jimp said in LCDproc Looses Connection - Restarting service Fixes but goes down again shortly after: and I can never reproduce it in the lab. Hi, if you go to Diagnostics -> States and kill all states you get the "running wild" and flooding syslog lcdproc-client. (Maybe also of interest: LcdProc) Regards, fireodo
  • E

    Zabbix 6.4.x required for pfsense 2.8.0-RELEASE

    4
    0 Votes
    4 Posts
    4k Views
    A
    @EngineerSB I went through the same challenge when upgrading our Zabbix server to 7.0. 5.0, 6.0, and 7.0 are LTS releases that get 5 years of support, whereas standard releases are only supported for 18 months. I've learned my lesson to only stick to major versions to avoid this issue. The easiest option that achieves a similar result is to only use the Zabbix 6.0 Agent, and change all items of type "Zabbix Agent" to type "Zabbix Agent (Active)". Also change the host to be monitored by Server instead of by Proxy. On the Agent, change the Active Server to be the Zabbix Server FQDN/IP (that the Proxy was pointing to) rather than the 127.0.0.1 localhost Proxy IP. This will achieve nearly the same behavior as using passive Zabbix Agent items via Proxy. The Zabbix Agent will communicate outbound directly to the Server and get the configuration, and the agent will garther data for all items of type Zabbix Agent (Active) and send the data to the server. Another option would be to copy the files from another firewall that still has the 6.4 packages installed.
  • M

    statgrab package

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • A

    Telegraf stopped working after update to 2.8.0

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    Avahi trying to broadcast on public interface?

    8
    0 Votes
    8 Posts
    4k Views
    dennypageD
    @clearscreen said in Avahi trying to broadcast on public interface?: I was just looking at mdns-bridge source code, but only realized now you're the author Yes. I'm also the maintainer of the pfSense Avahi package, which is why I felt compelled to write mdns-bridge. I’m not very familiar with mDNS, but I’m thinking of trying to implement one-way reflection (blocking either queries or broadcasts in a single direction). My motivation is to limit fingerprinting of my home network while allowing trusted subnets to see devices on less trusted subnets. Before I dive in, is there any technical reason this wouldn’t be feasible? Just want to understand if there’s a fundamental limitation and I figured I might as well ask you first. With mdns-bridge, you do not block queries or responses, but choose what mDNS names are shared by each network segment. Avahi uses a similar approach, but is limited to what in mdns-bridge terms would be a Global Allow filter list only. mDNS-Bridge is designed to give you detailed control of what mDNS names each segment is allowed to export or import, but I recommend keeping things simple if possible. I recommend starting with a Global Allow filter list to limit the overall scope, and exploring from there as needed. One thing to keep in mind, as noted in the mDNS-Bridge README filters that include hostnames are best used only in deny filters.
  • RyanMR

    HA Proxy and 503 error on pfSense

    2
    0 Votes
    2 Posts
    4k Views
    V
    @RyanM said in HA Proxy and 503 error on pfSense: So let's say my domain is internaldomain.com Does domain resolve to your public IP in a public DNS? If it doesn't, you won't get a Let's Encrypt cert at all. Is HA Proxy good for what I am trying to do? So I have self-signed certs for several internal hosts/services. Yes. You can install self-signed certs on your backend servers and direct all traffic over HAproxy, even from internal. However, you must not enable "SSL checks" in the backend. The better way, however, would be to generate the internal certs with a CA on pfSense. Then you can confiugre HAproxy to trust the CA and accept the server certs. When getting error 503 "service not available", the backend either does not respond to heath checks or the service is not reachable, or something else in HAproxy is configured wrong. So first of all go to the stats page and check if the backend is shown up as "online". If not check the health check configuration.
  • A

    Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.

    5
    0 Votes
    5 Posts
    4k Views
    bmeeksB
    @aaronouthier said in Looking for few pointers getting Suricata on PFSense to talk to my Security Onion box.: Ok, so I've been researching the topic. It seems SO has an integration for PFSense. However, the FreeBSD implementation of Syslog is not optimal for this purpose, as mentioned above. Although I am comfortable with CLI Linux, I am effectively a Newbie with regard to BSDs. My next question is: What would be the least invasive method as far as the PFSense Box to export just the Suricata logs? I believe I saw an option to log to a Unix Socket. Would that be helpful coupled with something like Netcat? I'm not necessarily looking for help with such a feat, just wondering if such would likely be fruitful, or am I just chasing the infamous wild goose? I recommend exporting the EVE JSON log as that will be the most comprehensive. To export to a UNIX socket, change the EVE OUTPUT TYPE setting to UNIX socket. You will need to manually create the socket and give it a name. It will be up to you then to "receive" the socket data stream and redirect it elsewhere (seems you want it remote for your case to Security Onion).
  • C

    Introduce openvpn-auth-oauth2 as pfSense package

    2
    0 Votes
    2 Posts
    247 Views
    A
    @cdal This could be a great security improvement ... It's the only way to do MFA with "LDAP/AD" backend for exemple (using oauth 2 proxy for exemple)
  • R

    How to update to the latest Telegraf version

    9
    0 Votes
    9 Posts
    6k Views
    R
    @rocket Updated July 20-2025 pfsense 24.11 - Telegraf freebsd-15
 pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/telegraf-1.35.1.pkg pfsense 2.7.2 - Telegraf freebsd-14
 pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/telegraf-1.35.1_1.pkg https://www.freshports.org/net-mgmt/telegraf/#history
  • L

    Updated PIMD package (beta)

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • M

    pfSense-pkg-WireGuard removal failed!

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.