1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    @firefox That is weird did you just try this or have you used it in the past?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @LowKnee Just out of curiosity are you referring to the Database Sanity Check reporting that "these two counts should match" it the count is off by 1 (which I suspect is your case) there was a fix (manual code change) to change masterfile to mastercat in pfblolckerng.sh you want to change this change the line from s1="$(grep -cv ^${ip_placeholder2}$ ${masterfile})" to s1="$(grep -cv ^${ip_placeholder2}$ ${mastercat})" There is also an edge case if the count is greater than one, here is how that goes if in the deny directory you have say two flies (because of the list / file selection you have and they have repeat addresses file 1 has say 100 lines file 2 has say 10 lines (but those 10 lines are also in file 1, file 2 is a subset) you get two uniquely named deny files and then when the "count" is calculated on the deny directory it sees 110 entries when the "count:" is calculated on the "mastercat" file it only contains 100 entries the count doesn't match in my case the issue was caused by full list I had selected, also having an available subset lists (I had inadvertently selected one of) this causing two deny files with some of the same (overlapping data) I unselected the subset and bingo matched again, was a "my bad" selection. Edit: this applied to 25.07 (and 25.07.1) and pfblockerng 3.2.7 as it is labelled on those versions of pfSense

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    R
    @provels said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: This same mess happened to me, even w/o Acme, going from 25.07 to *.1. Blew, reinstalled w/ Crowdsec, blew again, reinstalled, clipped all the Crowdsec info from config.xml, restored config, back to normal. Crowdsec is a great concept, but I think I'm out. I never had this issue with Crowdec before the ACME update, even with updating from 2.7 to 2.8 there was no issues. In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    603 Posts
    W
    @totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

  • Discussions about WireGuard

    697 Topics
    4k Posts
    H
    I figured out the issue. I missed adding the 3rd locations Lan to the static routing. Now all is working perfect.
Log in to post
Load new posts
  • Cry HavokC

    MOVED: HAproxy in a failover setup - Secondary firewall dashboard widget can't connect

    Locked
    1
    0 Votes
    1 Posts
    458 Views
    No one has replied
  • Cry HavokC

    MOVED: HAProxy 1.5 and HSTS

    Locked
    1
    0 Votes
    1 Posts
    494 Views
    No one has replied
  • Cry HavokC

    MOVED: HAProxy 1.5 and OCSP

    Locked
    1
    0 Votes
    1 Posts
    444 Views
    No one has replied
  • Cry HavokC

    MOVED: squid + kerberos

    Locked
    1
    0 Votes
    1 Posts
    581 Views
    No one has replied
  • Cry HavokC

    MOVED: Squid+Dansguardian with Active Directory (NTLM) Single Sign On WORKING!!!

    Locked
    1
    0 Votes
    1 Posts
    690 Views
    No one has replied
  • Cry HavokC

    MOVED: Custom SquidGuard Error Page not working

    Locked
    1
    0 Votes
    1 Posts
    538 Views
    No one has replied
  • Cry HavokC

    MOVED: Your SquidGuard blacklist & Clamav configuration? How to optimize settings?

    Locked
    1
    0 Votes
    1 Posts
    457 Views
    No one has replied
  • R

    How are freebsd packages displayed?

    1
    0 Votes
    1 Posts
    515 Views
    No one has replied
  • 0

    Pfblocker dashboard widget Fatal error: Unsupported operand types

    5
    0 Votes
    5 Posts
    1k Views
    N
    I also had this issue and tracked it down to a user rule that had a description beginning with the string "carp" - it appears that $matches['carp'] is used elsewhere before pfblockNG and contains an array of data related to carp interfaces Two possible fixes:- find the rule description that begins with the term "carp" and change it adjust the code to use a variable name other than $matches Enjoy, N
  • jimpJ

    MOVED: Any plans for Snort to support FQDN aliases?

    Locked
    1
    0 Votes
    1 Posts
    476 Views
    No one has replied
  • jimpJ

    New Package: ntopng

    Locked
    50
    0 Votes
    50 Posts
    39k Views
    jimpJ
    I split several unrelated issues off into separate threads, and I'm locking this one. Please start a new thread for each new issue rather than using a single thread. Thanks!
  • S

    Pkg_add

    3
    0 Votes
    3 Posts
    2k Views
    S
    @jimp: For manually installing FreeBSD packages, see here: https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages But that won't help lightsquid. Don't do that. Follow this: https://doc.pfsense.org/index.php/Lightsquid_Troubleshooting If I do this, I will lose all the logs stored. The problem is with the graph it does not generate.
  • A

    Check_mk_agent: Command not found

    2
    0 Votes
    2 Posts
    1k Views
    M
    Hello, same issue here please fix :) Thanks,
  • M

    TFTP on Pfsense 2.2

    2
    0 Votes
    2 Posts
    1k Views
    M
    Hello, I found the solution. It was a driver problem of my TFTP Lan Card with pfsense 2.2 I changed my card and now everything is ok. Best Regards. Myke.
  • S

    Syslog-ng pkg.v.1.0.2 is gzipping the client key file every night

    2
    0 Votes
    2 Posts
    804 Views
    S
    Well, I made this work. If you are running into this issue, you can probably fix it this way, but I'm no expert at regex. Here is the code that is in the syslog-ng package now, found in /usr/local/pkg/syslog-ng.inc: preg_match("/\bfile\b\(['\"]([^'\"]*)['\"]/", base64_decode($object['objectparameters']), $match); That is supposed to fix the "encrypting the keyfile" behavior, but it doesn't. This is at line 238 according to the redmine page here https://redmine.pfsense.org/projects/pfsense-packages/repository/revisions/c030cf2781c7bbef197db6f07facef35b6856c8e/diff In order to get this thing to STOP encrypting the keyfile, I changed line 238 to this: preg_match("/[^-]\bfile\b\(['\"]([^'\"]*)['\"]/", base64_decode($object['objectparameters']), $match); Once I change this and re-saved, with no changes, my custom Destination object in syslog-ng (restarting the syslog-ng service does NOT make this change take effect), the /usr/local/etc/logrotate.conf no longer includes the key file, but it DOES still include the syslog-ng log files. One other thing - while youa re editing the /usr/local/pkg/syslog-ng.inc file, chenage the line $conf .= "@version:3.6\n"; to $conf .= "@version:3.5\n"; otherwise the syslog-ng service will not start.
  • C

    Pfblocker NG help

    5
    0 Votes
    5 Posts
    3k Views
    BBcan177B
    I would also suggest reading this thread: https://forum.pfsense.org/index.php?topic=90092.msg498849#msg498849 Best to create a "permit inbound" alias for CA and US. Then manually create a firewall rule using this alias and using the IP/ports of your mail server. Not recommended to put all countries except a few in blacklists as pfSense is a stateful firewall by design.
  • T

    Dansguardian and LDAP authentication

    2
    0 Votes
    2 Posts
    480 Views
    T
    I'd like to add if a change is made to a group in AD, once Dansguardian updates, the changes are reflected on the 'Users' tab, but the actual file is not changed.  You have to click on the 'Users' tab save button to apply. Anybody got a quick fix for this?
  • F

    ClamAV will not start (freshclam error signal 9)

    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • A

    Stop BIND from using IPv6 to contact other DNS servers when doing recursion ??

    3
    0 Votes
    3 Posts
    3k Views
    G
    Go to Diagnostics->Edit File Browse and Load /usr/local/pkg/bind.inc Go towards the end of the file and add -4 as shown Save the file and go to the BIND Server page and click Save to apply the change function bind_write_rcfile() {         $rc = array();         $BIND_LOCALBASE = "/usr/local";         $rc['file'] = 'named.sh';         $rc['start'] = <<<eod<br>if [ -z "`ps auxw | grep "[n]amed -4 -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then         {$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/ fi EOD;         $rc['stop'] = <<<eod<br>killall -9 named 2>/dev/null sleep 2 EOD;         $rc['restart'] = <<<eod<br>if [ -z "`ps auxw | grep "[n]amed -4 -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then         {$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/         else killall -9 named 2>/dev/null         sleep 3         {$BIND_LOCALBASE}/sbin/named -4 -c /etc/namedb/named.conf -u bind -t /cf/named/         fi</eod<br></eod<br></eod<br>
  • J

    PfBlocker with Nested Aliases

    4
    0 Votes
    4 Posts
    2k Views
    J
    I'm very sorry I haven't responded, I didn't get alerted to the thread being updated. I am embarrassed to be reminded of this as I did realise I was being less than observant when I first looked in to it, pfBlocker itself can use multiple lists per alias. To achieve what I described I now do the following - please note I am describing this from memory and I have just started using pfblockerNG instead so please don't…. assume I am correct (!) In pfBlocker: Create a new item "Alias_Always_Block" Add the IP blocklists as required to this - I had missed the fact I could simply click "+" to add multiple lists. Set as an Alias rather than a permit/deny. –My "Always Block" contains only a Pe**phile list. Create a new item "Alias_Mostly_Block" Add the IP blocklists as required to this. Set as an Alias rather than a permit/deny. --My "Mostly Block" contains for example malware and ad lists. In the pfSense Aliases (Firewall > Aliases> URLs) create an Alias "URLs_pfBlocker_Override" and add the URLs you wish to whitelist. Now create your firewall rules using aliases in this order, relative to your other rules (I use floating rules). Block "Alias_Always_Block" Allow "URLs_pfBlocker_Override" Block "Alias_Mostly_Block" Whenever something breaks, add "www.example.com" to the "URLs_pfBlocker_Override" Alias - remember to refresh your rules and wait. You should now find you never see traffic to Pe**philes, and you may find certain websites get blocked because they are hosted by providers whose entire range has been added to a malware or ad list for some bad apples spoiling the bunch. Manually add them to your override URLs to allow for this. The above is overly simplified as my actual rules block everything, the URLs override rule only allows HTTP/HTTPS ports, and other allow rules I haven't described get the rest of my legitimate traffic working. I highly recommend reading this thread, I am only half way through it myself but it will explain in detail what I have glossed over here - https://forum.pfsense.org/index.php?topic=78062.0
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.