1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey I found the DB sizes on Maxmind, and they are rather big, so i'm figuring it just takes time for such an anemic CPU to sort all that out. That is also what the extras.log says: Download Process Starting [ 08/15/25 19:00:01 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 200 OK /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK Download Process Ended [ 08/15/25 19:00:06 ] Country code update Start Processing ISO IPv4 Continent/Country Data Processing ISO IPv6 Continent/Country Data [ 08/15/25 19:02:09 ] Creating pfBlockerNG Continent PHP files IPv4 Africa [ 08/15/25 19:03:24 ] IPv6 Africa [ 08/15/25 19:03:27 ] IPv4 Antarctica [ 08/15/25 19:03:28 ] IPv6 Antarctica IPv4 Asia IPv6 Asia [ 08/15/25 19:03:37 ] IPv4 Europe [ 08/15/25 19:03:43 ] IPv6 Europe [ 08/15/25 19:04:10 ] IPv4 North America [ 08/15/25 19:04:30 ] IPv6 North America [ 08/15/25 19:05:04 ] IPv4 Oceania [ 08/15/25 19:05:29 ] IPv6 Oceania [ 08/15/25 19:05:31 ] IPv4 South America [ 08/15/25 19:05:32 ] IPv6 South America [ 08/15/25 19:05:35 ] IPv4 Proxy and Satellite [ 08/15/25 19:05:37 ] IPv6 Proxy and Satellite IPv4 Top Spammers [ 08/15/25 19:05:38 ] IPv6 Top Spammers [ 08/15/25 19:05:39 ] pfBlockerNG Reputation Tab Country Code Update Ended

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: maybe uninstall Crowdsec when applying other updates first. It seems like it doesn't help at least from what I see on my system... it changes something.. so it must be definitely reported to their github. I have never experienced that before and crowsec was installed.. maybe with 2.8.0 something have changed

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    596 Posts
    V
    With Tailscale, I just recommend sticking with the FreeBSD15 version. Yes, it may currently work using the FreeBSD 14 package despite being on 15, but any number of other updates could result in that not being the case anymore. Not to mention the fact that any updates newer than 1.84.2_1 don't really impact functionality for what people would be using Tailscale for with PfSense so updating past that is not an absolute necessity. I run 1.86.4 on my desktop+phone and 1.84.2_1 on my pfsense router. Phone commonly uses the PfSense router as an exit node and there's no difference for PfSense. TL;DR: Better to be safe than sorry and stick with the FreeBSD 15 version even if it's not the latest version of Tailscale.

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Strangely enough, checking the system 4 days later, I now see that Wireguard service is reported running! The last thing I did 4 days ago was to disable Wireguard service monitoring by the Service Watchdog. Anyway, even when it was reported stopped at first, 4 days ago, the tunnels were working flawlessly. Very strange. I will keep an eye on it.
Log in to post
Load new posts
  • J

    Snort Blocking IP addresses in my trusted alias list

    2
    0 Votes
    2 Posts
    905 Views
    bmeeksB
    @JohnKap: Hi all. I have an alias set up "Trusted_IPs", with a list of IP addresses I want snort to ignore - 3 in total. Under the Pass Lists tab, I have created a single pass list and included the "Trusted_IPs" alias. (see attached). Snort will block an IP address in the trusted alias list, error messages are: (http_inspect) UNKNOWN METHOD - 11/07/14-09:24:08 (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE - 11/07/14-09:54:34 I have restarted both snort & pfsense to ensure cache's are cleared and tables are updated, yet snort will continue to block. Any ideas what I've overlooked. thanks The best course of action here is to disable those rules entirely.  Click the X beside the GID:SID on the ALERTS tab. That will permanently disable them.  They are well known false positives. The reason you still see blocks may be because of the setting for WHICH IP TO BLOCK on the SETTINGS tab for the interface.  If set to BOTH (the new default), then your PASS LIST IP should not be blocked, but the other end of the conversation will be blocked and thus communcations will still be stopped. Bill
  • H

    Snort UDP Filtered Portscan with OpenVPN

    4
    0 Votes
    4 Posts
    3k Views
    bmeeksB
    @Heli0s: If that's the case, is there a good way to protect my network from port scans? I've tried a few online port scans and some are picked up and some are not. Not that I am aware of.  On the other hand, if you have a carefully configured firewall that allows only exactly what is necessary to get in, why worry about a port scan?  If those ports are not open, so what?  What seems to happen a lot recently is the port scan preprocessor is overly sensitive and triggers on some normal and harmless stuff.  I think in an attempt to reduce the sensitivity and prevent those false positives, some of the older port scans are no longer detected.  So all in all the utility of the port scan preprocessor seems to be degrading in my view. If you still want to use it, then you will need to tinker with all the settings for the preprocessor.  That's why I added them to the GUI several revisions back.  They will allow you to tweak it so maybe it works for you without triggering on too many false positives. Bill
  • T

    Squid3 mutual authentification with client certificate

    9
    0 Votes
    9 Posts
    10k Views
    A
    HEllo I made a patch for reverse-proxy squid3-dev package to allow the peer authentification by certificate. the patch add in the general menu a section to choose the CA autority and the CRL. I didnt find way to call the regeneration of the crl after the crl was modified there are no hooks for that in crl manager the work arround is to save again the reverse-proxy config or to make a php script for the crontab who call squid_regenerate_crl() Regards squid_reverse_inc_patch.txt squid_reverse_general_xml_patch.txt
  • J

    Squid and the Limiter

    6
    0 Votes
    6 Posts
    3k Views
    M
    https://forum.pfsense.org/index.php?topic=59600.30
  • M

    Any news on updates for the Zabbix 2.2 Packages?

    10
    0 Votes
    10 Posts
    3k Views
    B
    Ok, thank you for your reply. I never built a pfSense package before, good to know how it works. Hope the next version will have fixed the glitches and the default will be fine.
  • S

    SNORT Alerts

    9
    0 Votes
    9 Posts
    3k Views
    bmeeksB
    @FlashPan: Thanks bmeeks, I have a small lan but have only ever listened on my Wan interface. Are you saying it's better to listen on Lan just so you can see which internal client is being targeted or responding to something dodgy? I would have thought you would want Wan with all or most rules as it's better to capture or stop elements before it reaches your Lan interface? Hope I'm not starting a Lan, Wan War here now  :P My view for home users is it's better to analyze the LAN traffic so you can easily track down any internal problems by IP address.  Since the usual default for home users is "deny all unsolicited inbound" traffic on the WAN, there is not a huge risk for something coming in that an internal host did not first ask for.  Or stated another way, properly configured and not loaded down with tons of packages, your pfSense firewall itself  (the WAN IP) presents a very limited attack surface.  The bigger worry in my view is all the hosts on the internal networks.  Those are the ones that will be visiting potential problem web sites, downloading files, and opening possibly malicious e-mails. Bill
  • S

    Snort Whitelist question

    3
    0 Votes
    3 Posts
    962 Views
    S
    Thanks Bill, I'll see if I can edit any additional rules or just wait for the newer version.
  • A

    PfBlocker only for a ip range in our network ?

    2
    0 Votes
    2 Posts
    471 Views
    F
    Set pfBlocker to alias only and add firewall rules by hand. Edit: Firefox + Cookie for pfSense forum = Broken for me :|
  • ?

    HAProxy intermediate certificates (unknown issuer, missing chain)

    5
    0 Votes
    5 Posts
    7k Views
    M
    jimp's solution/workaround worked for me. thx
  • H

    Can't update pfSense packages

    3
    0 Votes
    3 Posts
    686 Views
    H
    That worked! Thanks!
  • V

    MailReport

    3
    0 Votes
    3 Posts
    2k Views
    luckman212L
    Having an alert sent out for power-related issues would indeed  be quite useful I think!  Also to tie in to this, it's good to get the alert for gateway failures but I do think it would be beneficial to also get an 'alert' when the failed gateway goes back online
  • D

    Asterisk codec g729 installation

    2
    0 Votes
    2 Posts
    3k Views
    D
    Has anyone succeeded in making G729 run on pfSense??
  • M

    Questions on Status - Squid

    2
    0 Votes
    2 Posts
    770 Views
    F
    One Of the best post i ever seen in this great forum squid is the "most wanted directly after pfsense " stable squid3-dev copy will add significant change to thew whole PFSENSE WORLD
  • H

    Snort destination LAN IP

    2
    0 Votes
    2 Posts
    911 Views
    W
    The only way is to run snort also in LAN (as I do). I use the same rules for both WAN and LAN. There is a long sticky thread with some advises on that.
  • B

    Alix 2d13&pfsense&freeswitch

    1
    0 Votes
    1 Posts
    577 Views
    No one has replied
  • S

    MAilscanner 4.84.6 pkg v.0.2.10 doesn't start

    9
    0 Votes
    9 Posts
    2k Views
    W
    Thanks for the fast reply. It worked for me, thanks
  • E

    Squid-dev 3, squidguard and icap issue recap

    2
    0 Votes
    2 Posts
    894 Views
    E
    Additional : I am using squid in transparent mode
  • F

    Squid transparent proxy blocks skype calls

    8
    0 Votes
    8 Posts
    3k Views
    F
    Skype appears to use HTTPS for much of its connectivity. I expect that it exchanges keys for the call over HTTPS before switching to UDP with encrypted payloads or something like that to send the audio/video. Disabling for specific destination IPs isn't practical - I would have to know what IP addresses any of my friends had who I wanted to call/talk to.
  • S

    Can't start Postfix

    5
    0 Votes
    5 Posts
    1k Views
    S
    thx, it start when I configured postfix via loopback interface
  • cyber7C

    Solved: How do I limit IP RANGE downloads larger than 50MB?

    2
    0 Votes
    2 Posts
    723 Views
    cyber7C
    Sorry Guys, once again I asked the question and after some soul-searching ;) found it. The way I did it was to add the following ACL to my squid configuration: (Services/Proxy Server - Custom Options) acl sized-users src 10.0.0.157-10.0.0.165 http_access allow sized-users reply_body_max_size 50 MB sized-users request_body_max_size 1 MB sized-users –- Explanation ---: line1: Create an ACL with an IP SOURCE RANGE. line2: Allow the ACL to use the defined access-list. line3: Maximum download size for the ACL. line4: Maximum upload size for the ACL. That's it.  Hope I helped someone else but myself :) kind regards cyber7 (aka Aubrey Kloppers, Cape Town, South Africa)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.