1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    @jrey I found the DB sizes on Maxmind, and they are rather big, so i'm figuring it just takes time for such an anemic CPU to sort all that out. That is also what the extras.log says: Download Process Starting [ 08/15/25 19:00:01 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 200 OK /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK Download Process Ended [ 08/15/25 19:00:06 ] Country code update Start Processing ISO IPv4 Continent/Country Data Processing ISO IPv6 Continent/Country Data [ 08/15/25 19:02:09 ] Creating pfBlockerNG Continent PHP files IPv4 Africa [ 08/15/25 19:03:24 ] IPv6 Africa [ 08/15/25 19:03:27 ] IPv4 Antarctica [ 08/15/25 19:03:28 ] IPv6 Antarctica IPv4 Asia IPv6 Asia [ 08/15/25 19:03:37 ] IPv4 Europe [ 08/15/25 19:03:43 ] IPv6 Europe [ 08/15/25 19:04:10 ] IPv4 North America [ 08/15/25 19:04:30 ] IPv6 North America [ 08/15/25 19:05:04 ] IPv4 Oceania [ 08/15/25 19:05:29 ] IPv6 Oceania [ 08/15/25 19:05:31 ] IPv4 South America [ 08/15/25 19:05:32 ] IPv6 South America [ 08/15/25 19:05:35 ] IPv4 Proxy and Satellite [ 08/15/25 19:05:37 ] IPv6 Proxy and Satellite IPv4 Top Spammers [ 08/15/25 19:05:38 ] IPv6 Top Spammers [ 08/15/25 19:05:39 ] pfBlockerNG Reputation Tab Country Code Update Ended

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: maybe uninstall Crowdsec when applying other updates first. It seems like it doesn't help at least from what I see on my system... it changes something.. so it must be definitely reported to their github. I have never experienced that before and crowsec was installed.. maybe with 2.8.0 something have changed

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    596 Posts
    V
    With Tailscale, I just recommend sticking with the FreeBSD15 version. Yes, it may currently work using the FreeBSD 14 package despite being on 15, but any number of other updates could result in that not being the case anymore. Not to mention the fact that any updates newer than 1.84.2_1 don't really impact functionality for what people would be using Tailscale for with PfSense so updating past that is not an absolute necessity. I run 1.86.4 on my desktop+phone and 1.84.2_1 on my pfsense router. Phone commonly uses the PfSense router as an exit node and there's no difference for PfSense. TL;DR: Better to be safe than sorry and stick with the FreeBSD 15 version even if it's not the latest version of Tailscale.

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Strangely enough, checking the system 4 days later, I now see that Wireguard service is reported running! The last thing I did 4 days ago was to disable Wireguard service monitoring by the Service Watchdog. Anyway, even when it was reported stopped at first, 4 days ago, the tunnels were working flawlessly. Very strange. I will keep an eye on it.
Log in to post
Load new posts
  • N

    Squidguard Integrations Ordering Test

    2
    0 Votes
    2 Posts
    1k Views
    C
    its hard coded in the squidguard package. read the post and you'll get an idea how to manually get the files to your liking https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286
  • R

    Troubleshooting Squid and Squid Guard

    2
    0 Votes
    2 Posts
    738 Views
    F
    install cron packages *    *    *    *    *    root    /usr/pbi/squid-amd64/sbin/squid -k reconfigure thats work for me for troubleshooting squid -z  >> any eror message squid -k rotate squid restart show the log delete  the cach check the squid guard log  / database cpu /  ram  /  mbuf
  • M

    Snort generating alert but not blocking

    8
    0 Votes
    8 Posts
    9k Views
    N
    @bmeeks: @NPDF: So, pardon my ignorance here as I am new to Snort, but I am having the same issue.  I recently enabled blocking.. And an event popped up as ET DROP Dshield Block, under Alerts but was not blocked.  You recommended to scan any IP in the alert in the block list, but the destination is the WAN IP, so it is listed - Does that mean it'll never get blocked? On the INTERFACE SETTINGS tab where you configure blocking, there is a combo-select box for choosing which offending IP address will be blocked.  Those choices are SRC, DST, or BOTH.  SRC means block the source IP in the alert packet.  DST means block the destination IP.  BOTH means block both the source and destination IP addresses.  The next thing that comes into play is the PASS LIST.  By default, your WAN IP, Default Gateway, DNS servers and a few other IPs are never blocked. So now, to see how the alert you mentioned would be treated, look at the SRC and DST IP addresses.  Next, look at that combo-box setting I mentioned.  Determine if it is set to SRC, DST or BOTH.  Comparing all that information should show you how Snort would have made a block decision.  For example, if you had DST selected in the combo-box control, and the DST of the alert was your WAN IP, then Snort would not block because your WAN IP is in the default "never block" PASS LIST.  However, if you had the combo set to BOTH, then Snort would insert a block for the SRC IP of the alert (assuming that IP was not also in the default PASS LIST). Finally, remember that there is a cron job that periodically clears blocked IP addresses.  So if enough time has elapsed, it is possible that job cleared the block.  Any time the packet filter is reloaded by pfSense, that will also clear all blocks Snort may have inserted.  A number of system events can cause the filter (firewall) to reload.  Examples are a change in your WAN IP due to DHCP renewal, temporary latency or issues with apinger, etc.  Snort does not have its own block list.  It simply stuffs any offending IP into the <snort2c>alias table in the pfSense packet filter firewall.  Other things outside of Snort's control may clear that alias table.  One of those is a filter reload event.  As mentioned previously, there are many things that can trigger a filter reload. Bill</snort2c> Thanks for the great response! It was at the end of the day, a restart fixing my issue; But this information will help in the future if need be.
  • Z

    Snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

    6
    0 Votes
    6 Posts
    2k Views
    bmeeksB
    Well, some potentially bad news on the File Inspection feature.  It appears to be broken.  It is marked as "Experimental" in the README files included with the Snort source code.  I could not get it to detect even simple PDF files, and when it was enabled, Snort would die on every soft-restart command.  I have decided to pull this feature for now from the 2.9.7.0 update. I am now about to test out OpenAppID.  Hopefully it will work better …  :-\ Bill
  • cyber7C

    How do I get the full URL of the Youtube video being watched?

    2
    0 Votes
    2 Posts
    848 Views
    cyber7C
    Not to worry I fixed it by adding to the "Custom Options": strip_query_terms off Now I am getting the full url.  Much better kind regards cyber7 (aka Aubrey Kloppers, Cape Town, South Africa)
  • C

    Inject a HTML to HTML response with squid

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • H

    Lightsquid sqstat http error

    11
    0 Votes
    11 Posts
    20k Views
    P
    The same situation was at https://forum.pfsense.org/index.php?topic=50366.0 And NOT only "https://www.altsec.com/2013/10/pfsense-http1-0-403-forbidden-proxy-report/" recipe can help you. So, you can also receive the same error at next accidents: when your's Proxy filter SquidGuard blocked web-access for the "Proxy Squid: Realtime stat (sqstat)", for example in such a case, as if you at "Proxy filter SquidGuard: Common Access Control List (Common ACL)" adventitiously set "Default access" [all] to "deny"! when your's Proxy server Squid (version >= 3) at the tab "Real Time" displays NOTHING, this can be reached when your's parameters for the Proxy server Squid was WRONG and Squid can't serve web-requests from clients (and writes nothing - it's logs EMPTY). For example, it can be when you fill TEXT aliases in the fields for IP addresses.
  • 1

    Problem with Snort 3.1.3

    7
    0 Votes
    7 Posts
    1k Views
    V
    @1kevinm: I upgraded to snort 3.1.3 today.  After upgrade, snort is no longer on the services menu.  It shows as installed under packages. I uninstalled and reinstalled.  It still does not show up on the services drop down menu nor on the services menu on the status drop down. I also tried rebooting multiple times. Thoughts?  or where can I find 3.1.2? Thanks, Kevin This happen to me as well, the install page stopped at a starting up snort message. Once reload, it does not show in service menu nor the statues page in service. But for me the fix was simplely uninstall snort and reinstall it again everything went smoothly. Not sure what could be the cause of this.
  • J

    Squid 3.3.10 error

    2
    0 Votes
    2 Posts
    704 Views
    A
    Have a read through this https://forum.pfsense.org/index.php?topic=73640.0 and its https://forum.pfsense.org/index.php?topic=79389.0 Let me know how you went.
  • B

    Cron does not function correctly with Ramdisk

    6
    0 Votes
    6 Posts
    1k Views
    C
    within the actual .py I mean, what you're showing as the cron entry is fine, that part won't have any path issues.
  • D

    If you could install just one package - which would it be?

    15
    0 Votes
    15 Posts
    2k Views
    K
    It would be very stable with openvpn.
  • M

    Setup VideoCache in Squid PFSense 2.1.5 not working

    2
    0 Votes
    2 Posts
    1k Views
    BBcan177B
    Hi m4st3rc1p0, Take a look at this link: https://forum.pfsense.org/index.php?topic=78935.msg431084#msg431084
  • N

    How to block teh googles with squid guard?

    5
    0 Votes
    5 Posts
    1k Views
    A
    To block the pics load this list in squidguard http://urlblacklist.com/?sec=download And to have ssl filtering follow this https://forum.pfsense.org/index.php?topic=73640.0 Hope this helps
  • S

    SquidGuard Ldap search group

    1
    0 Votes
    1 Posts
    904 Views
    No one has replied
  • L

    Scp config via cron not working

    1
    0 Votes
    1 Posts
    846 Views
    No one has replied
  • G

    Squidguard Group ACL LDAP Client Source cache refresh

    2
    0 Votes
    2 Posts
    2k Views
    P
    I apologize if this is my first post, but I am also having problems with SquidGuard + AD with users having multiple groups. Scenario: **SquidGuard Common ACL: Deny all SquidGuard Group ACLs:   FacebookAccess     - Only Facebook is allowed, the rest blocked.   EmailAccess     - Only company email is allowed, the rest blocked. AD Groups:   FB_InternetAccess   Email_InternetAccess AD Users:   JohnDoe     memberOf: FB_InternetAccess   SamSmith:     memberOf: FB_InternetAccess and Email_InternetAccess** If JohnDoe opens facebook.com and auth is success, the site loads fine. If SamSmith opens facebook.com, it will load fine, but opening his company email will not be allowed. Checking the SG blocked logs seems to point that SG will do a first-match-forget-all basis. It would not check if the user still has other groups that will match other Groups ACLs. If this is not possible, please let me know. Any help would be greatly appreciated. TIA!
  • N

    APU1D4-Squid bug?

    5
    0 Votes
    5 Posts
    1k Views
    N
    I managed to find a PHP command (under Diagnostics> command prompt> php) which restarts SQUID: filter_configure (); But how to execute it until the startup of pfsense? How to run a PHP command with a shell script?( I'm an amateur-no professionnal)
  • C

    HAProxy does not reload after upgrade

    6
    0 Votes
    6 Posts
    2k Views
    P
    Just installing the pbi should have created a symlink for /usr/local/sbin/haproxy to the executable /usr/pbi/haproxy-amd64/.sbin/haproxy Can you try uninstalling and then re-installing the haproxy-full package?
  • C

    Enable module ecap for squid3

    1
    0 Votes
    1 Posts
    754 Views
    No one has replied
  • W

    Strange IP in Squid.conf

    1
    0 Votes
    1 Posts
    630 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.