1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    I
    @andrew_cb said in haproxy 0.63_2 weird behavior, edits not working: @iSagen @TheCyborgWeasel The issue is likely the same as in https://forum.netgate.com/topic/178348/haproxy-backend-port-changes-are-not-applied/ Try adding load-server-state-from-file none to the Advanced Settings > Backend pass thru section of each backend. Great! I will do this.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @keyser Clarify "it makes sense if the GEOIP DB has that size" are you referencing the asn data as I have shown or the maxmind data? the asn data takes all of 15 seconds to download and process. Not really any "magic" going on there, you can see the mmdb is only a download referenced and the asn.csv.gz is basically just unzipped. I can't comment on the maxmind data specifically because I don't use for my geo location. But I can see what the code should be doing. seeing your actual log file will help determine where your specific spike may be coming from, but if I had to guess from looking at the code and my timing with respect to the asn parts of it I would guess this is most likely to be an issue with the maxmind parts - timing should be in the log. can you change when it runs ? no, not directly, there is no way to do this without changing the code to target a specific time when it creates the cron job in the first place. No you can't change the timing of the cron job and have it stick, it will eventually just go random again. On the other hand, yes, because I changed the code here so it always creates the same "not so random" time.. runnning at same time every day since this code change first became available in the pfblockerNG update for 24.11 that came out months ago, well before 25.07 curious you originally said "noticed this after upgrading to 25.07 and pfb 3.2.7" were you running the "new" format of asn data before? (would have only been possible if you upgraded from 24.11 with the latest version of pfb installed) you would have entered and ASN key at some point to make it work. did you do that under the prior version and just now with 25.07) it's likely not significant, but then again .... That likely won't help your spike, other than moving it to a different time. I moved it here to a static ("not so random") time for other reasons, nothing to do with system load at the time.. Log files would be helpful. (just the snippet that applies to this time, from extras, error and pfblockerng logs there may be nothing in error or pfblockerng related to the time it is running. .

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    495 Topics
    3k Posts
    M
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: maybe uninstall Crowdsec when applying other updates first. It seems like it doesn't help at least from what I see on my system... it changes something.. so it must be definitely reported to their github. I have never experienced that before and crowsec was installed.. maybe with 2.8.0 something have changed

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    595 Posts
    E
    Updated CE 2.7.2 to 1.86.2_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.2_1.pkg Freshports

  • Discussions about WireGuard

    693 Topics
    4k Posts
    lvrmscL
    Strangely enough, checking the system 4 days later, I now see that Wireguard service is reported running! The last thing I did 4 days ago was to disable Wireguard service monitoring by the Service Watchdog. Anyway, even when it was reported stopped at first, 4 days ago, the tunnels were working flawlessly. Very strange. I will keep an eye on it.
Log in to post
Load new posts
  • J

    Transparent HTTP/HTTPs filtering with NSFilter

    11
    0 Votes
    11 Posts
    3k Views
    J
    Just wanted to update the thread to let everyone know that we have added support for pfSense 2.2, the installation is exactly the same as the previous versions.  Here is a brief rundown of current features: DNS Filtering:   Domain name categorization using realtime cloud categorization service   User/Group/IP based policies   Local Domain Override (*New, overrides DNS lookups to alternate server for specified domains, ie mydomain.com uses 192.168.1.1 vs 8.8.8.8 for everything else).   Customizable Block Pages HTTP/HTTPS filtering:   URL categorization using realtime cloud categorization service   Transparent mode supported   User/Group/IP based policies   Force Safesearch (Google/Yahoo/Bing)   Youtube for Schools   URL Black/White lists   Content Type Black/White lists   File Pattern Black/White lists   Customizable Block Pages Authentication:   LDAP integration   Domain Controller Agent (In development, this will allow users to automatically authenticate to NSFilter when logging in successfully to the domain). Please let us know if there are any features you would be interested in trying or like to see about having added to NSFilter, we are always looking to improve. Also if there are any of you testing 2.2 if you would like to give NSFilter a try, we would love to get some more data points on running on the new platform. Thanks, Adam
  • F

    Exclude user from safe search

    2
    0 Votes
    2 Posts
    506 Views
    F
    ;D I found the solution : for safe search the Common ACL group take the precedence over Group ACl so you need to disable it in Common ACL and apply it in whatever group inside Group ACl that's work for me
  • M

    SquidGuard ACL

    3
    0 Votes
    3 Posts
    865 Views
    M
    You get a happy face karma for your efforts.  Thanks.  8)
  • V

    Squid and Firewall Rules - FailOver(Help)

    1
    0 Votes
    1 Posts
    481 Views
    No one has replied
  • denningsrogueD

    Snort Reinstall Failure!

    4
    0 Votes
    4 Posts
    960 Views
    bmeeksB
    @pfff: Hi Thank you so much Bill for all your great work on Snort and Suricata! I ran into a problem 1-2 months ago with Snort before I switched to Suricata and just never found the time to report it. I was updating Snort and the installation script proceeded as usual to remove the old package but then my internet connection failed and the new package couldn't be downloaded and the installation aborted leaving me with no Snort at all. Perhaps it would be better to download the package first and only then proceed with the actual installation. I'm not sure if this issue is still present or related to the above post because I can't see the screenshot but I thought I'd report it. Suricata is working great, thanks again. The process for downloading and installing packages is handled by the pfSense core code.  The packages themselves have no control over that.  There have been suggestions for improvements in this area posted on the pfSense Redmine Bug Tracking site.  One of those suggestions was to first download and verify the new package before removing the old one. Bill
  • P

    Blinkled stops working since upgrading to 2.1

    5
    0 Votes
    5 Posts
    1k Views
    N
    Hi, Has anyone found a fix for the problem?.  I have pfsense 2.1.5-Release with Blinkled 0.4.3.  It installed without problems and run for a few days before the Led 2 or 3 will stopped working or blink continuously for no reason. I need to reboot the unit or go to the Blinkled interface page and click "Save" to get it working again.  This will fail again in a few days time.
  • N

    Varnish on NanoBSD pfSense

    2
    0 Votes
    2 Posts
    562 Views
    N
    No one can answer this simple question? :-[
  • L

    Snort not working

    5
    0 Votes
    5 Posts
    2k Views
    L
    @bmeeks: @laptopdude90: @bmeeks: @laptopdude90: Snort is only detecting http_inspect. It's always 'http_inspect: UNKNOWN METHOD' or 'http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE'. I've tried using IDSWakeup, which didn't trigger anything. I also tried an online port scanner, which didn't trigger anything. I have set snort up listening on the WAN port. I should probably note that my ISP requires me to set up a virtual WAN port on VLAN 35, and that is what snort is listening on. Screenshots: http://imgur.com/a/BtYoq Yes, I have updated the rules, and I have restarted Snort. Those are very common false positives.  Did you read the threads here in the Packages sub-forum about generating a Suppress List so that the known false positives don't trigger?  Search this forum for threads about Suppress List generation. Do you have blocking enabled on your interfaces?  You set this on the INTERFACE settings tab. Bill The problem isn't the false positives, it's the fact that they're the only things that trigger. What do you mean about this blocking interfaces thing? Where do I find it? 1.  From the pfSense menu, choose Services…Snort. 2.  When the Snort tabs appear, either double-click on a selected interface or click the "e" icon to edit that interface. 3.  The action in #2 above will open a new set of tabs for that specific interface's configuration.  On the SETTINGS tab you will find checkboxes for enabling the blocking of offenders. You can see what blocks have been put in place by clicking the BLOCKED tab. Where do you have Snort configured? Is it on the WAN interface or another one?  And how specifically did you run the IDSWakeup test?  Did you run that from a remote machine and target the firewall interface where Snort was running?  Depending on where you browse to and the amount of traffic on your network, it is quite common to have few Snort alerts.  For instance, on my home LAN where Snort is configured on the WAN and LAN, I get maybe one LAN alert per week because there is just me and my wife surfing and we have only a few favorite sites we visit.  On the WAN side I get a number of alerts per hour from some IP blacklists using the IP REPUTATION preprocessor. Bill Blocking is turned off. Snort is configured on the WAN interface. I ran the test from my father's network on my linux laptop, directed toward my IP.
  • T

    Squid3-dev SSL MITM Proxy Mode Not Working

    1
    0 Votes
    1 Posts
    837 Views
    No one has replied
  • F

    Cron Package - Add label to scheduled command?

    1
    0 Votes
    1 Posts
    549 Views
    No one has replied
  • 2

    How do I get squid to work with OpenVPN clients

    1
    0 Votes
    1 Posts
    771 Views
    No one has replied
  • R

    Slow speed on "some?" pages. SQUID

    3
    0 Votes
    3 Posts
    1k Views
    R
    Hi, thanks for your replay. I changed "Memory cache size" from 8 to 512, and after that it started loading pages at exceptional speed, then changed it back to 8 just to test and it kept loading the page fast. Weird behavior since i have the "Hard disk cache system" to null this whole time, Anyway its working fine and i have no idea why  :-X :-\ Thanks for the help.
  • R

    FreeRadius 2.X & OTP Authentication

    4
    0 Votes
    4 Posts
    2k Views
    R
    Sorry I can't remind what I've done to make it works. It was a misconfiguration very stupid…  Can you show me your configuration I will tell what's different with mine.
  • C

    Add packages to pfs 2.1.5?

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    You should probably use the 8.3 link instead for future pkg adds. When you install a pkg, you might need to run the following command (your reboot also fixed it) after you install the pkg for the pkg to be accessible. rehash
  • S

    Bacula-client service fails to start on boot

    4
    0 Votes
    4 Posts
    3k Views
    D
    My fix: mkdir /usr/local/bacula/ chown bacula:bacula /usr/local/bacula Run vipw from the command line and adjust the home directory for bacula to be the above mentioned directory. That is insufficient to get the correct WorkingDirectory value in bacula-fd.conf file. The path, /var/db/bacula is hardcoded at https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc Is that the problem?  I believe so.  If I edit /usr/local/pkg/bacula-client.inc and put the new path in there, the correct configuration is saved. In addition, all instances of BACULA_LOCALBASE . /etc/bacula-fd.conf in /usr/local/pkg/bacula-client.inc needs to be BACULA_LOCALBASE . /etc/bacula/bacula-fd.conf NOW it runs: [2.1.5-RELEASE][admin@pfsense.unixathome.org]/cf(110): ps auwx | grep bacula root    6659  0.0  0.3 28864  5756  ??  Is  12:56PM  0:00.00 /usr/pbi/bacula-amd64/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/etc/bacula/bacula-fd.conf root    9672  0.0  0.1  6088  1400  1  R+  12:56PM  0:00.00 grep bacula In addition, the code seems to append -dir to the Director Name via pkg_edit.php?xml=bacula-client.xml&act=edit&id=0 Hope this helps to fix this bug.
  • G

    Snort 2.9.6.2 update 3.1.2 stopped working

    18
    0 Votes
    18 Posts
    2k Views
    G
    Hi, I don't know how, but it took a while, now is working fine as I had it before. Solved!
  • L

    New package submitted for OSSEC server

    8
    0 Votes
    8 Posts
    5k Views
    E
    hello all, that's good news, I'm waiting to test this package where I can download ?
  • Z

    Youtube Dyanamic and Update Caching breaks caching

    1
    0 Votes
    1 Posts
    764 Views
    No one has replied
  • A

    [help] lightsquid package in pfsense error in running

    8
    0 Votes
    8 Posts
    2k Views
    A
    Hi, Thanks for the answer,,,,,but it does not solve my problem,…i dont want to use sarg report or maybe i will try it later but for now im looking for a solution of this error,thanks a lot...
  • W

    Snort not holding settings

    7
    0 Votes
    7 Posts
    1k Views
    BBcan177B
    @wbennett77: Thanks BBcan177, Once last question re snort. If I have the IPS policy set to Connectivity or Balanced and "Block Offenders" disabled does that make Snort just a logger or is it still protecting against the IPS policy chosen? Thanks! You have to enable "Blocking" for it to actually Protect your network. or its just going to Alert only. I suggest "Block Offenders", "Kill States" and "Block Both"
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.