1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N
    @andrew_cb Thank you very much for this, I just tried your proposed solution and it did work! That was driving me crasy! Way simpler than deleting the haproxy_server_state file.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    keyserK
    Hi all. Just wondering if I’m the only one that noticed this after upgrading to 25.07 and pFblocker 3.2.7: I have my pfBlockerNG set to update every night at 02:00am and it does (like it also did before). But after the upgrade I also have a pfBlockerNG PHP script running at about 16:00 on one box and 19:00 on another. The command is: /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng-php dcc(php) This process eats a lot of CPU, about 1 minutes worth of one core @ 100% on my 6100 and one core @ 100% for about 5 minutes on the less powerfull 2100 box (This is 50% of the 2100 CPU power). It seems it does a GEOIP update as that is the only thing thats referenced in the extras.log of pfBlockerNG. Why is this suddently so different from running on 24.11? And why is this not done at 02:00 when its scheduled to update?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    594 Posts
    E
    @totalimpact Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers. I would consider manually updating the Tailscale FreeBSD package. FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers. The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15. You can following along here.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    P
    SOLVED. Turns out nothing wrong with my tunnel setup and not due to CGNAT. The reason PING works and other traffic doesn't is due to packet size and MTU. Something on the wireless network means that the default MTU doesn't work, forcing a smaller MTU to 1280 on pfSenseB fixed this. This Reddit thread has more details of this issue: https://www.reddit.com/r/WireGuard/comments/qmsa2n/ping_works_but_sites_arent_loading/
Log in to post
Load new posts
  • D

    Snort / Suricata Widget feature request

    11
    0 Votes
    11 Posts
    2k Views
    bmeeksB
    @Supermule: The customer has a fixed IP and it puzzles me as well. Is the fixed IP address IPv4 or IPv6?  And I assume the IP is confirmed to be in the PASS LIST for the interface.  You can verify that by going to the INTERFACE SETTINGS tab for that interface and then clicking the "View List" button beside the PASS LIST drop-down.  The IP address should be in there. Do you have confirmed alerts with that customer's IP address in either SRC or DST where there was no block inserted?  Might take correlating some dates and times to figure that out.  I'm trying to determine if perhaps there is a problem with the binary patch that reads the processes the PASS LIST internal to the Snort binary.  For example, it might be that the logic inside the binary is not always accurately matching the IP address with the PASS LIST and thus might insert a block when it was not supposed to. Bill
  • R

    Can't Remove / Re-install Snort

    24
    0 Votes
    24 Posts
    7k Views
    BBcan177B
    There is a table called "Snort2c" which you can see in Diagnostics:Tables If the file is there, you can open it and click the "all" icon at the bottom to clear it. If Snort is installed, you can clear the table by going to the Snort:Blocked Tab and hitting the "Clear" Icon.
  • J

    Snort not running on interfaces at startup

    9
    0 Votes
    9 Posts
    2k Views
    bmeeksB
    @justsomeone: 24 gig RAM, possibly a memory setting in the BIOS is affecting it? though if AC-BNFA-NQ performs the best, maybe I should leave it. It's been stated here on the forum several times by several folks that the best setting is AC-BNFA-NQ.  Some of the other settings can quickly chew up RAM unless lots of optimizations are done, but the Snort package does not support in the GUI all the fine-tuning required. Bill
  • U

    [Solved] OpenVPN Client Export Utility not installed correctly?

    2
    0 Votes
    2 Posts
    1k Views
    U
    This issue was probably due to issues with the package repository that day. Tried to set up the export utility today, and it worked fine even though there have been no changes to the utility since I last tried it.
  • V

    Squid non transparent - User permission question

    1
    0 Votes
    1 Posts
    682 Views
    No one has replied
  • L

    Transparent Proxy'ing IPv6

    2
    0 Votes
    2 Posts
    2k Views
    L
    It seems that if I add http_port [2001:xx:xx:94a::1]:3128 acl localnet src 2001:xx:xx:94a::/64 Into the Custom options on the General tab it nows listen to the ipv6 IP correctly.  However, the transparent proxying on ipv6 doesn't seem to work.
  • E

    Manually Downloading and Installing Packages

    3
    0 Votes
    3 Posts
    14k Views
    E
    @networkinggeek: This post might help you, have a look at it. https://forum.pfsense.org/index.php?topic=69370.0 Thanks for the reply! That's too bad… Sounds like there's no way to do it locally and have it show up in the Gui. Well, at least there's a way to do it through SSH rather than the WebGui... That'll likely be more reliable. Thanks for the link!
  • chaseC

    PfSense 2.1.4 + Snort 2.9.6.2 pkg v3.1.1 + IPv6 /64 == snort is unable to start

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    The fix for this has been submitted and is awaiting review and approval by the pfSense Core Team.  The request has been posted for 23 days as of today.  I sent a friendly reminder e-mail today asking the team for an estimate on when this will be merged. Here is the active Pull Request:  https://github.com/pfsense/pfsense-packages/pull/692 The problem is the interface domain tagged onto the end of the Link-Local address.  That trips up Snort (and Suricata).  The coming fix strips that off when adding Link-Local addresses to HOME_NET and PASS LISTS.  There is really no workaround so long as you enable and use IPv6 on your interfaces. Questions Is there a workaround and/or recommended correction for the FATAL ERROR (see Detail)? Why does snort add trusted DNS servers to HOME_NET, as opposed to creating a new variable to specifically track DNS behaviors explicitly by naming the DNS servers there? There are three interfaces on my pfSense firewall that are "Tracking" the WAN IPv6 DHCPv6 request for an IPv6 /60 delegation prefix.  Comcast is assigning of those internal interfaces an IPv6 /64 address space.    When IPv6 addresses get rotated, will snort automagically restart to pick up changed IPv6 address assignments for HOME_NET? You can uncheck the box for including DNS servers in HOME_NET if you don't want them there.  You can instead add them via an Alias on the VARIABLES tab in Snort.  First create an alias under Firewall…Aliases containing your DNS server or servers, then put that alias name in the DNS Servers box on the VARIABLES tab. No, there is not way for Snort to magically restart on its own if you get new IPv6 addresses.  However, there is some logic in pfSense that will restart packages when there is an IP change on the WAN.  That may trigger what you want. Bill
  • U

    How to clear, reset or Delete Squid Config?

    5
    0 Votes
    5 Posts
    20k Views
    U
    @jimp: @KOM: SSH in and delete /var/squid, /usr/local/pkg/squid.* and /usr/local/pkg/squid_. Don't delete /usr/local/pkg/squid* or you will lose your Squidguard settings, if it's installed. The settings are in config.xml, not there, so you can remove "/usr/local/pkg/squid*". If you want to reinstall the packages after, make sure to reinstall squid first before trying to reinstall squidGuard. As for the settings, if you want to remove those, try this from Diagnostics > Command in the PHP Execute box: $squid_sections = array("squid", "squidnac", "squidcache", "squidauth", "squidextauth", "squidtraffic", "squidupstream", "squidusers"); foreach ($squid_sections as $sec) { if (is_array($config['installedpackages'][$sec])) unset($config['installedpackages'][$sec]); } write_config("Removed Squid"); Or to remove squid, squidguard, lightsquid, and anything else with 'squid' in its package name: foreach (array_keys($config['installedpackages']) as $sec) { if (strpos($sec, "squid") !== false) unset($config['installedpackages'][$sec]); } write_config("Removed all squid-related settings"); Not perfect but it should get the job done. Either that, or backup the config, edit the settings out, then restore. it works! thanks a lot!
  • H

    Problems with Squid3-dev, Dansguardian, Snort

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @HSeffers: Hi there, I am running a pfsense for years now. To get a real fresh system, I want to rebuild completely. So running a "temp" pfsense in VM, just to do all the proper settings etc, before moveing config to live system. I did install on the new system, squid3-dev and Dansguardian with NAT redirect for port 80. Dansguardian then redirects to Squid. Everything works well, until I install Snort and activate the Snort interface WAN. I did set it up with the same rules and settings as on actual running live system, where btw. no Dansguardian is installed But when I then try to open a web site on port 80, I get the following error message in the browser (i.e.: www.computerwoche.de): Der folgende Fehler wurde beim Versuch die URL http://www.computerwoche.de/ zu holen festgestellt: Verbindung zu 2a01:138:a028:0:62:146:83:75 Fehlgeschlagen. Das System antwortete: (65) No route to host Der Zielhost oder das Zielnetzwerk ist momentan nicht verfügbar. Bitte wiederholen sie die Anfrage. Ihr Cache Administrator ist Basically it looks like there appears an IP6??? I disabled IP6 on the pfsense and wonder now what is happening there. HTTPS sites work still fine as they are not redirected through Dansguardian. For testing, I did enforce in one browser to use squid directly as HTTPS proxy and also works fine. So I wonder, if there is anybody out having an idea about this issue??? Disabling the Snort interface and all works well. It looks like to me like the combination of Snort and Dansguardian not loving each other… A push into the right direction would be really appreciated :) Thanks Holger Did you have Snort in blocking mode?  If so, did you check the ALERTS and BLOCKED tabs in Snort to see if had blocked traffic?  Without some initial startup tuning, Snort can be very aggressive in blocking some web sites that send out quasi-malformed HTTP traffic.  Most of the time these are just false positives, but they result in a block anyway.  There is a thread here in the Packages sub-forum you can search for that includes a suggested SUPPRESS LIST setup for Snort that avoids the most common false positive events. Here is a link:  https://forum.pfsense.org/index.php?topic=56267.msg300473#msg300473 Bill
  • P

    Limiting access to websites published via Squid3

    1
    0 Votes
    1 Posts
    551 Views
    No one has replied
  • T

    Sarg Reports Constantly Need Forced Schedules (Squid)

    5
    0 Votes
    5 Posts
    1k Views
    T
    Does anyone have any ideas?
  • F

    Kaspersky cause problem with squid on pfsense

    1
    0 Votes
    1 Posts
    718 Views
    No one has replied
  • N

    Squid3-dev Transparent Mode Error

    1
    0 Votes
    1 Posts
    561 Views
    No one has replied
  • D

    Haproxy freeze during installation " HAProxy, update configuration"

    2
    0 Votes
    2 Posts
    912 Views
    P
    Where you already running a haproxy-devel 1.5dev versions before or the stable 1.4 ? For a possible easy solution you might try uninstalling the package, and then installing it again. If that doesn't work, download a config backup, remove the <haproxy>section and restore the config file (make sure you know how XML should be formatted). Then try to install again.. As for troubleshooting it would be nice if you could change the /usr/local/pkg/haproxy.inc file and include some more lines with 'debugging' info like this between where that last line of logging is generated, and where the next one doesn't show.: $static_output .= "HAProxy, debugging step 1\n"; update_output_window($static_output); Then from a developer shell option 12 on the console run these commands: global $pkg_interface; $pkg_interface = "X"; include_once('haproxy.inc'); haproxy_custom_php_install_command(); exec And check the output generated to at which debugging step the processing 'stops'.. Then please report back.</haproxy>
  • E

    New antivirus package and working squid?

    1
    0 Votes
    1 Posts
    795 Views
    No one has replied
  • A

    Install ntopng on pfsense 64bit have error.

    3
    0 Votes
    3 Posts
    1k Views
    F
    it does not see my lan nic
  • M

    NTOP Problem ?

    26
    0 Votes
    26 Posts
    17k Views
    J
    @Cino: try ntopng instead, just came out so their could be bugs… report any in the link below https://forum.pfsense.org/index.php?topic=80461 Wow! Thank you so much for sharing this! I thought ntop is dead. For some reason its not showing up in packages. I'll ask in main thread.
  • Z

    Snort Rules Auto Update - Not Working!

    4
    0 Votes
    4 Posts
    2k Views
    bmeeksB
    @zimba: Thanks, Bill! I am not sure what happened but it is now working! Sometimes the Snort.org web site has temporary issues. Bill
  • J

    HAProxy-devel crashing regularly

    10
    0 Votes
    10 Posts
    3k Views
    G
    Thanks a lot for both !!! For the workarround (it was a real good idea) and for the new version - we will test it next days.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.