1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @andrew_cb ChatGPT had the right idea but gave me 100 different places to put "load-server-state-from-file none". Your post was worth more than ChatGPT could ever offer!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    JonathanLeeJ
    @bmeeks your work outclasses so many individuals and developers. Your stuff is amazing. Cheers

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @jrey said When I checked the status of the service, the firewall returned, "does not exist". as in on the Status -> Services page? or where specifically ? and yet it shows on the dashboard services widget.. Please see below. I can see .sh files but not executables (suricata & syslog-ng have both). [25.07.1-RELEASE][suser@...]/root: ls /usr/local/etc/rc.d/ choparp dnsmasq isc-dhcrelay6 nginx php_fpm sshguard unbound dbus expiretable kea openvpn radvd strongswan uuidd dhcp6c igmpproxy lighttpd pcscd rrdcached suricata waagent dhcp6relay isc-dhcpd microcode_update pfb_dnsbl.sh rsyncd suricata.sh waagent.sh dhcp6s isc-dhcpd6 miniupnpd pfb_filter.sh scponlyc syslog-ng wireguardd dhcpcd isc-dhcrelay mpd5 pfnet-controller smartd syslog-ng.sh xinetd are there any errors in pfblockerNG 's error.log, dnsbl_parsed_error or py_error (Firewall -> pfBlockerNG -> Logs error.log contains a few lines on feeds failed to fetch entires py_error is empty dnsbl_parsed_error (see below) did not have any errors that prevent service execution ... 19:00:44,StevenBlack_ADs,ip6-loopback,::1 ip6-loopback ... 19:14:40,StevenBlack_ADs,ip6-loopback,::1 ip6-loopback ... 19:14:46,EasyList,admi2fib4exit,||admi2fib4exit^ ... 00:01:20,EasyList,admi2fib4exit,||admi2fib4exit^ ... 00:01:09,EasyList,admi2fib4exit,||admi2fib4exit^ ... 16:50:29,UT1_adult,xxx,xxx Keep settings is enabled, package uninstalled and reinstalled, code changed, feed updated and finally system rebooted. No change in the service status in dashboard's service widget. I found that except log (e.g., block, permit), the other functions are working. So, I will stop digging further on this regard and hope that future firewall upgrade will solve it. I need to identify, segregate and transfer logs to SIEM, which won't be a hassle. Thank you very much for your assistance. With appreciation Nanda, D.Sc. (Tech.)

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    702 Topics
    4k Posts
    P
    Yes
Log in to post
Load new posts
  • N

    Snort on nano with cf - how often is it read only?

    7
    0 Votes
    7 Posts
    2k Views
    N
    Thank you Jim and Bill.
  • D

    Snort - limiting log directory size

    13
    0 Votes
    13 Posts
    7k Views
    bmeeksB
    @mallison01: ok sounds good, thanks. if you need some one to test your new code id be interested. Thank for the offer, but I was able to test the fix in my VMware environment.  The fix for auto-log rotation is ready and should be posted in a few days.  I found several issues in that old code.  Thank you for pointing out the problem.  I'm glad I looked… :) Bill
  • C

    Dansguardian with multi-groups

    3
    0 Votes
    3 Posts
    1k Views
    C
    Thanks for reply. I think I found what was the problem. While making lists and groups I was saving lists and groups individually, but did not use "global" Save button. Seems like it's working now. All the best.
  • O

    Package that could poll the num of users via CP

    1
    0 Votes
    1 Posts
    599 Views
    No one has replied
  • K

    Snort still clearing blocked ip's even though it is set to "never"

    3
    0 Votes
    3 Posts
    1k Views
    K
    Well whether the problem I had was real or not. I happened to try out binding to the Lan (instead of wan) for my snort interface. And I had the results I expected with blocked ip's staying blocked. I set it to "both" for direction. That seemed to fix it. Only problem is snort cannot perform a portscan from this side of the network (lan). So I created two with this one on wan as a  rule-less snort interface (with portscan enabled). Which seemed to work. But annoying to see it warn me about no rules on the interface. And I probably have redundant preprocessing now. So not sure why I had the problem originally, but there is a solution in case anybody has had problems. Hopefully one day snort for pfsense will create the block list as a simple "Alias" table. Then snort2C wont be needed. And if Snort could be part of the rules chain order. (instead of first) Then the Whitelist inside of snort won't be needed either. Along with speeding it up since it will not process ip's destined to be blocked by the rule chain ahead of it. including ip's it has previously blocked.
  • A

    [Squid] Bypass Maximum download size for specific IPs

    2
    0 Votes
    2 Posts
    1k Views
    N
    go to -=> Proxy server: General settings - Bypass proxy for these source IPs - insert you ip (192.168.0.x
  • G

    How do I prevent Squid from caching SABnzbd?

    2
    0 Votes
    2 Posts
    1k Views
    L
    I may be wrong but I'm pretty sure Squid would only cache traffic that flows through it. I connect to my news reader on port 563 (or whatever it is) so squid would never seem my newsreader traffic as squid only has traffic from port 80 flowing through it!
  • T

    Iperf segmentation fault

    5
    0 Votes
    5 Posts
    7k Views
    T
    Still was unable to get this to work. I ended up just setting up a web based (speedtest.net) mini client on a server behind the firewall works okay but I would prefer iperf if you find a solution.
  • F

    Snort - Snort Interfaces > WAN Rules > Categories are blank

    3
    0 Votes
    3 Posts
    2k Views
    F
    Got it, thank you!
  • S

    Merge Pfblocker and Snort packages?

    7
    0 Votes
    7 Posts
    3k Views
    BBcan177B
    @bmeeks: My suggestion would be to not run the fixed-IP list Emerging Threats rules in Snort if you are using them with pfBlocker. Hi Bill, The .txt Rulesets from ET are based on the Open ruleset. I have asked if there is a PRO .txt ruleset but waiting on an answer. They also indicated that the RBN lists will be discontinued in a few weeks.
  • A

    Free radius2 corrupt data base?

    1
    0 Votes
    1 Posts
    840 Views
    No one has replied
  • R

    Bug in Snort Alerts Display - Calendar

    5
    0 Votes
    5 Posts
    1k Views
    R
    @bmeeks: This has been fixed with an "unannounced" minor update I pushed the day after New Years.  Just reinstall the Snort package GUI and it should be OK.  The change was so minor that I did not bump the Snort package version. To reinstall, go to System…Packages and the Installed Packages tab.  Click the XML icon beside the Snort entry to reinstall the GUI components.  Check and be sure you have clicked "save settings on de-install" on the Global Settings tab first to preserve your configuration. Done and done… thank you  Bill for the quick response, that was it. We know what you meant, but for those following, the (current) actual heading under Global Settings/General Settings is:  Keep Snort Settings after Deinstall Rick
  • J

    IPS Functionality with separate Snort box

    2
    0 Votes
    2 Posts
    964 Views
    ?
    Please use suricata if you are looking for an IPS, snort inline support was dropped in favor of suricata.
  • M

    Snort Deployment

    5
    0 Votes
    5 Posts
    1k Views
    ?
    @MikeX: … I'm looking for advice, nothing too detailed or specific on the technical part of deployment, but more so of... "use this rule set" or "maybe try this obscure setting". … http://forum.pfsense.org/index.php/topic,64674 Make sure you read every single post on that thread. As for the locking yourself out, if you are on a dynamic ip (seen that you mentioned dynamic dns) then you just change your ip you are remoting in from. Or just whitelist it as mentioned above.
  • C

    HAProxy service error

    4
    0 Votes
    4 Posts
    4k Views
    P
    No help section available currently, sorry. Every time the configuration is applied all existing configuration options are overwritten. (as is the case with most config files that are managed through pfSense gui.) -import option, i don't think its easily possible to implement such a feature.. As a workaround you could probably put major parts of the old config file into the Setting page under: "Global Advanced pass thru" including listen/frontend/backend sections. Though that way it wont be 'nicely' visible in the webgui.. the haproxy-devel build uses some default options like a 'unix socket' that might be sufficient for haproxy to startup, instead of the almost 'empty' config you showed. Also when applying haproxy-devel settings if an error is detected in the config file it will show that at the top of the page.
  • A

    Freeswitch on PfSense2.1

    1
    0 Votes
    1 Posts
    756 Views
    No one has replied
  • M

    Bandwidthd loses statistics all the time

    2
    0 Votes
    2 Posts
    2k Views
    P
    As long as you have selected output_cdf and recover_cdf in the settings, then it should be reloading the data each time bandwidthd starts. On full installs, the data is on a real disk and so should survive a reboot. On nanoBSD the data is in the /var memory disk and is lost on reboot. So far there is no option to automatically save it to the CF card.
  • E

    Squid-dev and squidguard acl error

    2
    0 Votes
    2 Posts
    885 Views
    E
    I think there is some error with authentication through captive portal, its working if I put static ip on terminals.
  • bmeeksB

    Dashboard Widget: Snort Alerts package update to 0.3.7

    6
    0 Votes
    6 Posts
    3k Views
    D
    I believe the refresh is the same as the Firewall widget. But then again, it was back in 2012 I last changed the code… If you haved fixed it, I will try see if I have some time this weekend.
  • N

    Why does RRD have to be enabled for Mail Report?

    9
    0 Votes
    9 Posts
    2k Views
    N
    thanks
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.