1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    I
    I am new to using Snort in a Netgate router with pfSense. In the Snort settings under alerts I am seeing notice like this: 2025-09-08 16:34:17 1 UDP Attempted User Privilege Gain 37.60.141.158 47167 195.252.###.### 9034 1:58853 SERVER-OTHER RealTek UDPServer command injection attempt Does this mean that someone from 37.60.141.158 tried to login to my router or is trying to log in to my router? Does SNORT block this attempt? or How do I block this attempt? There is nothing showing up in my BLOCKED list. Will snort ONLY block these IP's if I have "Block Offenders" checked? If yes, should I use legacy mode or inline mode? My understanding is that if I use legacy mode all rules will be enabled and any alerts will be automatically blocked right? If I use inline mode, then NO rules will be automatically blocked and I would have to enable the action for that rule for it to be blocked, right? If I use inline mode, how do I enable a rule? Right now I just have a yellow triangle under the action for this rule. How do I know which rules is snort using? Under WAN Categories, If I choose balance, NONE of the rulesets (Categories) shown at the bottom are checked?

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @BiloxiGeek said in DNSBL and IPv6: Does it just follow the IPv4 address that is listed above that? In my case it would end up being ::10.0.0.86 Yes. In this specific context that's the notation being used. (Full IPv6 web server address, for reference then, would be: http://[0000:0000:0000:0000:0010:0000:0000:0086]) Nota bene: I use 0.0.0.0 which renders the DNSBL webserver useless and inaccessible, but otherwise returns 0.0.0.0 or ::/NOERROR answers to all blocked lookups.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    610 Posts
    E
    Updated CE 2.7.2 to 1.86.4_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.4_1.pkg Freshports

  • Discussions about WireGuard

    699 Topics
    4k Posts
    S
    @Bob.Dig what's the right place?
Log in to post
Load new posts
  • F

    Add users to FreeRadius USERS file without restart

    Locked
    25
    0 Votes
    25 Posts
    20k Views
    F
    Nacht thanks for all your help you are awesome!! I tried those changes in the detail file and it doesn't help me too much as it just generates new files. What i need is to flush the files as to avoid having such a large log sizes. I managed this with a simple cron job every week to delete all the detail files in /var/log/radacct/IP-Address/ this works for what i need and it's great. I have another question- Is there a way to set timeouts on individual users? I know there is the session-timeout that will force them to re-login at the specific time set. I was looking for something like an idle timeout per user instead of a global one in the CP page. Also i have done the testing as you said earlier and all signs look great! I have a USERS file with 25K Lines and the users are authenticated very quickly! Alot faster than what i expected. I haven't seen any performace issues with this. I always have approx 30-40 simultaneous connections at this current site and everything works great. I am now deploying to 2 other sites and will post the results from those. They will have heavier usage than the current one.
  • T

    Snort Rules empty ?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    Transparent Squid and Dans Guardian with LDAP

    Locked
    12
    0 Votes
    12 Posts
    9k Views
    N
    Thanks for the reply - I've been away in the mountains for a few days and had to put this problem to one side. When I bind squid to loopback, I immediately lose all contact with the web configurator and the internet. The only way to get things working again is to manually edit squid.conf back to my LAN address, and restart squid. What is going on here? Am I missing something? In your response you state: "under the outbound tab the redirect should be any source your network range, port any , destination any, port 80 redirect ip 127.0.0.1 whatever port you have squid running on" Which outbound tab are you referring to ?
  • M

    Tutorial - Squid Reverse proxy (HTTP)

    Locked
    3
    0 Votes
    3 Posts
    36k Views
    A
    Sorry to reply to this thread. But I think my question is closely related. Do we have to add A record or CNAME in our domain name provider before using reverse proxy? Thanks @
  • S

    Snort unexpectedly terminates / signal 11 error

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    L
    Took me some time to figure it out myself - couldn't find anything on the web. At least now it can be found on the web  ;) Is it a bug? I thought that classtype is not mandatory. Actually all goes well until snort try to output to the alert log.
  • W

    How to reset/delete Squid 3 configurations?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    @whanksta: How do I do that via the console interface? Backup /conf/config.xml And edit configuration carefully using viconfig.
  • S

    SquidGuard Installation

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    D
    Check this link for amd64 http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml Must be downloaded via browser.
  • S

    Squid Installation

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    D
    Probably you have common problem with http://forum.pfsense.org/index.php/topic,58194.0.html
  • S

    Snort 2.9.2.3 pkg v. 2.5.4 Non start issue solved for myself atleast..

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    agree on that onhel and thanks for your reply. facts I can consistently count on a superduper working and smooth snort until next reboot from a new reinstalled snort + interface defining again. I can consistently get snort up and running doing the package lock clear and reinstall packages method. and I will get this paticular error after a reboot of the pfbox: /libexec/ld-elf.so.1: Shared object "libmysqlclient.so.18" not found, required by "snort" when trying to manually start snort. ofc cant start in in gui either when i see this. does anyone have a workaround or a theory about why snort dont find / use this file…..its there allready i see when im finding for it? snort was doing fine consistenly until i upgraded yesterday =) Going to build a new vm later tonite for this. Will put only snort on it....and see what will happen. Best Regards
  • A

    Nut remote LAN access broken since pfsense 2.0.2

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A
    Hi Gloom, :) Thanks I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the 127.0.0.1 address. Now it works: If: LAN Proto: TCP Scr. addr/Ports: * / * Dest Addr/Ports: 192.168.1.1/3493 NAT IP/Ports: 127.0.0.1/3493 Maybe the nut settings page should describe this a bit better. Thanks all, Alfredo.
  • Z

    PfBlocker whitelist issues

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    Z
    I did not get quite the rest I would have liked. Now even having it update from a dropbox link I am having to constantly refresh the link to the file to get it to work. ARGH…. OK. Alias setup, set as first rule in firewall, list auto updates every hour from an external linked file. What could I be missing? From what I've seen the setup is the same as the settings on the other firewall in our other office, which is not having any issues. What else can I look at to track down this issue? EDIT: I did notice a warning on the server this morning. Filter Reloaded - Some unresovable aliases (or something like that).
  • D

    Throttling Streaming Media with Lusca (cacheboy)?

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    D
    @mikesamo: just use layer 7 filter with limiter. Thanks for the reply. I've set up the L7 filtering and it seems to be working well at keeping the videos down to a reasonable level. Is it possible to filter all binary downloads with the layer 7 filter on pfsense as well? I noticed ".EXE" in the list, and have it selected but I've noticed downloads from an adobe update site that cause our bandwidth to max out for a couple of minutes and at least in adobe reader there is no option to change update schedule.
  • W

    Cron package problems

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    P
    There should already be a filterdns process running. It wakes up every 5 minutes, checks the IP address of the names in aliases, and updates the pf/ipfw tables. I can see it on both a 2.0.2 and 2.1-BETA1 system: $ ps ax | grep filterdns 10168  ??  S      0:00.01 sh -c ps ax | grep filterdns 10550  ??  R      0:00.00 grep filterdns 50475  ??  INs    0:00.01 /usr/local/sbin/filterdns -p /tmp/filterdns.pid -i 30 If I understand correctly, what you need should already be happening. Use Diagnostics->Tables to see the current IPs that are in each table to confirm that it is working.
  • U

    DansGaurdian XMLRPC Sync

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    P
    Sorry I don't know how this thread is relevant, please indicate where to look for me, I don't get an Invalid return payload error and my settings doesn't sync at all. Ah, sry. I didn´t read your error log correctly. I think you have to add a static route, otherwise your box's can´t communicate through the IPSEC VPN - > http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F
  • W

    Varnish help on setting up for multiple internal webservers

    Locked
    66
    0 Votes
    66 Posts
    31k Views
    S
    @marcelloc: @skipmed: what is wrong? thanks in advance what backend status you get on dashboard varnish widget? both up with green arrow no other value is shown in the fields "cache hits" etc., just shows the two backends with status thanks
  • B

    Mod_security Issues - Won't show in menu

    Locked
    1
    0 Votes
    1 Posts
    965 Views
    No one has replied
  • _

    Snort update to 2.5.3: not starting with fatal error bad-traffic.so

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB
    I am the author of the latest Snort changes, and I also saw the same error when I did a re-install versus an uninstall followed by a re-install.  Searching back through the forum messages, there is a thread about this being a problem with the package manager tools and not with any individual package.  The recommendation is to always do an uninstall and then a re-install, instead of just clicking the re-install icon.  It would be nice if the simple re-install would work, though. As for the changes in this Snort package, probably the most important is the new auto-flowbits resolution feature.  However, in order to for this work properly after a full re-install; you need to first enable the feature in the CATEGORIES tab, update the rules files in the UPDATES tab, and then stop and restart Snort.  Otherwise, the new flowbit resolution won't be registered in the snort.conf file.  I just discovered this glitch during my uninstall and re-install testing today.  I have a fix in mind that I will submit in a day or two for Ermal to consider.  In the meantime, just remember to cycle Snort on your interfaces one more time AFTER doing the initial rules download/update with the UPDATES tab.  Thereafter, things will work fine. Bill
  • D

    Snort and Interface Enable/Disable

    Locked
    60
    0 Votes
    60 Posts
    21k Views
    K
    Thanks all for fixing the update error, I will fix it tonight when I get home.
  • D

    Squidguard Schedule NOT working

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    D
    It is working now…THANK YOU !!! However, I find it strange.  I looked at the link you sent and found that the filter config was missing the "within" clause which was simply a check box in the groups acl, however, the section that contains that check box was missing on some versions of the gui.  I had a snap-shot backup of the machine from three weeks ago when I re-formatted did a clean install of 2.02 and and there entire Time section is missing from the GUI config. Anyway, after all current updates have been applied, the Time selection is there and all is well.  It must have been something I did, but THANK YOU again for your swift response ! pfSense RULES !
  • I

    Pfsense on nanoBSD/embedded device with CF & dansguardian?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    I don't know about dansguardian, but squid and squidguard can run on embedded units provided you disable caching (set a null cache type, and set to 0) and also make sure logging is off.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.