1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • L

    Too many HAVP processes consume too much memory

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    2.1 with Squid3 - How to reset the config of a deleted package?

    Locked
    13
    0 Votes
    13 Posts
    12k Views
    T

    I want to note that in 2.1, squid3 seems not work with "dynamic content" checked.

    Thanks for all.

  • F

    Snort Rules Update Problem

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F

    Yes, indeed I could try out the custom.rules. I have overlooked this feature.

  • M

    Snort Preprocessors block IPs from HOME_NET

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M

    well thats another problem. the whitelisted ip's are not being blocked, only if you enter a CIDR like 192.168.20.0/24, i had to type all 256 ips into an pfsense alias to prevent my subnet from being blocked (because of blocking "both", dst and src(which can change in some rules))

    currently i tuned most of the preprocessors by removing the check marks in the configuration page and entered a different preprocessor configuration in "Advanced configuration pass through". Works very good, but I turned most of the preprocessor alerts to reduce false alerts.

  • A

    Dansguardian service fails to start

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    marcellocM

    @asterix:

    ok, what would be the pkg_delete command for removing pcre 8.3?

    yes, maybe with -f .

  • M

    Squidguard ACL problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N

    Not sure if this is implemented in squidguard GUI of pfsense but have a look here:
    http://www.squidguard.org/Doc/authentication.html

    But squidguard GUI allows IP addresses as source and hostnames as source. If you know the hostnames of the users than add these hostnames to a group.

  • J

    [Solved]squid, multi SSL reverse proxy

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    J

    Thank you Marcelloc !!! it's working well now ;)

  • K

    SquidGuard problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N

    After you deleted the blacklists etc. please go to your Group ACL, edit the ACL and check that the targets on your "Target List" is "–-"
    Do the same on the "Common ACL" tab - set all to "---" and click save.
    Then on the "General Settings" click save and then Apply.

    Now all "old" blacklist entries should be removed.

    But I am sure you want to use squidguard to block something but you need to explain more, what you want to do, provide screenshots and or IPs which should be blocked or allowed and so on so that we can help you to configure squidguard.

  • J

    Squid Allowed Subnets?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G

    Quickest way is to alter the default access rule.
    Change
    http_access deny all to http_access allow all in squid.conf and squid.conf.default

    Please be sure this is really what you want to do as the proxy will be noticed if you open it up to the internet.

  • R

    Proxy server: Local users

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    R

    that's was my first option, i was just hoping that i could find another way since i just starting to learn php.  it  will take time for me to create this script and i need to find the solution asap.. by the way thanks for your help. another thing, i am wondering regarding the local user of pfsense. there is a local user for system admin - under system: user name and for the web filter which is squid guard it is using local user but i think it is both local user since the username are reside in same server. is it possible to since this users?

  • A

    URLBlacklist (bigblacklist) not extracting how Dansguardian wants

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    marcellocM

    @awsiemieniec:

    the URL BL db server knew I downloaded it too many times and punished me by limiting the bandwidth to next to nill.

    That's  why I preffer to download it manually and copy it to pfsense.

  • Q

    Squid/Dansguardian incorrectly proxying and failing sites across VPN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM

    @Quinten:

    I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first.

    You dns config options are using internal dns server? did you tried to disable dns forwarder service on pfsense?

  • E

    Dansguardian: stop blocking sites by regular expressions

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    marcellocM

    @elemay:

    this doesn't work, also if i disable all the blocking stuff under the 'URL' tab i still get blocked.

    Can you check on dansguardian conf files what you get on urlregex lists for this group?

  • G

    Netflow issue using pfflowd or softflowd

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G

    Fixed issue. Had an IP conflict.

  • J

    Squid3 problems

    Locked
    24
    0 Votes
    24 Posts
    8k Views
    J

    Well major issues here… first ISP issue then after they finally came back online I find out there is some sort of failover that my GM added me into. So now im limited to 10Mbps till a new card is installed in his failover box. So I might have to scrap my whole setup/squid may just end up being a basic router... Or nothing.

    Thanks for all the help, if something changes in the next few days and I get everything I had before back I will try your fix and report back.

    Or I will create another post and start over new.

    Again thanks!
    Josh

  • ?

    2.1 and Suricata

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    ?

    In basic terms, a next-generation firewall applies deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS)….

    snort IDS has poor performance.

  • Y

    Squid Local Database

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    R

    HOw can the user change his own password in this Proxy server: Local users?

  • _

    Snort 2.9.2.3 pkg v. 2.5.2 dies on IP change

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    _

    thank for that advice, but the logs didnt show a (maybe failed) update, when the IP changes, it only and quietly dies. Without any further notice. :(
    Last log-entries were always the IP-change, then as next entry something like  "snort quitting" - nothing more.

    But what i see the last days is that sometimes it doesnt die on IP-change. hmmm. Hard to resolve, i think.

  • L

    Postfix forwarder on 2.1_x64

    Locked
    18
    0 Votes
    18 Posts
    6k Views
    L

    Hi Marcelloc,
    sorry to nag….. did you manage to get this fixed yet? i want to do my next firmware upgrade and don't want to break postfix.

    louis

  • S

    Req: Meshnet

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    S

    Thanks for the reply jimp.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.