1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    It was all CVE fixes in the PHP GUI part of the package. See the Redmine ticket here: https://redmine.pfsense.org/issues/16414.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    V
    @Gertjan Thanks for your reply – that’s also my impression. The point is: I don’t really see any lists right now that are actually “maintained” in the sense of being actively cleaned up, checked for dead domains, categorized, etc. That’s why my main interest is more about the demand: Would curated lists really be a game changer for admins? Would they be more helpful than what’s available today, or are most people already using other alternatives? If so, which ones? And from your perspective, what would be your expectation towards “community lists”? (e.g. reliability, update frequency, categories, fewer false positives?)

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    700 Topics
    4k Posts
    Bob.DigB
    @HFADmin If it is no Site2Site-VPN then you don't need any gateways in the first place... If that is true but you want to monitor the connection then you could create dummy-gateways just to ping the remote ip-addresses.
Log in to post
Load new posts
  • G

    Quagga OSPF package and custom configuration

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ
    There isn't a way to use a custom config if you install it via the GUI. You could just install the binaries (via pkg_add from the shell) and your custom config and such if you like, but if the GUI components are installed it will overwrite the config any time it syncs packages. Even if there was a custom config option in the GUI, configuring via the vty wouldn't save the changes back to pfSense's package config, it would only save the changes on the disk to the config file of quagga.
  • H

    Openospf / quagga ospf on PF2.1

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    jimpJ
    I just uploaded a new version of quagga last night that should fix all the known issues that were out there. There was a missing binary for amd64, that should be resolved now.
  • B

    Traffic redirection to Content Filtering

    Locked
    1
    0 Votes
    1 Posts
    979 Views
    No one has replied
  • C

    Update for HAVP

    Locked
    9
    0 Votes
    9 Posts
    2k Views
    D
    @jdt3333: I can't install HAVP after fresh install 1.2.3-RELEASE same error like this topic http://forum.pfsense.org/index.php?topic=29886.0 cat apkg_havp-0.91.tbz "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <title>404 - Not Found</title> 404 - Not Found Not found source havp-0.91.tbz for 1.2.3, i will check this issue.
  • J

    No Logs in Light squid report…

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D
    http://forum.pfsense.org/index.php/topic,49680.0.html
  • A

    Snort 2.9.1 pkg v. 2.0.2 wont start, no real info

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    G
    Found a bug. If pfsense changes IP (I'm using as xDSL bridge mode), snort goes down. The only solution (AFAIK) is by logging at WEB GUI and manually restart it. Of course, should'nt be like this.  Solution?
  • P

    Squid not logging traffic, configuration issue?

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    P
    I don't know about 2.0.1. I have an issue with 2.1 but after an update, it worked like it should.
  • C

    Developer vs community package list?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    C
    We support all the packages as best we can for support customers under their purchased hours. We're not necessarily all-knowing experts on every single one of them, but we know all of them to some degree, and can generally figure out anything we don't know. The main difference under commercial support on packages vs. base system is we can't vouch for the quality of packages. We'll fix any base system issues that are encountered (which is rare) at no cost to the customer, but can't provide any such assurance with any package other than our AutoConfigBackup. If a customer has an issue with a package and wants to put their purchased time towards fixing it, we can almost always accommodate, we just can't do it for free like we do for the base system.
  • E

    Squid status

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    marcellocM
    @ezyclie: So can i do this: http://forum.pfsense.org/index.php/topic,14609.0.html with embedded system? without loosing the changes? If you are going to do this on console, follow the steps doing a rc.conf_mount_rw before changes and a rc.conf_mount_ro after changes. on embedded /var is flushed every boot but looking the steps, I can see only changes to files on /usr dir. att, Marcello Coutinho
  • M

    Quagga OSPF problems [SOLVED (Sort of…)]

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    After a series of reboots it's all working now. I'm not thrilled by the stability here, but hey, I am running 2.1-DEVELOPMENT so I guess I can live with it for now :) Any ideas of when 2.1-STABLE will be out? I read a lot about IPv6 Launch Day, and that's not very far away.
  • J

    Need some help on Snort testing

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    S
    I believe that many of those rules are designed to alert when icmp traffic sourced from EXTERNAL_NET destined for HOME_NET.  So in order for those rules to alert,  a successful ping has to occur that matches those conditions. When I was testing snort,  I was pinging from a lan interface to a lan interface.  Since neither was from a network associated with EXTERNAL_NET I would never see an alert.  In order to get an alert to fire, I modified both EXTERNAL_NET and HOME_NET variables in one of the icmp rules to read "Any".  This way, you don't have to be concerned with where your traffic originates from.
  • K

    Snort 2.9.0.5 EOL

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    C
    I also wonder where this issue currently stands?  I had no issue adding and enabling rules, but I'm new to this so I'm unable to determine if the rules are current or truncated to support the EOL version.
  • C

    Transparent AV?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    C
    Thanks for the tips!  I tend to agree that firewall-based AV isn't really that useful, especially with so many sites using HTTPS these days. I have no experience with clamAV, but our client-side ESET performs quite well, so maybe I'll leave well enough alone rather than get into Squid, etc.  (something else I have no experience with) Thanks for the tip regarding pfBlocker, we currently use DynDNS for content filter at only $10/year, but it's DNS-based so easy to bypass for intermediate users.  This might be the answer I was looking for, though!
  • F

    Squid not 'squidding'

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    "Do not cache" does not mean "block". It ist just not caching this sites. To block (filter) sites you need additional tools like squidguard or dansguardian. But please update your old system to an actual pfsense version like 2.0.1
  • Q

    Squid Blocking Web Access

    Locked
    19
    0 Votes
    19 Posts
    39k Views
    Q
    Any update? I've tried using Dansguardian with a firewall rule redirecting port 80 instead of Squid/SquidGuard intercept mode. This seems to work so far. Wondering if I should just stick with D then? Not really clear on the difference between the two softwares. Thanks for your help.
  • M

    Open-VM-Tools-8.8.1

    Locked
    8
    0 Votes
    8 Posts
    6k Views
    C
    Does the stable version support vmxnet2?  Ideally I'd like to run vmxnet3, but this is my first run with pfSense so I'm trying to KISS.
  • M

    What would it take? (FreeRADIUS on 2.1)

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    M
    Thanks, I'd tried that package, but I hadn't seen the thread link, I posted in there. It'd be really great to get this working!
  • N

    Delet log files in imspector

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    K
    thanks it worked for me.. and i didnt break my pfsense LOL. anyway thanks for the expertise.
  • N

    PfSense Snort for Dummies?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    J
    @Nonsense: Does one have to register to subscribe to the Emerging Threats rules (if so, then how?) or just place a check in the Install Emergingthreats rules box on the Global Settings page? Right, no registration, just check the ET box, select the auto-update frequency interval, and save. You may need to manually update the rules, or stop/start snort to download then initially. After updating review the categories enabling those of interest under each interface. I think that's about all you need to do.
  • M

    [SQUID] comm_old_accept: FD 20: (53) Software caused connection abort

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    M
    Hi, Still can't find the cause - so when I get an open slot, I'll just try re-installing the whole system from scratch and see if it stops. This system only serves 40 users or so, and I never get anywhere near the size limit of MBUF or state table. I run it on a P4 3GHz with 2GB RAM, 40GB HDD and very seldomly the CPU goes above 10% and memory never above 40%. So I don't think it is a performance issue either. Might it be a faulty RAM module? Cheers, MrsPotter
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.