1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    S
    So since there is no version 25.03. There is an official 25.07 now but only get a 7.08.2 what happen to the rest up to Suricata 7.0.10 or 7.0.12?

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    R
    @Gertjan said in pfBlockerNG not logging anything by default?: I think ( ) that these have to do with Avahi. And you use (you know why ?) Avahi on your Ubuntu .... I could be wrong of course. I dont think so.It happens from my Windows 10 computer. It orginates from the IP 192.168.1.86 @Gertjan said in pfBlockerNG not logging anything by default?: Look at your WAN firewall rule. Normally, there are .... none ! These are my WAN rules [image: 1754480549273-wan-rules.png] @Gertjan said in pfBlockerNG not logging anything by default?: That's why I proposed '3'. What I posted was log level 3. Doesn't give any information. It just appears Aug 6 11:40:26 mypfsense unbound[24282]: [24282:0] debug: worker request: max UDP reply size modified (1472 to max-udp-size) Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: validator operate: query networkhub-Hfl1Jc.local. A IN Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] debug: iterator[module 2] operate: extstate:module_state_initial event:module_event_pass Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: resolving networkhub-Hfl1Jc.local. A IN Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: finishing processing for networkhub-Hfl1Jc.local. A IN Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] debug: validator[module 1] operate: extstate:module_wait_module event:module_event_moddone Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: validator operate: query networkhub-Hfl1Jc.local. A IN Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: validate(nxdomain): sec_status_secure Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] info: validation success networkhub-Hfl1Jc.local. A IN Aug 6 11:40:28 mypfsense unbound[24282]: [24282:0] debug: cache memory msg=124942 rrset=239262 infra=87934 val=85965 Aug 6 11:40:58 mypfsense unbound[24282]: [24282:1] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_pass But do you understand why I see port 5353 and port 5335 in my firewall log?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    585 Posts
    L
    @veddy254 said in How to update to the latest Tailscale version?: @lbm_ said in How to update to the latest Tailscale version?: https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2_1.pkg pkg: An error occured while fetching package I would recommend verifying the DNS settings in PfSense and verifying date/time is correct. Barring that, try again later and see if it still fails. I was able to successfully run the command on my 2.8.0 install (I didn't install it because I've already installed it) so it seems localized. Interesting. After I (reinstalled) tailscale the /etc/resolv.conf was overwritten. So I just readded the DNS entries in the Pfsense WebUI, and not it worked. pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2_1.pkg Fetching tailscale-1.84.2_1.pkg: 100% 11 MiB 11.9MB/s 00:01 Installing tailscale-1.84.2_1... Newer FreeBSD version for package tailscale: To ignore this error set IGNORE_OSVERSION=yes - package: 1500054 - running kernel: 1500029 Ignore the mismatch and continue? [y/N]: y package tailscale is already installed, forced install Extracting tailscale-1.84.2_1: 100% And pkg info tailscale tailscale-1.84.2_1 Name : tailscale Version : 1.84.2_1 Installed on : Wed Aug 6 09:17:23 2025 CEST Origin : security/tailscale Architecture : FreeBSD:15:amd64 Prefix : /usr/local Categories : security net-vpn Licenses : BSD3CLAUSE Maintainer : ashish@FreeBSD.org WWW : https://tailscale.com/ Comment : Mesh VPN that makes it easy to connect your devices Shared Libs required: libthr.so.3 libc.so.7 Annotations : FreeBSD_version: 1500054 build_timestamp: 2025-07-30T02:26:16+0000 built_by : poudriere-git-3.4.2-12-g74a54a88 port_checkout_unclean: no port_git_hash : 275975297bc ports_top_checkout_unclean: no ports_top_git_hash: 0cd2c078c1e Flat size : 35.4MiB Description : Tailscale is a mesh VPN alternative, based on WireGuard, that connects your computers, databases, and services together securely without any proxies.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    F
    Hi again, to be honest: I guess, I did not remember exactly what I did 2 years ago. May I was mistaken by the interface name opt2 because the SG-3100 has a physical port OPT1 and I mixed up physical and virtual names. The goal was to use 2 different tunnels, one for the mobile clients and one for the site-2-site connection. And now all is running in that way . Regards
Log in to post
Load new posts
  • G

    Radius Authentication with Windows 2003 AD help pls.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    F
    I would be checking the System logs on the Server 2003 box. It should tell you every access attempt. I don't recall if you have to turn logging on in the properties of the IAS server application.
  • O

    Squid+ how to logging post/get content ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C
    Its a hack thingi. you can visit squid-cache.org and take that to mailing list of squid-users.
  • R

    Maybe a good idea for package(sqstat)?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • H

    $graphmaxall value

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Squid + HAVP startup order

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    T
    I am not sure what you mean.  I was trying to make sure that havp started first.  That's why I made squid sleep so it could wait for havp to start.  Was this not correct?  Just so I'm clear of my setup.  I have havp set up in proxymode squid (parent for squid).
  • J

    The snort package Now gets Snort Rules from 3 different sources.

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    Before there was a problem if we upgraded to a new Snapshot, do we now need to upgrade to a new snapshot for this to work right or is it just how its working already? Dont upgrade past june 13 and its working already.
  • H

    Turning on snort rules

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    @hdavy2002: Hi all, Every time I update snort. I see new rules (obviously) What I mean is: Let say in backdoor.rules there are 500 rules and the new rules are located all the down. when I turn on the latest rules, I have to wait for the page to reload and then I have scroll down again to turn on the next rule. Of course, after I check all the rules, I do 'Apply Changes'. Is there any way, I can turn on all the rules one time? The snort package has always worked like that. But I'm working on it, every time you click Appy changes snort package restarts. James
  • R

    I can't start Squid service

    Locked
    6
    0 Votes
    6 Posts
    7k Views
    C
    squid 3 configuration has been change to reply_body_max_size 100 MB
  • P

    Assistance with FreeSwitch.

    Locked
    9
    0 Votes
    9 Posts
    5k Views
    P
    YES!  THANK YOU EVERYONE FOR HELPING!!!!  I downloaded v. 1.2.3 RC1 and it cleared up everything!  To make this work locally only, bind ext/int/lan to the LAN I.P.  Make sure turn off/configure your local machine's firewall too.  If there is anyone out there who is trying the same thing and are having some troubles feel free to contact me.  Thanks again guys for all the hard work and dedication to this wonderful software!!! ;D
  • H

    Squid via another proxy

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • L

    Freeswitch errors

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    L
    I had the same thing happen, and when I updated to 1.2.3-RC1, freewswitch took right off and is running fine.
  • X

    Lightsquid Report // Squid - Not Working

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    C
    cant redirect if firewall is disabled. since pf is the firewall.
  • H

    Can Bandwidth Throttling by Transparent Squid be escaped by Anonymizer Proxies?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    C
    squid.inc would look like this. where the second line with port 8080 is added $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; $rules .= "rdr on $iface proto tcp from any to !($iface) port 8080 -> 127.0.0.1 port 80\n";
  • X

    Pfsense host in bandwidthd report

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Z

    Customize error page on squidguard

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    Z
    My GUI is not https but squid is transparent mode.
  • O

    How to block file extension on pfsense

    Locked
    4
    0 Votes
    4 Posts
    10k Views
    G
    @ozanus: I install squid and squidguard but not installed HAVP packet. I can not run havp  ::) Do you know block mime type (.exe, .bat etc.) on pfsense or manuel canfigure squid or squidguard ? You can create a file called blocks.files.acl that contains the following (and more): \.bat$ \.cmd$ \.pif$ \.scr$ \.lnk$ \.hta$ \.mdb$ \.reg$ \.shs$ \.sys$ \.vbs$ \.wsf$ And place this line in your squid.conf: acl blockfiles urlpath_regex "/your/squid/path/blocks.files.acl" Hopefully this works for you. :)
  • R

    Squid Https blocking

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    R
    not exactly, if think it is more complicated than that. If you block 443 people wont be able to go to legitimate site not block by squid. Esoft seems to be able to do it and i tough that Squid was more powerful solution.
  • L

    Will snort turn itself off?

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    L
    James, Copy that. I'll update you if need be. Thanks Lou.
  • R

    Squid and WCCP

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    R
    Updating, was using the wrong tool to try and forward the incoming wccp requests, need to use pf to pass the requests. ie need to add a rule like to pf.conf: rdr pass on gre0 inet proto tcp to any port 80 -> 127.0.0.1:3128 port 3128 But there is no /etc/pf.conf file, pfsense seems to be adding pf rules somewhere else, looking at the output of pfctl there are a whole bunch of pf rules already in place.  Tried going to the web interface and adding a rule there figuring it would be magically translated into a pf rule, but could not figure out how.  Since i manually created a gre0 tunnel to the cisco router the web firewall has 2 new interfaces PPPOE and PPTP so i guess it is getting mixed up.
  • C

    Update request: open VM tools

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.