Bug opened, but closed.  Thanks for that. :)  Now if only I could figure out why /var/db/whitelist winds up being such a mess for me. :(  It doesn't work right at all unless I manually clean it up after each reboot.  It appears to keep dumping duplicates into the file, and unless I sort network large to small, it's no good.

That, and I have a network, x.x.x.0/24 for I have in /var/db/whitelist, but snort keeps adding x.x.x.11 to the blocklist.  Unless I put x.x.x.11/32 in there as well, it keeps getting blocked.

You can see pen connections at diagnostics>states if that helps.

@mrquintopolous:

I just started using pfSense on an internal firewall where I work, and it works pretty nice. Good work guys!

So I had an idea to extend pfSense with the capabilities of PBNJ (http://pbnj.sourceforge.net/). Basically, I think it would be a cool feature to be able to automatically scan your LAN machines with nmap and see changes over time and maybe even be alerted when a machine has a new port open. That way, an admin can jump on figuring out why this happened.

In an attempt to figure out the internals of pfSense and waste time, I have been fiddling with getting PBNJ installed on the pfSense box. Without the ports system, it requires the following steps:

pkg_add -r perl pkg_add -r <various 6="" perl="" modules,="" around="">3) One of the dependencies, p5-Nmap-Parser is not in the packages, so it requires downloading the tarball, extracting, installing etc. This requires a pkg_add -r gmake extract PBNJ, perl Makefile.pl, gmake, gmake install, gmake test Maye more that I subsequently forgot.

Pretty involved, maybe installing ports and going from there would have been smarter. Anyways, I was wondering:

Do people on this forum think that this would be a useful thing to have in a pfSense box? If so, is installing perl too much? i.e., would it be better to rewrite something similar in php? Would anyone be interested in making a package / ui frontend for it with me?

I hope to hear your thoughts.</various>

Not as involved as you would think.  Check out the squid package which in turns install perl.  Theres a number of packages that install multiple dependencies and then setup the package.  I don't see anything that would change this situation for this package.

Check out http://pfsense.com/cgi-bin/cvsweb.cgi/tools/pkg_config.xml?rev=1.407 and http://pfsense.com/cgi-bin/cvsweb.cgi/tools/packages/

Recent snapshots have a tcpdump GUI component.

Please be a LOT more specific about what you're talking about.

Working for me, thanks a lot!

I vote him for package maintainer of the year!  ;D

thank you very much!

Yes, that is true. I'm out of work right now, but if I was working I'd offer $50 and then possibly more once it was done. $30-$50 for me is my starting place for things. However I have to work though and hopefully by the end of Feb I can start a new job. If there's not a gateway AV for pfsense when I am back to work then I will be offering a bounty for it. At least I hope I can afford to do that.

You guys who work on pfsense really do a good job on the UI and stuff.

Everything is working good. The issue was I guess you had to select LAN/WAN in that window. I don't remember what area that is. Like settings area for the package or something. I had to fiddle with it a while untill I understood it better since there is no documentation for anything.

I also did upgrade to the latest snapstop as suggested and it's good so far.
Thank you!!

I think I finaly fixed this today in version p15

Double check your boxes by sending a ping to google or yahoo in the terminal.  I haven't ever had a problem with the package system that didn't involve me forgettting about something.

See the other 10 page long squid thread.
set a space in the unrestricted and banned fields and it should work then.
Commited version p9 just now.

The packages that exist for this are not finished/working atm. If you have some knowledge feel free to fix/finish them.

I'm guessing there is a language barrier, try your forum language and post there if it is listed, you should have more luck, but all in all this is NOT setup to work correctly yet

The current squid whitelisting and blacklisting should work starting from version p8.

So you can try what size the limit is now :-)

I found a command who can do the job :
tail -f /log/squid/access.log | logger -p "local4.info" &
To work syslog must be configured tu send "local4.info" to the remote server.

Yep I just noticed that as I went to reconfigure!

Thanks for your help guys.  ;D

[Edit:] In fact, it would appear that Snort does not like to run on multiple interfaces; a bug perhaps?

I had a quick look at what you did, so I don't know what causing squid to crash, but what I said before, squid has been changed for transparent proxying.