http://forum.pfsense.org/index.php?topic=1352.0

The installed package tab will show new versions.

OK, so that's the case thnx!
I'll try BETA 4 :)

I found out why it wasn't working.
The "Allow DNS server list to be overridden by DHCP/PPP on WAN" option was enabled in the "System: General Setup" menu.

FreeRADIUS is marked as broken.  Surely you dont' expect something marked as broken to work!?

@freeseacher:

@billm:

It's likely that pfflowd is only counting stuff that matches state.  Retransmits that got dropped for whatever reason likely don't add to the flow numbers it retains.

pfflowd gets it's data from pfsync - I don't believe it maintains a table of inflight flows, I'm pretty sure it gets it's data from the state teardown messages.  So, the data comes directly from the PF state entry which means only data that pf forwarded itself.

–Bill

rules for pf was
pass any in keep-state
pass any out keep-state

is there someting to miss ?

Yes, my point ;)

Not all packets in a given TCP flow will be considered "in state".  Consider out of window packets, out of sequence window packets (stuff that's been ack'd and had data past it acked, but was retransmitted all the same).  "normal" TCP communications do have packets that will get blocked.  I'm reasonably confident that those packets will not cound against the PF byte count for that flow.  The easiest way to determine that is to see if the PF byte count more closely matches that of the file(s) that were transferred.  If it's under, then there's a bug somewhere, if it's over, but over by less than the other accounting types (ng_netflow is going to get all packets regardless of whether pf blocks it) then it's not a bug per se, you just have to understand what/where you're monitoring.

–Bill

thanks a lot Sullrich, it's OK now  ;)

Fernando is working on it but there is no ETA.

Hi,

I have made a clamav package, it's not complete as yet and I have not added any web gui for starting or stopping or for other options in config files. As of now you can just test it from command line by running clamscan. The actual use for clamscan is for havp. As of now havp has experimental FreeBSD support and I am working on packaging it for FreeBSD. In the mean time pl test the clamav package. This is my first stab at packaging some thing for pfSense, so there will be lot's of things that can be improved.

raj

I am posting the clamav section from pkg_config.xml and the package configuration files.

          <package><name>clamav</name>           <website>http://www.clamav.net/</website>           <descr>Opensource anti virus</descr>           <category>Services</category>           <config_file>http://agni.linuxense.com/packages/config/clamav.xml</config_file>           <depends_on_package_base_url>http://ftp13.freebsd.org/pub/FreeBSD/ports/i386/packages-6.0-release/All</depends_on_package_base_url>           <depends_on_package>clamav-0.87.tbz</depends_on_package>           <version>0.1</version>           <status>BETA</status>           <maintainer>raj@linuxense.com</maintainer>           <configurationfile>clamav.xml</configurationfile>           <logging><facilityname>clamav</facilityname>                 <logfilename>clamav.log</logfilename></logging></package>

config.xml

<packagegui><name>clamav</name>         <version>0.1</version>         <title>ClamAV: Settings</title>         <include_file>/usr/local/pkg/clamav.inc</include_file>         <service><name>clamav</name>                 <rcfile>/usr/local/etc/rc.d/clamav.sh</rcfile></service>         <additional_files_needed><prefix>/usr/local/pkg/</prefix>             <chmod>0755</chmod>             http://agni.linuxense.com/packages/config/clamav.inc</additional_files_needed>         <custom_php_install_command>clamav_install_command();</custom_php_install_command>         <custom_php_deinstall_command>clamav_deinstall_command();</custom_php_deinstall_command>         <custom_delete_php_command>sync_package_clamav();</custom_delete_php_command>         <custom_php_resync_config_command>sync_package_clamav();</custom_php_resync_config_command>         <custom_add_php_command>sync_package_clamav();</custom_add_php_command></packagegui>

clamav.inc

function sync_package_clamav() {         conf_mount_rw();         config_lock();         global $config;         $start = "/usr/local/sbin/clamd &\n";         $stop  = "/usr/bin/killall clamd\n" .         "sleep 2";         write_rcfile(array(                           "file" => "clamav.sh",                           "start" => $start,                           "stop" =>  $stop                           )                     );         conf_mount_ro();         config_unlock();         mwexec("killall -HUP cron");         mwexec("/usr/local/etc/rc.d/clamav.sh stop");         mwexec("/usr/local/etc/rc.d/clamav.sh start"); } function clamav_install_command() {         global $config, $g;         mwexec ("mkdir -p /var/db/clamav");         mwexec ("/usr/local/bin/freshclam");         sync_package_clamav(); } function clamav_deinstall_command() {         global $config, $g;         conf_mount_rw();         unlink_if_exists("/usr/local/etc/rc.d/clamav.sh");         unlink_if_exists("/var/db/clamav/daily.cvd");         unlink_if_exists("/var/db/clamav/main.cvd");         unlink_if_exists("/var/db/clamav");         conf_mount_ro(); } ?>

and this command line wiil not work?

php pkg_mgr_install.php?id=packagename

Yep, thats about it in a nutshell.

@Aderium:

Add spam trap E-mail address:

if I add a spamtrap email called spamtrap@mydomain.com do I also need to create such user in my email server ?

No, basically if a email address is the to: address then SpamD knowns to add this servers IP to the trapped database and then further connections from that mail server will be trapped in a great tarpit which looks like a 110 baud modem communication, wasting the cpu cycles of the mail server in question.  It's neat.

@Aderium:

nextMTA

my internal ip address for mailserver is 10.1.10.10  is this the IP I would add to nextMTA ?

Yep.

Install http://pfsense.com/~sullrich/SpamDOutlookAlpha/SpamD.msi . It will add the outlook plugin. You also need to have SpamD package installed at your pfSense of course.

@ronnieredd:

Excuse me? Why am I making you click dozens of forums? Did I do something wrong? If so, I'm sorry. Please do elaborate.

13 packages plus the existing dozen or so forums makes for dozens of forums.  I'm old enough to remember and use BBS's, yet I still prefer email - I can sort and filter my inbox based on what I choose to read.  Which means more time spent on email worth replying to.  More forums split the attention the developers (who are still the primary support - although a few souls have certainly stepped up and chipped in on the support from) leaving us with less time to write code.  Until a package becomes enough of a nuisance filling the existing packages forum, it's really not worth splitting it out.

–Bill

PS. wut sullrich and hoba said

%A expands to the IP in the blacklist.

Since each blacklist is added individually then you know what database url to insert for each response.

I couldn't locate any other variables in http://www.openbsd.org/cgi-bin/man.cgi?query=spamd.conf&sektion=5 but if you come across any others, please let me know.

@msamblanet:

Thanks - patch form

Sorry for all the questions for a fairly trivial patch - hopefully as my current work project calms down I can offer something of more substance…

Commited.  Thanks

–Bill

@msamblanet:

OK - thanks - I have a better sense where things are going now…as you have seen in my other email, I took the first pass option of forcing users to enable the cachemgr so you have to choose to accept the risk...

If I ever find enough free time I am qualified to write the module you propose - but time is always the trick...my hat is off to you - I don't know how you (and many other good OpenSource authors) find the time to do this...

An option I was toying with overnight was how one could make a PHP wrapper so that the cgi was kept outside the web directory and content was in an iframe or similar with the PHP wrapper handlng security - would even allow us to keep the pfsense menus on the screen :)  ...unfort my PHP is pretty weak (I'm just an old Asm/C/C++ dev turned Java in the current day/age) - so I don't know how hard doing the CGI calls from PHP would be...can't imagine it's too bad but caveat coder

Hmmm…that's actually not a half bad idea.  I dunno about an iframe, but we could probably allow auth.inc to do it's job and use passthru() or something to run a cgi.  I'll have to think about that a bit.

--Bill

Ok, thks
Success to you in work

Ntop has all sorts of problems.  No one is currently looking after the package as far as I know so they probably won't get fixed.  But I think something better is getting added to 1.1 anyway, maybe maybe not.

Thanks, fixed.