1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • S

    AutoConfigBackup on 2.3.1

    5
    0 Votes
    5 Posts
    2k Views
    S
    Yes, the admin account can access the URL in a browser.
  • D

    Unable to retrieve package information.

    2
    0 Votes
    2 Posts
    2k Views
    K
    I am experiencing the same issue. ginx: 2016/05/18 22:44:59 [error] 35993#0: *160 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.1.50, server: , request: "POST /pkg_mgr.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.1.1", referrer: "https://192.168.1.1/pkg_mgr.php"
  • D

    Package install problems

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • M

    Upgrade to 2.3 - Forgot to unistall HAVP

    2
    0 Votes
    2 Posts
    862 Views
    jimpJ
    This should stop the errors at least: rm /usr/local/pkg/havp*
  • empbillyE

    !freeradius2

    6
    0 Votes
    6 Posts
    2k Views
    empbillyE
    The same problem. Maybe a fix. https://forum.pfsense.org/index.php?topic=87441.msg623310#msg623310
  • A

    Nut - MEC0003 protocol - instant shut down as soon as nut starts?

    11
    0 Votes
    11 Posts
    7k Views
    dennypageD
    FWIW, looking at the NUT user support list, there are several references to the MEC0003 protocol. These are probably worth a read. There are references to both the blazer_usb and nutusb_qx drivers, and both of these drivers have a ton of configuration items that appear to be required.
  • M

    NUT Default Behavior

    2
    0 Votes
    2 Posts
    2k Views
    R
    See #22 and #23 - http://networkupstools.org/docs/FAQ.html (I should probably copy it here, just to be a complete reply) 22. How can I make upsmon shut down my system after some fixed interval? You probably don’t want to do this, since it doesn’t maximize your runtime on battery. Assuming you have a good reason for it (see the next entry), then look at scheduling.txt or the upssched(8) man page for some ideas. 23. Why doesn’t upsmon shut down my system? I pulled the plug and nothing happened. Wait. upsmon doesn’t consider a UPS to be critical until it’s both on battery and low battery at the same time. This is by design. Nearly every UPS supports the notion of detecting the low battery all by itself. When the voltage drops below a certain point, it will let you know about it. If your system has a really complicated shutdown procedure, you might need to shut down before the UPS raises the low battery flag. For most users, however, the default behavior is adequate. Ask yourself this: why buy a nice big UPS with the matching battery and corresponding runtime and then shutdown early? If anything, I’d rather have a few more minutes running on battery during which the power might return. Once the power’s back, it’s business as usual with no visible interruption in service. If you purposely shut down early, you guarantee an interruption in service by bringing down the box. See upssched.txt for information on how you can shutdown early if this is what you really want to do.
  • S

    Apcupsd on 2.2: multiple processes

    14
    0 Votes
    14 Posts
    5k Views
    W
    Not going to be able to do this for you. 2.3 changed entirely how packages work and this package was removed.
  • A

    What's Power Down Instead of Halt function?

    1
    0 Votes
    1 Posts
    697 Views
    No one has replied
  • R

    Quagga_OSPF

    1
    0 Votes
    1 Posts
    770 Views
    No one has replied
  • L

    Is there a way to filter emails when delivered directly to clients?

    3
    0 Votes
    3 Posts
    1k Views
    M
    If you're using Thunderbird to access your emails, I assume you're picking up your messages via either POP3 or IMAP directly from your 'provider mail server'. In which case you would need to position your mail filter to operate in front of your mail server, not between your mail server and your clients. Spam and viruses should be stopped before they reach the mail server at all, so you would need to position your mail filter so that it received all your inbound messages and then passed on the filtered emails to the mail server. This may mean having to bring your mail server in-house. If that isn't an option, then there are paid-for mail scanning services, such as Messagelabs, which will handle all your spam/viruses for you. You'd just need to amend your MX record to point to the Messagelabs system and they would forward the filtered mail to your hosted server. If you do host a mail server in-house, you can install the Mailscanner package on your firewall, but from what I know this particular package is quite CPU-intensive and could cause your firewall some problems if you process a lot of email. In my own opinion, you'd be safer running it as a separate system, with your SMTP traffic port-forwarding to the Mailscanner server and it, in turn, passing on the filtered mail to your internal mail system.
  • arrmoA

    NUT Widget in v2.3

    8
    0 Votes
    8 Posts
    2k Views
    arrmoA
    Works here now too - thanks!
  • chpalmerC

    NUT package- only 64bit

    3
    0 Votes
    3 Posts
    1k Views
    chpalmerC
    @jimp: It's there on 32-bit, perhaps you looked before it had finished building or syncing there? Possibly-  Just being impatient I suppose. ;D Got it now though.    Thanks!
  • dennypageD

    NUT?

    17
    0 Votes
    17 Posts
    4k Views
    R
    @dennypage: If you want to see what the driver is actually reading from the unit, you can run the upsc command like so:  ``` upsc upsname Thanks, for some reason I had it in my head it was upsd <upsname>  and it all shows valid data And don't ask me why… now the widget is showing full data display. Oh, and I too am a Marvin fan! Rick</upsname>
  • K

    Sarg not deleting old files?

    2
    0 Votes
    2 Posts
    723 Views
    K
    bump???
  • Y

    Varnish3 on pfSense 2.3

    2
    0 Votes
    2 Posts
    806 Views
    jimpJ
    There's a sticky post on this board with all the getting started info for developing packages on 2.3
  • D

    NUT not starting - Tripp Lite Smart Online

    2
    0 Votes
    2 Posts
    758 Views
    R
    Hopefully this is an area of NUT that will one day get an update… I use a Cyberpower unit but none of the Cyberpower configs work...  but if I use an APC config with the USB option it reads the Cyberpower unit model number, charge and stats.  The service will then start and the widget works for all but the bar graphs. Play around with multiple configs. Hope that helps
  • A

    Darkstat Reports in MB /GB

    1
    0 Votes
    1 Posts
    948 Views
    No one has replied
  • yuljkY

    Check_MK Package for 2.3

    6
    0 Votes
    6 Posts
    3k Views
    J
    I have started trying to make one. I've already managed to get check_mk working manually, you can see my post here https://forum.pfsense.org/index.php?topic=111517.0 Once I have something to show, even if it just the GUI i'll create a new post / update this post. This is the first time I've looked at creating a pfsense package, so it might take me a few weeks to get my head round how it works.
  • G

    Newbie Package Question

    3
    0 Votes
    3 Posts
    1k Views
    G
    @AR15USR: You have the latest version. If it were yellow color there would be an update. If it were red it is not fully installed. OK, dumb mistake. The stuff on the bottom is a legend, not a notification. Thanks.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.