1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • S

    SquidGuard with different Active Directory does not work

    3
    0 Votes
    3 Posts
    1k Views
    S
    Hi, this problem with squidguard still occur with PFsense 2.2.6. The modification for squid3 seems not to be neccessary anymore. Does there exist any ideas to solve this issue? best regards Thomas
  • J

    PfSense Zabbix Agent

    13
    0 Votes
    13 Posts
    8k Views
    D
    Ok, so I found the solution - if anyone interested: Since Zabbix Agent is running in chroot, smartctl executable has to be linked in. For Zabbix 2.4 64 bit command is: ln /usr/local/sbin/smartctl /usr/pbi/zabbix24-agent-amd64/local/sbin It probably won't survive package reinstall/updates, adding to startup script might help. I used the following user parameters in advanced agent config: UserParameter=system.smartctl[*],smartctl -A $1 | grep $2 | cut -c 88- | cut -f1 -d' ' UserParameter=system.smarthealth[*],smartctl -H $1 | grep result | cut -f2 -d':' | cut -c 2- First one will return value for specified S.M.A.R.T. parameter - I usually monitor temperature. The second one will return one of PASSED/FAILED!/UNKNOWN! so I can set a trigger if value is not PASSED. More can be done to improve things, like discovery of the disks -but for pfSense it is more often than not just /dev/ata0.
  • E

    Freeradius WPA-Enterprise and Windows 10 Update 1511

    7
    0 Votes
    7 Posts
    5k Views
    jimpJ
    David_W is correct, trying to fix package binaries on 2.2.x currently is a losing proposition. If you need the latest FreeRADIUS right this moment, your best bet is to use pfSense 2.3 either on your firewall or as a second system to run FreeRADIUS (because everyone should be testing 2.3 to make sure it works for their setups, right? :-) 2.3 is quite stable and in many regards, more stable than 2.2.x. The number of bugs is shrinking daily, and the only real major problem area that is a regression is wireless.
  • A

    Quagga OSPF + OpenVPN [Solved]

    9
    0 Votes
    9 Posts
    7k Views
    A
    It's been fine - I've been bringing the other sites into the OSPF scope through the day. No issues at all. We have a total of four sites, with a fifth coming in a few weeks; Site 1: Two-node CARP, with three WAN connections (2x fibre, 1x LTE - this site is in an area where one ISP has an effective monopoly so both fibres are with the same ISP) Sites 2, 3 and 4: Single node, two WAN connections Site 5: Two-node CARP, with thee WAN connections (1x WiMax, 1x fibre, 1x LTE - similar single ISP situation, but at least with two different connection methods) I'll post back once site 5 is working, but I don't see any reason why we'd have issues running another CARP node. I've tested CARP failover and failback, and multi-WAN failover and failback at all sites. It all works brilliantly with default timer settings, though I suppose you could reduce the timers if you needed faster OSPF response, probably at the expense of CPU usage/bandwidth.
  • K

    Zabbix problem 2.2.6

    1
    0 Votes
    1 Posts
    615 Views
    No one has replied
  • B

    PostFix Forwarder Configuration

    4
    0 Votes
    4 Posts
    1k Views
    D
    @MadCatZA: Depending on the version of PFSense you are using, PostFix does not work with the newer revisions. Waiting for it to be ported to 2.3. Any ideas on the timescales for this? I have a pfSense VM sitting on an ESXi host at the moment that I want to migrate to KVM. I need to take it to 2.2.x in order to have the virtio drivers but the upgrade broke Postfix.
  • E

    FreeRadius2 LDAP Group Membership

    2
    0 Votes
    2 Posts
    1k Views
    G
    Check your group mappings in /usr/local/etc/raddb/ldap.attrmap For reference take a look at /usr/pbi/freeradius-amd64/local/share/examples/freeradius/raddb/ldap.attrmap If you're on a 32 bit system alter the above path accordingly. It can be a pain for non-standard stuff like AD
  • T

    Lcdproc-0.5.7_2 pkg v. 0.9.10

    9
    0 Votes
    9 Posts
    2k Views
    S
    I cant even get it to start now.
  • V

    Quagga cannot be restored on full system restore

    2
    0 Votes
    2 Posts
    749 Views
    jimpJ
    Hmm, I wasn't able to reproduce that here. It's likely also not an issue on 2.3 due to changes in the package system. If you can replicate it reliably, you might give a 2.3 snapshot a test.
  • J

    Mailreport filter syntax

    5
    0 Votes
    5 Posts
    2k Views
    jimpJ
    This site is useful for testing regex patterns: https://www.debuggex.com/
  • R

    Siproxd: sip_utils.c: ERROR:I'm trying to delete a VIA but it's not mine!

    7
    0 Votes
    7 Posts
    2k Views
    R
    Hi jimp! Yes, this is a good objection. I will think about a proper NAT setup in the next days. Thanks for your advice.
  • A

    Google force to safe search with ssl

    5
    0 Votes
    5 Posts
    3k Views
    jimpJ
    You can take that one step farther and have pfSense grab all DNS so people who think they are being tricky will, themselves, be tricked: https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense Also cuts down on support time for people with unknowingly broken DNS settings…
  • G

    Free radius not running

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    Looks like one of your users has an invalid configuration, you'd have to post the users file from /usr/local/etc/raddb/users (or at least the first few lines) for anyone to be able to help. If you have anything in the user custom config options it could be from that, since it complains about line 4 it must be in one of the first couple users.
  • G

    Failed binding authentication

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • M

    How to manually install older version of packages…

    4
    0 Votes
    4 Posts
    3k Views
    J
    @johnpoz: Or you could run the actually current supported version of pfsense.. And current packages, troubleshoot any update issues. Of course I want to use the current versions of pfSense and packages, but what about the required functionality: Proxy + Proxy filter + multi WAN. As far as I know that doesn't work with the updated software. If you can point me to a solution to get that working surely I will forget the old unsupported versions. Thanks.
  • O

    TFTP on a Virtual IP?

    1
    0 Votes
    1 Posts
    835 Views
    No one has replied
  • E

    Quagga OSPF - Priority 0 Doesn't Work

    2
    0 Votes
    2 Posts
    1k Views
    H
    https://redmine.pfsense.org/
  • C

    NUT Drivers not working for specific models

    3
    0 Votes
    3 Posts
    1k Views
    B
    Here is my NUT experience: First the Details: PFSense Version 2.2.6 Nut Version 2.1.2 and UPS: APC Back-UPS NS1350 connected via USB. PFSense is 32 bit version running on Intel P4 PC with Intel NIC cards and 1.5 GB Memory. If I set Nut to Generic UPC USB and Auto USB and run the command /usr/local/etc/rc.d/nut.sh start     I get No upstype set     Driver Failed to Start If I set Nut to APC Back-UPS USB and Auto USB I get:   No matching HID UPS found   Driver failed to start If I set Nut to APC Smart-UPS USB and Auto USB I get:     No matching HID UPS found     Driver failed to start After a week or two of rebooting firewall once a week, Nut will suddenly start upon reboot with the settings left on APC-Smart-UPS USB and Auto. Then after a month or two of it working, after a reboot, Nut will fail to start for a week or two or three. I have more than on one installation with this same configuration, and I have the same problem with each one of them. If someone can come up a with a file to edit or something to fix this issue, it would be great! Thanks Brian
  • R

    Pfsense 2.2.6 + squid+kerberos

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    Zabbix 2.2 Template

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.