1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    655 Posts
    E
    Updated CE 2.8.1 to 1.90.6_1. Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg Changelog

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • L

    APCUPSD problem, ups status data don't update, error in log.

    2
    0 Votes
    2 Posts
    998 Views
    L
    @LucaTo: apcupsd (latest: 0.3.8 ), pfsense 2.2.5-RELEASE 64bit (but the problem was the same also with previous realease) Same identical issue after update to new release 0.3.9
  • T

    Apache path error apache_mod_security.inc with fix

    18
    0 Votes
    18 Posts
    2k Views
    D
    0.1.9 merged - good luck :P
  • D

    Setting up access to packages GUI in System - User Manager

    3
    0 Votes
    3 Posts
    1k Views
    D
    Should be almost complete now, added to ~30 other packages. There are some ~10 packages remaining.
  • S

    FreeRaduis installation failed on pfsense 2.2.5

    2
    0 Votes
    2 Posts
    958 Views
    D
    Include freeradius.inc is missing! Include file freeradius.inc could not be found for inclusion. Not executing custom deinstall hook because an include is missing. As noted above, you are missing required INC file. Try again.
  • F

    Apcupsd - modbus recent

    1
    0 Votes
    1 Posts
    822 Views
    No one has replied
  • J

    Quick easy way to determine if an IP is on a pfBlocker-NG list?

    2
    0 Votes
    2 Posts
    3k Views
    BBcan177B
    You should be able to see this in the pfBNG Alerts tab… v2.0 will have an improved lookup for CIDRs... You can also grep from the shell.. cd /var/db/pfblockerng/deny/ grep "^1.2.3.4" * Other examples: grep "^1.2.3" * grep "^1.2." * grep "^1." * add    | grep '/'  to only report CIDRs.
  • T

    Is mailscanner working with PFSense 2.2.4 or 2.2.5?

    2
    0 Votes
    2 Posts
    983 Views
    T
    Hate to bump, but anyone?
  • R

    Init/DROther with OSPF

    5
    0 Votes
    5 Posts
    2k Views
    S
    I'm not saying you shouldn't use TAP, but if you want to use TUN I think it should work with "topology subnet". If you are allowing all traffic in the OpenVPN tab of your firewall rules, you won't need another rule to allow the OSPF traffic.  If you are only allowing specific traffic in, I think you will need a rule to allow the OSPF traffic.  The reason I mentioned this is that in your original post you said the server is showing the client as "Init/DROther" and the client is not showing anything, which sounds like traffic is getting through from the client to the server, but not the other way.  The server would need to negotiate with the client before showing it as "Full/DROther", etc.  Of course by "server" and "client" I'm talking about the OpenVPN role, not OSPF.
  • B

    Workaround for freeradius2 failing to start on reboot with PFSense 2.2 nanobsd.

    3
    0 Votes
    3 Posts
    4k Views
    G
    this worked for me as well in conjunction with Watchdog package as discussed at https://forum.pfsense.org/index.php?topic=87441.30
  • J

    HAProxy, just use custom configuration file and no UI?

    3
    0 Votes
    3 Posts
    2k Views
    J
    Awesome. the "devel" package does exactly what we need it to do, without a whole lot of custom options. The big thing was to have multiple backends per frontend.
  • K

    Haproxy-devel 0.33 service won't start after upgade to 2.2.5

    6
    0 Votes
    6 Posts
    1k Views
    K
    Hello and thanks for your help. The removal of the empty global dns resolvers did the trick. All is fine now. As for version 0.32, yes I had it installed prier to upgrading. Regards,
  • E

    Packages unavailable?

    3
    0 Votes
    3 Posts
    1k Views
    E
    @maverick_slo: They have ipv6 problems again… Ipv4 works for me, also forums are not reachable via 6... Thanks! IPv4 works for me as well. Problem solved :-)
  • G

    Freeradius won't start

    6
    0 Votes
    6 Posts
    3k Views
    D
    Thanks for reporting back.
  • A

    Service vHosts-http won't start.

    18
    0 Votes
    18 Posts
    4k Views
    D
    Perhaps install and uninstall the updated rewritten package and see if it helps? Other than that, editing config.xml manually.
  • R

    OpenVPN Client Export Utility - Additional configuration options saving

    5
    0 Votes
    5 Posts
    3k Views
    C
    Hi, yes, very useful. This way, the user would be able to export multiple clients at different times, with similar settings. +1 Nice when i have to export packages for 50 users.
  • C

    Lcdproc-0.5.5 pkg.v.1.0.2

    1
    0 Votes
    1 Posts
    612 Views
    No one has replied
  • B

    LADVD 1.0.4.2 problem and suggestion

    9
    0 Votes
    9 Posts
    4k Views
    johnpozJ
    "That's a work round of sorts. However, the package should forbid you from selecting a vlan. If you do so, ladvd keeps on churning out errors to the system log." But how is not just selecting the interface you have assigned to the physical not a solution to the OP problem?  I have lavd on my em1 and em2, which I do have L3 assigned too.. But you wouldn't have to if all you want to do is use vlans on that physical interface. That being said cdp and lldp would go out on the physical and works on whatever vlan you have as the native, be 1 or 10 or 200, etc..  To me this is untagged traffic and just the physical wire at layer 2.  Only reason you set it at the switch is too isolate that to its own broadcast domain..  So switch ports that are not part of that native vlan do not see this traffic. If lavd does not work and generates errors when you pick a vlan interface, then sure guess that should be removed.. And you should only be able to pick the actual physical be it em0, 1, etc.. or the interface you assigned to that physical be it lan, opt1, opt2 (or whatever you change the label too). I can how it should be updated in the package - I would think a note to the package maintainer could get that fixed up.. But still not seeing how this is any sort of real issue in the big picture. "working LLDP on pfSense would be nice to have, but is hardly critical in my deployment." It does work… edit:  hmm that is odd why is showing same mac for the ID.. em1 and em2 ... hmmm hose should be 02 and 03 for the last number in the mac..  Oh that is the device ID.. hmm would be better if that was the actual mac of the interface - which I thought it should be.. ah it shows it sg300#sho lldp neighbors GE 3 Device ID: 00:50:56:00:00:01 Port ID: em2 Capabilities: Router System Name: pfSense.local.lan System description: FreeBSD 10.1-RELEASE-p15 #0 c5ab052(releng/10.1)-dirty: Sat Jul 25 20:20:58 CDT 2015    root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_ Port description: Intel(R) PRO/1000 Legacy Network Connection 1.0.6 Management Address: 192.168.9.253 Management Address: 32.1.4.112.31.17 Management Address: 00:50:56:00:00:02 Time To Live: 172 [image: lldppfsense.png] [image: lldppfsense.png_thumb]
  • GruensFroeschliG

    MOVED: configuring dansguardian nd squid

    Locked
    1
    0 Votes
    1 Posts
    514 Views
    No one has replied
  • GruensFroeschliG

    MOVED: Transparent Squid proxy with SSL MITM errors on Cloudflare websites

    Locked
    1
    0 Votes
    1 Posts
    643 Views
    No one has replied
  • G

    Freeradius and NAS IP Range instead of IP

    2
    0 Votes
    2 Posts
    1k Views
    M
    Hello, i'm in the same situation, is this possible ? does somebody know ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.