1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    H
    @RNM-0 Thanks for your comment and sharing your fix. Unfortunately I don't want to take down pfsense and downgrade versions. I'm currently fine at the moment since I'm using Tailscale and that works. I also fixed the other crash I was having with pfblocker by changing a line code that wasn't pushed out under this version. Hopefully the stable release won't take too long to release but it appears there's still some open bugs that need to be fixed before that happens, and ironically, both the pfblocker and wireguard issues aren't on that list of bug fixes.
Log in to post
Load new posts
  • stephenw10S

    MOVED: how to Block https sites in PFsense

    Locked
    1
    0 Votes
    1 Posts
    511 Views
    No one has replied
  • R

    Windows Updates not finishing - DansG and pfBlockerNG?

    2
    0 Votes
    2 Posts
    2k Views
    D
    Maybe try this? https://technet.microsoft.com/en-us/library/bb693717.aspx?f=255&MSPPError=-2147217396 or https://support.microsoft.com/en-us/kb/818018?wa=wsignin1.0
  • D

    Ftp-proxy need to be re-enabled for working?!

    2
    0 Votes
    2 Posts
    735 Views
    jimpJ
    I haven't seen any other reports of that. I leave mine running and home and my firewall is up for months at a time, I've never seen it stopped or had problems.
  • GruensFroeschliG

    MOVED: logjam + haproxy as ssl-terminator

    Locked
    1
    0 Votes
    1 Posts
    528 Views
    No one has replied
  • stephenw10S

    MOVED: Disabling Squid cache

    Locked
    1
    0 Votes
    1 Posts
    656 Views
    No one has replied
  • GruensFroeschliG

    MOVED: squid extra delay pools - Limiting Youtube bandwidth

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • M

    On pfSense 2.2 IGMP Proxy does not work with GRE tunnels

    1
    0 Votes
    1 Posts
    925 Views
    No one has replied
  • C

    Sarg pfsense report Time (hour:min:sec)

    1
    0 Votes
    1 Posts
    558 Views
    No one has replied
  • C

    APCUPSD - SNMP Broken

    3
    0 Votes
    3 Posts
    2k Views
    C
    Now that you point it out I see that line thanks. Instructions could use a once over, pull the device type instruction down to that line maybe? Thanks
  • GruensFroeschliG

    MOVED: Suricata disabling

    Locked
    1
    0 Votes
    1 Posts
    497 Views
    No one has replied
  • GruensFroeschliG

    MOVED: Is Squid3 really working for pfSense 2.2.2

    Locked
    1
    0 Votes
    1 Posts
    546 Views
    No one has replied
  • S

    PIM

    1
    0 Votes
    1 Posts
    654 Views
    No one has replied
  • L

    [solved] pfBlockerNG blocks outgoing connections despite rule is Deny Inbound

    12
    0 Votes
    12 Posts
    5k Views
    L
    @BBcan177: You should also consider using a pfBNG "Alias Permit" Rule. Then manually create the Floating rule with the Alias created with "Alias Permit" and choose the Port and Destination LAN addresses for the Rule. More details on "Alias Rules" are listed in all of the IPv4/6 and continent tabs. This will allow only the "selected country - Italy" to access the Web App. This is a better approach then trying to block the world and only allow a few access. Damn, it was so easy… I don't know why it didn't worked earlier, I assume package installation was somewhat messed, or my mind was, yesterday... I simply did: 1. Achieve a clean package install (no previous settings retained); 2. Select just WAN in Incoming interface list, and just Italy in the countries list; 3. Create an Alias Permit URL alias as per your suggestion; 4. Use the alias for a basic Pass rule on WAN interface (no Floating rules here, now I do prefer to KISS); ... and... wha-ah! It worked straightforward. As expected, you would say (and you would be right). Thank you very much for your support and your patience. Have a nice Sunday, Luigi
  • stephenw10S

    MOVED: Squidguard setup with internal web server

    Locked
    1
    0 Votes
    1 Posts
    562 Views
    No one has replied
  • D

    MOVED: haproxy-devel v0.23 on 2.2.1 i386 - error writing config file

    Locked
    1
    0 Votes
    1 Posts
    485 Views
    No one has replied
  • W

    Anti virus

    7
    0 Votes
    7 Posts
    2k Views
    W
    @exograpix: When you save the antivirus setting again, it will throw some errors on the top, 1. basically you have to put your host/domain name in the clwarn.cgi url in the first setting. 2. You have to put service file in written on the second error into conf settings 3. You have to delete domain setting mentioned in the third and final line, than press save again. You have to wait for icap to update the clamav file, which is quite dicey , it will take long time depending on your connection. Once updated antivirus will start filtering. Thanks  :) So if my host / domain is www.WaqarUk.com, this I put into clwarn.cgi in the first setting? Then, what is is my "service file" please? How do I do "You have to put service file in written on the second error into conf settings"? I have a cable 50 Mbit connection & I am running Win 7 Ultimate on a i5-2500K, Asus Sabertooth p67 B3, Crucial 480 GB SSD M550 & various mechanical (2 TB & 1TB) hard drives for data, Corsair 16 GB ddr3, Asus 550 Ti GTX & Corsair semi modular 750 Wats power suppy in a fractal design R3 USB 3.0 case.
  • D

    MOVED: squid3 / squidguard performance

    Locked
    1
    0 Votes
    1 Posts
    824 Views
    No one has replied
  • T

    Upgraded pfSense (v2.1.3 –> 2.2.2) Missing FTP Client Proxy as Package

    3
    0 Votes
    3 Posts
    1k Views
    D
    All packages get automatically reinstalled after upgrade…
  • I

    Pkg install mysql

    8
    0 Votes
    8 Posts
    8k Views
    U
    @avnel: i am getting error after pkg install php56-mysql touch /etc/php_dynamodules/php56-mysql pkg install mysql56-server pkg install compat8x-i386 please help me https://doc.pfsense.org/index.php/How_do_I_get_PHP_support_for_mysql,_sqlite,_sockets,_etc
  • D

    Unbound - 100% CPU Utilization

    5
    0 Votes
    5 Posts
    4k Views
    K
    why do you have suricata why not use snort? I had service watchdog but I thought it was a bit of overkill. Im guessing its constantly monitoring your services which may cause CPU load maybe try to uninstall it for a day and see how it goes. And don't forget to reboot after (had an issue with squid one time) Also i had ntopng and I went from 26 percent to 60 percent CPU usage. Not sure if softflowd might be the case too but to figure out all possible outcomes I would also recommend uninstall it. CPU goes to 100% for the process for 5-10 minutes, then it goes back to normal like nothing ever happened. so your saying after 10mins of 100% it goes back down? and this happens for how long?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.