Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    A

    @wbmstr2000 : Thanks! I will investigate it, greetings

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    573 Posts
    luckman212L

    For 25.07 RC, this worked for me (run sh first)

    [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Platform 2.2 & Packages that dose not work

    7
    0 Votes
    7 Posts
    1k Views
    K

    Yeah - I know.  Thats what I told my friend and theat what he told the customers and yet….

    They keep whining for it.

  • FreeRadius 2 not working: error code when running test command

    3
    0 Votes
    3 Posts
    1k Views
    U

    It was on an amd64 box. But my friend did some tinkering with it and got it working.

  • Growl in 2.2 rc

    2
    0 Votes
    2 Posts
    708 Views
    T

    Test button works but not seen any alerts from pfsense yet.

  • {SOLVED} Unable to communicate with packages.pfsense.org?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Snort adding multiple cron entries which expire blocked IPs too early

    8
    0 Votes
    8 Posts
    1k Views
    B

    Thx, for the fix!  :)

    Now, let´s wait for the pfSense Team. :-P

  • Snort wont start

    15
    0 Votes
    15 Posts
    2k Views
    bmeeksB

    I posted a Pull Request today that adds some additional validation checks on IP addresses and subnets when creating the HOME_NET and PASS LIST values for Snort.  Hopefully this corrects the issue with only a single forward slash ( "/" ) getting into HOME_NET and/or PASS LISTS.

    Here is a link to the Pull Request:  https://github.com/pfsense/pfsense-packages/pull/805

    Bill

  • Guide to configure squid, squidguard, https?

    38
    0 Votes
    38 Posts
    9k Views
    M

    Some help please :)

  • 0 Votes
    21 Posts
    3k Views
    C

    pfBlocker has been removed, and replaced by pfBlockerNG for 2.2. It's in the package system if you want to install it

  • SNORT not blocking/reporting to Snort widget if

    2
    0 Votes
    2 Posts
    654 Views
    bmeeksB

    @Supermule:

    Snort is not blocking/reporting to widget if WAN IP REP is enabled.

    It is started and returning nothing

    Any idea to why??

    Do you have IP REP files downloaded and then assigned on the WAN interface?  The files should show up under the IP LISTS tab (on the top row of tabs).  Then on the WAN tabs (lower tab row) you assign particular files to the interface on the IP REP tab.  Once you make the assignments, Snort will need restarting on that interface.

    I have the ET-Open rules "emerging-compromised-ips.txt" list assigned to my WAN, and I am getting blocks.  Just had a few in the last couple of hours.  The alert text will this:  (spp_reputation) packets blacklisted and the GID:SID is 136:1.

    Bill

  • Suricata 2.0.6 update coming soon – but only for pfSense 2.2

    3
    0 Votes
    3 Posts
    1k Views
    bmeeksB

    This update was merged this morning and should appear for pfSense 2.2 users only as mentioned in the release notice above.  Go to System > Packages > Installed Packages and the update should be showing as available.

    NOTE:  this update and future Suricata updates will only be available for pfSense 2.2 and above due to changes in the Suricata source code that break compiling a package on pfSense 2.1.x.

    Bill

  • Great pFsense 2.2 and squid3

    1
    0 Votes
    1 Posts
    811 Views
    No one has replied
  • Can't start Clamd antivirus - Squid3

    4
    0 Votes
    4 Posts
    2k Views
    N

    @firefox:

    i did not see this packages in the packages manger ?

    clamd
    c-icap

    where this from ?

    it is automaticly installed with squid3

  • Ntopng - regular errors

    6
    0 Votes
    6 Posts
    2k Views
    C

    Thanks!

  • Bandwidth monitor

    1
    0 Votes
    1 Posts
    913 Views
    No one has replied
  • Squid HTTPS/SSL killing Cisco VPN client connection

    11
    0 Votes
    11 Posts
    3k Views
    C

    A couple links on how its works and such… They are different but same concept

    https://mitmproxy.org/doc/index.html
    http://docs.diladele.com/faq/squid/index.html

  • Snort in promiscuous mode does not block automatically

    10
    0 Votes
    10 Posts
    3k Views
    bmeeksB

    @peridian:

    Doh!  Figured it out.

    @bmeeks:

    In this case, the bad IP (the source IP in this alert) was blocked so no further communication can happen there.

    You would think, however looking at the logs I realised that squid was operating on that interface in transparent mode.  snort was generating the block for the external IP, but squid was returning a cached copy of the content, which made it look to the client like the connection had still worked.

    @bmeeks:

    If so, you will need to define a custom PASS LIST, uncheck the option to include local networks, then manually assign the list to the VLAN interface (or the LAN interface) and restart Snort.

    Excellent, thank you for that, it achieved exactly the result I was looking for.  I don't know how I ever got snort to produce blocks originally if I didn't know to do this, but it is now behaving as expected, and with squid still enabled on the interface.

    Thank you for all your help, it's very much appreciated.

    Regards,
    Rob.

    Glad you got it figured out.  Unless you are worried about your internal VLAN hosts being a source of and spreading some malware, I don't understand why you want their IP addresses blocked at the firewall as well.  Simply blocking the other end of the offending traffic stream is protection enough for the victim host.  I'm assuming you are running this in a home setup.  As an example, assume your PC browses to a web site and some rogue ad content on the site causes Snort to fire an alert and insert a block.  If you let it block both the bad web site AND your own PC's address, then you can find yourself locked out of the firewall (at least from your PC).  Isn't it sufficient that just the far-end rogue source or destination be blocked?

    Bill

  • Squid 3.3.x how to install ?

    7
    0 Votes
    7 Posts
    1k Views
    W

    One more question.  How do I add CA certs that I manage to squid itself?

  • Clear out all old config from package

    9
    0 Votes
    9 Posts
    3k Views
    T

    @marcelloc:

    @Trel:

    If I edit a backup xml file, and remove the appropriate settings, and then restore it, does anything I removed get wiped off of pfsense or would the package gui config persist still?

    Will be removed. Keep in mid that full config restore forces a reboot and package reinstall.

    Ok, this looks like the best option anyway.  I should be good then.

  • Is pfBlocker safe to use with 2.2?

    13
    0 Votes
    13 Posts
    3k Views
    marcellocM

    @j@svg:

    Got it. So, basically wait for NG…. :(

    There is a manual install steps on pfblockerng thread but I'll send pull request to remove pfblocker and enable pfblockerng on 2.2

  • Lcdproc is not working anymore after the las Upgrade to 2.2

    2
    0 Votes
    2 Posts
    615 Views
    J

    The system logs indicate:

    php: lcdproc: Failed to connect to LCDd process Operation timed out (60)

    Any clues?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.