1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    G
    As the title says. Any mirror or alternative ? https://feodotracker.abuse.ch/blocklist/ Error 503 certificate has expired certificate has expired Error 54113 Details: cache-scl2220043-SCL 1757230189 2309835888 Varnish cache server

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    J
    @nanda said in pfb_filter and pfb_dnsbl services are not running Pfsense 25.07.1: When I checked the status of the service, the firewall returned, "does not exist". as in on the Status -> Services page? or where specifically ? and yet it shows on the dashboard services widget.. And you said this was a fresh install so ... are there any errors in pfblockerNG 's error.log, dnsbl_parsed_error or py_error (Firewall -> pfBlockerNG -> Logs on the pfblockerNG -> General. make sure the Keep Settings option is enabled then head over to packages and try to reinstall the package (you may remove and install or just reinstall) see if you spot any install errors during the install then when complete you will need to change the masterfile / mastercat line again and then check the update page at Firewall -> pfBlockerNG -> Update should have a status showing the next scheduled cron event (if that is within a few minutes just wait for it to run). if it is more than say 20 minutes away or says not scheduled (or similar) then on the same update screen force Cron hit run. when that is complete check the status then reboot check the status

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    500 Topics
    3k Posts
    G
    @Gertjan well..... finally i created a new user for inwx and just gave him dns_management role only AND without 2FA. So now all is fine, my PFSense has the LE Cert as it should be. Thanks and kr Mike

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    609 Posts
    luckman212L
    The bugaboo that was affecting the FreeBSD 15 pkg repos has cleared, and the new builds seem to be finished. So, 1.86.4 is now landed in FreeBSD:15:amd64/latest ABI: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.86.4.pkg

  • Discussions about WireGuard

    699 Topics
    4k Posts
    S
    @Bob.Dig what's the right place?
Log in to post
Load new posts
  • D

    FreeRADIUS authentication

    2
    0 Votes
    2 Posts
    741 Views
    D
    to clarify, I am a student in Information Assurance and have never actually worked with RADIUS or pfSense before this semester. I eventually want to use a mySQL database for credential verification, but would like to ensure authentication can occur properly before taking that next step.
  • F

    Squidclamav.conf redirect being ignored

    3
    0 Votes
    3 Posts
    3k Views
    T
    [SOLVED] Clean your test browser's cache, cookies, history. Restart browser and "voila"It's working as it should.
  • F

    Suricata Q's & an error message

    3
    0 Votes
    3 Posts
    2k Views
    F
    @bmeeks: @firewalluser: Dont know where to post this, but running 2.2 Beta with Snort and Suricata. First Q. Is it ok to run snort and suricata side by side on the same machine? I've experimented with both installed, running and with snort interfaces disabled but cant seem to get any alerts or blocks from suricata. I have not uninstalled snort yet. I'm getting lots of these error messages in the system log FWIW. suricata[59742]: 24/11/2014 – 22:54:01 - <error>-- [ERRCODE: SC_ERR_DATALINK_UNIMPLEMENTED(38)] - Error: datalink type 0 not yet supported in module DecodePcap When I see "unimplemented", I wonder how far along suricata is, but also, where does it fit with snort? Is snort still superior to suricata or vice versa? It just snort has a few rules/options available which suggests more control with Snort, but I could be wrong? TIA</error> You must be running PPPoE on your WAN.  Suricata does not support PPPoE connections on FreeBSD.  Snort does.  The limitation is within the Suricata binary itself and not something caused by the GUI package on pfSense.  If you must use PPPoE, then use Snort instead of Suricata (or else don't try to run Suricata on the PPPoE interface). As for which is better or more mature, that's sure to bring out fan boys on both sides.  In my view neither is "better", they are just "different".  Suricata is a true multithreaded IDS, so in theory it should scale better with more CPUs and offer higher throughput.  In practice with today's hardware and network speeds, this only starts to matter at 10Gig and over.  Snort currently offers some rule options and keywords that Suricata does not support, so there are some Snort rules that will not load on Suricata (they cause an error and Suricata ignores them and skips loading them). Bill You must be running PPPoE on your WAN. Yes I am, didnt know about the pppoe restriction. As for which is better or more mature, that's sure to bring out fan boys on both sides.  In my view neither is "better", they are just "different".  Suricata is a true multithreaded IDS, so in theory it should scale better with more CPUs and offer higher throughput.  In practice with today's hardware and network speeds, this only starts to matter at 10Gig and over.  Snort currently offers some rule options and keywords that Suricata does not support, so there are some Snort rules that will not load on Suricata (they cause an error and Suricata ignores them and skips loading them). Thanks for that info, it explains a lot. I think for my uses, snort on wan and suricata and/or snort on lan is the way to go although I doubt my lan traffic will ever reach the rates that give suricata a chance to show off its capabilities over snort.
  • A

    Reverse PFBlocker option ?

    7
    0 Votes
    7 Posts
    2k Views
    F
    @atrocity: well, but we can't wait, because we have to filter out most of the world to some specific network equipements … :( Firewall: Aliases: Edit. Create two alias's Allowed IP's and Blocked IP's and link them to two txt files located on one of your internal webservers, then create all your rules you want and you dont need pfblocker then, but you do have more control with this approach. For example, you might have an alias for Allowed Email IP's where a txt file contains the ip address blocks you will accept email from (smtp/25) as you may do business abroad in that country, even your supplier might have their own ip address block reducing the constant updates which will invariable take place as IP's blocks get moved around. You could also have another alias file that contain ip address blocks for countries staff might have to visit including stop overs for connecting flights in other foreign countries, then you can have a rule to allow their iphone/android/windows phone communications with their imap/exchange servers for example. Maybe also allow some encrypted VOIP comms to avoid calls being listened into from foreign govt's when using their public telecoms infrastructure, or if you really want to be "silent", just have a vpn connection like openvpn, tunnel all traffic from your phones/laptops through the vpn and hide even more info from foreign govt's when abroad.
  • K

    /etc/inetd.conf vs /var/etc/inetd.conf

    3
    0 Votes
    3 Posts
    1k Views
    K
    Thanks for the explanation.  I'll look at it, but no promises …
  • F

    Snort/Suricata Suggestion

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @fsansfil: Hey BBcan, I know, its really well done too… But just wanted a simple way to add more $ operator with aliases ;) F. This idea would require changes within the pfSense code itself, and not just the Snort or Suricata package code. Bill
  • S

    Help with latest Snort + Barnyard2

    6
    0 Votes
    6 Posts
    2k Views
    bmeeksB
    @hescalona: mv /usr/pbi/snort-amd64/bin/barnyard2 /usr/local/bin/barnyard2 Yep, this should fix it by copying the latest barnyard2 binary over top of any older version lurking in /usr/local/bin. Bill
  • W

    Snort on Lan & Wan

    5
    0 Votes
    5 Posts
    3k Views
    bmeeksB
    @wbennett77: Thanks Bill, How would I identify which ET rules that are direct IP drops besides the three you spoke about? The rule text will just be a long list of IP addresses.  It's not terribly critical that they go on just the WAN, though. As another poster mentioned, there is some debate on the merits of where to put IDS rules (WAN, LAN or both).  I find that for most home users with NAT, putting the rules on the LAN side helps you better find any infected hosts without a lot of searching.  On the other hand, most home networks are small enough that even a brute-force search of all the machines would not take very long.  For me I just like the convenience of having the offending host's real IP immediately available in the alert message on the ALERTS tab. Bill
  • P

    Pfsense + freeradius2: wifi simultaneous login not working

    6
    0 Votes
    6 Posts
    3k Views
    N
    I am not familar with actual pfsense version and CaptivePortal. But if I remember correct there is a possibility to give a user some credits so that this user can access the internet without logging in on CP. So you you try to use a high number of credits for each user and low timeout for resetting these credits and enabling Accounting on CP. Not sure at all if this works. When you are searching for "radutmp" file you find some interesting information: http://opensource.apple.com/source/freeradius/freeradius-25/freeradius/raddb/modules/radutmp Accounting information may be lost, so the user MAY #  have logged off of the NAS, but we haven't noticed. #  If so, we can verify this information with the NAS, #  If we want to believe the 'utmp' file, then this #  configuration entry can be set to 'no'. check_with_nas = yes So this part will tell us that accounting is used for simultaneous use checks and it tells us, that if the user logs of or is disconnected and the NAS (Access-Point is your case) will not tell freeradius that this user has disconnected, then freeradius will never know and this user will still exist in radutmp file. So when trying to use DD-WRT you should make sure that it works like it should and that you don't fix one problem and get a new one ;) Perhaps you should enable CaptivePortal and use this accounting feature and authentication. On CP add the Access-Points itself to bypass so that authentication with PEAP works. Users then authenticate against freeradius to get WLAN Access and then - this is not so comfortable but should work - again on CP to get internet access. With the same username and password and then simultaneous checks can be done on freeradius with accounting enabled on CP or better use the CP built-in feature of simultaneous-checks. Good Luck!
  • B

    Snort 2.9.6.2 pkg v3.1.4 - Preprocessors blocks my WAN IP

    16
    0 Votes
    16 Posts
    4k Views
    bmeeksB
    @Hollander: I had the same problem, so I wil do the XML-reinstall as you said, Bill, to see if it fixes anything. (Disabling portscan preprocessors and rebooting did not solve anything). What is weird in my case is: it only happens on WAN1 (VDSL), not on WAN2 (Cable); And, of course, being the noob that I am, I have no clue why my WAN1-IP would be detected as doing a port scan on some remote IP at all. And, something even more weirder: Source: 122.225.97.66 Destination: 81.x.x.x. => my WAN SID: 136:1 ((spp_reputation) packets blacklisted) And then my WAN gets blocked by Snort, and not the 122.225.97.66  ??? The update to 3.1.5 should fix the WAN IP getting blocked.  The bug fixed in that update causes Snort to ignore the new WAN IP change, so that means your new WAN IP does not get put into the default automatic PASS LIST.  As for portscan sensitivity, I have a noticed a few more than I used to get many months ago.  The GUI package code I maintain has nothing to do with that, however.  That is something triggered by the Snort binary that comes from the snort.org folks. Bill
  • ?

    FreeRADIUS + LDAP: Client Storage?

    1
    0 Votes
    1 Posts
    640 Views
    No one has replied
  • S

    SQUID: Proxy monitor

    2
    0 Votes
    2 Posts
    732 Views
    S
    Found it. /usr/local/www/ Edit Squid_monito.php using filemanager or other. Find <form id="paramsForm" name="paramsForm" method="post"> | Max lines: | <select name="maxlines" id="maxlines"><option value="5">5 lines</option> <option value="200" selected="selected">200 lines</option> <option value="15">15 lines</option> <option value="20">20 lines</option> <option value="25">25 lines</option> <option value="100">100 lines</option> <option value="200">200 lines</option></select> | | String filter: | ! to invert the sense of matching, to select non-matching lines.");?> | </form> Edit highlighted section from 10 to any other preferred number and refresh the squid monitor page. Voila!
  • P

    AutoConfigBackup - user-config-readonly priv still does backup

    2
    0 Votes
    2 Posts
    733 Views
    P
    Related bug report: https://redmine.pfsense.org/issues/4034
  • P

    AutoConfigBackup - Do not overwrite previous backups for this hostname

    2
    0 Votes
    2 Posts
    664 Views
    P
    Bug report for "Do not overwrite previous backups for this hostname" checkbox: https://redmine.pfsense.org/issues/4033 Feature request to differentiate automatic and manual backups: https://redmine.pfsense.org/issues/4035
  • A

    PfSense 2.1.5 + Squid3 + Multi-WAN

    2
    0 Votes
    2 Posts
    809 Views
    A
    Hey guys, anyone got an idea? :/ Greets
  • S

    Caching Windows 8.1 Updates

    1
    0 Votes
    1 Posts
    744 Views
    No one has replied
  • W

    Squid3 custom error pages

    1
    0 Votes
    1 Posts
    882 Views
    No one has replied
  • S

    Turn off package filtering, what happens to Squid?

    1
    0 Votes
    1 Posts
    506 Views
    No one has replied
  • P

    Strikeback Is Not Logging

    1
    0 Votes
    1 Posts
    515 Views
    No one has replied
  • P

    Snort does not show trojan traffic

    16
    0 Votes
    16 Posts
    3k Views
    P
    Hey guys! Just wanted to let you know that with the modified rule I was able to get an alert on the interface I supected to be the source of the conficker traffic. I still have to investigate the PC to confirm that it actualy is infected but the whole issue seems pretty plausible now. Thanks again for the great help! Malte
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.