1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    GertjanG
    @icoso Added to this : @SteveITS said in Snort Alert list explanation: If Snort is running on WAN then be aware since it runs outside the firewall it will scan packets the firewall will drop. If your WAN IP can be reached by everybody (== the entire internet) then having Snort 'listening' on WAN is a not a good idea. What would happen when 'some one' sends you a load of packets that were known in advance to trigger your snort ? So every packet will kick Snort into action, eating away loads of CPU cycles and logging a lot of lines = disk space. 'Some one' doing nearly nothing, and you will be stressing your own firewall. The short conclusion : never ever Snort on WAN. The main conclusion : Snort on WAN can be done, but keep a permanent eye on it. Btw : the default WAN behavior is "block" anyway. edit : You might say : I activate Blocking mode, so every suspected traffic will hit 'the wall'. Afaik, snort places itself in front of the firewall, so it still 'sees' the traffic, reacts upon it, decide to block the IP, finds the IP was already blocked etc.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @BiloxiGeek said in DNSBL and IPv6: Does it just follow the IPv4 address that is listed above that? In my case it would end up being ::10.0.0.86 Yes. In this specific context that's the notation being used. (Full IPv6 web server address, for reference then, would be: http://[0000:0000:0000:0000:0010:0000:0000:0086]) Nota bene: I use 0.0.0.0 which renders the DNSBL webserver useless and inaccessible, but otherwise returns 0.0.0.0 or ::/NOERROR answers to all blocked lookups.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    610 Posts
    E
    Updated CE 2.7.2 to 1.86.4_1 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.4_1.pkg Freshports

  • Discussions about WireGuard

    699 Topics
    4k Posts
    S
    @Bob.Dig what's the right place?
Log in to post
Load new posts
  • C

    HAProxy does not reload after upgrade

    6
    0 Votes
    6 Posts
    2k Views
    P
    Just installing the pbi should have created a symlink for /usr/local/sbin/haproxy to the executable /usr/pbi/haproxy-amd64/.sbin/haproxy Can you try uninstalling and then re-installing the haproxy-full package?
  • C

    Enable module ecap for squid3

    1
    0 Votes
    1 Posts
    754 Views
    No one has replied
  • W

    Strange IP in Squid.conf

    1
    0 Votes
    1 Posts
    637 Views
    No one has replied
  • J

    Transparent HTTP/HTTPs filtering with NSFilter

    11
    0 Votes
    11 Posts
    3k Views
    J
    Just wanted to update the thread to let everyone know that we have added support for pfSense 2.2, the installation is exactly the same as the previous versions.  Here is a brief rundown of current features: DNS Filtering:   Domain name categorization using realtime cloud categorization service   User/Group/IP based policies   Local Domain Override (*New, overrides DNS lookups to alternate server for specified domains, ie mydomain.com uses 192.168.1.1 vs 8.8.8.8 for everything else).   Customizable Block Pages HTTP/HTTPS filtering:   URL categorization using realtime cloud categorization service   Transparent mode supported   User/Group/IP based policies   Force Safesearch (Google/Yahoo/Bing)   Youtube for Schools   URL Black/White lists   Content Type Black/White lists   File Pattern Black/White lists   Customizable Block Pages Authentication:   LDAP integration   Domain Controller Agent (In development, this will allow users to automatically authenticate to NSFilter when logging in successfully to the domain). Please let us know if there are any features you would be interested in trying or like to see about having added to NSFilter, we are always looking to improve. Also if there are any of you testing 2.2 if you would like to give NSFilter a try, we would love to get some more data points on running on the new platform. Thanks, Adam
  • F

    Exclude user from safe search

    2
    0 Votes
    2 Posts
    506 Views
    F
    ;D I found the solution : for safe search the Common ACL group take the precedence over Group ACl so you need to disable it in Common ACL and apply it in whatever group inside Group ACl that's work for me
  • M

    SquidGuard ACL

    3
    0 Votes
    3 Posts
    885 Views
    M
    You get a happy face karma for your efforts.  Thanks.  8)
  • V

    Squid and Firewall Rules - FailOver(Help)

    1
    0 Votes
    1 Posts
    481 Views
    No one has replied
  • denningsrogueD

    Snort Reinstall Failure!

    4
    0 Votes
    4 Posts
    972 Views
    bmeeksB
    @pfff: Hi Thank you so much Bill for all your great work on Snort and Suricata! I ran into a problem 1-2 months ago with Snort before I switched to Suricata and just never found the time to report it. I was updating Snort and the installation script proceeded as usual to remove the old package but then my internet connection failed and the new package couldn't be downloaded and the installation aborted leaving me with no Snort at all. Perhaps it would be better to download the package first and only then proceed with the actual installation. I'm not sure if this issue is still present or related to the above post because I can't see the screenshot but I thought I'd report it. Suricata is working great, thanks again. The process for downloading and installing packages is handled by the pfSense core code.  The packages themselves have no control over that.  There have been suggestions for improvements in this area posted on the pfSense Redmine Bug Tracking site.  One of those suggestions was to first download and verify the new package before removing the old one. Bill
  • P

    Blinkled stops working since upgrading to 2.1

    5
    0 Votes
    5 Posts
    1k Views
    N
    Hi, Has anyone found a fix for the problem?.  I have pfsense 2.1.5-Release with Blinkled 0.4.3.  It installed without problems and run for a few days before the Led 2 or 3 will stopped working or blink continuously for no reason. I need to reboot the unit or go to the Blinkled interface page and click "Save" to get it working again.  This will fail again in a few days time.
  • N

    Varnish on NanoBSD pfSense

    2
    0 Votes
    2 Posts
    564 Views
    N
    No one can answer this simple question? :-[
  • L

    Snort not working

    5
    0 Votes
    5 Posts
    2k Views
    L
    @bmeeks: @laptopdude90: @bmeeks: @laptopdude90: Snort is only detecting http_inspect. It's always 'http_inspect: UNKNOWN METHOD' or 'http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE'. I've tried using IDSWakeup, which didn't trigger anything. I also tried an online port scanner, which didn't trigger anything. I have set snort up listening on the WAN port. I should probably note that my ISP requires me to set up a virtual WAN port on VLAN 35, and that is what snort is listening on. Screenshots: http://imgur.com/a/BtYoq Yes, I have updated the rules, and I have restarted Snort. Those are very common false positives.  Did you read the threads here in the Packages sub-forum about generating a Suppress List so that the known false positives don't trigger?  Search this forum for threads about Suppress List generation. Do you have blocking enabled on your interfaces?  You set this on the INTERFACE settings tab. Bill The problem isn't the false positives, it's the fact that they're the only things that trigger. What do you mean about this blocking interfaces thing? Where do I find it? 1.  From the pfSense menu, choose Services…Snort. 2.  When the Snort tabs appear, either double-click on a selected interface or click the "e" icon to edit that interface. 3.  The action in #2 above will open a new set of tabs for that specific interface's configuration.  On the SETTINGS tab you will find checkboxes for enabling the blocking of offenders. You can see what blocks have been put in place by clicking the BLOCKED tab. Where do you have Snort configured? Is it on the WAN interface or another one?  And how specifically did you run the IDSWakeup test?  Did you run that from a remote machine and target the firewall interface where Snort was running?  Depending on where you browse to and the amount of traffic on your network, it is quite common to have few Snort alerts.  For instance, on my home LAN where Snort is configured on the WAN and LAN, I get maybe one LAN alert per week because there is just me and my wife surfing and we have only a few favorite sites we visit.  On the WAN side I get a number of alerts per hour from some IP blacklists using the IP REPUTATION preprocessor. Bill Blocking is turned off. Snort is configured on the WAN interface. I ran the test from my father's network on my linux laptop, directed toward my IP.
  • T

    Squid3-dev SSL MITM Proxy Mode Not Working

    1
    0 Votes
    1 Posts
    844 Views
    No one has replied
  • F

    Cron Package - Add label to scheduled command?

    1
    0 Votes
    1 Posts
    549 Views
    No one has replied
  • 2

    How do I get squid to work with OpenVPN clients

    1
    0 Votes
    1 Posts
    778 Views
    No one has replied
  • R

    Slow speed on "some?" pages. SQUID

    3
    0 Votes
    3 Posts
    1k Views
    R
    Hi, thanks for your replay. I changed "Memory cache size" from 8 to 512, and after that it started loading pages at exceptional speed, then changed it back to 8 just to test and it kept loading the page fast. Weird behavior since i have the "Hard disk cache system" to null this whole time, Anyway its working fine and i have no idea why  :-X :-\ Thanks for the help.
  • R

    FreeRadius 2.X & OTP Authentication

    4
    0 Votes
    4 Posts
    2k Views
    R
    Sorry I can't remind what I've done to make it works. It was a misconfiguration very stupid…  Can you show me your configuration I will tell what's different with mine.
  • C

    Add packages to pfs 2.1.5?

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    You should probably use the 8.3 link instead for future pkg adds. When you install a pkg, you might need to run the following command (your reboot also fixed it) after you install the pkg for the pkg to be accessible. rehash
  • S

    Bacula-client service fails to start on boot

    4
    0 Votes
    4 Posts
    3k Views
    D
    My fix: mkdir /usr/local/bacula/ chown bacula:bacula /usr/local/bacula Run vipw from the command line and adjust the home directory for bacula to be the above mentioned directory. That is insufficient to get the correct WorkingDirectory value in bacula-fd.conf file. The path, /var/db/bacula is hardcoded at https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc Is that the problem?  I believe so.  If I edit /usr/local/pkg/bacula-client.inc and put the new path in there, the correct configuration is saved. In addition, all instances of BACULA_LOCALBASE . /etc/bacula-fd.conf in /usr/local/pkg/bacula-client.inc needs to be BACULA_LOCALBASE . /etc/bacula/bacula-fd.conf NOW it runs: [2.1.5-RELEASE][admin@pfsense.unixathome.org]/cf(110): ps auwx | grep bacula root    6659  0.0  0.3 28864  5756  ??  Is  12:56PM  0:00.00 /usr/pbi/bacula-amd64/sbin/bacula-fd -u root -g wheel -v -c /usr/pbi/bacula-amd64/etc/bacula/bacula-fd.conf root    9672  0.0  0.1  6088  1400  1  R+  12:56PM  0:00.00 grep bacula In addition, the code seems to append -dir to the Director Name via pkg_edit.php?xml=bacula-client.xml&act=edit&id=0 Hope this helps to fix this bug.
  • G

    Snort 2.9.6.2 update 3.1.2 stopped working

    18
    0 Votes
    18 Posts
    2k Views
    G
    Hi, I don't know how, but it took a while, now is working fine as I had it before. Solved!
  • L

    New package submitted for OSSEC server

    8
    0 Votes
    8 Posts
    5k Views
    E
    hello all, that's good news, I'm waiting to test this package where I can download ?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.