1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: Your suggestion is preferred, but from I understood from you, nobody is interested or have the knowledge. Again thank you, for updating this package over the years. I'm sure there is someone here on the forum using the package that has the knowledge to maintain it. Another option if IDS/IPS is critical is to use the Linux package on a separate virtual machine or hardware appliance. Inline IPS performance would actually be very good using a Linux box (or even a FreeBSD box) with two separate NICs and configure true netmap hardware-to-hardware mode. That is many times more performant than the hardware-to-host mode that is required when using netmap within pfSense. Of course using a separate box would mean no GUI, but that's how the vast majority of the world uses Suricata already (without a GUI).

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    High_VoltageH
    @wesley33taylor okay, now I have to ask, just due to being especially dense today, what and how did you do that? what do others need to change, so that there is written history for anyone else that might end up finding this thread and wanting to do the same, the usefulness of archival purposes and the desire to confirm I've done the same drive me to ask this. please advise.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    701 Topics
    4k Posts
    QuantumParadoxQ
    resolved! Issue was the following I corrected a few things on your config: Your Outbound NAT configuration was malformed. I corrected it to utilize Hybrid mode and configured a single Outbound NAT for your Wireguard connection, which should be much cleaner. I updated your routing table to be Automatic and switched to Policy-based routing within the firewall rules under Firewall --> Rules --> LAN I updated the name of the interface for the Wireguard tunnel to be called TORGUARD and set the MSS clamping to 1350. This can probably be bumped back up to 1400, but I wanted to make sure the clamping was small enough to avoid fragmentation. I cleaned up some redundant firewall rules and a few other "odds and ends".
Log in to post
Load new posts
  • E

    Bacula-fd looks in the wrong path for config file

    1
    0 Votes
    1 Posts
    754 Views
    No one has replied
  • E

    Reverse Proxy RPCoverHttp Exchange 2013

    8
    0 Votes
    8 Posts
    4k Views
    E
    Thanks to keyser, we have try it in our environmet. And HAproxy works for us to.
  • I

    SquidGuard XMLRPC page edit

    3
    0 Votes
    3 Posts
    1k Views
    I
    Editing this page is impirtant for me. firstly i need to edit this file.
  • P

    Snort 2.9.6.0 - Alerts not being logged

    20
    0 Votes
    20 Posts
    4k Views
    bmeeksB
    @priller: @priller: I then went back and tried to reproduce the original problem by removing the IP Blacklist while still having IP REP enable.  Not only could I not reproduce it, but I kept getting 'packets blacklisted' blocks and alerts without having the blacklist selected Ops, never mind, I was clicking around too fast.  Adding the blacklist to the interface 'sticks' without hitting Save, meaning you can leave the interface configuration and when you come back it is still there. You can be 'tricked' into thinking it is doing something. Only when you hit Save does it trigger the interface config reload. Same for when you remove a list. This behavior could have unintended consequences for the user.  You continue to see a given blacklist applied (or removed), but it is not doing anything. (Got'a protect dummy users from themselves!  :o ) You're right.  Did not think about that.  I will update it so changing a blacklist or whitelist does the restart. Bill
  • E

    Snort – Openssl-Heartbleed bug (CVE-2014-0160)

    16
    0 Votes
    16 Posts
    4k Views
    E
    Hi, following the steps to reproduce and bypass Snort: downloaded this script to test the vulnerability (and dump the memory) of the buggy pfsense –> https://gist.githubusercontent.com/sh1n0b1/10100394/raw/4f24ff250124a03ad2d3d6010b6402c3a483d2f3/ssltest.py the attacker runs the script (meanwhile the administrator of the pfsense is logged in from his browser); in the dump file is stored the session ID of the admin's session. 3)at this point, after the dump has occurred, Snort has recognised the attack and blocks the source ip. used a cookie editor (for example cookies manager+ from firefox addons) and create a custom cookie with the session ID extracted before. 5)now if we change the source ip (cell. tethering or using tor if can't change external ip) using the new cookies you will be able to Hijacking the session. However, for open source projects like this i think we should always see the cup half full( italian proverb :D), it's already so much what Snort does for the cost of 0. Edoardo
  • B

    Varnish - reverse proxy - backends order error

    6
    0 Votes
    6 Posts
    2k Views
    B
    Okay, so I reinstalled the varnish3 package, but I got this error in logs: php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/varnish.sh' returned exit code '2', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Message from VCC-compiler: Reference to unknown backend 'BACKEND' at ('input' Line 34 Pos 28) .backend = BACKEND; –-------------------------#######- In director specification starting at: ('input' Line 32 Pos 1) director LBD01 round-robin { ########-------------------- Running VCC-compiler failed, exit 1 VCL compilation failed' I give up this package in my point of view is very alpha.
  • belleraB

    [SOLVED] squidclient

    5
    0 Votes
    5 Posts
    8k Views
    belleraB
    Sticky thread about Monitor Squid Status, https://forum.pfsense.org/index.php?topic=28835.0
  • H

    Web cache server is not working for me

    2
    0 Votes
    2 Posts
    693 Views
    belleraB
    pfSense version? Package version do you want to install? There are different squid package versions. LAN/WAN scenario? (One LAN or more, one WAN or more?).
  • A

    Firewall Rule, Squid and Squidguard

    6
    0 Votes
    6 Posts
    3k Views
    belleraB
    Yes, whitelists go before blacklists. That's all. If you need to do something like !block_bad_words filter_some_domains !block_with_big_black_lists you can see a trick at https://forum.pfsense.org/index.php?topic=73759.msg404261#msg404261
  • BBcan177B

    Snort IPrep

    15
    0 Votes
    15 Posts
    4k Views
    bmeeksB
    @BBcan17: @bmeeks: @BBcan17: I noticed this in the Blocked log? Not sure how that got added? I check the blocklist and its not there. 224 255.255.255.255 (spp_reputation) packets blacklisted - 04/15/14-13:10:56                               (portscan) UDP Filtered Portsweep - 04/15/14-10:19:22 Obviously it was a broadcast.  Could be a bug in the IP REP preprocessor code within Snort itself.  Done improperly, a test of a broadcast address could seem to match any IP address.  All the GUI package code does is set a handful of snort.conf parameters for the preprocessor. I guess add that to the Whitelst? Nah…I wouldn't bother.  You generally don't care if a broadcast is blocked because that is all subnet localized anyway.
  • T

    Prevent snort from blocking particular websites

    2
    0 Votes
    2 Posts
    2k Views
    bmeeksB
    @thelongdivider: The title says it all.  Whenever snort is enable even the most popular websites like amazon and newegg are blocked by snort, as well as a couple of less common websites that are important to me.  Is there any way to unblock these sites on a website to website basis? Welcome to the world of false positives.  It happens with all IDS systems.  You need to examine the alerts, and if you trust the web site and are sure it is a false positive, you have two options: (1) suppress the alert or (2) add the host to a Pass List.  Here are some links to the Documentation Wiki with some details on each method. https://doc.pfsense.org/index.php/Snort_suppress_list https://doc.pfsense.org/index.php/Snort_passlist There is also a long thread here in the Packages forum containing known false positives and the corresponding Suppress List entries for them.  Here is a link to that thread: https://forum.pfsense.org/index.php?topic=64674.0 Bill
  • I

    Snort: Alerts in the suppress list still visible in logg

    15
    1 Votes
    15 Posts
    4k Views
    P
    @BBcan17: @Priller, Did you try to re-install Snort? Or a De-install and re-install (Make sure the Checkbox is click to keep settings after deinstall) My bad for hijacking the original Snort problem reported.  Snort is working fine for me, it's Suricata that is exhibiting the identical problem that the OP reported with Snort. So, for Suricata, yes I did try a de-install and re-install.  I performed that both keeping the config … and also a total removed and rebuilt the config by hand.
  • ?

    Upgraded pfSense 2.1 with Quagga OSPF, exiting on signal 6

    6
    0 Votes
    6 Posts
    2k Views
    N
    Looks like the dead timer is doing it (40s default), although it gets the hello messages quite regularly: 08:37:50.196698 IP x.x.x.244 > 224.0.0.5: OSPFv2, Hello, length 68 08:37:59.869506 IP x.x.x.244 > 224.0.0.5: OSPFv2, Hello, length 68 08:38:09.148189 IP x.x.x.244 > 224.0.0.5: OSPFv2, Hello, length 68 08:38:18.830889 IP x.x.x.244 > 224.0.0.5: OSPFv2, Hello, length 68
  • S

    Cannot Install OpenVPN Client Export Utililty

    6
    0 Votes
    6 Posts
    2k Views
    S
    Thanks jimp!  That worked!
  • F

    Squidguard + SSL error page

    5
    0 Votes
    5 Posts
    2k Views
    belleraB
    @mendilli: if you want error page to bee seen for https sites, you should use squid3-dev with https transparent option As @mendilli said, you need squid3-dev + squidGuard+squid3 for SSL Bump (SSL interception). Steps (in Spanish), use translate.google.com https://forum.pfsense.org/index.php?topic=73007.msg402349#msg402349 https://forum.pfsense.org/index.php?topic=73740.0
  • A

    Squid3-dev 3.3.10 pkg 2.2.2 failed to start after upgrading

    2
    0 Votes
    2 Posts
    1k Views
    belleraB
    I saw strange numbers in this case: https://forum.pfsense.org/index.php?topic=74567.0 Look for interfaces activated at your squid3-dev And look for this reported bug, https://forum.pfsense.org/index.php?topic=62256.msg407762#msg407762
  • J

    Free Radius + Captive Portal No valid RADIUS responses received

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    Zebedee

    1
    0 Votes
    1 Posts
    649 Views
    No one has replied
  • O

    DansGuardian AD Groups

    2
    0 Votes
    2 Posts
    1k Views
    O
    Anyone?
  • A

    Upgrade causes snort to enable barnyard (Snort 2.9.5.6 pkg v3.0.6)

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @adam65535: Upgrade of the primary… Now the primary has barnyard enabled for both LAN and WAN too.  Not sure what is causing this.  Not a big deal though.  I just disabled it on the primary for both instances and the backup server got the synced snort config and is disabled there now too. There was a little logic error I introduced into the Barnyard2 migration code that migrates old settings into the new format to support the enhanced output plugins.  I was keying off only one of two parameter that must BOTH be true for Barnyard to have been enabled under the old config.  As a consequence of only looking at one and not both, the migration script was turning on Barnyard2 if it had ever been enabled in the past on an interface. I am fixing that for future upgrades, but for this one the damage is sort of done.  Thankfully it's not a fatal thing.  Just disable Barnyard2 on the interface again and save the update. There are some problems with updating synced pairs with sync still on.  I recommend turning off sync, upgrading all the machines to the same version, then re-enable sync. Bill
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.