Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    A

    @wbmstr2000 : Thanks! I will investigate it, greetings

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    573 Posts
    luckman212L

    For 25.07 RC, this worked for me (run sh first)

    [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • IMspector 20111108 pkg v 0.3.1

    1
    0 Votes
    1 Posts
    593 Views
    No one has replied
  • Squid3-devel installation fails

    4
    0 Votes
    4 Posts
    1k Views
    belleraB

    :-[ :-[ :-[ :-[

    Now, after 15-20 times worked!

    Perhaps because I rebooted the machine before installing a new time?

    :) :) :) :)

  • Snort 2.9.5.6 pkg v3.0.4 Update – Release notes and change log

    75
    0 Votes
    75 Posts
    18k Views
    bmeeksB

    @Cino:

    think i found another bug. I have 2 sensors for my WAN, one for blocking and another just for alerting. I've disabled my alerting interface but it still is starting when the service/router is restarted. If I re-save the disabled sensor, it brings it down

    I think I know what the problem is and will fix it in the next release.  I have the new 2.9.6.0 package almost ready.  Thanks for the bug report.

    Bill

  • Squid 3-dev + squidguard issue at restart

    1
    0 Votes
    1 Posts
    885 Views
    No one has replied
  • Huge issue with squid reverse proxy

    1
    0 Votes
    1 Posts
    597 Views
    No one has replied
  • Anxiety-inducing snort alert

    12
    0 Votes
    12 Posts
    4k Views
    C

    Generally speaking, the shellcode signatures tend to trigger a lot of false positives on many networks, so I'd take that one less seriously than the malicious user agent, which is less likely to be a false positive (though certainly not impossible).

  • Packages moved to their own server and HTTPS

    3
    0 Votes
    3 Posts
    1k Views
    C

    v1.2.3 packages are no longer supported, that's almost a 5 year old release now, and 6 releases behind current within a few days when 2.1.1 is released. There isn't any reason you can't upgrade them. That said, ones that worked a couple weeks ago should still work now. We're not intentionally breaking them (yet), but some are broken because they now require PHP 5.

    My first guess is maybe something about those systems is preventing them from fetching files via HTTPS. Go to a command prompt and run:

    fetch https://packages.pfsense.org/packages/config/filer/filer.xml

    see if that succeeds. If not, try:
    fetch http://packages.pfsense.org/packages/config/filer/filer.xml

  • Understanding Squidguard logs and unblocking something

    8
    0 Votes
    8 Posts
    2k Views
    M

    I'm surprised I haven't had many responses yet. Is this because so few people use squid proxy?

    So, in an effort to be proactive I took a packet capture of the 10-15 seconds when my son is logging into the game that seems to have a problem with squid proxy. There are two public ip addresses involved in that transaction, but I don't really know what to do with that information.

    I'm willing to gather additional data if there is someone out there who would be willing to help.

    I realize my issue is not life or death, but I truly want to learn about squid transparent proxy and this is hindering my progress.

    I think it's safe to say I'm being patient. Anyone, please??

  • PfBlocker IP Count

    3
    0 Votes
    3 Posts
    970 Views
    BBcan177B

    I already moved four of the large Blacklists to a cron job running a bash script, mapped pfBlocker to a local .txt file which does that process as you so eloquently described.

    Shrunk the list by 50% already.

    I use a remote syslog (ELSA) and it would be nice to have the pfSense syslogs incorporate the Rule that Blocked/Rejected/Passed the event. I heard this might be fixed in 2.2?

    Also having a "hit count" would help this process.

    I have spent alot of time on the Blacklists. Different locations get hit with different attacks. Various lists help to protect different aspects of the network.

    If I had more PHP knowledge I would attempt to write some code to add some more functionality to pfBlocker.

    Convert /32 to /24 as an option per list Deduping based on Primary lists taking precedence Hit Count Log showing completion of list updates Previous IP count, post update IP count .csv and other file format download options (I Fixed that temporarily with a bash Script)
  • Snort adds hosts to blocklist but not blocking traffic

    3
    0 Votes
    3 Posts
    2k Views
    bmeeksB

    @DmitriyTitov:

    Hello!
    I'm new to pfSense and snort and I got a task to block P2P traffic.
    I've installed snort package, downloaded rules and enabled snort-p2p and emerging-p2p rules. I've enabled snort on LAN interface and checked "Block Offenders" and left block "Both" IP addresses. Also I've disabled all "Decoder" and "Preprocessor" rules because I've had IMAP related alerts and don't want to block hosts based on these rules.
    I've started uTorrent BitTorrent client on my workstation and I nstantly had a lot of records at "Alerts" and "Blocked" tab,  but I see that my uTorrent still downloads traffic from the peer that is added to blocked!

    So I have visualy working instant of snort, but it doesn't actualy block traffic. Where to search for answer?

    Thanks in advance!

    Another thing to consider, the automatic "default" whitelist for Snort includes all locally attached networks.  This means, for instance, that your LAN IP addresses will not get blocked even when they generate an alert.  Now if they go out to an external host, that external host should get blocked.  To ensure this happens, though, you must click the KILL STATE checkbox on the Interface Settings tab for the interface running Snort.  Otherwise the initial packet will establish "state" for the connection and all further traffic for that session bypasses the firewall.  So even though Snort might insert a block, if an entry for the session is in the state table, traffic will continue to flow around the block via the open state table entry.  Killing state when inserting a block is how Snort can get around this.  But killing state is a manual choice of the user.

    Bill

  • Sarg not displaying reports

    3
    0 Votes
    3 Posts
    994 Views
    U

    So finally i was able to generate the reports .

    the problem was on configuration ….

    If someone else has the same problem with me ...

    On the general tab select only the American or European format . DO NOT SELECT the weekly On the schedule tab
    You can use the below args …

    TODAY
    -d date +%d/%m/%Y

    YESTERDAY
    -d date -v-1d +%d/%m/%Y

    WEEK AGO
    -d date -v-1w +%d/%m/%Y-date -v-1d +%d/%m/%Y

    MONTH AGO
    -d date -v-1m +01/%m/%Y-date -v-1m +31/%m/%Y

  • TinyDNS (dns-server) package creating incorrect NS records

    1
    0 Votes
    1 Posts
    915 Views
    No one has replied
  • SQUID+HAVP causes frequent disconnects/reconnects for Outlook (office365)

    2
    0 Votes
    2 Posts
    2k Views
    G

    Hi,

    I have the same setup and facing similar issue as Lemb. I've also added the list of IP's and URL's of office 365 provided by Microsoft (http://blogs.technet.com/b/neiljohn/archive/2012/01/26/office-365-proxy-server-exclusion-list-office-365-service-url-s.aspx) to whitelist of HAVP Antivirus, still facing the same issue. Outlook looses connectivity to Exchange server and reconnects very frequently. If HAVP is uninstalled, everything  works fine.

    And Lemb, as I noticed you've posted this issue in December 2013. It's been 3 months that you've faced this issue, have you been able to find a solution or workaround for this issue?

    Please help.
    Thanks & Regards,
    Gautham B

  • Squid3 w/ SquidGuard3 Transparent Mode

    3
    0 Votes
    3 Posts
    1k Views
    Q

    @loupalladino:

    What is logged in access.log and squidGuard.log when you make the attempt with transparent enabled?

    Hi loupalladino,

    Thanks for the response. Sorry for the delay. I tried checking the logs under:

    /var/squid/logs
    /var/squidGuard/log

    but I do not see any errors in either. Under access.log I do see the requests I've made.

    Also note I tried removing all squid. Even when under pkg_delete and removed anything left behind. Re installed just Squid3 and turned on transparent mode and the problem still exists…

    Thoughts?

    Thanks

  • Squid3-dev update

    11
    0 Votes
    11 Posts
    3k Views
    belleraB

    @marcelloc:

    Some forum users reported that squidguard3 is not working with squid3-dev. I did not had time to test it because I do not use squidguard.

    Working…

    https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286

    https://forum.pfsense.org/index.php?topic=73740.0 (Spanish Forum)

  • Adding rules through putty

    3
    0 Votes
    3 Posts
    1k Views
    BBcan177B

    Do not edit rules from the Command Line. You can severely break pfSense if you make a mistake. All Snort Rule changes should be made from the Web GUI.

    (Change the WAN to LAN depending what you are trying to achieve)

    Step 1-
    Snort:WAN Interface EDIT:WAN Categories and make sure that ET Policy has a checkbox. If not select and restart the interface.

    Step 2-
    Snort:WAN Interface EDIT:WAN Rules (Select ET Policy Category)

    CTRL-F (search for dropbox to enable the rules that are already defined)

    And enable/disable the rules this way.

    If you want to create a local rule, you would enter the rule

    Snort:WAN Interface EDIT:WAN Rules - Custom.rules

  • HTTPS - Redirection with HAProxy

    4
    0 Votes
    4 Posts
    2k Views
    P

    for https you either need to use mode 'TCP' or use haproxy-devel package and use mode 'https' or use 'http' with ssl offloading and configure certificates on pfSense.

    Only the haproxy-devel package has the more advanced ssl options.

  • Squid3-dev clamav test

    1
    0 Votes
    1 Posts
    980 Views
    No one has replied
  • Pfsense squid proxy, two times of refresh than it works

    2
    0 Votes
    2 Posts
    775 Views
    S

    the solution is to go to pfsense gui -> services -> proxy server -> general and set the "Resolv dns v4 first" checkbox

  • Squid3-dev service failing to start.

    2
    0 Votes
    2 Posts
    957 Views
    marcellocM

    fetch missing libs.

    i386 help thread
    https://forum.pfsense.org/index.php?topic=62256.msg373791#msg373791

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.