1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    reza3swR

    @Gertjan
    Hello,
    Thank you.
    I had exactly the same issue, and your solution helped me fix it.

    Ask ChatGPT

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    J

    NUT version is 2.8.2_5 (I've already tried reinstalling the package)

    NUT seems to think it can't find the UPS, but usbconfig shows it to be present:

    [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/rc.d: usbconfig ... ugen0.5: <PR1500LCDRT2U UPS Cyber Power System, Inc.> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (2mA) ...

    Below is the console log attempting to start NUT from the command line.

    [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/rc.d: ./nut.sh stop stopping NUT [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/rc.d: ./nut.sh start starting NUT Network UPS Tools - UPS driver controller 2.8.2 Network UPS Tools upsd 2.8.2 fopen /var/db/nut/upsd.pid: No such file or directory Could not find PID file '/var/db/nut/upsd.pid' to see if previous upsd instance is already running! Network UPS Tools - Generic HID driver 0.53 (2.8.2) listening on 127.0.0.1 port 3493 USB communication driver (libusb 1.0) 0.47 listening on ::1 port 3493 Can't connect to UPS [CyberPower-1500] (usbhid-ups-CyberPower-1500): No such file or directory libusb1: Could not open any HID devices: no USB buses found No matching HID UPS found upsnotify: failed to notify about state 4: no notification tech defined, will not spam more about it Driver failed to start (exit status=1) Found 1 UPS defined in ups.conf Network UPS Tools upsmon 2.8.2 kill: No such process UPS: CyberPower-1500 (primary) (power value 1) Using power down flag file /etc/killpower

    Also

    [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/nut: more ups.conf [CyberPower-1500] driver=usbhid-ups port=auto [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/nut: egrep -v '^#' nut.conf MODE=none

    and this, which singles out the usbhid-ups driver as the problem:

    [2.8.0-RELEASE][admin@janus.jhmg.pvt]/usr/local/etc/nut: /usr/local/libexec/nut/usbhid-ups -a CyberPower-1500 Network UPS Tools - Generic HID driver 0.53 (2.8.2) USB communication driver (libusb 1.0) 0.47 libusb1: Could not open any HID devices: no USB buses found No matching HID UPS found upsnotify: failed to notify about state 4: no notification tech defined, will not spam more about it

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J

    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection.

    If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application?

    Thanks.

Log in to post
Load new posts
  • S

    IMspector 20111108 pkg v 0.3.1

    1
    0 Votes
    1 Posts
    594 Views
    No one has replied
  • belleraB

    Squid3-devel installation fails

    4
    0 Votes
    4 Posts
    1k Views
    belleraB

    :-[ :-[ :-[ :-[

    Now, after 15-20 times worked!

    Perhaps because I rebooted the machine before installing a new time?

    :) :) :) :)

  • bmeeksB

    Snort 2.9.5.6 pkg v3.0.4 Update – Release notes and change log

    75
    0 Votes
    75 Posts
    18k Views
    bmeeksB

    @Cino:

    think i found another bug. I have 2 sensors for my WAN, one for blocking and another just for alerting. I've disabled my alerting interface but it still is starting when the service/router is restarted. If I re-save the disabled sensor, it brings it down

    I think I know what the problem is and will fix it in the next release.  I have the new 2.9.6.0 package almost ready.  Thanks for the bug report.

    Bill

  • E

    Squid 3-dev + squidguard issue at restart

    1
    0 Votes
    1 Posts
    888 Views
    No one has replied
  • S

    Huge issue with squid reverse proxy

    1
    0 Votes
    1 Posts
    599 Views
    No one has replied
  • G

    Anxiety-inducing snort alert

    12
    0 Votes
    12 Posts
    4k Views
    C

    Generally speaking, the shellcode signatures tend to trigger a lot of false positives on many networks, so I'd take that one less seriously than the malicious user agent, which is less likely to be a false positive (though certainly not impossible).

  • C

    Packages moved to their own server and HTTPS

    3
    0 Votes
    3 Posts
    1k Views
    C

    v1.2.3 packages are no longer supported, that's almost a 5 year old release now, and 6 releases behind current within a few days when 2.1.1 is released. There isn't any reason you can't upgrade them. That said, ones that worked a couple weeks ago should still work now. We're not intentionally breaking them (yet), but some are broken because they now require PHP 5.

    My first guess is maybe something about those systems is preventing them from fetching files via HTTPS. Go to a command prompt and run:

    fetch https://packages.pfsense.org/packages/config/filer/filer.xml

    see if that succeeds. If not, try:
    fetch http://packages.pfsense.org/packages/config/filer/filer.xml

  • M

    Understanding Squidguard logs and unblocking something

    8
    0 Votes
    8 Posts
    2k Views
    M

    I'm surprised I haven't had many responses yet. Is this because so few people use squid proxy?

    So, in an effort to be proactive I took a packet capture of the 10-15 seconds when my son is logging into the game that seems to have a problem with squid proxy. There are two public ip addresses involved in that transaction, but I don't really know what to do with that information.

    I'm willing to gather additional data if there is someone out there who would be willing to help.

    I realize my issue is not life or death, but I truly want to learn about squid transparent proxy and this is hindering my progress.

    I think it's safe to say I'm being patient. Anyone, please??

  • BBcan177B

    PfBlocker IP Count

    3
    0 Votes
    3 Posts
    973 Views
    BBcan177B

    I already moved four of the large Blacklists to a cron job running a bash script, mapped pfBlocker to a local .txt file which does that process as you so eloquently described.

    Shrunk the list by 50% already.

    I use a remote syslog (ELSA) and it would be nice to have the pfSense syslogs incorporate the Rule that Blocked/Rejected/Passed the event. I heard this might be fixed in 2.2?

    Also having a "hit count" would help this process.

    I have spent alot of time on the Blacklists. Different locations get hit with different attacks. Various lists help to protect different aspects of the network.

    If I had more PHP knowledge I would attempt to write some code to add some more functionality to pfBlocker.

    Convert /32 to /24 as an option per list Deduping based on Primary lists taking precedence Hit Count Log showing completion of list updates Previous IP count, post update IP count .csv and other file format download options (I Fixed that temporarily with a bash Script)
  • D

    Snort adds hosts to blocklist but not blocking traffic

    3
    0 Votes
    3 Posts
    2k Views
    bmeeksB

    @DmitriyTitov:

    Hello!
    I'm new to pfSense and snort and I got a task to block P2P traffic.
    I've installed snort package, downloaded rules and enabled snort-p2p and emerging-p2p rules. I've enabled snort on LAN interface and checked "Block Offenders" and left block "Both" IP addresses. Also I've disabled all "Decoder" and "Preprocessor" rules because I've had IMAP related alerts and don't want to block hosts based on these rules.
    I've started uTorrent BitTorrent client on my workstation and I nstantly had a lot of records at "Alerts" and "Blocked" tab,  but I see that my uTorrent still downloads traffic from the peer that is added to blocked!

    So I have visualy working instant of snort, but it doesn't actualy block traffic. Where to search for answer?

    Thanks in advance!

    Another thing to consider, the automatic "default" whitelist for Snort includes all locally attached networks.  This means, for instance, that your LAN IP addresses will not get blocked even when they generate an alert.  Now if they go out to an external host, that external host should get blocked.  To ensure this happens, though, you must click the KILL STATE checkbox on the Interface Settings tab for the interface running Snort.  Otherwise the initial packet will establish "state" for the connection and all further traffic for that session bypasses the firewall.  So even though Snort might insert a block, if an entry for the session is in the state table, traffic will continue to flow around the block via the open state table entry.  Killing state when inserting a block is how Snort can get around this.  But killing state is a manual choice of the user.

    Bill

  • U

    Sarg not displaying reports

    3
    0 Votes
    3 Posts
    1k Views
    U

    So finally i was able to generate the reports .

    the problem was on configuration ….

    If someone else has the same problem with me ...

    On the general tab select only the American or European format . DO NOT SELECT the weekly On the schedule tab
    You can use the below args …

    TODAY
    -d date +%d/%m/%Y

    YESTERDAY
    -d date -v-1d +%d/%m/%Y

    WEEK AGO
    -d date -v-1w +%d/%m/%Y-date -v-1d +%d/%m/%Y

    MONTH AGO
    -d date -v-1m +01/%m/%Y-date -v-1m +31/%m/%Y

  • K

    TinyDNS (dns-server) package creating incorrect NS records

    1
    0 Votes
    1 Posts
    918 Views
    No one has replied
  • L

    SQUID+HAVP causes frequent disconnects/reconnects for Outlook (office365)

    2
    0 Votes
    2 Posts
    2k Views
    G

    Hi,

    I have the same setup and facing similar issue as Lemb. I've also added the list of IP's and URL's of office 365 provided by Microsoft (http://blogs.technet.com/b/neiljohn/archive/2012/01/26/office-365-proxy-server-exclusion-list-office-365-service-url-s.aspx) to whitelist of HAVP Antivirus, still facing the same issue. Outlook looses connectivity to Exchange server and reconnects very frequently. If HAVP is uninstalled, everything  works fine.

    And Lemb, as I noticed you've posted this issue in December 2013. It's been 3 months that you've faced this issue, have you been able to find a solution or workaround for this issue?

    Please help.
    Thanks & Regards,
    Gautham B

  • Q

    Squid3 w/ SquidGuard3 Transparent Mode

    3
    0 Votes
    3 Posts
    1k Views
    Q

    @loupalladino:

    What is logged in access.log and squidGuard.log when you make the attempt with transparent enabled?

    Hi loupalladino,

    Thanks for the response. Sorry for the delay. I tried checking the logs under:

    /var/squid/logs
    /var/squidGuard/log

    but I do not see any errors in either. Under access.log I do see the requests I've made.

    Also note I tried removing all squid. Even when under pkg_delete and removed anything left behind. Re installed just Squid3 and turned on transparent mode and the problem still exists…

    Thoughts?

    Thanks

  • S

    Squid3-dev update

    11
    0 Votes
    11 Posts
    3k Views
    belleraB

    @marcelloc:

    Some forum users reported that squidguard3 is not working with squid3-dev. I did not had time to test it because I do not use squidguard.

    Working…

    https://forum.pfsense.org/index.php?topic=73640.msg402286#msg402286

    https://forum.pfsense.org/index.php?topic=73740.0 (Spanish Forum)

  • M

    Adding rules through putty

    3
    0 Votes
    3 Posts
    1k Views
    BBcan177B

    Do not edit rules from the Command Line. You can severely break pfSense if you make a mistake. All Snort Rule changes should be made from the Web GUI.

    (Change the WAN to LAN depending what you are trying to achieve)

    Step 1-
    Snort:WAN Interface EDIT:WAN Categories and make sure that ET Policy has a checkbox. If not select and restart the interface.

    Step 2-
    Snort:WAN Interface EDIT:WAN Rules (Select ET Policy Category)

    CTRL-F (search for dropbox to enable the rules that are already defined)

    And enable/disable the rules this way.

    If you want to create a local rule, you would enter the rule

    Snort:WAN Interface EDIT:WAN Rules - Custom.rules

  • S

    HTTPS - Redirection with HAProxy

    4
    0 Votes
    4 Posts
    2k Views
    P

    for https you either need to use mode 'TCP' or use haproxy-devel package and use mode 'https' or use 'http' with ssl offloading and configure certificates on pfSense.

    Only the haproxy-devel package has the more advanced ssl options.

  • M

    Squid3-dev clamav test

    1
    0 Votes
    1 Posts
    985 Views
    No one has replied
  • S

    Pfsense squid proxy, two times of refresh than it works

    2
    0 Votes
    2 Posts
    779 Views
    S

    the solution is to go to pfsense gui -> services -> proxy server -> general and set the "Resolv dns v4 first" checkbox

  • S

    Squid3-dev service failing to start.

    2
    0 Votes
    2 Posts
    964 Views
    marcellocM

    fetch missing libs.

    i386 help thread
    https://forum.pfsense.org/index.php?topic=62256.msg373791#msg373791

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.