1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    M
    You have several choices depending on budget but none of them will be on your pfsense. Your options will be Replace pfsense with another vendor that can do content filtering Use another service while keeping pfsense in line .

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    N
    @Gertjan said in is something wrong with pfBlockerNG?: "is something wrong with my pfBlockerNG?". First off, thanks for the detail reply. After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. I understand what you are saying & hinting "maybe something is wrong with my settings" - my response is this: Everything was working before i upgraded the pfsense software to " 25.07.1-RELEASE (arm64)" -- Before the update my DNSBL Mode was set as "unbound python mode" and everything worked. Here is my "inference" - something broke in pfBlockerNG after the upgrade and I cannot 100% point to what that setting (my) is? I will observe for some days how this change in DNSBL mode works out and report the findings.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    644 Posts
    C
    @elvisimprsntr Thank you. I would not be surprised if I ended up with a lengthy solution that works but needs significant improvement. I am using a Netgate 6100 with pfSense+, starting with version 24.x. I had updated Tailscale without trouble per this discussion by using pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-x.y.z.pkg. This worked until pfSense+ version 25.0.07 (FreeBSD 15-CURRENT) and Tailscale upgrade 1.88.3. After several attempts and web searches, I was only able to install that upgrade by using: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.88.3.pkg, and then IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.88.3.pkg. Then, I could not restart Tailscale, no matter what I tried, including the sequence: service tailscaled stop, tailscale logout, service tailscaled start, and then tailscale up.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • M

    Ad filtering: in Squid or in Squidguard

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    FreeRadius + Captive Portal Expiration counter

    4
    0 Votes
    4 Posts
    3k Views
    N
    @fsantaana: thansk for the reply nacht. the only problem is that i have some time period (1 hour) where i would need to pause the timer and this is not possible with the voucher. I had read some where you can create modules for the time counter or edit the expiration module with the new calculation. However in my past experience when I edit these modules after I reboot the system it erases my configs and replaces it with the defaults. Also do you know if this would work with the CP on the pfsense? I knwo that on the 2.1 you can have it send custom radius commands. If you need to make changes which should be persitent you should modify the following file: /usr/local/pkg/freeradius.inc Perhaps it could be easier to make a diff from the freeradius.inc original file and the one you modified. Then install the "System Patches" package and as your diff there. Then the patch will be applied after firmware updates or even if you update the package and changes outside of the part you did will not be affected. As I said - I don't know how good and which commands CP sends and if it would be possible.
  • H

    NRPE commands and 2.1 amd64

    2
    0 Votes
    2 Posts
    2k Views
    B
    I know this is old, but it's still an issue. The plugin is looking at /usr/pbi/nrpe-amd64/* as its base, which is different from previous behavior. That could be fine, but, the old paths with the nrpe2.cfg file and the plugins still exist. I just spent a good deal of time trying to figure out why a plugin I put in /usr/local/libexec/nagios was not showing up in the GUI. Probably what should happen is that the old paths for plugins and such should be deleted.
  • ?

    Dansguardian+havp

    6
    0 Votes
    6 Posts
    2k Views
    ?
    thank you rjcrowder, Havp main page and widget, show latest viruses found.  but in dansguardian, you must define report page.
  • S

    Squid reverse proxy and OS X server

    5
    0 Votes
    5 Posts
    2k Views
    S
    Thanks I have a better understanding of the why and maybe for the how I'll manage to keep you posted
  • marcellocM

    Apache-modsecurity-dev 0.2.3

    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    You can push your changes via github. This way I can review and commit to current code. https://github.com/pfsense/pfsense-packages/tree/master/config/apache_mod_security-dev Thanks for your contribution and feedback.
  • G

    Squid - Forward SSL

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    Are you using squid in transparent mode?
  • S

    Squid Cache/Squid Guard and mobile Videos

    1
    0 Votes
    1 Posts
    951 Views
    No one has replied
  • L

    Can squid proxy upstream to socks proxy?

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Postfix blocking "Sender address rejected: Domain not found"

    2
    0 Votes
    2 Posts
    2k Views
    T
    OK.. removed our local DNS server entry, keeping just google servers and it works now. Rob
  • Q

    Dansguardian Block Page

    4
    0 Votes
    4 Posts
    3k Views
    Q
    Hey Marcelloc, Thanks for your response. Not sure why I didnt try the PBI files before. Editing the template file seems to work now. So I am able to display a blank page for blocked content. Any idea why the ads image replacement feature does not work? # Banned image replacement # Images that are banned due to domain/url/etc reasons including those # in the adverts blacklists can be replaced by an image.  This will, # for example, hide images from advert sites and remove broken image # icons from banned domains. # on (default) | off usecustombannedimage = on custombannedimagefile = '/usr/pbi/dansguardian-amd64/share/dansguardian/transparent1x1.gif' #Banned flash replacement usecustombannedflash = on custombannedflashfile = '/usr/pbi/dansguardian-amd64/share/dansguardian/blockedflash.swf' Any help would be great! Cheers!
  • R

    HAVP "Last Viruses" display

    1
    0 Votes
    1 Posts
    905 Views
    No one has replied
  • C

    Dansguardian Remote Logging?

    8
    0 Votes
    8 Posts
    3k Views
    T
    Thank you for merging so quickly :)
  • A

    Squid3-dev: Shared object "libheimntlm.so.10" not found.

    11
    0 Votes
    11 Posts
    13k Views
    F
    @Nachtfalke: If I remember correct this is not a package problem but a squid source problem. It's called sloppy package maintenance.
  • C

    DansGuardian + SSL

    11
    0 Votes
    11 Posts
    15k Views
    P
    Any new or success with this? My current configuration is: HTTP traffic: browser -> DG (8080) -> squid (3128) -> net HTTPS traffic: browser -> squid transparent 443 -> net How to feed DansGuardian after squid SSL man in the middle proxy?
  • F

    Dansguardian startup problems - 2.12.0.3 pkg v.0.1.8 - pfSense 2.1

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    Pfsense 2.1 i386 - squid2 transparent - http (80) performance really bad

    11
    0 Votes
    11 Posts
    4k Views
    N
    My resume: watch "states" and make sure there are no unwanted trafic.
  • M

    Video streaming buffering delays

    10
    0 Votes
    10 Posts
    4k Views
    R
    thanks…  maybe I'll give HAVP another try. If anyone else has tried these settings, please, chime in with your results! Rick
  • G

    Dummies guide to custom squidguard filter page?

    4
    0 Votes
    4 Posts
    2k Views
    N
    I just put in "Access denied for webpage:" I am not good at coding so I searched the forum and found a thread where different people offered their blocked pages. Perhaps searching the forum could help you. I think ist simple php coding. My page looks something like that: http://forum.pfsense.org/index.php/topic,26057.msg207864.html#msg207864
  • P

    Dns-server (djbdns) Maintainer?

    6
    0 Votes
    6 Posts
    2k Views
    jimpJ
    djbdns focuses on security above all else, including separating privileges as much as possible. On pfSense 2.1 you could just bind the DNS Forwarder to port 5353, forward queries to internal interface IPs at localhost:5353, and let tinydns handle the authoritative DNS on 53 for external queries.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.