1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @KOM Good morning. The goal is to keep Pfsense and have another proxy option in case Squid really doesn't work anymore (from what I've researched, Squid has been discontinued).

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    644 Posts
    C
    @elvisimprsntr Thank you. I would not be surprised if I ended up with a lengthy solution that works but needs significant improvement. I am using a Netgate 6100 with pfSense+, starting with version 24.x. I had updated Tailscale without trouble per this discussion by using pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-x.y.z.pkg. This worked until pfSense+ version 25.0.07 (FreeBSD 15-CURRENT) and Tailscale upgrade 1.88.3. After several attempts and web searches, I was only able to install that upgrade by using: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.88.3.pkg, and then IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.88.3.pkg. Then, I could not restart Tailscale, no matter what I tried, including the sequence: service tailscaled stop, tailscale logout, service tailscaled start, and then tailscale up.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • Y

    Squid IE authentification

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    To use ntlm, you need samba freebsd package installed by hand as it does not have a gui on pfsense.
  • M

    Squid/Lightsquid + Logs

    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    If you don't know how to manage your firewall via console/ssh, just try a package uninstall and reinstall. I've checked  lightsquid code and it does look for squid logs on /var/squid/logs.
  • N

    Snort doesn't generate alerts on 2 interfaces

    15
    0 Votes
    15 Posts
    3k Views
    bmeeksB
    Are these extra WAN interfaces part of a CARP or multi-WAN setup?  Is there perhaps some asymmetrical routing going on? If so, this could trip up Snort as some alerts depend on flowbits set by previous traffic.  If that previous traffic was seen on a "different interface" (as in one of the other WAN pathways), then the alert with that set flowbit dependency would not fire.  Not saying this is your issue, but it is something to be considered. Another possibility, if any asymmetrical routing is happening, is the stream5 preprocessor can fail to correctly reassemble streams if it does not see all of the traffic.  Remember that Snort really runs as totally separate and autonomous processes – one per interface.  So it's basically like having physically separate computers running Snort.  Any weirdness with routing between those multiple WANs could trip up those independent Snort processes. Bill
  • C

    Packages for bandwidth throttling, and inducing packet loss?

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    It's built in, called Limiters. Firewall > Traffic Shaping, Limiters tab. Check the advanced options available there.
  • P

    Snort Pkg 2.6.1 ??

    12
    0 Votes
    12 Posts
    3k Views
    bmeeksB
    I looked into the Shared Memory feature in the Snort binary.  Unfortunately that is only used for Reputation Lists.  These are text files containing blacklist/whitelist IP addresses (one file for each type).  The Shared Memory feature (which it says only works on Linux; don't know specifically about FreeBSD) allows one copy of each Reputation List to be used among a number of Snort instances. So the Shared Memory feature won't work with text rules, and thus would not help with memory overload. Bill
  • J

    Sarg does not automatically generate report

    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    @jdeloach: Edit: "12h" works so I'll leave it at that.  Don't know why "1d" doesn't work. If cron is set to 00:00 it will create an empty log with 1d(you can check with cron package). IIRC, I've changes schedule time on latest package version.
  • A

    Internet access restricts for kids

    9
    0 Votes
    9 Posts
    14k Views
    R
    @Derf: The solution I use to control kid's surfing time is as following: Create an alias named 'Kids' wich contains all the IP adresses of kid's devices (PCs, game consoles, …) Create a schedule named 'AccessDenied' with the denied timeframes Create some rules on the firewall to block/reject any connection to/from 'Kids' during 'AccessDenied' As rjcrowder said, there is plenty of different solutions to achieve what you want to do: you can for example use squidguard (I think the 'SG' you use should mean 'SquidGuard' but doing it that way would only allow you to control the web traffic (HTTP). Using firewall rules and schedules will allow you to block ALL kids traffic (including xbox/playstation/wii, p2p and so on). I do the same thing as Derf for time based access. If you want to keep you kids "safe" while they are surfing, there are a couple of other things that I HIGHLY recommend. 1.) OpenDNS. Gives you a great set of DNS based blacklists and performs well. I just can't see any reason not to use it. 2.) Dansguardian. For dg, I usually download the Shalla blacklists and also use the weighted phraselists. Blacklists are only as good as they are kept up to date and dg phrase checking does a very good job at catching the rest… Something else you might want to condider is turning on Clamav in dg.  It does a great job of realtime virus scanning. However, you will perceive some lag from it - especially when downloading large files.
  • B

    Multiple cache_dirs in squid.conf

    3
    0 Votes
    3 Posts
    2k Views
    B
    Marvelous. Thanks!
  • M

    Best way to manage pfblocker exceptions?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • jimpJ

    MOVED: cache para youtube

    Locked
    1
    0 Votes
    1 Posts
    819 Views
    No one has replied
  • P

    Mod_security always Stopped - 2.1-RELEASE (amd64)

    1
    0 Votes
    1 Posts
    884 Views
    No one has replied
  • M

    Send all clients to mobile sites

    4
    0 Votes
    4 Posts
    1k Views
    M
    Ah it says squid must be built with –enable-http-violation but i see its not in pfsense. Is there a way to rebuild it on pfsense?
  • K

    I need help - HAVP is running, but not checking

    7
    0 Votes
    7 Posts
    3k Views
    K
    @dversg: well, that makes sense. @rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.
  • S

    Pfblock logic

    3
    0 Votes
    3 Posts
    1k Views
    S
    @marcelloc: yes. Just select rule action and it will be placed before your allow rules. Thanks marcelloc!
  • perikoP

    SquidGuard for squid3 issue in tab:Groups.

    4
    0 Votes
    4 Posts
    1k Views
    perikoP
    Yes, what I see is that, I only see this message on a fresh installation, list empty. Once I add 1 and add the 2nd the message disappears.
  • S

    Squid is killing me! Please help. Invalid url and i have already tried google!

    8
    0 Votes
    8 Posts
    10k Views
    S
    Yeah im not sure what to do from here. My next step will be to reinstall pfsense start from scratch.
  • D

    Quagga OSPF to Cisco

    8
    0 Votes
    8 Posts
    7k Views
    D
    Just an update here: I went ahead and moved to new gear and separated out each vlan on it's own interface. Upon firing up OSPF again, the same issue prevails. I get the routes from the Cisco 1811 and shows as "FULL". Doing same 'sh ip route' in the Cisco side and it doesn't see any redistributed routes from the pfsense side. Any ideas?
  • M

    After installing squid3 there is no entry in "services -> proxy server"

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    squid3 installs two menus, proxy server and reverse proxy. I have no idea why it's not working on your install. Can you access it directly? the installation ends without errors?
  • S

    Sarg issues

    9
    0 Votes
    9 Posts
    3k Views
    S
    @marcelloc: Do you have more then one report running simultaneously? Maybe one via cron and other via console? I had some issues with sarg but it was a report reading error(special chars or url size) But I think this bug was present on previous versions. Are your squid logs on default format? marcelloc, No. I have not run any of them. It's a default install. Yes default squid logs. I am also running havp in transparent mode.
  • C

    Problem with Barnyard2

    11
    0 Votes
    11 Posts
    5k Views
    C
    thanks for the replies, served much help
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.