1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @KOM Good morning. The goal is to keep Pfsense and have another proxy option in case Squid really doesn't work anymore (from what I've researched, Squid has been discontinued).

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    644 Posts
    C
    @elvisimprsntr Thank you. I would not be surprised if I ended up with a lengthy solution that works but needs significant improvement. I am using a Netgate 6100 with pfSense+, starting with version 24.x. I had updated Tailscale without trouble per this discussion by using pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-x.y.z.pkg. This worked until pfSense+ version 25.0.07 (FreeBSD 15-CURRENT) and Tailscale upgrade 1.88.3. After several attempts and web searches, I was only able to install that upgrade by using: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.88.3.pkg, and then IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.88.3.pkg. Then, I could not restart Tailscale, no matter what I tried, including the sequence: service tailscaled stop, tailscale logout, service tailscaled start, and then tailscale up.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • F

    Snort GPLv2 community rules expected MD5 checksum blank.

    11
    0 Votes
    11 Posts
    5k Views
    bmeeksB
    @gregg1ep00: You're right, I just looked and it downloaded.  Must have been a hiccup. Thanks so much for the quick response.  Sorry it ended up being nothing (but then again, very glad it was nothing).  ;D I tried to make the newest rules update code as robust as possible.  It will try 4 times, with a 15-second pause in between each try, before it gives up completely and bails on any given ruleset to move on to the next one.  The idea was to get past any temporary Internet glitches.  Of course if the site is unavailable for more than 60 seconds, those rules will not download until the next scheduled update. Bill
  • A

    Unbound 1.4.21_0

    6
    0 Votes
    6 Posts
    2k Views
    D
    wagonza fixed this yesterday.
  • B

    Cachemgr.cgi???

    6
    0 Votes
    6 Posts
    3k Views
    B
    @Nachtfalke: The ACL part you did I just added on GUI squid –> Access Control --> External Cache-Managers There I added just an IP address of one of my VLAN interfaces (LAN site). unfortunately, squid 3.x GUI does not have a 'External Cache-Managers ACL' under squid GUI –> ACLs Or maybe I am just blind and cannot see it  :) Then I will be prompted for username - which is admin - an my password myVerySecretMasswordForUserAdmin Not sure but if you do not use any password then it could be possible for someone from your LAN to check the cachmgr.cgi which probably should not be possible. On my network, pfSense webConfigurator is only accessible if you are in the "management" network… clients on the lan have to tunnel through VPN to access the management network and I am the only user allowed to get there... of course, I should probably set a password because "you never know"tm I will look into it. Thanks. -bu
  • S

    Help for FreeRADIUS2!!!

    2
    0 Votes
    2 Posts
    857 Views
    N
    https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package
  • M

    First time squid enable, no hits

    18
    0 Votes
    18 Posts
    16k Views
    marcellocM
    @nesense: I have no idea why dynamic caching doesn't work in squid 3 on pfsense when the options has been there for years… obviously no one gives a sh*t about this when you issue a bug report. As I told when I've pushed it to package. These config are based on squid wiki. If you want to help, test and/or find a working free video cache squid config. This way I can do my best to include it on squid3-dev config.
  • P

    PfBlocker firewall rule order clarification

    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    @pfNeo: @marcelloc: Do you have proxy configured on this server? Actually, yes! Change rule action to alias only and create these rules on floating tab. Other way to do this is to block it on proxy acls based on site name.
  • P

    Sarg on PFSense 2.1 - View graphical results on embedded (Nanobsd)

    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    I've updated the package to include these changes with no version bump.
  • H

    SNORT - FATAL ERROR! Unable to process the IP address:

    8
    0 Votes
    8 Posts
    7k Views
    bmeeksB
    @Nadrek: That's a limitation indeed - would it be possible for the GUI to detect (parse the system log, perhaps) a failure to start SNORT, figure out which ruleset it was, and then change the snort.conf file to disable that ruleset while recording the hash of it, and when the hash changes, re-enable and then process normally (including, again, the disable on crash due to ruleset)? No, the GUI can't do this except during manual rule updates.  See, the GUI code is not even running once you leave the Snort menus.  All those web page sessions in the GUI are essentially stateless.  When you exit the page or browse to another menu, that former PHP GUI process shuts down.  The automatic rule updates are done entirely via a cron job.  Trying to figure out which rule failed is a big effort.  I just don't think that is practical.  After all, this problem with a corrupted rules file has only happened once in the year I have been quasi-maintaining the Snort package. A better solution is for someone to create a service monitoring package for pfSense.  You could load it with the services you want monitored, and then on some interval it could canvass the running processes (services) to see what is and is not running.  It could either attempt a restart of dead services, or raise an alert or alarm if one won't restart.  Maybe something like this exists and I'm just not aware of the package? Bill
  • S

    PfBlocker error

    3
    0 Votes
    3 Posts
    1k Views
    S
    Thanks for directions, found it, fixed it, working :)
  • E

    Squid settings question

    5
    0 Votes
    5 Posts
    2k Views
    M
    I see your point Ecnerwal.  I would hope the author simply misused the word "swap" for "cache".  Your right, there generally isn't any swapping going on in a cache.  Operates more like a FIFO, in the case of Squid, a conditional or rules based FIFO.  I don't swap anything to my SSD either, use RAM for all I can except the occasional logging on a 4 hr interval.
  • S

    Snort kills routing to specific domains!

    6
    0 Votes
    6 Posts
    2k Views
    S
    Pfsense 2.0.3 and Snort 2.9.4.6 pkg v. 2.6.0 :) I used the affected machines earlier today and suddenly it rendered the subdomain useless on all ports. Main domain was fine and even other subdomains worked. I rebooted and it worked fine for a couple of minutes and then the affected subdomain was unreachable. Disable snort and a reboot, then it came on fine again. Then I got the dce_iface error and disabled the preproc. and it has been running since…
  • perikoP

    Sarg segment fault pf 2.1 i386

    1
    0 Votes
    1 Posts
    861 Views
    No one has replied
  • M

    Dansguardian can work with multiples groups filtering by IP?

    3
    0 Votes
    3 Posts
    1k Views
    M
    That did it for me at least. Thank you!
  • R

    Varnish 3

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    Please start bandwidthd to populate this directory

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    GruensFroeschliG
    Reported by marceloviana on Yesterday at 16:31:18. They left the following message: I used this line in console for resolved: /usr/pbi/bandwidthd-amd64/bandwidthd/bandwidthd
  • F

    Havp - No such file or directory

    4
    0 Votes
    4 Posts
    3k Views
    F
    Is there a way to know what the problem Without making changes Because I do not understand it and do not want to ruin Is the link I added to the previous message can be a solution ?
  • M

    Snort download blocked hosts = empty tar.gz?

    7
    0 Votes
    7 Posts
    2k Views
    M
    Thank you Bmeeks  ;D
  • M

    Troubles with squid and https

    4
    0 Votes
    4 Posts
    5k Views
    M
    Wow wow! Breaking my mind  :o! FYI I didn't try squid3-dev yet, was doing some tests with actual squid… Figure out that I can actually reach https://www.google.fr make search but can reach gmail or google.com.. I think my squid is possessed and making fun of me.
  • perikoP

    Pf 2.0.3 squid 2.7.x squidGuard custom not sync correctly

    3
    0 Votes
    3 Posts
    1k Views
    perikoP
    Thanks marcelloc.
  • P

    Snort alerting on deselected category

    10
    0 Votes
    10 Posts
    4k Views
    P
    Wow … Thanks much!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.