Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    573 Posts
    luckman212L

    For 25.07 RC, this worked for me (run sh first)

    [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Dansguardian and Shutterfly

    4
    0 Votes
    4 Posts
    2k Views
    R

    @kejianshi:

    Like I said, the real problem is that it will be hard for me to know when I have a real problem and when its a dansguardian thing

    Understood. There are a few situations where DG can cause problems even when properly setup and configured. In order to solve that issue, I implemented a bypass page. I know DG has it's own bypass capability, but I wanted to make sure DG would be completely out of the flow if I chose to bypass it.

    Here's how it works… When you get blocked, DG presents a web page prompting your for an ID and password. If you enter the correct credentials (currently just check against a text file of user/password), it adds the IP address to a list of "unfiltered" IP's that do not get redirected to DG (via the firewall rules). It then manually force the rules to be reloaded. There is a little cron job that removes the IP from the list 15 minutes later.

  • Darkstat Suggestion

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • OpenBGP multihoming problem with incoming route

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Aliases and snort… still blocking ?

    5
    0 Votes
    5 Posts
    2k Views
    A

    Bill - thanks for your input.  I'll be watching out for the 2.6.0 snort package update as well as dialing in the snort rules.

    Thanks.  Now to whitelist via IP the forum.pfsense.org site…  ;D

  • Postfix forwarder - modify SMTP banner?

    40
    0 Votes
    40 Posts
    13k Views
    M

    you are correct.

  • Pfsense transparent web filter with squad

    5
    0 Votes
    5 Posts
    2k Views
    A

    @jimp:

    You cannot. What you're trying to do is just not possible with pfSense.

    Hi jimp,

    Thx for your replies.Having a network of pcs and a router on the same network please advice me which is the best configuration so as pfsense to be used.I don't need to set it up as a firewall nor as something else. All I need is to install a pfsense appliance between my network and the router so as to have a transparent web filtering without the need of ip changes on my network. Why wan port has to be on different ip rage than nat's ? If it is impossible please advice for the best alternative solution

    thx in advance

    what I'd like :  ROUTER=========PFSENSE/WEBFILTERING============PC
                          192.168.1.1/24========transparent ================.X/24

  • PfBlocker question

    3
    0 Votes
    3 Posts
    1k Views
    S

    Looks like the pfBlocker widget uses the description for matching packet stats,, if the rule does not contain the aliasname matching packets will not add to the widget counters.

  • Lcdproc with ARinfotek TEAK-5020L (or other TEAK appliances)

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Setup URL filtering w/out proxy server

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Trouble with pfsense + dansguardian + sqid3

    27
    0 Votes
    27 Posts
    6k Views
    A

    augh…last try is to reinstall...:\

  • Cannot start Avahi service

    2
    0 Votes
    2 Posts
    2k Views
    E

    Hi!

    Just want to know if you managed to get it going? I'm stuck here with the same error (pfSense 2.0.3), and before I'm about to dig in I thought I should ask first. :-)

  • HAVP \ Wii \ Netflix

    3
    0 Votes
    3 Posts
    2k Views
    T

    I thought about that, however PFSense is sitting between my modem and router as a firewall and does not handle DHCP \ Traffic Shaping. I chose this because the router I am using has a really good QoS and I love the gui that shows real time usage.

    I am going to table this for now. Getting ready to leave town for a while and there is no reason to worry about it until I can get at least one more WAN connection to handle the traffic anyway.

    Thanks for the suggestion.

  • Squid3 - broken tab & non-working state

    5
    0 Votes
    5 Posts
    2k Views
    P

    Hi,

    I run version 2.0.3. Package list doesn't show me "squid3-squidguard" but only "squidGuard".
    Search engine on the whole forum for keyword "squid3-squidguard" brings me only this thread.

    Is their a second repository to configure ? Or should I move to 2.1-RC release ?

    Thanks for the support  ;).

    Phil

  • Dansguardian and clamav

    14
    0 Votes
    14 Posts
    4k Views
    R

    @rjcrowder:

    Would you (or anyone for that matter) be able to give me a quick overview? Or point me in the best place to look to get started?

    so… it looks to me like the problem must be in the install of the clamav package (see /var/db/pkg/clamav-0.97.6). Likewise, I'd conjecture that the problem is based on something that is done via the "+CONTENTS" file... Can anyone give me a clue how this is used / interpreted during the install process?

  • Squid3-dev ssl error on gmail

    3
    0 Votes
    3 Posts
    2k Views
    D
    The following error was encountered while trying to retrieve the URL: https://www.gmail.com/ Failed to establish a secure connection to 173.194.45.85 The system returned: [No Error] (TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH) Certificate does not match domainname: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials. Your cache administrator is admin@localhost.

    but works with https://mail.google.com/mail/

  • 0 Votes
    5 Posts
    3k Views
    K

    I had wondered if it would be possible to build a https site with SSL and wrap it into the package so that when people get blocked it can divert them to a SSL/HTTPS blocking notification page.  The cert wouldn't match the website typed into the browser originally so it would react like most browsers react to a self signed cert but it wouldn't be just "error - sorry" message.

    Just an idea.  I know little about how you packages are constructed, no idea how tough this is.  HTTPS is designed to keep people from being the "Man in the middle", so I feel your pain.

  • Squid3+Squidgard restore problem

    3
    0 Votes
    3 Posts
    4k Views
    marcellocM

    The error was showing squid2 instead of squid3.
    That's why it's was not working.

  • Squid3-dev on 2.0.3

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM

    You may need to enable ipv6 to get squid 3.3.5 listening on 2.0.3 as official package install is compiled with ipv6.

  • XMLRPC sync disturbs tinydns

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • PFSense 2.03 Unable to communicate with www.pfsense.com

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Assuming your routing is otherwise OK, if you have snort enabled, make sure it's not blocking that request. It's quite common for snort + blocking + HTTP preprocessors to block the package XML for one reason or another.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.