1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    E
    I even tried deleting and creating a new certificate. Any suggestions?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    It was all CVE fixes in the PHP GUI part of the package. See the Redmine ticket here: https://redmine.pfsense.org/issues/16414.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    572 Topics
    3k Posts
    keyserK
    @Antibiotic No it’s not possible with NtopNG as it is not a Netflow collector. You need nProbe for that which will “translate” recieved netflows into flows that NtopNG understands and can visualize (with very very little detail might I add as Netflows has no additonal information apart from sender/reciever and volume). The NtopNG package and the product in general is more geared towards visualising and recording traffic details from actual packet captures. This contains MUCH more metadata about the sessions than netflows (DNS names, protocol information and myriads of other things). But pffSense Plus has a builtin Netflow exporter if you have an external netflow collector on hand.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    V
    @Gertjan Thanks for your reply – that’s also my impression. The point is: I don’t really see any lists right now that are actually “maintained” in the sense of being actively cleaned up, checked for dead domains, categorized, etc. That’s why my main interest is more about the demand: Would curated lists really be a game changer for admins? Would they be more helpful than what’s available today, or are most people already using other alternatives? If so, which ones? And from your perspective, what would be your expectation towards “community lists”? (e.g. reliability, update frequency, categories, fewer false positives?)

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    501 Topics
    3k Posts
    A
    Hi, Please help to forward / report the bugs in ACME 1.0 package. Thanks.

  • Discussions about the FRR Dynamic Routing package on pfSense

    295 Topics
    1k Posts
    J
    Anyone else happen to notice that when configuring BFD, if you create a peer and select a profile - after save, re-edit the peer and the Profile is not represented. It appears as "None". You have to check the raw config to determine if the profile was actually assigned to the peer. This is on 2.8.1 (all packages up to date as of the date/time of this post). UPDATE: if re-edit and save (without re-configuring the profile none to what you want) - the save will strip the profile from the peer.

  • Discussions about the Tailscale package

    91 Topics
    611 Posts
    T
    Hi All, I use HAProxy to redirect to a range of https internal resources, this works really well at the moment through the WAN where I have source limits set up, and I can connect to the internal resources from limited external IP Addresses. Given I have tailscale I would like to basically be able to put custom dns entries in to point these hostnames to my pfsense tailscale IP4 address (100.89.148.118) but I am not having any luck getting this working. At the moment, I am just trying to connect to HAProxy using https://100.89.148.118 but it is getting blocked by the firewall. Sep 11 11:55:58 tailscale0 Default deny rule IPv4 (1000000103) 100.89.148.10:53148 100.89.148.118:443 TCP:S I have tried with and without NAT redirecting internally to 127.0.0.1, and I also have rules set up to allow any traffic to and from my tailnets (defined in an alias) but I still keep getting these connections from my other tailscale machines being blocked on the pfsense machine. Can someone give me some pointers on what I am missing because I can see the requests are coming through to the pfsense machine, and in theory the rules should allow it through but I cant see why they don't. I do have tailscale ACL in place, but clearly that is not an issue as the requests are making it through to the firewall. 0/0 B IPv4+6 TCP/UDP TailNets * TailNets * * none Allow across Tailnets 0/0 B IPv4+6 TCP/UDP * * * 443 (HTTPS) * none Allow Tailscale IP4 I also tried adding a EasyRule but because the tailscale0 interface doesn't exist in pfsense it throws an error and won't let me add that rule. Appreciate any help or tips, Cheers.

  • Discussions about WireGuard

    700 Topics
    4k Posts
    Bob.DigB
    @HFADmin If it is no Site2Site-VPN then you don't need any gateways in the first place... If that is true but you want to monitor the connection then you could create dummy-gateways just to ping the remote ip-addresses.
Log in to post
Load new posts
  • sparklyballsS

    Squid dev3 will not install.

    2
    0 Votes
    2 Posts
    2k Views
    P
    Indeed, there are no "tbz" install files for squid-3.3.8 on: http://files.pfsense.org/packages/amd64/8/All/ or http://files.pfsense.org/packages/8/All/ squid-3.3.8 pbi files are there, so the install should work from a 2.1-RC0 system, which uses "pbi". But it won't work from 2.0.3 which needs the "tbz" format install files. The previous squid-3.3.5.tbz files are there in both folders. Hopefully a squid maintaining person will notice this soon and put the files in place!
  • J

    Lightsquid not recording Spotify traffic

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    A transparent squid proxy would only catch HTTP traffic, nothing else. It could be using HTTPS, or a port that isn't HTTP at all inside the client. Isolate a machine running spotify and check the state table and/or packet captures of that system's traffic, see what it is and where it's going.
  • bmeeksB

    Snort Package HOME_NET - Your opinion on its automatic generation

    17
    0 Votes
    17 Posts
    6k Views
    bmeeksB
    @slagr: Is there any reason why alias with URL type could not be used in snort  whitelists ? Well, at the moment the Snort code is only expecting hosts or networks.  I can look at including URLs in the update I'm working on. Bill
  • E

    SquidGuard + SSL certificate for error page served over HTTPS

    2
    0 Votes
    2 Posts
    5k Views
    N
    Hi, if you modify anything on .conf files it will be overwritten. You need to change this in the following two files: /usr/local/pkg/squidguard.inc /usr/local/pkg/squidguard_configuration.inc Further I had some problems in the past to get the sgerror.php page displayed correctly if I have the pfsense webGUI running on https. So probably best would be to first change the .inc file and /or then try without pfsense webGUI on HTTPS but5 revert - for testing - back to http.
  • F

    Help getting started with Avahi

    5
    0 Votes
    5 Posts
    2k Views
    G
    @Fumbles: Does anyone have a newbie friendly, step by step guide on what I need to do to get this working and to test it properly? I remember that I installed it once and that it worked out of the box. There is not much to configure. I don't have it installed anymore.
  • R

    Squid3 proxy on pfsense question. it about error Invalid URL.

    2
    0 Votes
    2 Posts
    1k Views
    R
    Sorry, the upper diagram is not correct.. I modified it as following; [WAN1]–------------------------------[router]–--------------[switch1]–--------[PC1]                                                         |          LAN1                                                         |                                         LAN2        | [WAN2]–-----[pfsense]–-------------[switch2]–---------[PC2]
  • V

    Help - Web Filtering with SquidGuard

    5
    0 Votes
    5 Posts
    3k Views
    N
    @virtualliquid squid and squidguard installation is a bit tricky and it depends on what pfsense version you are working: pfsense 2.0.x squidguard package contains squid2.7 binaries. So if you want to run squid2.7 package and squidguard package all works with a simple installation. if you want to have squid3 running with squidguard you need to do this: 1.) install squid3 2.) install squidguard (which unfortunately installs squid2 over squid3) 3.) reinstall squid3 package Done. On pfsense 2.1 there is a new squidguard-squid3 package. This is squidguard with squid3 binaries. So you just need: 1.) install squid3 2.) install squidguard-squid3 Done. Hopefully this will help you. PS: As far as I know on squid3 the squidguard process only starts when needed and the service is stopped when not needed.
  • R

    Packages not available

    4
    0 Votes
    4 Posts
    2k Views
    P
    Checking for package installation… Downloading http://files.pfsense.org/packages/amd64/8/All/p7zip-9.20.1.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/p7zip-9.20.1.tbz. of p7zip-9.20.1 failed! The first link at files.pfsense.org is the one that should work. The second link is a fallback that used to happen for things that were not stored on files.pfsense.org - but nowadays I believe all package files should be in place on files.pfsense.org I can browse to files.pfsense.org and see file and directory listings. If I click on your files.pfsense.org link from my browser it happily downloads the p7zip file, and installing from my pfSense test system works fine. So there is some issue with your system resolving files.pfsense.org
  • D

    System Patches - auto-apply patch does not work…

    6
    0 Votes
    6 Posts
    3k Views
    jimpJ
    I never could reproduce this. It always applied at boot for me post-upgrade. That said, given the problem you hit with another issue, I tried delcaring the variables global before defining them in the patches package include file. Upgrade the package, and then see if it works after the next firmware update.
  • A

    Bsnmp-regex

    5
    0 Votes
    5 Posts
    2k Views
    A
    It looks like the regex module needs some custom bsnmpd.conf lines for it to work. regexConfig regexSocket As you can see above it also needs local file UNIX domain socket created which also means you have to have something sending data to that socket.  This is more complex than I expected.  I assumed you could have bsnmpd run external scripts to get data kind of like net-snmpd.  My main goal was to get critical things like gmirror status. OPTIONS     To activate the bsnmp-regex module you must load the module in     /etc/snmpd.config and configure the location for the UNIX socket and     bsnmp-regex.conf(5) file. See the examples section below.     regexConfig                 The location of the bsnmp-regex.conf(5) file. This option must                 be specified.     regexSocket                 The location of the UNIX socket on which this module will                 listen for logs or text to match. EXAMPLES     For a simple bsnmp-regex configuration add the following to     /etc/snmpd.config:           begemotSnmpdModulePath."regex" = "/usr/local/lib/snmp_regex.so"           %regex           regexConfig = "/usr/local/etc/bsnmp-regex.conf"           regexSocket = "/var/run/bsnmp-regex.sock"
  • A

    LoadBalancer with state failover to backup firewall

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    Someone more familiar with the packages like haproxy, varnish, mod_proxy, etc, would need to comment on whether or not it's technically possible with the software (outside of our GUI). If it is, someone could potentially add it. In the meantime, relayd does tend to do a decent job.
  • M

    Squidguard crashed pfsense

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    Snort 2.9.4.6 pkg v. 2.5.9 starting disabled on interface

    8
    0 Votes
    8 Posts
    3k Views
    C
    Yep - that seems fine now, snort starts up enabled as expected - thanks again. I think those kids will just do an end run around you again. You're probably right. I'll see what can be done. Perhaps your first suggestion might work  :'(
  • T

    Squid & SquidGuard won't start on pfSense 2.0.3

    11
    0 Votes
    11 Posts
    12k Views
    T
    @jimp: It's apparently still missing files. Remove all traces of squid and squidGuard from System > Packages. From the shell: pkg_delete *squid* Then reinstall what you want. It worked :) thank you!
  • M

    After rule update, snort just stopped

    3
    0 Votes
    3 Posts
    2k Views
    M
    @maex: Usually what fixed situations like these for me: uninstall the snort package (keeping settings - a option in pfsense snort interface)) - then reinstall. Wait until it is done! In my experience DONE is not necessarily the same as what the web-gui says.  If you use a lot of rules the web-gui tells you the update or install is done. But if you watch top you will realize that processes snort and package_reload (or so) may run very actively for a couple of minutes longer than that. My best practice: don't touch the web-gui while these processes finish the update. But I also have to say that I ran into these issues mostly when RAM was low. Never had these problems since I have 8GBs of RAM. Snort uses around 2,3 GB running, and 3-4 GBs while loading. If above situation did not work for me - uninstall the snort package but also REMOVE settings - then reinstall and setup your interfaces and rules. Thanks for your reply, Maex  ;D I think mine was another problem, some sort of error in the official VRT-rules. Since after there was another rule update, Snort suddenly worked again.
  • N

    Bandwidthd not seeing P2P traffic

    5
    0 Votes
    5 Posts
    3k Views
    N
    Ok, so I did understand correctly.  Unfortunately, that doesn't really help me :P.  My biggest use for bandwidthd is trying to identify computers running P2P software on the network, and I was hoping bandwidthd would do some deep state inspection or something to identify P2P.  Fortunately, almost all P2P traffic is UDP, so I can pinpoint it that way. Now that I think about it, a combination of nmap, snort, and bandwidthd should give me exactly what I need.
  • R

    Squid3 integration with CISCO WCCP through GRE tunnel - HELP needed!!!

    2
    0 Votes
    2 Posts
    4k Views
    R
    Hi All found this article - http://fakrul.wordpress.com/2008/12/11/transparent-squid-proxy-server-with-wccp-support/#comment-1754 It seems we have to recompile the kernel to implement this…  :o
  • J

    Squid filtering https

    7
    0 Votes
    7 Posts
    2k Views
    J
    is it possible to use this as solution http://linuxlabz.blogspot.com/2012/05/https-traffic-block-in-squid-26.html is there way to forward all inside traffic over port :443 to port :3128?
  • M

    Snort - Host Attributes Table - inlcude pfsense interfaces as hosts?

    7
    0 Votes
    7 Posts
    2k Views
    M
    Thanks!
  • M

    Conceptually: how do these packages 'hang' together?

    2
    0 Votes
    2 Posts
    1k Views
    M
    Very basic(!) overview: pfsense = Firewall … blocks external connections Pfblocker = Blocks countries and IP ranges you don't want to connect Snort = Intrusion Detection System Squidguard = SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid (which is not on your list, but required for squidguard!) They all don't "feed" data into core - they all check traffic in different ways. You need to learn of all them if you want to understand their configuration and fit to your needs. Set them up in the order I specified above. After you box is up and running including snort start to learn about proxies (squid).
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.