Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB

    I saw where the Netgate kernel developer updated the Suricata package in the pfSense 25.07 development branch to work with the new kernel PPPoE driver. But so far as I know that updated package has not been migrated to 2.8 CE.

    Here is the commit into the DEVEL branch: https://github.com/pfsense/FreeBSD-ports/commit/68a06b3a33c690042b61fb4ccfe96f3138e83b72.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    johnpozJ

    @MacUsers

    https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation

    edit: oh you prob out of luck

    You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates.

    the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    88 Topics
    573 Posts
    luckman212L

    For 25.07 RC, this worked for me (run sh first)

    [25.07-RC][root@r1.lan]/root: sh # export IGNORE_OSVERSION=yes # pkg add https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.84.2.pkg # service tailscaled restart # tailscale up # tailscale version 1.84.2 go version: go1.24.4 # tailscaled -version 1.84.2 go version: go1.24.4
  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

  • Help - Web Filtering with SquidGuard

    5
    0 Votes
    5 Posts
    3k Views
    N

    @virtualliquid

    squid and squidguard installation is a bit tricky and it depends on what pfsense version you are working:

    pfsense 2.0.x
    squidguard package contains squid2.7 binaries. So if you want to run squid2.7 package and squidguard package all works with a simple installation.

    if you want to have squid3 running with squidguard you need to do this:
    1.) install squid3
    2.) install squidguard (which unfortunately installs squid2 over squid3)
    3.) reinstall squid3 package
    Done.

    On pfsense 2.1 there is a new squidguard-squid3 package. This is squidguard with squid3 binaries.
    So you just need:
    1.) install squid3
    2.) install squidguard-squid3
    Done.

    Hopefully this will help you.

    PS: As far as I know on squid3 the squidguard process only starts when needed and the service is stopped when not needed.

  • Packages not available

    4
    0 Votes
    4 Posts
    2k Views
    P

    Checking for package installation…
    Downloading http://files.pfsense.org/packages/amd64/8/All/p7zip-9.20.1.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/p7zip-9.20.1.tbz.
    of p7zip-9.20.1 failed!

    The first link at files.pfsense.org is the one that should work. The second link is a fallback that used to happen for things that were not stored on files.pfsense.org - but nowadays I believe all package files should be in place on files.pfsense.org
    I can browse to files.pfsense.org and see file and directory listings. If I click on your files.pfsense.org link from my browser it happily downloads the p7zip file, and installing from my pfSense test system works fine. So there is some issue with your system resolving files.pfsense.org

  • System Patches - auto-apply patch does not work…

    6
    0 Votes
    6 Posts
    3k Views
    jimpJ

    I never could reproduce this. It always applied at boot for me post-upgrade.

    That said, given the problem you hit with another issue, I tried delcaring the variables global before defining them in the patches package include file. Upgrade the package, and then see if it works after the next firmware update.

  • Bsnmp-regex

    5
    0 Votes
    5 Posts
    2k Views
    A

    It looks like the regex module needs some custom bsnmpd.conf lines for it to work.
    regexConfig
    regexSocket

    As you can see above it also needs local file UNIX domain socket created which also means you have to have something sending data to that socket.  This is more complex than I expected.  I assumed you could have bsnmpd run external scripts to get data kind of like net-snmpd.  My main goal was to get critical things like gmirror status.

    OPTIONS     To activate the bsnmp-regex module you must load the module in     /etc/snmpd.config and configure the location for the UNIX socket and     bsnmp-regex.conf(5) file. See the examples section below.     regexConfig                 The location of the bsnmp-regex.conf(5) file. This option must                 be specified.     regexSocket                 The location of the UNIX socket on which this module will                 listen for logs or text to match. EXAMPLES     For a simple bsnmp-regex configuration add the following to     /etc/snmpd.config:           begemotSnmpdModulePath."regex" = "/usr/local/lib/snmp_regex.so"           %regex           regexConfig = "/usr/local/etc/bsnmp-regex.conf"           regexSocket = "/var/run/bsnmp-regex.sock"
  • LoadBalancer with state failover to backup firewall

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    Someone more familiar with the packages like haproxy, varnish, mod_proxy, etc, would need to comment on whether or not it's technically possible with the software (outside of our GUI). If it is, someone could potentially add it.

    In the meantime, relayd does tend to do a decent job.

  • Squidguard crashed pfsense

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Snort 2.9.4.6 pkg v. 2.5.9 starting disabled on interface

    8
    0 Votes
    8 Posts
    3k Views
    C

    Yep - that seems fine now, snort starts up enabled as expected - thanks again.

    I think those kids will just do an end run around you again.

    You're probably right. I'll see what can be done.

    Perhaps your first suggestion might work  :'(

  • Squid & SquidGuard won't start on pfSense 2.0.3

    11
    0 Votes
    11 Posts
    12k Views
    T

    @jimp:

    It's apparently still missing files.

    Remove all traces of squid and squidGuard from System > Packages.

    From the shell:
    pkg_delete *squid*

    Then reinstall what you want.

    It worked :) thank you!

  • After rule update, snort just stopped

    3
    0 Votes
    3 Posts
    2k Views
    M

    @maex:

    Usually what fixed situations like these for me: uninstall the snort package (keeping settings - a option in pfsense snort interface)) - then reinstall.
    Wait until it is done!
    In my experience DONE is not necessarily the same as what the web-gui says.  If you use a lot of rules the web-gui tells you the update or install is done. But if you watch top you will realize that processes snort and package_reload (or so) may run very actively for a couple of minutes longer than that. My best practice: don't touch the web-gui while these processes finish the update.

    But I also have to say that I ran into these issues mostly when RAM was low. Never had these problems since I have 8GBs of RAM. Snort uses around 2,3 GB running, and 3-4 GBs while loading.

    If above situation did not work for me - uninstall the snort package but also REMOVE settings - then reinstall and setup your interfaces and rules.

    Thanks for your reply, Maex  ;D

    I think mine was another problem, some sort of error in the official VRT-rules. Since after there was another rule update, Snort suddenly worked again.

  • Bandwidthd not seeing P2P traffic

    5
    0 Votes
    5 Posts
    3k Views
    N

    Ok, so I did understand correctly.  Unfortunately, that doesn't really help me :P.  My biggest use for bandwidthd is trying to identify computers running P2P software on the network, and I was hoping bandwidthd would do some deep state inspection or something to identify P2P.  Fortunately, almost all P2P traffic is UDP, so I can pinpoint it that way.

    Now that I think about it, a combination of nmap, snort, and bandwidthd should give me exactly what I need.

  • Squid3 integration with CISCO WCCP through GRE tunnel - HELP needed!!!

    2
    0 Votes
    2 Posts
    4k Views
    R

    Hi All found this article - http://fakrul.wordpress.com/2008/12/11/transparent-squid-proxy-server-with-wccp-support/#comment-1754

    It seems we have to recompile the kernel to implement this…  :o

  • Squid filtering https

    7
    0 Votes
    7 Posts
    2k Views
    J

    is it possible to use this as solution
    http://linuxlabz.blogspot.com/2012/05/https-traffic-block-in-squid-26.html

    is there way to forward all inside traffic over port :443 to port :3128?

  • Snort - Host Attributes Table - inlcude pfsense interfaces as hosts?

    7
    0 Votes
    7 Posts
    2k Views
    M

    Thanks!

  • Conceptually: how do these packages 'hang' together?

    2
    0 Votes
    2 Posts
    1k Views
    M

    Very basic(!) overview:

    pfsense = Firewall … blocks external connections
    Pfblocker = Blocks countries and IP ranges you don't want to connect
    Snort = Intrusion Detection System
    Squidguard = SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid (which is not on your list, but required for squidguard!)

    They all don't "feed" data into core - they all check traffic in different ways. You need to learn of all them if you want to understand their configuration and fit to your needs.

    Set them up in the order I specified above. After you box is up and running including snort start to learn about proxies (squid).

  • HAVP Proxy timeout

    5
    0 Votes
    5 Posts
    2k Views
    S

    up

  • Squid Rever proxy block Exchange 2013 ECP

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Package to use pfsense as a NAS/Torrent client end repository

    3
    0 Votes
    3 Posts
    23k Views
    F

    Thanks!

  • Openvpn/pfblocker client package (re) install failure

    2
    0 Votes
    2 Posts
    2k Views
    I

    I was able to uninstall the openvpn client package, but when it got to the pfblocker package uninstall I see a similar error leaving me no way to remove pfblocker.  Is there a manual way to remove a package?  I imagine I could remove it from the packages section in config.xml and find all the relevant files but where are they all?

    error messages:

    Beginning package installation. Removing package... Removing pfBlocker components... Tabs items... done. Menu items... done. Loading package instructions...

    … and at the bottom of the page:

    Warning: Unterminated comment starting line 719 in /usr/local/pkg/pfblocker.inc on line 719 Parse error: syntax error, unexpected $end in /usr/local/pkg/pfblocker.inc on line 719
  • CP+ProxyServer(SSL with remote cache)

    3
    0 Votes
    3 Posts
    2k Views
    R

    Ok. Noted.

  • Postfix: outgoing only smtp for trusted networks (as smart host)

    3
    0 Votes
    3 Posts
    2k Views
    M

    that was the right starting point. thanks for the hint

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.