Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.
  4k Topics

  21k Posts

  J

  @jucelio_rosa Squid has been updated upstream were just waiting for it to be merged here. All the issues security concerns etc have been fixed upstream. Per email from Squid community.. "The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-7.3 release! This release is, we believe, stable enough for general production use. We encourage all users of any previous version of Squid to upgrade to it. It can be downloaded from GitHub, at https://github.com/squid-cache/squid/releases/tag/SQUID_7_3 The main change since version 7.2 is the fix for regression bug 5520 "host or domain with leading digits rejected with ERR_INVALID_URL", along with a handful of other improvements and fixes. Please remember to run "squid -k parse" when testing the upgrade to a new version of Squid. It will audit your configuration files and report any identifiable issues the new release will have in your installation before you "press go". If you encounter any issues with this release please file a bug report at https://bugs.squid-cache.org/" This software works so good big tech hates when its used...HATES it it's light a giant flashlight on privacy abuses, it like gives Google a heart attack when its running so I assume it will be updated here eventually
• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.
  2k Topics

  16k Posts

  D

  Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara
• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.
  573 Topics

  3k Posts

  D

  @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.
• pfBlockerNG

  Discussions about the pfBlockerNG package
  3k Topics

  20k Posts

  T

  @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.
• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense
  102 Topics

  3k Posts

  D

  @fjmp24 Welcome
• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense
  503 Topics

  3k Posts

  M

  I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?
• FRR

  Discussions about the FRR Dynamic Routing package on pfSense
  296 Topics

  1k Posts

  C

  This one has been tricky still not sure what to try. Any ideas?
• Tailscale

  Discussions about the Tailscale package
  93 Topics

  654 Posts

  C

  @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.
• WireGuard

  Discussions about WireGuard
  715 Topics

  4k Posts

  A

  Hi again @patient0, Sorry to bother, already added but still the same issue. [image: 1762785278179-0c2b7578-b3d2-481e-9804-2c7cd634a2e2-image.png] Laptop can ping the server in the pfsense network but not the Wireguard [image: 1762785316328-f4f57aeb-7c80-407c-a0b4-ba74bffb0714-image.png] [image: 1762785345259-7c6ef05c-9b95-4efb-9537-25772867ad7e-image.png] Also, Server cannot ping the laptop but can ping the wireguard: [image: 1762785528200-ddfceaf9-4883-4190-840d-a3e31e522e47-image.png] Any more suggestions? Thank you,