1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • G

    PfBlocker doesn't come up after update

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    @marcelloc: @Gradius: I need to log into WebGUI and enable it manually everytime I perform an update. Every time pfblocker is uninstalled(during update or not) it's disabled to prevent rules and aliases errors @Gradius: This never happened before 2.0.1 (even on 1.2.3). Pfblocker on 1.2.3??? I did it together with tommyboy only for 2.x or later
  • L

    Too many HAVP processes consume too much memory

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    2.1 with Squid3 - How to reset the config of a deleted package?

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    T
    I want to note that in 2.1, squid3 seems not work with "dynamic content" checked. Thanks for all.
  • F

    Snort Rules Update Problem

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    Yes, indeed I could try out the custom.rules. I have overlooked this feature.
  • M

    Snort Preprocessors block IPs from HOME_NET

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    well thats another problem. the whitelisted ip's are not being blocked, only if you enter a CIDR like 192.168.20.0/24, i had to type all 256 ips into an pfsense alias to prevent my subnet from being blocked (because of blocking "both", dst and src(which can change in some rules)) currently i tuned most of the preprocessors by removing the check marks in the configuration page and entered a different preprocessor configuration in "Advanced configuration pass through". Works very good, but I turned most of the preprocessor alerts to reduce false alerts.
  • A

    Dansguardian service fails to start

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    marcellocM
    @asterix: ok, what would be the pkg_delete command for removing pcre 8.3? yes, maybe with -f .
  • M

    Squidguard ACL problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    Not sure if this is implemented in squidguard GUI of pfsense but have a look here: http://www.squidguard.org/Doc/authentication.html But squidguard GUI allows IP addresses as source and hostnames as source. If you know the hostnames of the users than add these hostnames to a group.
  • J

    [Solved]squid, multi SSL reverse proxy

    Locked
    13
    0 Votes
    13 Posts
    13k Views
    J
    Thank you Marcelloc !!! it's working well now ;)
  • K

    SquidGuard problem

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    N
    After you deleted the blacklists etc. please go to your Group ACL, edit the ACL and check that the targets on your "Target List" is "–-" Do the same on the "Common ACL" tab - set all to "---" and click save. Then on the "General Settings" click save and then Apply. Now all "old" blacklist entries should be removed. But I am sure you want to use squidguard to block something but you need to explain more, what you want to do, provide screenshots and or IPs which should be blocked or allowed and so on so that we can help you to configure squidguard.
  • J

    Squid Allowed Subnets?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    Quickest way is to alter the default access rule. Change http_access deny all to http_access allow all in squid.conf and squid.conf.default Please be sure this is really what you want to do as the proxy will be noticed if you open it up to the internet.
  • R

    Proxy server: Local users

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    R
    that's was my first option, i was just hoping that i could find another way since i just starting to learn php.  it  will take time for me to create this script and i need to find the solution asap.. by the way thanks for your help. another thing, i am wondering regarding the local user of pfsense. there is a local user for system admin - under system: user name and for the web filter which is squid guard it is using local user but i think it is both local user since the username are reside in same server. is it possible to since this users?
  • A

    URLBlacklist (bigblacklist) not extracting how Dansguardian wants

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    marcellocM
    @awsiemieniec: the URL BL db server knew I downloaded it too many times and punished me by limiting the bandwidth to next to nill. That's  why I preffer to download it manually and copy it to pfsense.
  • Q

    Squid/Dansguardian incorrectly proxying and failing sites across VPN

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @Quinten: I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first. You dns config options are using internal dns server? did you tried to disable dns forwarder service on pfsense?
  • E

    Dansguardian: stop blocking sites by regular expressions

    Locked
    4
    0 Votes
    4 Posts
    5k Views
    marcellocM
    @elemay: this doesn't work, also if i disable all the blocking stuff under the 'URL' tab i still get blocked. Can you check on dansguardian conf files what you get on urlregex lists for this group?
  • G

    Netflow issue using pfflowd or softflowd

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    Fixed issue. Had an IP conflict.
  • J

    Squid3 problems

    Locked
    24
    0 Votes
    24 Posts
    9k Views
    J
    Well major issues here… first ISP issue then after they finally came back online I find out there is some sort of failover that my GM added me into. So now im limited to 10Mbps till a new card is installed in his failover box. So I might have to scrap my whole setup/squid may just end up being a basic router... Or nothing. Thanks for all the help, if something changes in the next few days and I get everything I had before back I will try your fix and report back. Or I will create another post and start over new. Again thanks! Josh
  • ?

    2.1 and Suricata

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    ?
    In basic terms, a next-generation firewall applies deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS)…. snort IDS has poor performance.
  • Y

    Squid Local Database

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    R
    HOw can the user change his own password in this Proxy server: Local users?
  • _

    Snort 2.9.2.3 pkg v. 2.5.2 dies on IP change

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    _
    thank for that advice, but the logs didnt show a (maybe failed) update, when the IP changes, it only and quietly dies. Without any further notice. :( Last log-entries were always the IP-change, then as next entry something like  "snort quitting" - nothing more. But what i see the last days is that sometimes it doesnt die on IP-change. hmmm. Hard to resolve, i think.
  • L

    Postfix forwarder on 2.1_x64

    Locked
    18
    0 Votes
    18 Posts
    7k Views
    L
    Hi Marcelloc, sorry to nag….. did you manage to get this fixed yet? i want to do my next firmware upgrade and don't want to break postfix. louis
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.