1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • L

    Snort Alert Logs

    Locked
    1
    0 Votes
    1 Posts
    940 Views
    No one has replied
  • J

    Local Transparent + WAN Authenticated Squid Proxy possible

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • R

    Bandwidth monitoring?

    Locked
    7
    0 Votes
    7 Posts
    10k Views
    P
    Yes, the draw graph checkbox should now be checked on initial install. The graph data should go on and off based on the checkbox setting (previously it always did "draw graph", the checkbox was not effective). The "bandwidthd has nothing to graph…" initial page got cached in my browser (Firefox) - I messed around for a while wondering why nothing displayed, then forcibly refreshed the page and the bandwidthd graphs appeared. So try a page refresh, or clear your browser cache. bandwidthd tries to write its data to different places in "/usr" depending on the pfSense version: switch ($pfs_version) {   case "1.2":   case "2.0":     define('PKG_BANDWIDTHD_BASE', '/usr/local/bandwidthd');     break;   default:     define('PKG_BANDWIDTHD_BASE', '/usr/pbi/bandwidthd-' . php_uname("m") . '/bandwidthd'); } But on nanobsd "/usr" is read-only. So everything goes well until it wants to actually write the graph data! There used to be some other issues with packages that wrongly left "/usr" read-write. At those times, bandwidthd could "jump in" and write its graph data. If the system was in this state for a few weeks, there were lots of writes to the CF card. I think this was a reason why I killed a CF card a few months ago. Anyway, bandwidthd on nanobsd is not expected to work at present (certainly does not work on 2.1-BETA0). I am going to make some code changes to put the graph data in "/var" on nanobsd but haven't got to it yet. For that, I also need to think about what to do about periodically saving a copy to the CF card (and at shutdown) and reloading it on startup.
  • Y

    Cannot Play Youtube Videos Using Squid Proxy

    Locked
    3
    0 Votes
    3 Posts
    8k Views
    Y
    Hi, First of all thanks for your replies, my problem is solved, it was following two lines in config http://fpaste.org/wKm7/ request_body_max_size 20 KB reply_body_max_size 51200 deny all i changed this two lines & now youtube is working correctly. Thank You.
  • X

    Snort Categories

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    X
    As logger mentioned just click the Edit button next to the interface you want to configure. Kind of makes sense since you might want different categories and rules for different interfaces. Logger, thanks for the suggestion about preprocessors.
  • C

    Tracking down traffic

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    ntop and bandwidthd will tell you what ip/protocol did the traffic
  • L

    Snort White/Suppresion lists

    Locked
    1
    0 Votes
    1 Posts
    983 Views
    No one has replied
  • I

    Snort not respecting whitelist aliases anymore

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    I
    Thank you Ermal, for the quick response. What config files and logs specifically do you need? Do you need the specific blocking events logged by snort? Or the contents of the Aliases from the config.xml?
  • D

    Auto Squid Cache Clean Script

    Locked
    1
    0 Votes
    1 Posts
    5k Views
    No one has replied
  • Q

    Squid msgget failed

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    Q
    thanks for reply. 1 i can't find the ssl_crdt command /usr/local/libexec/squid/ssl_crtd -c -s /var/squid/lib/ssl_db 2 can't find this directory delete /var/squid/lib directory i think i must be running a different version of pfsense/squid. 3 /usr/local/sbin/squid -z i've been seeing a lot of this command, so i decided to jump in using this http://wiki.squid-cache.org/SquidFaq/OperatingSquid#I_want_to_restart_Squid_with_an_empty_cache and so far, squid been up. thanks much for the reply
  • R

    Snort 2.9.2.3 pkg 2.5.1 not generating any alerts or blocking

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    M
    @RoFz: How dumb of me! I've just found the categories tab and after enabling the needed categories everything started working. My apologies for posting such a dumb problem. how do you enable those rules and found the categories tab ? shed some light TIA
  • T

    OpenBGPD 0.5.2 unable to start

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    P
    I am facing the same problem , what do you mean by "run /var/etc/openbgpd/bgpd.conf" ?
  • ?

    Dansguardian force safesearch

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    R
    @hanzer: thx! will check it out! BTW… the other thing you might want to consider is that google now does SSL search by default if you are logged in (see http://support.google.com/websearch/bin/answer.py?hl=en&answer=173733). If someone is using SSL google search, the URL parameters and the returned content is not checked by Dans. You can get around this by making some changes to resolve the google address to nosslsearch.google.com.
  • P

    Bandwidthd - where to write on nanobsd

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Varnish and pfSense 2.1 betas. Is it compatible package?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • B

    Block facebook for android app with squid

    Locked
    5
    0 Votes
    5 Posts
    7k Views
    B
    I managed to solve the problem with Aliases (CIDR) and firewall rules also with enabled transparent proxy in squid.
  • E

    Google noop crashing snort

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    Doesn't cause any problems on our systems. However it may not be down to snort per se but could be caused by the rules you have active. Is there anything in the system logs?
  • D

    Cant get squid to work properly.

    Locked
    11
    0 Votes
    11 Posts
    9k Views
    D
    Nope I unchecked it and now its simply caching static stuff. There is no config I can make it cache dynamic as youtube, windows update or other. Simply when I tick cache dynamic content, all I get are TCP MISS 200, if I uncheck it, I get hits for static content.
  • P

    OpenBGPD 0.5.6 - Simple startup bug fixed - Hello package maintainer!!

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E
    @pfinch: In pfSense 2.0.1-RELEASE, OpenBGPD 0.5.6 the /var/etc/openbgpd/bgpd.conf permissions are set wrong causing OpenBGPD not to start. chmod 600 /var/etc/openbgpd/bgpd.conf fixes the issue. On a clean install I'm facing this issue too: pfSense 2.0.1-RELEASE (amd64), OpenBGPD 0.5.6 My setup also complains for missing /usr/local/etc/bgpd.conf To be able to run OpenBGPD I've had to: ln -s /var/etc/openbgpd/bgpd.conf /usr/local/etc/bgpd.conf chmod 600 /var/etc/openbgpd/bgpd.conf
  • ?

    [Solved]Dansguardian installed but doens't filter

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    ?
    Ok, fixed. Thanks to the replies above!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.