1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • F

    TFTP didn't install properly, now I can't delete package nor reinstall

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    F
    Thanks…. I'm very familiar with vi, so I thought that was even a safer way to go..... I deleted the lines and then installed the package, just fine... thank you very much
  • W

    Snort: Question about rule difference

    Locked
    2
    0 Votes
    2 Posts
    994 Views
    K
    one is dec_keyid and the other is enc_keyid. If you click on the edit button you will see the actual rule text and you will likely find it matches on different things.
  • J

    Networkwide Adblocking - possible package?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    J
    dns can be anywhere but you want that dns server to use the host file downloaded and to redirect ads to pfsense ip. basically i didn't do anything special but decide to compile the pixelserv program for freebsd
  • B

    Making changes to haproxy package; how do I make them available to everyone?

    Locked
    58
    0 Votes
    58 Posts
    25k Views
    marcellocM
    changing ports to compile 1.4.19, it return erros In file included from src/proto_http.c:22: /usr/include/netinet/tcp.h:40: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'tcp_seq' /usr/include/netinet/tcp.h:50: error: expected specifier-qualifier-list before 'u_short' /usr/include/netinet/tcp.h:175: error: expected specifier-qualifier-list before 'u_int8_t' gmake: *** [src/proto_http.o] Error 1 *** Error code 1 Stop in /usr/ports/net/haproxy. *** Error code 1 Stop in /usr/ports/net/haproxy. Maybe we will need to way ports update to be able to create haproxy 1.4.19 package
  • T

    Barnyard log Sguil?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • marcellocM

    Varnish

    Locked
    25
    0 Votes
    25 Posts
    19k Views
    marcellocM
    check backend status on varnish widget. You must disable nat for port 80, varnish will do the job. Until you get this working, publish varnish on port 81 for example, create a wan rule to permit port 81 communication and do tests.
  • A

    HOw do you make disabled rules stay disabled?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    A
    Thanks for the updated info.  I mis-used the "suppress" part.  I thought it was just to not show those events being triggered in the webConfiguration log. Thanks! AWS
  • J

    BGP filters

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • W

    Snort: Where are the Alert log's saved?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    W
    Thank You!
  • N

    I am not getting Blocked site web page in squid

    Locked
    11
    0 Votes
    11 Posts
    3k Views
    N
    @marcelloc: squid works very well on 2.x platform. but congratulations on your successful setup. Its a surprise for me again, my server was working fine till Saturday and Today on Monday is has started giving same error. I had not upgraded my PFsense it is still 1.2version, then how come it had it started behaving like my previous issue. Please letme know how my ACL's can we make and how many computers we can allow for internet. I had made 23 Group ACL's and around 400 IP address is been allowed for internet. Below is my configs for Cache Management Hard disk cache size : 4096 MB Hard disk cache system : ufs (please explain what this means) Memory cache size : 512 MB Minimum object size : 0 Maximum object size : 1024 Maximum object size in RAM : 10240 Level 1 subdirectories : 16 Memory replacement policy : Heap GDSF (please explain what this means) Cache replacement policy : Heap LFUDA (please explain what this means) For Traffic Management Maximum download size : 10240 Maximum upload size : 10240 Overall bandwidth throttling : 0 Per-host throttling : 0 Finish transfer if less than x KB remaining : 0 Abort transfer if more than x KB remaining : 0 Finish transfer if more than x % finished : 0 Please Guide on above config are the required any corrections
  • R

    Squid Redirection

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    R
    Nevermind, got it working. Logging in as root helps. Thanks for the info, everything is great now. BTW, didn't need to change to port 80, I just specified the same port my GUI uses in the squidguard blacklist config. I don't know why, but I feel using a port other than 80 adds some additional layer of protection. I know that the port number change up is miniscule, but it fools passing probes on the internet. Thanks for the pointer again, I had no clue it was that simple…
  • G

    HAProxy issue with FireFox

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    @gommox: I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong? That's the point, haproxy balance based on ip addresses not based on host names. If you need hostname balance, then you need to use varnish or apache2+mod_security take a look on package description to choose between both. I prefer varnish  ;)
  • B

    Postfix forwarder - soft_bounce

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    I can't work out whether this last sentence is saying soft_bounce should always be off (for both postfix and postscreen) in a non-test environment.   Do you have any further information/advice on this? The soft bouce field has this info taken from postfix documentation Safety net to keep mail queued that would otherwise be returned to the sender. This parameter disables locally-generated bounces, and prevents the Postfix SMTP server from rejecting mail permanently, by changing 5xx reply codes into 4xx. However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes. I have this enabled and working for many weeks, so i think using default option 'enabled only in postscreen' will be enough.
  • L

    Squid 2.7.9_4.2 fails to fully install on 2.1 Dev

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    P
    I also have problems installing Squid on PFSense 2.1 DEV (i386). When installing the package, on the re configuring filter part, I briefly get the following warning: Warning: unlink(/etc/squid/squid.conf): No such file or directory in /etc/inc/pkg-utils.inc on line 794 Warning: symlink(): No such file or directory in /etc/inc/pkg-utils.inc on line 795 [image: Install_PKG.png] Then, the package seems to have installed successfully, but when I access the "Proxy Server" from the Services menu, I get this error: Warning: dir(/usr/local/etc/squid/errors/): failed to open dir: No such file or directory in /etc/inc/pfsense-utils.inc on line 432 Fatal error: Call to a member function read() on a non-object in /etc/inc/pfsense-utils.inc on line 433 Anyone can give me an idea what to do and how can I troubleshoot this ? Thanks a lot.
  • H

    Munin-node on PFsense 2.0

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    H
    Revised instructions for dhcpd3: setenv PACKAGESITE "ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/" pkg_add -r p5-Net-IP make++ p5-YAML p5-Net-Netmask ln -s /usr/local/bin/makepp /usr/local/bin/make /usr/bin/perl -MCPAN -e shell install HTTP::Date printf '[dhcpd3]\nuser root\nenv.configfile /var/dhcpd/etc/dhcpd.conf\nenv.leasefile /var/dhcpd/var/db/dhcpd.leases' > /usr/local/etc/munin/plugin-conf.d/dhcpd3.conf ln -s /usr/local/share/munin/plugins/dhcpd3 /usr/local/etc/munin/plugins/dhcpd3 /usr/local/etc/rc.d/munin-node.sh restart patch –ignore-whitespace /usr/local/share/munin/plugins/dhcpd3 <<end<br>--- dhcpd3.orig 2012-01-06 19:05:37.000000000 -0600 +++ dhcpd3      2012-01-06 19:07:14.000000000 -0600 @@ -219,6 +219,12 @@             print "# DEBUG: in $1\n" if $DEBUG;             $ip = $1;         } +        if($ip && /binding\s+state\s+([^;]+);/) { +            if(($1 eq "free") || ($1 eq "backup")) { +                print "# DEBUG: binding state $1\n" if $DEBUG; +                $abandon = 1; +            } +        }         if($ip && /ends\s+\d+\s+([^;]+);/) {             # 2037/12/31 23:59:59 is max date on perl <= 5.6             print "# DEBUG: end $1\n" if $DEBUG; END</end<br>
  • S

    IMSLogViewer - MySQL Log Viewer for IMSpector

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S
    Updated it a lot, now auto-updating data by default in background, remembering last read logs and last selected item in tree, showing unread logs as red icons, several UI tweaks and optimizations, better  MySQL queries. Also remembers it's window position. Exceptions are handled nicely and shown in nice looking toolbar if something happens, also all other types of issues etc. Source code (VS2010, .NET 4.0 Client): http://www.datafilehost.com/download-656d8917.html Compiled application: http://www.datafilehost.com/download-5b81570b.html
  • B

    Postfix forwarder - bounce retries

    Locked
    7
    0 Votes
    7 Posts
    8k Views
    marcellocM
    I saw that there is a forum on MailEnable site. You can try to find out how to extract valid recipients there.
  • gwhynottG

    Postfix-Fowarder - enabling remote policyd server breaks config

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    gwhynottG
    @marcelloc: You did right.  :) I'll include this fix on next release. thanks,  have a good weekend. -g
  • B

    Captive Portal redirection url after aunthentication

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    marcellocM
    Look for cative portal forum threads, there are posts for captive portal then transparent proxy
  • A

    Freeswitch wont start

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    A
    @chpalmer: Take a look here and see if an alternative install to pfSense might work for you… http://wiki.fusionpbx.com/index.php?title=PfSense_Install Im not sure how well if at all the freeswitch packages have been kept up... Hi Chpalmer, I am running the latest version 2.0.1 of pfsense. Are you suggesting that freeswitch may not work well with this release and I install an older one?
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.