1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @Draco said in New pfblockerNG install Database Sanity check Failed: I turned off pFBlocker and hit RUN on Update. You what?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • S

    Most light-weight HTTP CONNECT proxy?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • P

    Snort alerts (http_inspect) and blocked clients

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    Squid (newbie)

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    W
    Also http://doc.pfsense.org/index.php/SquidGuard_package might help
  • G

    Help with freeswitch configuration

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • T

    Unbound issue with HUP signals being sent from DHCP lease registration program

    Locked
    19
    0 Votes
    19 Posts
    5k Views
    W
    No prob - good to hear its sorted.
  • N

    Transparent squid on 2.0 Release

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    N
    Thanks for the info super.
  • F

    Squid and download limit / throttle

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    J
    Check Traffic MGT for that "Throttle" jigp
  • C

    Snort blocking remote staff when checking email with Outlook

    Locked
    27
    0 Votes
    27 Posts
    13k Views
    D
    after adding the suppress to the interface snort stop blocking my OMA or OWA thanks for the tip :)
  • M

    PfSense 2.0-release and lightsquid log rotate settings?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    Unbound can't start after snapshot update (new thread!)

    Locked
    41
    0 Votes
    41 Posts
    21k Views
    johnpozJ
    looks good now, thanks!
  • N

    SquidGuard: Target categories: Edit: URLs List -> ERROR in last octett

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    jimpJ
    That isn't meant to use IPs there. The regex in the function is meant to match domain names only. It just happens that the IPs match the regex when the last item after the last . before / is 2 characters or more. In /usr/local/pkg/squidguard_configurator.inc at line 1545 # url as 'domain/path': 'mydomain.com/index.php' function is_dest_url($url) {     $fmt  = "[a-zA-Z0-9_-]";     if (empty($url)) return false;     if (eregi("^(($fmt){1,}\.){1,}($fmt){2,}(/(.[^\*][^ ])*)", $url)) return true;     return false; }
  • M

    Unbound advanced settings [fixed]

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    M
    Thanks!
  • B

    Turn off squid and squidguard

    Locked
    7
    0 Votes
    7 Posts
    16k Views
    M
    only firewall rules on those ingress interfaces(usually lan) pass tcp/udp any any any 80 usually for http, remember top-to-down and first rule wins
  • N

    Make radius.log visible in webGUI like STATUS -> System Logs. php question

    Locked
    14
    0 Votes
    14 Posts
    13k Views
    N
    Sorry I didn't. For me it seems like the output in the radius.log file in /var/log isn't in the correct format to make it visible in GUI. As an example I copied system.log to radius.log and than it was visible in GUI (Package Logs). But I don't know how to fix it. I still have to less coding skills to make this work.
  • P

    Ntop: Error on startup: Invalid argument supplied for foreach()…

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    P
    Hi jimp, Thanks - I went to the ntop settings and selected the relevant interfaces, and saved (note you have to also provide the ntop password even if you arent changing it??). I dont know what got rid of the interfaces I had access to ntop before?
  • J

    SQUIDGUARD-SQUID HTOMAIL CONFIGURACION

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    N
    disable squidguard and test if they can reach and wor with hotmail. if this works. the problem is in your squidguard configuration. than you should post screenshots of your squidguard config pages.
  • D

    MAC prefix to vendor resolution

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    N
    I added this line in cron because I didn't want to install nmap just for MAC-to-vendor: mkdir -p /usr/local/share/nmap/; fetch -o /usr/local/share/nmap/nmap-mac-prefixes http://nmap.org/svn/nmap-mac-prefixes this job is starting every sunday but once a month should be enough for beeing up to date.
  • M

    Alternate download mechanism for packages?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    M
    No, I'm obviously not in the U.S.  Dunno if it's illegal or not there but that doesn't matter: No one who has even a little bit of knowledge of how the internet works would do anything this stupid. Thanks for the suggestion about the VPN.  I have a FreeBSD box sitting in the U.S. so I just ssh'ed in configured IP forwarding and NAT, installed OpenVPN, configured it, made it my default gateway, and YAY!! I can install squid (as a bonus all the weird stuff that used to happen like connections being abruptly reset, parts of web pages not appearing, etc. have disappeared).  I should have done this a long time ago. Thanks!
  • K

    SQUID and ActiveDirectory problem

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • E

    I can not find Lightsquid! Help guys …

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    V
    It's not included in the package list used for the embedded images because of the writes needed to the CF card. Although i would have liked an option like "thanks for the warning, but install anyway". :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.