1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    N

    Can I use pgblockerng aliases in Haproxy?

    80758505-9bad-4dad-a80b-c159be1045a2-image.png

    If it was a firewall rule, typing pfb would produce a dropdown to select.

    Here it has to be written, but will it work? Is it supported?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC

    @bmeeks So after upgrading to the newest PfSense 2.8.0 everything is now working like a charm!

    Suricata no longer seems to strip off tags like it did before! Which means I can now use my network segmented by VLANs and still use the benefits of Suricata Inline IPS! Very niiize!

    I checked in the Alerts section and it is indeed generating the correct alerts from the different VLAN sections, I put Inline IPS on the parent interface of all the VLANs.

    I assume this is because the FreeBSD version is also updated with the new PfSense 2.8.0 version?

    Because before, as soon as I selected Inline IPS mode, my entire VLAN tagging would break and nothing was reachable until I switched back to Legacy mode.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K

    @pulsartiger
    The database name is vnstat.db and its location is under /var/db/vnstat.
    With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG

    @AlexK-0 said in Can't receive GeoIP databases updates anymore, banned:

    Days ago, I received from MaxMind an email, notifying me that my country has been banned to receive GeoLite City database updates.

    You've found a reason to use a VPN.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    99 Topics
    2k Posts
    K

    @elvisimprsntr thanks for your suggestion. I will give it a try.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG

    @EChondo

    What's your pfSense version ?
    The instructions are shown here :

    1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png

    A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate.

    @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy:

    I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess.

    No need to wait x days.
    You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    R

    I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.

    When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.

  • Discussions about the Tailscale package

    89 Topics
    574 Posts
    A

    Hello,
    I am unable to get the Tailscale package to work. The page at VPN > Tailscale > Authentication is stuck. It displays the error "Tailscale is not online," but also shows a "Logout and Clean" button, with no option to log in.
    link text

    This state persists even after performing the following troubleshooting steps:

    Rebooting the pfSense router.

    Completely uninstalling and reinstalling the Tailscale package multiple times.

    Clearing browser cache and using a private browser window.

    Toggling the main "Enable Tailscale" checkbox in the settings.

    Checking the logs, which show the service gets a "terminate" signal and shuts down cleanly; it does not crash.

    Manually trying to delete the state file with rm /var/db/tailscale/tailscaled.state, which failed because the file does not exist.

    It appears that the package's configuration is corrupted in a way that persists even after reinstallation. Can anyone advise on how to perform a complete manual cleanup of all Tailscale files and settings?

  • Discussions about WireGuard

    689 Topics
    4k Posts
    P

    @patient0 Thanks for further suggestions. The tunnel is definitely up and so I don't think this is a CGNAT issue after all. WAN firewall rule is in place for UDP on port 51823 (otherwise the tunnel wouldn't work, right?). I can ping from client 1 -> client 2 and visa versa and also ping all points in between like you suggest. I just can't open an HTTPS connection from pfSenseB from Client 1 using a browser. But I can do this the other way round i.e. from Client 2 to pfSenseA

    I will try and do some packet capture to see if that reveals anything.

Log in to post
Load new posts
  • H

    Running Snort on LAN interface

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    H

    This is not an issue anymore.  After upgrading to pfSense 2.0, I can set up my configuration so I don't need to run Snort on the LAN interface.  Thanks

  • M

    Update LCDProc to 0.5.4

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • L

    Updating and package install

    Locked
    13
    0 Votes
    13 Posts
    5k Views
    K

    Hello

    I have had exactly the same issue while updaing to one of post RC3 snapshots. Whole upgrade proces take about 6 hours to complete and looping screens was quite annoing, but when it finished system working stable till now.
    Now, when we have the final release, I will install fresh system and will restore from backup file
    Regards

  • JSmoradaJ

    Snort issue after upgrading from 2.0 RC3 to 2.0 Release

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • G

    Can the Reverseproxy forward to different Servers by path?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM

    You can use all:

    I've set this scenario some times and it worked very well.

    Https -> haproxy –--
                                |---> apache + modsecurity -->  webserver
    Http -> varnish ------

    You can Also set this:

    Apache+modsecurity ---> varnish --->  web servers(/test)
                                               |-----> Web servers (/test2)

    In this case, apache handles ssl.

    Notes:
    Apache can do what you want but today the package Does not include this option.
    May be in a close future I may include this feature to gui.

    Varnish is faster then apache as a reverse proxy, do a test if you have time.

  • H

    NRPE loosing check definitions after update

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    S

    @jimp:

    Not sure what might be happening on your system, but on mine it keeps the settings when I uninstall it, reinstall it, or upgrade.

    Same here…. All fine.

  • A

    Snort doesn't produce any alerts

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    A

    @stvboyle:

    I seem to be having the same problem.  I'm running:
    2.0-RC3  (amd64)  built on Tue Sep 6 17:46:35 EDT 2011

    Installed snort, configured updates, enabled a WAN interface, enabled all preprocessors, enabled some rules, started it on the interface.  Its been running for about 12 hours now and no alerts.  Not sure how to troubleshoot the issue.  Any suggestions are appreciated.

    Have a look at http://forum.pfsense.org/index.php/topic,37557.285/topicseen.html for the cause and the solution of this issue.

  • P

    Monitor HTTP Traffic by LAN IP???

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    S

    @photonman:

    @serialdie:

    you can use ntop.

    Ntop is pretty cool…I think that will work out for me.

    thanks for the suggestion

    Been using it for a few years and is an awesome monitoring tool.
    Good Luck!

  • R

    Widescreen package issue

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R

    Perfect! It works!
    Hope to see soon an updated version of the cool package.

    Thanks again
    Romain

  • S

    Unblock MSN (I am the admin)

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    marcellocM

    If you are using auth and msn client can't use your authentication method, you will ser this error.
    Check in log if urls that has a tcp_miss has also a username.

    You may need To create An acl by client address and map msn urls.

  • X

    DNS Blacklist, New Package! Check it out.

    Locked
    153
    0 Votes
    153 Posts
    136k Views
    A

    any update on this package? is this dead already?

  • D

    How to change TOS for cache hit.

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    M

    You got a l7 filter to make this.

  • G

    Snort alerts are not showing up on the snort dashboard widget

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    C

    the widget has not work for some time now… at least 8+ months on the 2.0 branch... clearing alerts was reported a while ago and there is a ticket on it already http://redmine.pfsense.org/issues/1765

  • L

    Some help with Squid swap.state please?

    Locked
    13
    0 Votes
    13 Posts
    26k Views
    marcellocM

    You can also try memory cache, its faster then Disk.
    With a lot of sites setting sessions, squid is not so efficient To handle this.

  • H

    Proxy Server & IP Address

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • R

    [SOLVED] pfSense process investigation and Snort

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    R

    I'm all set, now…

    When I made it back to my test network earlier today there were system log entries on the pfSense box showing the ethernet interfaces had been restarted. The reason they restarted on their own while I was doing other things is a mystery to me, but they did restart.

    Shortly after that, Snort kicked off successfully for both interfaces I set it up on and was running just fine. Again, not sure why it decided to start right up on its own, but I had asked it to start repeatedly before working on other things, so maybe it just did what I told it to as soon as it could.  ???

    I notice it clearly states on the Snort service web-interface that the interfaces will need to be restarted to pick up changes. Changes like just installing it to configuring it to run for the first time, say? Nice  ;D

    Once I had a running Snort install and the correct arguments for 'ps', it was easy to answer my own questions.

  • I

    Snort rule disable and enable button not working/all rules enabled/rule format

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    I

    one possible cause for this that i have found:

    I was testing the cron command that updates the rules by running it manually.  The first time i got a few duplicate SID warnings.  I went and disabled a few rules and re-enabled them and ran it again and got a bit different output.

    Line 15 is:
    enablesid

    Line 19 is:
    disablesid

    I then went and disabled/reenabled a few more rules, and when i ran the update command i got more of the WARNING: line xx in your oinkmaster_blah.conf is invalid.  All of the warning lines were either "enablesid" or "disablesid" with nothing more.

    Each time i disabled a rule and ran the update, it would add one more "disablesid" to the /usr/local/etc/snort/snort_<interface_id>/oinkmaster_<interface_id>.conf file and each time i enabled a rule and ran the update it would add one more "enablesid" to the same file.

    I'm not sure how this relates to the problem, but it seems like snort is not able to keep track of which rules are enabled/disabled properly and when it merges the updates with the current rules it formats them in a way that the web interface cannot handle.

    Output below and the oinkmaster_blah.conf at the bottom:

    first time:

    [2.1-DEVELOPMENT][admin@pfsense]/root(19): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log
    WARNING: duplicate SID: 3017 (discarding old)
    WARNING: duplicate SID: 17462 (discarding old)
    cp: /usr/local/etc/snort/generators: No such file or directory
    cp: /usr/local/etc/snort/sid: No such file or directory
    rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory
    ls: /tmp/snort.sh.pid: No such file or directory
    rm: /tmp/snort_download_halt.pid: No such file or directory

    second time:

    [2.1-DEVELOPMENT][admin@pfsense]/root(19): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log
    WARNING: duplicate SID: 3017 (discarding old)
    WARNING: duplicate SID: 17462 (discarding old)
    cp: /usr/local/etc/snort/generators: No such file or directory
    cp: /usr/local/etc/snort/sid: No such file or directory
    Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf
    WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    Copying rules from /usr/local/etc/snort/rules… 76 files copied.
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Processing downloaded rules...
    WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev'
    disabled 0, enabled 0, modified 0, total=18870
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Comparing new files to the old ones... done.
    Updating local rules files... done.
    rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory
    ls: /tmp/snort.sh.pid: No such file or directory
    rm: /tmp/snort_download_halt.pid: No such file or directory

    third time:

    [2.1-DEVELOPMENT][admin@pfsense]/root(24): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log
    WARNING: duplicate SID: 3017 (discarding old)
    WARNING: duplicate SID: 17462 (discarding old)
    cp: /usr/local/etc/snort/generators: No such file or directory
    cp: /usr/local/etc/snort/sid: No such file or directory
    Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf
    WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 16 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 17 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 18 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 20 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 21 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 22 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 26 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 27 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 28 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 29 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 30 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 31 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 32 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 33 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    Copying rules from /usr/local/etc/snort/rules… 76 files copied.
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Processing downloaded rules...
    WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev'
    disabled 0, enabled 0, modified 0, total=18870
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Comparing new files to the old ones... done.
    Updating local rules files... done.
    rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory
    ls: /tmp/snort.sh.pid: No such file or directory
    rm: /tmp/snort_download_halt.pid: No such file or directory

    fourth time:

    [2.1-DEVELOPMENT][admin@pfsense]/root(33): /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_for_rule_updates.php >> /tmp/snort_update.log
    WARNING: duplicate SID: 3017 (discarding old)
    WARNING: duplicate SID: 17462 (discarding old)
    cp: /usr/local/etc/snort/generators: No such file or directory
    cp: /usr/local/etc/snort/sid: No such file or directory
    Loading /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf
    WARNING: line 15 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 16 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 17 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 18 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 19 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 20 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 21 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 22 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 23 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 27 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 28 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 29 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 30 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 31 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 32 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 33 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 34 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    WARNING: line 35 in /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf is invalid, ignoring
    Copying rules from /usr/local/etc/snort/rules… 76 files copied.
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Processing downloaded rules...
    WARNING: duplicate SID in downloaded archive, SID=17462, only keeping rule with highest 'rev'
    disabled 0, enabled 0, modified 0, total=18870
    Setting up rules structures...
    WARNING: duplicate SID in your local rules, SID 3017 exists multiple times, you may need to fix this manually!
    WARNING: duplicate SID in your local rules, SID 17462 exists multiple times, you may need to fix this manually!
    done.
    Comparing new files to the old ones... done.
    Updating local rules files... done.
    rm: /usr/local/etc/snort/tmp/rules_bk: No such file or directory
    ls: /tmp/snort.sh.pid: No such file or directory
    rm: /tmp/snort_download_halt.pid: No such file or directory

    [2.1-DEVELOPMENT][admin@pfsense]/root(35): cat /usr/local/etc/snort/snort_49866_em0/oinkmaster_49866_em0.conf

    ###########################################
    #                                         #

    this is auto generated on snort updates

    #                                         #
    ###########################################

    path = /bin:/usr/bin:/usr/local/bin

    update_files = .rules$|.config$|.conf$|.txt$|.map$

    url = dir:///usr/local/etc/snort/rules

    enablesid
    enablesid
    enablesid
    enablesid
    enablesid
    enablesid
    enablesid
    enablesid
    enablesid

    disablesid
    disablesid
    disablesid
    disablesid
    disablesid
    disablesid
    disablesid
    disablesid
    disablesid</interface_id></interface_id>

  • M

    Snort[55970] exiting

    Locked
    17
    0 Votes
    17 Posts
    6k Views
    M

    I've been running 2.0-RC3 (i386) built on Sat Sep 10 17:10:54 EDT 2011 for 2 days, 03:19 w/ no exits and limited rule categories.  So far so good.  I'm hopeful that 2.0 final will workout fine since seeing swinn's post.

    snort-categories-firewall.jpg
    snort-categories-firewall.jpg_thumb
    snort-categories-firewall2.jpg
    snort-categories-firewall2.jpg_thumb

  • nesenseN

    Lusca crashing on latest RC

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    nesenseN

    @marcelloc:

    if it is squid, take a look at cache.log for detailed error message

    That's where it was taken from.

  • D

    Install python in nanobsd

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM

    danesco,

    I know it's not the best answer you want to see but did you try to write it in php?

    If you use xmlrpc or just a php to change config file it will work and php is native in pfsense.

    att,
    Marcello Coutinho

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.