1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S
    @shady28 Are you maybe looking at IP block list feeds vs DNSBL feeds?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • M

    Snort: Failing messages - FATAL ERROR: Failed to Lock PID

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    M
    Good to know; Thank you Cino!
  • W

    Ntop

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    If they both installed the exact same version of perl, it wouldn't be removed. You may have installed them at different times so they installed different (conflicting) versions of perl, so it took out one without realizing it was taking out the other. In the future we are working to completely isolate the packages and their dependencies from one another so they can't impact the base system or each other in that way, but it won't be happening for 2.0.
  • L

    Urlfilter

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    The blacklists are not likely to work at all on NanoBSD. They are gone because /var is a RAM disk so it will be gone at reboot. The squidGuard package isn't coded to support them in that scenario.
  • N

    Squid slow to only some website…

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    N
    well… I saw it was fast on my tablet... so It was related to my PC. I uninstalled BitDefender 2012... and tada! So... I will open a case at BitDefender. Thanks for the trick anyway! :)
  • A

    # pkg_add -r softflowd //File unavailable (e.g., file not found, no access)

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    A
    That did it ! Thanks Jim.
  • H

    How to Proxy only 1 of 2 Lan Intranets Connected to PFSense Firewall

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    H
    Thanks for your help. I didn't realize you could control select in the proxy interface box. Thank you guys. Legends.  8)
  • T

    ? for pfsense Developers

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    No. All you know is the IP from the firewall log - at best you can guess the country with something like GeoIP but it's just a guess - you cannot get the URL unless you luck out and find that the IP actually reverse resolves to something meaningful. Many sites are hosted as virtual hosts, so there are 10, 100, 1000 "URLs" on a single IP address. The only way to know the URL is to sniff/proxy the traffic. You cannot get that from the IP. To do reverse DNS on the entire firewall log would take far too long to be practical, even just the part shown in the GUI. There is already a link (a little i) that will take you to Diagnostics > DNS with that IP if you really want to do a reverse lookup.
  • P

    Intercepting HTTPS Proxy

    Locked
    4
    0 Votes
    4 Posts
    7k Views
    jimpJ
    There are very hackish ways to hijack ssl but it involves installing a certificate on the client machine, which essentially completely breaks the trust of SSL in such a way to make it useless. (There are also rumors that China/FBI/NSA/CIA/etc have "special" trusted CA certs on sniffer devices that essentially do the same… but I haven't seen any real evidence, though it is a fun theory) If you don't control the clients, you can't transparently proxy ssl. If you do control the clients, you're much better off doing as Nachtfalke suggested and hard coding the proxy information on the clients. Then you don't need to hack anything or install any certificates.
  • K

    Squid, squid guard

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Z

    [Unbound]Error in system log after upgrading

    Locked
    12
    0 Votes
    12 Posts
    5k Views
    Z
    It should be no problem. I have installed the latest version. thanks for your quick help~~:)))
  • C

    Squidguard advanced source ACL ldap group lookup

    Locked
    3
    0 Votes
    3 Posts
    16k Views
    C
    Thanks for the response. Yes, that is correct, I want the user to be required to authenticate only if they try to go to a restricted site. For example, if a user navigates to http://someSiteThatIsRestricted.com it would prompt for a user name and password. If they are in a group in Active Directory that is allowed to go to that site it will of course let them otherwise they are redirected to a block page that tells them the reason. Thanks for the link. I have looked at that before but how do you do that in pfSense? I'm running a separate install to test with so I want to know how to do it even if it is not as secure and then I can decide whether to use a dedicated proxy instead of using pfsense for that. It is nice to be able to add functionality to pfSense through the packages because that allows for a more secure setup by default and the flexibility to customize it to fit almost any environment.
  • P

    Lightsquid users name

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    Talking to a 2008 r2 box, if it's been configured in a domain with 2008 functionality is a no go for this. You get the warning during the promotion of the server to DC that it will break lots of open source stuff. Also if Squid is in transparent mode it's a no go. So what's your domain functionality set to? Are your users authenticating to Squid and if so what method are you using i.e NTLM How many users are we talking about?
  • F

    Help Me!! I need block download for extensions HTTP , FTP AND….

    Locked
    13
    0 Votes
    13 Posts
    10k Views
    F
    Steve thanks for the help As you know the squid3 not confirmed! The lock so I could do for l7. About UltraSurf had already read that document but so far the only way I found to be successful in blocking was blocking all networks. 99.224.0.0/11 63.241.6.64/28 63.242.0.0/16 63.240.0.0/15 218.168.0.0/16 125.176.0.0/12 122.118.0.0/16 69.64.144.0/20 211.109.128.0/24 59.120.0.0/14 59.112.0.0/13 97.112.0.0/13 71.192.0.0/12 219.137.112.224/27 203.112.80.0/20 162.138.0.0/16 170.201.0.0/16 156.40.0.0/16 61.224.0.0/14 61.220.0.0/14 59.120.0.0/14 59.112.0.0/13 220.136.0.0/13 220.132.0.0/14 220.130.0.0/15 220.129.0.0/16 118.168.0.0/16 122.120.0.0/13 118.168.0.0/16 122.120.0.0/13 71.208.0.0/12 61.231.0.0/16 218.160.0.0/16 61.62.74.0/24 72.25.64.0/18 66.245.192.0/18 64.62.138.0/25 64.62.128.0/17 125.224.0.0/13 Work but is not an efficient method because tomorrow there may be a new network.
  • F

    Block url that contain some text with lightsquid

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    Lightsquid doesn't block, it just reports. SquidGuard is probably what you want, but it can't filter based on the text in the page, just the text in the URL itself. If you search the forum for SquidGuard you will probably find more useful information.
  • M

    Specific rules cause snort not to run.

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    A
    How would one recompile a the zlib library from the Web Configurator? If it has to be done via command line, what is the pkg_add command that would do this?  ???
  • R

    IMspector not logging Gtalk chats. Please help!

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Dvserg P3Scan

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • T

    Chown -R -v havp Errors

    Locked
    9
    0 Votes
    9 Posts
    10k Views
    H
    @bluinside: Waiting for a bugfix… I have found this solution: make user "havp" (any password, I used "havp") using pfSense "User manager" from System menu than reboot and look into syslog. The error shuold be gone and the two Havp services should correctly start. :) Did this correct the issue?
  • C

    Snort Rules Download - 1.2.3

    Locked
    12
    0 Votes
    12 Posts
    7k Views
    H
    @compucoder: I bit the bullet and upgraded to 2.0 RC3 last night. So far it is working perfectly. Every feature I used in Snort before works. The updater works properly now too. I just did the 2.0 upgrade and it is using whichever version of Snort it had before and it all seems to be working fine. So far 2.0 seems like a good route to take. Have you looked at SNORT to see whats running, I have had an issue with SNORT not starting and refuseing to start doing it manually. I have tried reinstalling and uninstalling so far no go. I thing there is a bug with 2.0 RC3 and SNORT, also have had an issue with HAVP anti virus hanging the system. After hours of working with them, I removed both and all issues went away.
  • D

    Lightsquid with 2.0 RC3 - not showing anything - "SOLVED"

    Locked
    8
    0 Votes
    8 Posts
    11k Views
    P
    @jimp: pkg_delete -f perl-5.12.3, then reinstall the lightsquid package. i did that and reinstalled got same error i noticed that there is 3 version of perl loaded do i have to delete all of them perl-5.10.1_1      Practical Extraction and Report Language perl-5.12.3        Practical Extraction and Report Language perl-5.12.4        Practical Extraction and Report Language
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.