Subcategories

• Cache/Proxy

  Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

  3.8k
  Topics
  20.7k
  Posts

  S

  Dear pfSense Gurus!

  Is anyone able to explain the source of this repeated error (pfSense CE, latest with all official patches):

  PHP ERROR: Type: 1, File: /usr/local/pkg/haproxy/haproxy.inc, Line: 1542, Message: Uncaught TypeError: fwrite(): Argument #1 ($stream) must be of type resource, bool given in /usr/local/pkg/haproxy/haproxy.inc:1542 Stack trace: #0 /usr/local/pkg/haproxy/haproxy.inc(1542): fwrite() #1 /usr/local/pkg/haproxy/haproxy.inc(2516): haproxy_writeconf() #2 /usr/local/pkg/haproxy/haproxy.inc(1349): haproxy_check_run() #3 Standard input code(5): haproxy_configure() #4 {main} thrown

  After cold reboot this error disappear.

  After 10-30 days this error appear again.

  Disks system and controller are double checked twice: no errors.

  Thank You all!

• IDS/IPS

  Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

  2.3k
  Topics
  15.8k
  Posts

  M

  @marcosm We're all set. Thank You !

• Traffic Monitoring

  Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

  565
  Topics
  2.8k
  Posts

  S

  @pulsartiger Not familiar with that package but pfSense has a cron package.

• pfBlockerNG

  Discussions about the pfBlockerNG package

  2.6k
  Topics
  19.4k
  Posts

  M

  I then went into DNSBL Safesearch and selected all the DoH/DoT blocking list. Its enabled.
  Not only does this not work it allowed PrivateRelay to work.

  8b325310-2a5a-47d1-a21a-b6396a8dcf26-image.png

• UPS Tools

  Discussions about Network UPS Tools and APCUPSD packages for pfSense

  90
  Topics
  2.4k
  Posts

  D

  @rarlup said in NUT Package (2.8.1 and above):

  Looking to purchase a few more UPSes - any particular model that is 100% compatible with NUT and you can truly recommend?

  NUT is compatible with a wide variety of UPSs. That said, some UPSs have more quirks than others.

  Specific recommendations are difficult, but I would generally stay with usb-hid capable units from one of the big manufacturers such as APC, Cyber Power or Tripp Lite.

  My personal preference is for APC, but they tend to be a bit more expensive.

• ACME

  Discussions about the ACME / Let’s Encrypt package for pfSense

  486
  Topics
  2.7k
  Posts

  M

  Thanks for the insight, that resolved the issue

• FRR

  Discussions about the FRR Dynamic Routing package on pfSense

  287
  Topics
  1.2k
  Posts

  C

  I have OSPF setup and all the neighbors are found and connected and routes are seen by FRR however the kernel doesnt see them.

  I tried setting up the RFC1918 Nat entries but that doesnt seem to have worked.

  285eab18-4656-4b11-98c2-bf92eb8bc8d7-image.png

  9e750010-da57-4d8e-ab5d-40cd529bd583-image.png

  6dcebf7c-0bd6-4fdb-912d-fdd6d1af04a1-image.png

• Tailscale

  Discussions about the Tailscale package

  80
  Topics
  487
  Posts

  E

  Upgraded 2.7.2 CE to 1.80.3_1

  Freshports

  pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.80.3_1.pkg
• WireGuard

  Discussions about WireGuard

  660
  Topics
  3.5k
  Posts

  R

  Hi there,
  I already tried to get answers in the "Firewalling" section but we're out of ideas there.

  I have a perfectly working WG tunnel that connects remote network 192.168.100.0/24 with local 192.168.11.0/24.

  Now I want to just limit the traffic somehow. And for that I need a matching FW rule.

  First attempt: The whole tunnel, running on port 50450:

  [2.7.2-RELEASE][admin@fw]/root: tcpdump -ni igc2 port 50454 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on igc2, link-type EN10MB (Ethernet), snapshot length 262144 bytes 20:21:17.215574 IP6 2abc:1234:1234:30::2ac4.50454 > 2abd:11:5678:5678::e228:6dff:feb9:4ae8.50454: UDP, length 96 20:21:17.215589 IP6 2abc:1234:1234:30::2ac4.50454 > 2abd:11:5678:5678::e228:6dff:feb9:4ae8.50454: UDP, length 96 20:21:17.233468 IP6 2abd:11:5678:5678::e228:6dff:feb9:4ae8.50454 > 2abc:1234:1234:30::2ac4.50454: UDP, length 96 20:21:17.233699 IP6 2abd:11:5678:5678::e228:6dff:feb9:4ae8.50454 > 2abc:1234:1234:30::2ac4.50454: UDP, length 96

  Rule: no match, no logging:
  Bildschirmfoto 2025-03-05 um 13.52.45.png

  Next: Trying to match i.e. SMB 445 or 139 on LAN:

  [2.7.2-RELEASE][admin@fw]/root: tcpdump -ni igc1 port 445 or port 139 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on igc1, link-type EN10MB (Ethernet), snapshot length 262144 bytes 21:06:49.795443 IP 192.168.11.6.43750 > 192.168.100.100.445: Flags [F.], seq 3855556357, ack 853146708, win 229, options [nop,nop,TS val 1399014346 ecr 112590208], length 0 21:06:49.795459 IP 192.168.11.6.43752 > 192.168.100.100.445: Flags [S], seq 334166509, win 29200, options [mss 1460,sackOK,TS val 1399014346 ecr 0,nop,wscale 7], length 0 21:06:49.814822 IP 192.168.100.100.445 > 192.168.11.6.43752: Flags [S.], seq 3542171948, ack 334166510, win 28960, options [mss 1460,sackOK,TS val 112593711 ecr 1399014346,nop,wscale 7], length 0 21:06:49.814986 IP 192.168.11.6.43752 > 192.168.100.100.445: Flags [.], ack 1, win 229, options [nop,nop,TS val 1399014365 ecr 112593711], length 0 21:06:49.833525 IP 192.168.100.100.445 > 192.168.11.6.43750: Flags [F.], seq 1, ack 1, win 227, options [nop,nop,TS val 112593711 ecr 1399014346], length 0 21:06:49.833684 IP 192.168.11.6.43750 > 192.168.100.100.445: Flags [.], ack 2, win 229, options [nop,nop,TS val 1399014384 ecr 112593711], length 0

  Floating Rules (direction any, I tried "in" and "out" also): no match, no logging
  Bildschirmfoto 2025-03-06 um 22.08.36.png
  I also tried this as an interface "Pass" rule.

  Are there any ideas you fine people have? Or is this impossible due to the nature of wireguard?

  Thanks a lot!