1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S
    @shady28 Are you maybe looking at IP block list feeds vs DNSBL feeds?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • R

    Snort loosing configuration

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    @rds_correia: Question: shouldn't all other packages have a similar feature in case something breaks from one version of pkg to another version of pkg? Regards. All other packages automatically keep all of their settings by default, they are not deleted. Snort is the only package the removes its settings and gives the option to save them. IMHO, that should be reversed so they are kept by default with the option to delete them, or just reverse the behavior and remove the option entirely so they are always kept and never deleted.
  • D

    SNORT UPDATE ISSUE WITH DISABLED RULES

    Locked
    7
    0 Votes
    7 Posts
    5k Views
    D
    I just wanted to see where this issue is at on maybe a fix. Because everytime SNORT gets an update as it should, it will disable rules I enabled, and it will enable rules I disabled. Take for instance when using ICMP rules, I don't want to block ICMP ping, because this will block almost everything on the Internet and gets very annoying when using certain categories. I find myself saying the heck with it and simply disable the whole category list of rules just for the sake of a few rules causing issues everytime SNORT gets updates. This is making the package hard to work with when you have to redo all your setting manually after every update. Thanks for any help.
  • S

    Snort config files

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    G
    /usr/local/etc/snort is where the config files are /usr/local/www/snort is where the file you are looking for is. Heh that is a lot of file editing. Wouldn't it be easier to upgrade to 1.31?
  • M

    Reverse Proxy Question

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    G
    HAProxy on works on port 80 to my knowledge so that is why SSL fails. Will load balancing not work instead of Reverse Proxy?
  • F

    Find snort rules name from snort alert

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    G
    [] [1:2406235:192] ET RBN Known Russian Business Network IP UDP (118) [] Also most of the categories relate to the alert. With a little guesswork most of the time you can go right to it in the gui. emerging-rbn.rules ET= Emerging Threats
  • G

    Cool little snort blocked list mod I tweaked

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    @g4m3c4ck: Hey that is an extra click too many!  ;D Same number of clicks, just involves moving your finger a centimeter or two to the right :-)
  • M

    Proxy: Permit one website

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    I'm so sorry, my fault, misconfiguration, pfsense semms to ignore the "disable rule" so it continue dto apply it.   Thank's
  • L

    How to install GUI part of packages from commande line ?

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    L
    Hello, @jimp: You can't install packages for pfSense that way. The only way to install the pfSense package for squid is via the GUI. Ok  :( thank you very much for your answer…
  • E

    Multiple domains, one IP

    Locked
    15
    0 Votes
    15 Posts
    13k Views
    G
    Guess you are going to need your own subnet then.
  • G

    Snort - Barnyard2 Plugin starts then fails

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    G
    I have the same issue with 1.31 to a remote database. A packet capture shows no attempts to connect. However, the system log says it can't connect. I have been trying to find a log file somewhere to see what is going on but no luck so far.
  • G

    Snort 1.31 Problem [Solved]

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    Not sure what was causing the issue but after I disabled the offending category for each interface that was failing the snort service started working. After that I noticed that a lot of my rules were not there. I guess that may have been due to manually installing the rules when update was broken. I then noticed nothing was selected under "Install Snort.org rules" in Global Settings. After selecting "Install Basic Rules or Premium rules" and updating rules again all rules returned. Hope this helps people.
  • B

    Snort does not start on a PPPoE Interface.

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    N
    Thank you, been waiting for hearing from dev, it's good to hear from you finally. cheers,
  • K

    Snort can not start service !

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    K
    hello Arylikh , Thanks for your reply. I just use 2 rules snort_p2p.rules and snort_chat.rules. I have just found the problem. Tab " Preprocessors" check enable Performance Statistics, Enable "HTTP Inspect Settings", HTTP server flow depth = "0" Now the snort can start. Thanks you so much.
  • T

    Squid Reloading filter… stuck

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C
    It's probably done reloading long ago…...maybe just a refresh of the browser would have been what was needed.
  • M

    SquidGuard blocking all but 1 or 2 sites

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    M
    Oh you meat the links by your signature, dumb me, thanks mate i'll test it monday.
  • F

    How do you write suppress rules for snort

    Locked
    7
    0 Votes
    7 Posts
    6k Views
    J
    @fosiul: @johnnybe Thanks, yes that rules works Now i can suppress necessary logs Well, you know… you should say thanks to jamesdean. He made the Snort package FAQ. Thats where I've learnt. You're welcome, whatsoever.
  • K

    Snort results in no internet traffic

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    K
    I switched nic's and so far so good.  I still have some testing to do.  thanks
  • F

    Snort problems

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    F
    After five attempt it doesn't work. But, i use the method to upload manually. Now snort works fine, but when i try to auto-update that's not work.
  • S

    Snort Rules update Broken

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    Thanks guys - Manual update worked in the end, auto still not happening up until now. Maybe now that there's a rule set in place the auto updates will roll in? We'll see in ~6 hrs I guess.
  • ?

    Snort Updating problems !!!

    Locked
    72
    0 Votes
    72 Posts
    39k Views
    jimpJ
    @nocer: now that my concern is how you can conpromise longer i/f names that looks like 2.0 specific issue which won't snort from starting at the booting, or any other attempt. i tricked some diy for i/f naming but none of those were permanent fix, system will assign a new name, everytime reload the box. That's a matter for a separate thread. Since the updates now work for everyone (so far) this particular issue is closed. If it breaks again, it'll be a new issue, and other problems should be in new threads. Locking the topic. :-)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.