1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    A
    Docker image for squid 7.3 and above https://hub.docker.com/r/fredbcode/squid If pfsense does not push the update.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    patient0P
    @andresbraga if you still have the firewall rules as you posted, then I don't know why from the laptop you can't ping the pfSense Wireguard address 10.10.6.1 nor the pfSense gateway 10.10.1.1 What is the routing table of the laptop. And I would run a packet capture on pfSense and check what you see if you run the ping to 10.10.1.1 or 10.10.6.1.
Log in to post
Load new posts
  • J

    SquidGurad Backup

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    J
    Any one have any information on this. I have tried a couple more tests with no luck. When ever I restore the squidguard_conf.xml, MY blacklist/domains files and restart the service, the files are over writen when it reconfigures. I did notice that when you add to the destinations, it does not update any of these files. Could someone point me in the direction of what files hold the domail list for custome black and white lists. Thanks
  • C

    Rate package

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    M
    The same here (pfSense 1.2.2) and additionally it looks like there is too little place to print full IP number. This tricky display shows an IP shortened by 1 digit.. 129.168.111.12 instead of 192.168.111.123) I checked php files and it seems so 'rate' program executed under http-PHP returns invalid-shortened IP address, and it happens only for -A option. Under shell program 'rate' and execution from php works perfectly. Because 'rate' program is executed by script to make only ONE check only during one refresh - in logs we can see so many communicates. execute("rate -i {$real_interface} -nlq 1 -A -c {$intsubnet}…. -q 1 option = make one report
  • C

    Squid rule

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    Cry HavokC
    Please, use the search function.  This has been discussed before.
  • S

    When new squid 2.7?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    squid 2.7 is 2 ;)
  • F

    SquidGuard destination allow

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D
    use expressions 200.200.200.200 200.200.200.200/webaccess
  • F

    Squidguard url list - problem ip address

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D
    use expressions window 200.1.200.2
  • J

    Snort users do not upgrade to the newest snapsshots past Jun 13 2009

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D
    Hi James, May I ask, have you completed the work on the Ajust Block Time option. Coz I did not see this thread till today and made the update already. Regards, Dave
  • R

    Documenting Package System

    Locked
    16
    0 Votes
    16 Posts
    52k Views
    E
    @raj2569: Adding my questions here, if some one know the answers to them pl reply. what is  the meaning of logging along with facilityname and logfilename in manifest xml What is the difference between config_file and configurationfile in manifest xml I cannot tell you a clear answer to this i have to look at the code. http://pfsense.com/packages/pkg_config.xml has package tag inside packages tab and ouside it. for example spamd comes inside packages tag, while pure-ftpd comes directly under pfsensepkgs. What's the difference? Some packages are removed from that list to not be allowed to install iirc. Which of the tags are mandatory for manifest xml Only logging/descr is optional, while missing the others might break things. Is the version tag in package xml the same as the one in manifest xml? Yes. What types of file can be included via include_file ? (Only php or another xml file also?) include_file is just for including a file that is needed and it need to be php files. How is include_file different from additional_files_needed additional_files is used during installation/syncing of package while include is for needed dependencies of php code. When tabs are used what should be the format of externel xml files that are included? XML the same as the xml file you use for one package. How can I display the output of commands executed during installation to the output window? There is a global variable $static_output to which you can add. How can I make one pfSense package dependent on another pfSense package? For example havp package depends on clamav package, and that package needs to be installed and configured Apparently this is not possible Its through additional_files_needed tag but i think it is not really finished or has some culprits to use. Basically you specify the xml files in that tag that are needed.
  • S

    Pfsense package download

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    S
    do want give me a setps about this type of installtion Mr jigpe
  • J

    Lightsquid Host Names

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    E
    edit file realname.cfg in /usr/local/etc/lightsquid <ip address=""><username></username></ip>
  • Y

    Help with proxy

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    Y
    thanks for your answer… but i've found the solution.
  • G

    Snort snapshot update freeze

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    Same here. How to install it then by using webgui command? I would like to know how to extract the rules… jigp pfSense 1.2.x Davao City
  • I

    How to get update list

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    I use shallalist.de too. So far looks ok. I want to add sites there but i dont know.. jigp pfSense Davao City 1.2.x
  • O

    Syslog log collection

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    Are you talking to the cache log? jigp Davao City Pfsense 1.2.x
  • X

    Install offline

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    X
    ok, i think its not efficient when a package need to online-install. i'll do STF again …. thanks
  • X

    Streaming Audio through Squid. Slowdown…

    Locked
    7
    0 Votes
    7 Posts
    8k Views
    J
    Good afternoon Works fine here. Im in Davao City. wcic-sc.streamguys.us wbgl-sc.streamguys.us wibi-sc.streamguys.us btw, thanks for the radio station :) Do you knwo some discovery channel radio?I dont have cable so better listen to their radio and see if squid works too. You can try setup traffic shaper then set it to priority HTTP jigp Davao City
  • T

    Imspector + "pfsens ng" theme not compatible (GUI, tab)

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    You can review logs on ssh log imspector. Try reinstall. jigp Davao City 1.2.x
  • T

    Something wrong with my transparent proxy

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    Use opendns. Www.Opendns.com. Also check Services>Proxy server: Access control>Blacklist jigp Davao City 1.2.x
  • I

    Squid proxy logs

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J
    Correct. But lightsquid cannot log https. jigp Davao City 1.2.2
  • S

    PfSense Blacklist - patch

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    J
    Yeah. Id like to know also how to install snort rules. Im not good in cli commands.. jigp Davao City 1.2.2
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.