1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @JonathanLee use Pfsense 2.8.1.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    H
    @RNM-0 Thanks for your comment and sharing your fix. Unfortunately I don't want to take down pfsense and downgrade versions. I'm currently fine at the moment since I'm using Tailscale and that works. I also fixed the other crash I was having with pfblocker by changing a line code that wasn't pushed out under this version. Hopefully the stable release won't take too long to release but it appears there's still some open bugs that need to be fixed before that happens, and ironically, both the pfblocker and wireguard issues aren't on that list of bug fixes.
Log in to post
Load new posts
  • O

    FreeRadius 3: Fall-through vlan assignment.

    4
    0 Votes
    4 Posts
    2k Views
    O
    @awebster Thank you guys so much for your help. I have the mac address authentication working, I think I missed the native-vlan option on the client device. Thanks for pointing me in the right direction.
  • J

    Avahi + Vlans + Cast devices

    4
    2
    0 Votes
    4 Posts
    5k Views
    W
    I'm brand new here so this may not be of much use... I'm doing something similar to you, but with different software, except for the ubiquiti equipment and controller. In my setup, I had checked the checkbox in the unifi controller, wireless networks, advanced options; "Block Wireless LAN to WLAN Broadcast and Multicast Data" in the hopes that the avahi package on the pfsense router would handle all mDNS traffic. However I was not able to get anything on my wireless networks to resolve under mDNS until I cleared that checkbox and reprovisioned the unifi AP. I have a vm host set up on the NoT, which I installed the "avahi-tools" package and ran avahi-resolve -n somehost.local. That started working after I cleared the checkbox. I ran pftop and set up filter for port 5353 while I ran the avahi-resolve command and started seeing the requests come through. I have the dns forwarder set up to a local adguard host. When the pfsense box forwards the request, the ip shows that of the pfsense vlan adapter. When the devices make the request themselves, the ip origin in pftop is the device that makes the request. Our setups aren't exactly the same, but if you'd like me to try something out on my network, let me know. welbo97 R710 x5650 72GB pfsense 2.4.4-p3 router in proxmox 6 vm OVS and Ubiquiti for tagging VLAN's (no hardware switch) isolated NoT, IoT, guest and general networks
  • V

    Zabbix Agent config

    3
    0 Votes
    3 Posts
    1k Views
    V
    Yes I tried that, it seems to only accept 'UserParameter=' entries however and crashed the service when I added the Include line.
  • D

    Bind Package - Any config overview ?

    2
    0 Votes
    2 Posts
    399 Views
    D
    Have figured things out, from trying. So, I am answering my own questions :-) I don't see any zone files created ... is this to be expected? Zone files are not created, until a view has been created and attached to the zone configuration screen Is it essential that at least a view must be created ? Yes, a view is required ... just create a default one. Without a view associated with the zone definition, the zone files will not be generated. What is the best practice for defining zone files, so the settings stick, even when the package is updated or changes in the UI are saved ? Steps: Create a view ... this is essential create a zone ... using the DNS record fields to add entries you want. If you have a lot of hosts to add, there is a text field that can be used to paste in entries in bulk. The zone files are generated in the filesystem under/cf/named/etc/named/master/<name-of-view>/<name-of-zone>.DB Any changes to the underlying zone files content from a CLI session will be lost the next time the zone files are updated. So, longer time, one needs to get comfortable with using the entry fields in the zone configuration page for adding all zone records.
  • V

    HA Proxy Client Cert Setup

    2
    0 Votes
    2 Posts
    385 Views
    dragoangelD
    @vito hi, There already a gui block special for user certs, did you tried enable it for one of your frontends? If this not enough you can configure custom settings for frontend for user certificate validation usind native haproxy syntax. Good to have in bookmarks: https://cbonte.github.io/haproxy-dconv/ and read what you need. Please use devel package due another one is too old. I even say that devel package is old, waiting for 2.5.x stable with haproxy 2.0
  • K

    E2guardian website not opening if its contains symbol " -"

    Moved
    3
    0 Votes
    3 Posts
    436 Views
    kiokomanK
    E2guardian is an unofficial package, most of us don't even know what is it you should ask @marcelloc , last seen 4 days ago
  • F

    Telegraf 1.10.2 package?

    1
    0 Votes
    1 Posts
    337 Views
    No one has replied
  • A

    LCDModkit use with LCDProc package

    4
    0 Votes
    4 Posts
    633 Views
    stephenw10S
    @admins said in LCDModkit use with LCDProc package: lcdmodkit Which specific display do you actually have? Is it compatible with LCDproc? Steve
  • H

    Issue running service ntopng

    4
    0 Votes
    4 Posts
    1k Views
    S
    Issue resolved for me : I remove 127.0.0.1 from General Setup / DNS Servers. redis and ntop are working
  • IsaacFLI

    Avahi with IPv6 bug

    26
    1
    0 Votes
    26 Posts
    4k Views
    A
    @costanzo That's about what I made mine but also added source fe80:: as /10 with port 5353 [image: 1566264800223-screenshot-2019-08-19-at-8.30.49-pm.png]
  • M

    Device's unable connect to chromecast over VLAN

    11
    2
    0 Votes
    11 Posts
    3k Views
    J
    What was the outcome of this, I'm hitting the same issue! Any help appreciated.
  • C

    How to create a simple package for copying custom theme files?

    4
    0 Votes
    4 Posts
    594 Views
    KOMK
    I don't have anything else to add since you're way past what I know about FreeBSD packages & ports. Maybe the pfSense Development forum might have some folks who know more.
  • R

    Zabbix Proxy Advanced Parameters

    7
    0 Votes
    7 Posts
    1k Views
    R
    Hmm. Odd. I can ping it from my machine, but not the firewall. Lm see wassup.
  • O

    LCDproc driver for LCD made by GI FAR TECHNOLOGY CO.,LTD

    13
    0 Votes
    13 Posts
    2k Views
    F
    There are details here on the content of the LCDd.conf file. You can do some manual edits and see how it goes: CwLnx-howto Double check the KeyMap(s) and try to line them up with the script above. You might have to run the script alone to double check the mapping. It looks like this iBase device did not implement the same keypad mapping as the Cwlinux device. Also check the [server] and [menu] sections. The keypad should let you navigate the built-in menu system and manually change the backlight and a few other options. Best of luck, keep us posted.
  • cyber7C

    SquidGUARD - Need to block HTTPS mp3 downloads…

    2
    0 Votes
    2 Posts
    997 Views
    A
    If SSL inspection is not a feasible option for your organization, you can block traffic to sites that use HTTPS connections through: Using a Global HTTPS Block: You can globally block access to HTTPS sites in predefined or custom URL categories for all the configured locations.
  • M

    Offline Package Management

    5
    0 Votes
    5 Posts
    2k Views
    M
    To help anyone else doing this, I suggest downloading the entire contents of https://files00.netgate.com/pfSense_v2_4_4_amd64-pfSense_v2_4_4/All/ as it's only 400~Mb and copying it onto your pfsense appliance. When you run pkg add blah.txz it'll automatically install the dependancies required from the same directory. I've noticed that the packages installed aren't showing up in the GUI or apparently running (open-vm-tools) but I've made a seperate topic: https://forum.netgate.com/topic/145351/cli-installed-pfsense-packages-not-showing-up-in-gui
  • J

    telegraf GROK pattern matching issues

    1
    0 Votes
    1 Posts
    950 Views
    No one has replied
  • M

    NUT (or APCUPSD): Connect QNAP NAS as slave

    5
    0 Votes
    5 Posts
    11k Views
    C
    @mike69 said in NUT (or APCUPSD): Connect QNAP NAS as slave: Uuuh, you exhume an old thread. :) @Cino said in NUT (or APCUPSD): Connect QNAP NAS as slave: Now to find the setting/config file on the QNAP NAS so I can change the UPS name to something other than "qnapups" After an Update, QNAP overwrite the custom configs. It`s better to use the default values of QNAP. I try not to reply to old/stale threads but being this one was a how-to. It made sense too. You are right about the settings would get overwritten after an update. My OCD doesn't like the name tho.. lol. Maybe someday QNAP will allow that setting to be user-configurable.
  • dennypageD

    LLDP daemon package

    21
    0 Votes
    21 Posts
    7k Views
    C
    Yes I mean of pfsense. That’s why I have installed the packages lldpd on pfsense. And if I connect a fluke network analyzer at the ports of pfsense, I don't get VLAN information anywhere.
  • ?

    Enabling smartd in regular pfsense

    8
    0 Votes
    8 Posts
    3k Views
    jimpJ
    Don't install an MTA on the firewall. If you install the arpwatch package, it comes with a small script which pretends to be sendmail so it can send mail using the pfSense notification settings.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.