No. This is just how it is for https connections.

@grimson Thanks! Didn't know about that widget... I've added it to my dashboard :)

Some sort of built-in alerting would be good though. I just found this custom script another user wrote to alert on available system and package updates https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts

@jimp said in OpenBGPd not able to use prefix-set:

I can't remember if support for that is in FRR, but OpenBGPD is pretty much a dead end these days on FreeBSD (and especially pfSense). More than likely what you want to do can be done without much more effort on FRR.

Thanks for the suggestions, I am new to FRR and looks really interesting, will for sure explore this in testing and see if we can make the transition.

@biggsy said in OpenBGPd not able to use prefix-set:

From what I can find prefix-set was introduced with OpenBSD 6.3 (released in April 2018). The FreeBSD version is old compared to the one in OpenBSD.

Seem you are correct and that OpenBGPd on freebsd is far outdated and without the new prefix-set features :(

@nogbadthebad said in i need something like fail2ban do on linux on pfsense or backend servers:

e the backend servers running any form of BSD, look here if they are:-

thanks for reply!

The doc I'm linking is for upgrade troubleshooting but since upgrades and packages both use the same mechanism to pull info, this section is relevant to figuring out why you can't see packages, too:

https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#force-pkg-metadata-update

@stephenw10 said in LCDProc multiple instances after packages restart:

Steve

I will give it a try.. Thanks Much Steve!!

Fabricio.

@marcelloc

Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:

MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731

Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.

Runas user on MailScanner.conf and clamd.conf is postfix.

Also mailscanner logs display syntax errors:

Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.

Please Help.

@marcelloc

Hello, Marcelo:

Do you know how to install SARG in
Hello, Marcelo:

Do you know how to install SARG in pfsense 2.4.4, FreeBSD 11.2-RELEASE-p3 ?

Thanks,
Yosvany

You must have a valid Oinkcode subscription code. You can have either a free registered code or a paid subscription code. You must obtain the code from the Snort.org web site.

Next, if you are running any type of RAM disk configuration on your firewall, make sure you have at least 256 MB of free space in the /tmp directory (and preferably up to 512 MB free). Snort needs available free disk space to download the rules tarballs and unpack them during the update process. Running out of space on /tmp will cause all kinds of weird errors. Look at the pfSense system log to see if any errors show up there related to disk space.

P.S. -- the only way to tell if disk space was an issue is to review the system log. When the update process finishes (either successfully or with a failure), it will clean up behind itself and delete the files and sub-directories it created in /tmp. So simply looking at the dashboard disk space widget will not reveal the problem.

@pipetennathan said in Secure logging to external server:

Incase anyone else is stuck on this, I found the solution.

Posted it here:

https://forum.netgate.com/topic/136998/how-to-send-snort-alert-logs-to-graylog-without-barnyard2/6

This is a great solution as Barnyard2 has not been well supported in recent years by its developer. You could almost call it "dead" in a manner of speaking. It is likely that at some point down the road Barnyard2 will be pulled from the Snort and Suricata packages.

@rango said in Snort blocking all torrents:

I can try to disable Auto flow bit rule. Is it as easy as disable by the rule itself?

My hardware has nothing to do with it. It's 2.4Ghz Quad core intel i5 processor with 4gb of ram able to run encryption at ~300Mbps. Without snort package it runs correct. It's snort component do it but since p2p and policy is not enabled i'm puzzled what rule or which component is doing this.

If an additional auto-flowbit rule is alerting, it will show up on the ALERTS tab. But note that when in blocking mode, every Snort alert results in a corresponding block of the IP address unless that IP is in a Pass List. And a block will not "slow down" traffic, it will completely stop it. So I continue to be puzzled by your statement that Snort "slows down bandwidth to a few kb/sec". If Snort rule blocks are the issue, the traffic would completely stop: not just slow down.

I was confused on how to do this so after I figured it out I thought I would share.

Click Services, Snort
Edit the non functional snort interface e
Click %Interface% Rules
Click the drop down for Category: and choose GPLv2_community.rules
Wait for it to load and disable x Sid: 49090 SERVER-SAMBA at the bottom of the page
Save & Apply
Then back on the Snort Interfaces tab you should now be able to start x snort on the Interface

Rico,

Thanks a million. I had to install a fresh install of 2.4.4 and restore the 2.4.2 config file from the GUI. It took a little while but everything is up and running.

Thank you again for your time and assistance!
Tom

No Ideas? :(