1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    580 Posts
    T
    @Gertjan Thanks. This is a compiled binary the tailscale vpn network mesh using wireguard. So this is s definite no then.

  • Discussions about WireGuard

    692 Topics
    4k Posts
    F
    Hi, about 2 years ago I tried to setup a site-2-site VPN with WG between pfSense and a Fritzbox. But due the to weird Fritzbox WG implementation I dismissed that after several fails and continued to use IPsec. Now I have a new site with a new Fritzbox and again I am trying to setup WG. But I stuck at one point: as far as I remember during my trials 2 years ago, I was able to use for both tunnels the same interface assignment: [image: 1754322720877-dba32db1-75fa-4d24-9d50-d78ee39f8caa-grafik.png] But now I cant set the VPNWG on tun_wg1 too, no chance. Do I remembering wrong? Or was there change in pfSense/WG package? Regards
Log in to post
Load new posts
  • M

    Snort: Failing messages - FATAL ERROR: Failed to Lock PID

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    M
    Good to know; Thank you Cino!
  • W

    Ntop

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    If they both installed the exact same version of perl, it wouldn't be removed. You may have installed them at different times so they installed different (conflicting) versions of perl, so it took out one without realizing it was taking out the other. In the future we are working to completely isolate the packages and their dependencies from one another so they can't impact the base system or each other in that way, but it won't be happening for 2.0.
  • L

    Urlfilter

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    The blacklists are not likely to work at all on NanoBSD. They are gone because /var is a RAM disk so it will be gone at reboot. The squidGuard package isn't coded to support them in that scenario.
  • N

    Squid slow to only some website…

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    N
    well… I saw it was fast on my tablet... so It was related to my PC. I uninstalled BitDefender 2012... and tada! So... I will open a case at BitDefender. Thanks for the trick anyway! :)
  • A

    # pkg_add -r softflowd //File unavailable (e.g., file not found, no access)

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    A
    That did it ! Thanks Jim.
  • H

    How to Proxy only 1 of 2 Lan Intranets Connected to PFSense Firewall

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    H
    Thanks for your help. I didn't realize you could control select in the proxy interface box. Thank you guys. Legends.  8)
  • T

    ? for pfsense Developers

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    No. All you know is the IP from the firewall log - at best you can guess the country with something like GeoIP but it's just a guess - you cannot get the URL unless you luck out and find that the IP actually reverse resolves to something meaningful. Many sites are hosted as virtual hosts, so there are 10, 100, 1000 "URLs" on a single IP address. The only way to know the URL is to sniff/proxy the traffic. You cannot get that from the IP. To do reverse DNS on the entire firewall log would take far too long to be practical, even just the part shown in the GUI. There is already a link (a little i) that will take you to Diagnostics > DNS with that IP if you really want to do a reverse lookup.
  • P

    Intercepting HTTPS Proxy

    Locked
    4
    0 Votes
    4 Posts
    7k Views
    jimpJ
    There are very hackish ways to hijack ssl but it involves installing a certificate on the client machine, which essentially completely breaks the trust of SSL in such a way to make it useless. (There are also rumors that China/FBI/NSA/CIA/etc have "special" trusted CA certs on sniffer devices that essentially do the same… but I haven't seen any real evidence, though it is a fun theory) If you don't control the clients, you can't transparently proxy ssl. If you do control the clients, you're much better off doing as Nachtfalke suggested and hard coding the proxy information on the clients. Then you don't need to hack anything or install any certificates.
  • K

    Squid, squid guard

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Z

    [Unbound]Error in system log after upgrading

    Locked
    12
    0 Votes
    12 Posts
    5k Views
    Z
    It should be no problem. I have installed the latest version. thanks for your quick help~~:)))
  • C

    Squidguard advanced source ACL ldap group lookup

    Locked
    3
    0 Votes
    3 Posts
    16k Views
    C
    Thanks for the response. Yes, that is correct, I want the user to be required to authenticate only if they try to go to a restricted site. For example, if a user navigates to http://someSiteThatIsRestricted.com it would prompt for a user name and password. If they are in a group in Active Directory that is allowed to go to that site it will of course let them otherwise they are redirected to a block page that tells them the reason. Thanks for the link. I have looked at that before but how do you do that in pfSense? I'm running a separate install to test with so I want to know how to do it even if it is not as secure and then I can decide whether to use a dedicated proxy instead of using pfsense for that. It is nice to be able to add functionality to pfSense through the packages because that allows for a more secure setup by default and the flexibility to customize it to fit almost any environment.
  • P

    Lightsquid users name

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    Talking to a 2008 r2 box, if it's been configured in a domain with 2008 functionality is a no go for this. You get the warning during the promotion of the server to DC that it will break lots of open source stuff. Also if Squid is in transparent mode it's a no go. So what's your domain functionality set to? Are your users authenticating to Squid and if so what method are you using i.e NTLM How many users are we talking about?
  • F

    Help Me!! I need block download for extensions HTTP , FTP AND….

    Locked
    13
    0 Votes
    13 Posts
    9k Views
    F
    Steve thanks for the help As you know the squid3 not confirmed! The lock so I could do for l7. About UltraSurf had already read that document but so far the only way I found to be successful in blocking was blocking all networks. 99.224.0.0/11 63.241.6.64/28 63.242.0.0/16 63.240.0.0/15 218.168.0.0/16 125.176.0.0/12 122.118.0.0/16 69.64.144.0/20 211.109.128.0/24 59.120.0.0/14 59.112.0.0/13 97.112.0.0/13 71.192.0.0/12 219.137.112.224/27 203.112.80.0/20 162.138.0.0/16 170.201.0.0/16 156.40.0.0/16 61.224.0.0/14 61.220.0.0/14 59.120.0.0/14 59.112.0.0/13 220.136.0.0/13 220.132.0.0/14 220.130.0.0/15 220.129.0.0/16 118.168.0.0/16 122.120.0.0/13 118.168.0.0/16 122.120.0.0/13 71.208.0.0/12 61.231.0.0/16 218.160.0.0/16 61.62.74.0/24 72.25.64.0/18 66.245.192.0/18 64.62.138.0/25 64.62.128.0/17 125.224.0.0/13 Work but is not an efficient method because tomorrow there may be a new network.
  • F

    Block url that contain some text with lightsquid

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    Lightsquid doesn't block, it just reports. SquidGuard is probably what you want, but it can't filter based on the text in the page, just the text in the URL itself. If you search the forum for SquidGuard you will probably find more useful information.
  • M

    Specific rules cause snort not to run.

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    A
    How would one recompile a the zlib library from the Web Configurator? If it has to be done via command line, what is the pkg_add command that would do this?  ???
  • R

    IMspector not logging Gtalk chats. Please help!

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • T

    Dvserg P3Scan

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • T

    Chown -R -v havp Errors

    Locked
    9
    0 Votes
    9 Posts
    10k Views
    H
    @bluinside: Waiting for a bugfix… I have found this solution: make user "havp" (any password, I used "havp") using pfSense "User manager" from System menu than reboot and look into syslog. The error shuold be gone and the two Havp services should correctly start. :) Did this correct the issue?
  • C

    Snort Rules Download - 1.2.3

    Locked
    12
    0 Votes
    12 Posts
    7k Views
    H
    @compucoder: I bit the bullet and upgraded to 2.0 RC3 last night. So far it is working perfectly. Every feature I used in Snort before works. The updater works properly now too. I just did the 2.0 upgrade and it is using whichever version of Snort it had before and it all seems to be working fine. So far 2.0 seems like a good route to take. Have you looked at SNORT to see whats running, I have had an issue with SNORT not starting and refuseing to start doing it manually. I have tried reinstalling and uninstalling so far no go. I thing there is a bug with 2.0 RC3 and SNORT, also have had an issue with HAVP anti virus hanging the system. After hours of working with them, I removed both and all issues went away.
  • D

    Lightsquid with 2.0 RC3 - not showing anything - "SOLVED"

    Locked
    8
    0 Votes
    8 Posts
    11k Views
    P
    @jimp: pkg_delete -f perl-5.12.3, then reinstall the lightsquid package. i did that and reinstalled got same error i noticed that there is 3 version of perl loaded do i have to delete all of them perl-5.10.1_1      Practical Extraction and Report Language perl-5.12.3        Practical Extraction and Report Language perl-5.12.4        Practical Extraction and Report Language
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.