1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    D
    Retested on 24.11-RELEASE (amd64) all seems to work. So it seems right to file a bug for this issue.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    cyb3rtr0nianC
    @rlrobs Yes it’s still working fine here.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    K
    @pulsartiger The database name is vnstat.db and its location is under /var/db/vnstat. With "Backup Files/Dir" we are able to do backup or also with a cron.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    M
    I resolved this by accepting the T+Cs via https://www.maxmind.com/en/accounts/1205389/geolite2/eula

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    493 Topics
    3k Posts
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    J
    @div444 i'm finding the same - did you find a solution or did reverting fix it? Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it

  • Discussions about the Tailscale package

    90 Topics
    578 Posts
    T
    Re: How to update to the latest Tailscale version? I am on latest released Netgate 6100 pfSense PLUS v24 ( pfSense_plus-v24_11_amd64-pfSense_plus_v24_11 ) pkg config abi FreeBSD:15:amd64 pkg -vv | grep -A 3 "pfSense:" pfSense: { url : "pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_11_amd64-pfSense_plus_v24_11", enabled : yes, priority : 0, cat /usr/local/etc/pkg.conf ABI=FreeBSD:15:amd64 ALTABI=freebsd:15:x86:64 PKG_ENV { SSL_CA_CERT_FILE=/etc/ssl/netgate-ca.pem SSL_CLIENT_CERT_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-cert.pem SSL_CLIENT_KEY_FILE=/usr/local/etc/pfSense/pkg/repos/pfSense-repo-0001-key.pem } This firewall is obviously running on FreeBSD 15 no longer on 14. But can I use the freshports link for FreeBSD 14 amd64 quarterly which is at tailscale 1.86.2 or can I only go up to version tailscale 1.84.2_1, and need to wait until they have a version of tailscale 1.86.2 or higher for the FreeBSD 15? Would it be good enough to tell it to ignore the OSVERSION? export IGNORE_OSVERSION=yes Note: use of 14 and not 15 ? pkg add https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly/All/tailscale-1.86.2.pkg service tailscaled restart tailscale up

  • Discussions about WireGuard

    690 Topics
    4k Posts
    J
    I've read through some other posts about this, but they either didn't say whether the proposed solution worked or they were very convoluted and difficult to understand. Here is our scenario: We have 6 locations--Las Cruces (LC), Sunland Park (SP), El Paso (EP), Abilene (ABI), Fort Worth (FW), and Plano (PL). LC and ABI have software that is accessed by the other 4 locations via VPN. There are WireGuard VPNs set up between LC and those 4 locations (SP, EP, FW, PL), and ABI and those 4 locations (SP, EP, FW, PL). There is also a WireGuard VPN connection between LC and ABI. LC and ABI have 2 internet connections. SP, EP, FW, and PL each have one internet connection. If the primary internet connection goes down at either LC or ABI and failover occurs to the secondary internet connection, is there a way to set up the WireGuard VPN connections so that they also failover without purchasing some 3rd party application? Thanks.
Log in to post
Load new posts
  • F

    LDAP with Squid

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    Typically options such as LDAP support that create added dependencies on fairly 'heavyweight' libraries are disabled by default in FreeBSD ports - and are therefore disabled in the FreeBSD package. This is to avoid pulling in a load of unnecessary baggage that many will not use, also there are at least four options for the OpenLDAP client libraries (2.3 or 2.4; in either case with or without SASL). The www/squid30 port does have an LDAP option that you can set, but you'll need a FreeBSD box (or virtual machine) to build a suitable package, and you're on your own so far as getting the LDAP features going in pfSense.
  • D

    Squid and "Do not cache" option

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    ?
    In squid < 3.0, you want the no_cache directive. Usage  no_cache deny|allow aclname Description A list of ACL elements, which, if matched, cause the reply to be immediately, removed from the cache. In other words, use this to force certain objects to never be cached. Default acl QUERY urlpath_regex cgi-bin ? no_cache deny QUERY The word 'DENY' is to indicate the ACL names, which should NOT be cached Example acl DENYPAGE urlpath_regex Servlet no_cache deny DENYPAGE The DENYPAGE acl assures that the url containing Servlet will NOT be cached.
  • J

    Spamd listening port?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    J
    And thus my spam increase issue thanks to comcast blocking 25 both ways.  Thanks for the info.
  • J

    Flush/Clear SQUID Cache.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    [p3scan] Target ip error!

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    N
    @NicolaPaone: @ron: firewall, It will be a few days possibly, but I'll put together a new update to the p3scan package shortly that fixes your issue.  I got approval from the original pfSense package maintainer to take over the maintainership, and I've been working on an update to the package.  The issue you are seeing is that the original p3scan-pf port does not correctly account for the packet redirect when using the PF redirection (i.e. the code doesn't look up the original sender IP address correctly in the TCP packet when using it in transparent mode, and it then sees itself as the original packer sender which loops).  The issue has nothing to do with the pfSense package, and is a bug in the base p3scan port to FreeBSD.  I have fixed it and have it working on one of my systems now.  I just need some time to get the patches together. I also have an update to the ClamAV pfSense package coming too that goes with this for AV scanning.  I'll have to get someone in the coreteam to post the updates when they are ready. Regards, Ron Hello everyone, I too found the bugs in question … I even tried to compile the package p3scan, but nothing ... Under linux (debian), no problem ... everything works the first blow. I believe both bugs p3scan for BSD. If I may give you a hand, I'm happy to collaborate with you. Let me know .... @Ron news???
  • C

    IMSpector: Whitelist full access not working for MSN

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Changing ftp local packages???

    Locked
    15
    0 Votes
    15 Posts
    16k Views
    X
    I don't know what dependancies exist with my pb so which command is dangerous ?
  • C

    Does IMSpector in Pfsense supports to mail out the LOG ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    You would have to write a shell script. If using file logging the logs would be stored in /var/imspector
  • P

    Snort memory leak ?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P
    You were right, the first time I increased memory I did not add enough Finally, I add 400M Memory and is working fine now, thanks for your help
  • X

    Can't install WGET package (or other one)

    Locked
    11
    0 Votes
    11 Posts
    15k Views
    X
    In the beginning I want to correct my problem starting, because I can not install any package. (I am not against the use of fetch)
  • B

    LightSquid Configuration / DNS Name Issues

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    D
    Check working with 'Demo  - return AUTHNAME, else DNSNAME, else IP  ' But any changing 'IP resolve method (future)' option take effect for new refreshing.
  • E

    Squid configuration

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC
    (This belongs in the Packages forum) Yes, there is a GUI - try installing Squid and have a look.
  • F

    Browse with our without proxy settings

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    I think this is the awnser: As you can see, pressing reload in Netscape (and some other browsers) doesn't simply re-fetch the page, it forces the cache not to serve the cached page. Many people doing tests of how the cache increases performance simply press reload, and believe that there has been no change in speed. The cache is, in fact, re-downloading the page from the origin server, so a speed increase is impossible. To test the cache properly you need two machines setup to access the cache, and a page that does not contain do not cache me headers. Pages that use ASP often include headers that force Squid not to cache the page, even if the authors are not aware of it's implications. So, to test the cache, choose a site that is off your local network (for a marked change, choose one in a different country) and access it from the first machine. Once it has download, change to the second machine and re-download the page. Once the page has downloaded there, check that the page is marked as a 'HIT' (in the file called access.log - the basics of which are covered earlier in this book). If the second accesses were marked as misses, it is probably because the origin server is asking Squid not to cache the page. Try a different page and see difference the cache makes to browsing speed. Many people are looking for an increase in performance on problem pages, since this is when people believe that they are getting the short end of the stick. If you choose a site that is too close, you may only be able to see a difference in the speed in the transaction-time field of the access.log.
  • J

    Squid working?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    F
    I've the same thing. When I go to sites were are pictures to download with a slideshow, and I go back to the same URL, it seems that the pictures are not comming from the proxy but directly from the internet. Can this be a bug?
  • D

    SquidGuard update

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    D
    @Monoecus: I noticed one typo in the explanations above the blacklist sections: 4-all rule('allow' ro 'deny') should be an 'or' right? Besides, I saw that the Shallalist has been updated with new categories. Thanks must be "4-all rule('allow' or 'deny')" About Shallalist - this not my work  ???.
  • S

    New version of snort

    Locked
    12
    0 Votes
    12 Posts
    6k Views
    J
    Did you guys figure this out? I'm getting the same error now. It happens while snort is loading the rules, right after startup.
  • G

    SQUID 2.6.18.1 / cannot browse specific pages ?

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    G
    Coming back to the reply of "Perry" Also i can confirm the problem http://www.squid-cache.org/bugs/show_bug.cgi?id=2342 Collected the data and as fare what i can see it is a http 1.0 / http 1.1 problem (Attach doc's) Is the http 1.0 / http 1.1 problem caused by the server or by SQUID or by PFSense I have to apologize but I am not a network specialist and do use SQUID somehow as "blackbox" regards Günther
  • B

    HOWTO : configure freeradius

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    What are you wanting to do with FreeRADIUS? Are you trying to do something with the pfSense captive portal, or are you wanting to use it for wireless network authentication? There's many ways to configure FreeRADIUS - but only you know what you want to do. I don't use FreeRADIUS on pfSense, but I do maintain the FreeRADIUS packages for FreeBSD (which, amongst other things, underpins FreeRADIUS on pfSense) and I use FreeRADIUS on one of my FreeBSD servers. When I get the time, I will try to set up the pfSense FreeRADIUS package to see what it can do - but I have so many things to be getting on with at present.
  • M

    Manual download of Snort rules

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    Ah well, thanks. :-) I'll try Snort on some better hardware.
  • M

    Transparent bridge mode to DMZ, and NAT to private LAN, and Snort?

    Locked
    2
    0 Votes
    2 Posts
    7k Views
    M
    Well, I've got pfSense bridging the WAN to the DMZ whilst NATting the Private LAN. So far so good. I'm trying to get Snort working now. I must say that pfSense is an excellent firewall; it is remarkably flexible and has a vast range of configuration options. Well done!!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.