Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packages wishlist?

    Scheduled Pinned Locked Moved pfSense Packages
    661 Posts 384 Posters 1.5m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Deadpool
      last edited by

      +1 for privoxy

      1 Reply Last reply Reply Quote 0
      • S
        sektor
        last edited by

        @heimdalx:

        My wish is very simple . . .  fail2ban or equivalent.  Where I could setup arguments to scan the logs and modify firewall rules based off those.

        Currently running fail2ban on many downstream devices paired with IPtables and it works great.  It would be nice to have the package scan remote logs as well; for instance, scan Apache logs and make changes at the firewall when an attack is happening.

        +1 for this as well I think this is a really good idea.

        1 Reply Last reply Reply Quote 0
        • S
          sektor
          last edited by

          @hornetx11:

          @Tom7141:

          @planetinse:

          Updated Postfix please :)

          • 1 for this
          • 1 for this too

          +1 for this as well as instructions for a backup MX

          1 Reply Last reply Reply Quote 0
          • S
            sektor
            last edited by

            @biggsy:

            An updated postfix package isn't going to happen.  That was announced on GitHub.

            What I resorted to was creating a new FreeBSD VM and installing postfix on that - as suggested in the postfix thread.

            When that was working I put fail2ban on there as well.  I'd often thought about using those two together.  fail2ban updated a local pf table to block the spammers but I wasn't happy with the spammers getting past pfSense to the postfix/fail2ban server.

            Then I found that I could have fail2ban call OpenBGPD to update an alias table on pfSense.  A feedback loop.  Who knows why the authors of OpenBGPD put that feature in but I'm sure glad they did.

            In the end it's a better solution than postfix on pfSense but it was far from a trivial exercise for me  ;)

            Could you share how you did this because I currently run fail2ban on my sme server, but am interested in setting up a backup mx and thought I could do it with pfsense, but your way doesn't seem too bad especially being you are passing the rules to pfsense.

            1 Reply Last reply Reply Quote 0
            • P
              pwilliz
              last edited by

              I would like to see an MQTT broker like https://mosquitto.org/ (sonething that handles local MQTT) available in pfSense.

              Reason is that there are many scenarios where IOT devices need to be run locally and not in the cloud.

              I am currently working on such a product.

              Currently we need the consumer to buy a Micro Appliance device running pfSense and then a separate hub to manage MQTT. But MQTT is all about packets, security and network management so putting this on the pfSense device means one less device to manage and better packaging and safety for the consumer.

              1 Reply Last reply Reply Quote 1
              • L
                lindsay
                last edited by

                @oben:

                The big ones for me are:

                privoxy  - a configurable http proxy - ad blocker

                tor  - needs no expl.

                dante  - a SOCKS proxy

                I have compiled this on a ubuntu box with proxHTTPS proxy
                This means it can filter https sites, and use onion network
                But there is a but :)
                As firefox can use it`s own proxy it is easy to point to the box,but for the whole network to redirect traffic to that box (80,443) i can not figure out (eighter by NAT or by squid (external)

                Fiberline 500/500Mbps
                Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan
                  last edited by

                  Hi all,

                  I don't know if it was already mentioned  before, but I just realized something is missing.

                  This should be a package, or be build into pfSense :

                  • Do nothing (the default).

                  • Notify in the GUI and/or by mail the presence of an upgrade of an installed package.

                  • Or, why not : a notification a not-installed package has been upgraded.

                  • And while where at it : a notification a new package is made available - or a package was removed.

                  Probably some support on the other side will be needed - the presence of a xml file with the current state of all package, maintained by the "pfSense build engine".
                  The first two possibilities could be handled by pfSense right now, as it actually already does : the Packages widget does a good job although not very visible (the yellow marker).

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • M
                    mwelters
                    last edited by

                    Hi,

                    +1 for mqtt broker

                    and:

                    For kvm virtualised pfSenselike we have in Open-VM-Tools for VmWare: (debian package Name): qemu-guest-agent

                    Markus

                    1 Reply Last reply Reply Quote 0
                    • C
                      cplmayo
                      last edited by

                      @tdi:

                      Filebeat - https://www.elastic.co/products/beats/filebeat.

                      Anyone working on this?

                      @robertfranz:

                      @tdi:

                      Filebeat - https://www.elastic.co/products/beats/filebeat.

                      Anyone working on this?

                      I though at one time that I wanted this too.

                      Just now getting back to working on my Elk stack, and I'm not really sure what it would do for us that syslog-ng won't do already, as syslog-ng answers the issues of udp transport by offering tcp.

                      We still have to parse the log entries to put them into a form we find useful.

                      Was there some other factor I'm now forgetting?

                      @AR15USR:

                      Another vote for Filebeat.

                      Need it to ship the Snort log file to my ELK machine..

                      I would like to see filebeat as well. There is a FreeBSD package for filebeat that can be installed however having an approved package with GUI configuration options would be superior and could be backed up using the built-in backup feature.

                      For integrating with ELK filebeat is suprior to trying to make syslog properly output to logstash and filter everything. Additionally using TCP and monitoring specified files we know that everything is properly captured and shipped to our collector.

                      1 Reply Last reply Reply Quote 0
                      • H
                        HawkinsTheWizard
                        last edited by

                        ClamAV is on 0.99.2  there is already 0.99.4 and 1.00 that seems a whole lot better.  shouldn't upgrading the engine be a priority security update?

                        1 Reply Last reply Reply Quote 0
                        • J
                          jawz101
                          last edited by

                          I'd like to see this as well.

                          1 Reply Last reply Reply Quote 0
                          • G
                            G
                            last edited by

                            Hi all!

                            Security: I wish to see way less bruteforce attacks on my systems.

                            Automatic blacklisting of IP's hitting on an expressely opened set of standard ports that are really not belonging to our protected systems rather are specifical bait to the standard port scanners.

                            I believe this is the concept of Honeypot and Guerrilla package seems to do that just fine just it isn't integrated in pfSense.

                            Any implementation of such a smart system on pfSense (of course automatically freeing up ports present in rules)?

                            Best

                            1 Reply Last reply Reply Quote 0
                            • J
                              juppin
                              last edited by

                              WireGuard VPN

                              It was freshly ported to FreeBSD in may 2018.

                              Better performance than OpenVPN and easy to configure.

                              https://www.wireguard.com/
                              https://www.freshports.org/net/wireguard/
                              https://lists.freebsd.org/pipermail/freebsd-ports/2018-May/113434.html

                              jimpJ 1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate @juppin
                                last edited by

                                @juppin said in Packages wishlist?:

                                WireGuard VPN

                                It was freshly ported to FreeBSD in may 2018.

                                Better performance than OpenVPN and easy to configure.

                                This does not inspire confidence:

                                About The Project
                                Work in Progress

                                WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.

                                However, if you're interested in helping out, we could really use your help and we readily welcome any form of feedback and review. There's currently quite a bit of work to do on the project todo list, and the more folks testing this out, the better.

                                So maybe in the future when it's stable and proven to be secure. Performance means very little if it is insecure.

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 1
                                • M
                                  msf2000
                                  last edited by

                                  How about a simple package to control the LED's on the front of some NetGate hardware devices? I.e., Gateway status lights, update available, etc.

                                  1 Reply Last reply Reply Quote 2
                                  • C
                                    CuteBoi
                                    last edited by

                                    Can node and www/npm be added to the list?

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      dgall
                                      last edited by dgall

                                      I package with a simple way to block facebook.com and all facebook apps with one click. Facebook is a huge problem with businesses and schools and it keeps getting brought up but nothing has ever been done to make a quick fix for blocking facebook.

                                      NogBadTheBadN 1 Reply Last reply Reply Quote 0
                                      • NogBadTheBadN
                                        NogBadTheBad @dgall
                                        last edited by NogBadTheBad

                                        @dgall said in Packages wishlist?:

                                        I package with a simple way to block facebook.com and all facebook apps with one click. Facebook is a huge problem with businesses and schools and it keeps getting brought up but nothing has ever been done to make a quick fix for blocking facebook.

                                        Snort & Snort OPENAPPI Rules ?

                                        pfBlockerNG & block by Facebook ASN?

                                        Andy

                                        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                                        D 1 Reply Last reply Reply Quote 1
                                        • D
                                          dgall @NogBadTheBad
                                          last edited by

                                          @nogbadthebad The best solution I have found is using a site like https://github.com/StevenBlack/hosts and making a dnsbl rule it works better for me then shallalist and less resources.

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            alpha417
                                            last edited by

                                            a simple package to display a website in an iframe (or whatever) on the dashboard? (already can display pictures, right?)

                                            example;

                                            Upstream of pfSense 2.4.4 box is an Arris Surfboard SB69xx, display the generic info page of the Arris SB so logging into the dashboard gives cursory view of SB status, helps rapid determination of upstream/downstream indicators w/o walking down into basement to look, or remembering which uncommon subnet address cablemodem/DSL/ONT is

                                            . Does not need to log in to get info, can click on page to open link into new tab/window.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.