Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding extra repo for easy install 3rd party tool (like smokeping, zsh, BpyTop, LibreNMS...)

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Sergei_ShablovskyS
      Sergei_Shablovsky
      last edited by Sergei_Shablovsky

      Dear pfSense Gurus !

      How to add one of external repo for easy installing thru CLI (for example by pkg install package_name in pfSense shell) common 3rd party tools like ZSH, BpyTop, SmokePing from what I may find on FreshPorts ?

      Because if packet have 1-2 dependences - that's easy, but when are 5-20 dependences - this is tooo much for me :)

      —
      CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
      Help Ukraine to resist, save civilians people’s lives !
      (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Sergei_Shablovsky
        last edited by johnpoz

        This is not really something I would suggest anyone do.. Installing 3rd party tools on your "firewall" not a very good idea.. The only thing that should be on your firewall is stuff approved by the maker and maintainer of said firewall.

        Sure you "can" install one off ports from freebsd - its not a good idea from a security or stability point of view.. If there is something you want to run/use - do that on something other than your "firewall"

        If there is something you "want" to be available - put in a request, pfsense has in the past added packages to their repo.. But in this way there has been some form of vetting that has happened where the maintainers believe that said package does not interfere with operation or lower security, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        Sergei_ShablovskyS 1 Reply Last reply Reply Quote 2
        • Sergei_ShablovskyS
          Sergei_Shablovsky @johnpoz
          last edited by Sergei_Shablovsky

          @johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):

          This is not really something I would suggest anyone do.. Installing 3rd party tools on your "firewall" not a very good idea.. The only thing that should be on your firewall is stuff approved by the maker and maintainer of said firewall.

          Sure you "can" install one off ports from freebsd - its not a good idea from a security or stability point of view.. If there is something you want to run/use - do that on something other than your "firewall"

          Thank You for Your opinion!

          In general, I STRONGLY AGREE WITH YOU about risk of creating unstable environment for all system, creating potential security breach hole, etc...

          And I understand the NetGate about not creating the situation when not 3rd party packages with security issues, etc impact on whole user experience about pfSense as stable product.

          If there is something you "want" to be available - put in a request, pfsense has in the past added packages to their repo.. But in this way there has been some form of vetting that has happened where the maintainers believe that said package does not interfere with operation or lower security, etc.

          BUT please look from my side: for example ZSH, SmokePing (and LibreNMS also) have very strong good reputation and developed by tears, and most important - they have millions of installs that confirm that this packages are well programmed and stable in many different environments.

          P.S. The SmokePing writes by Tobias Oetiker, the author of RRD tool. I hope most of network engineers and SysAdmins respect him and sure about quality of his work.
          So, if RRD exist on pfSense, NetGate trust the quality of Tobias Oetiker work ?

          So my question are how to technically adding repo ?

          —
          CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
          Help Ukraine to resist, save civilians people’s lives !
          (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

          1 Reply Last reply Reply Quote 0
          • Sergei_ShablovskyS
            Sergei_Shablovsky
            last edited by Sergei_Shablovsky

            Search are cool :)
            I find the solution, this "workaround'

            https://forum.netgate.com/topic/98082/2-3-how-to-install-other-freebsd-packages-repositories/17

            https://forum.netgate.com/topic/97731/freebsd-packages-on-2-3rc/11

            https://forum.netgate.com/topic/97553/pfsense-2-3-on-xen-server

            As I may see some of requested packs in 2016 are recently added :)

            —
            CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
            Help Ukraine to resist, save civilians people’s lives !
            (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              It's documented here: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html

              But, as it says there, you really shouldn't do it.

              If you have something with 20 dependencies it's pulling in if just one of those is something we have a custom version of in pfSense that will overwrite it and potentially break the firewall.

              Steve

              johnpozJ Sergei_ShablovskyS 2 Replies Last reply Reply Quote 1
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @stephenw10
                last edited by

                There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.

                But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..

                If you have some rocketship of a box running pfsense - and you want to leverage some of its horse power for other things - then run pfsense as a VM on it.. Then you can run whatever you want in other VMs on the host and not have to worry about messing with your firewall OS stability or security, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                Sergei_ShablovskyS 2 Replies Last reply Reply Quote 1
                • Sergei_ShablovskyS
                  Sergei_Shablovsky @stephenw10
                  last edited by

                  @stephenw10 said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):

                  It's documented here: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html

                  But, as it says there, you really shouldn't do it.

                  If you have something with 20 dependencies it's pulling in if just one of those is something we have a custom version of in pfSense that will overwrite it and potentially break the firewall.

                  Steve

                  Thank You Steve, I just forgot about official docs... 🙄

                  —
                  CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
                  Help Ukraine to resist, save civilians people’s lives !
                  (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

                  1 Reply Last reply Reply Quote 0
                  • Sergei_ShablovskyS
                    Sergei_Shablovsky @johnpoz
                    last edited by Sergei_Shablovsky

                    @johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):

                    There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.

                    But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..

                    Again one time: I STRONGLY AGREE WITH YOU and say the same fo my clients each time.

                    I just use
                    nano + zsh = easy operate from local & remote VGA / ssh console
                    [UPDATE] nano must be replaced by better choice micro (a lot of plugins, code highlighting, file manager plugin,...)
                    bpytop = easy on-screen monitoring from local & remote VGA / ssh console + having a saved screenshot as a pre-failure system state snapshot in BMC controller (this is advantage of brandname servers like IBM, Dell, HP, Fujitsu against of cheaper SOHO desktops or most of Microstar, Lanner, etc...)
                    [UPDATE] bpytop replaced by its new version btop
                    SmokePing = monitoring of MAIN UPLINKS (ie WANs)

                    And of course LibreNMS as a BIG and complexity SNMP monitoring system - is not to be placed on pfSense or other FW. I wrote it as example of very well written piece of software...
                    Need to be placed on SEPARATE standalone server with a 1Geth as minimum...

                    —
                    CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
                    Help Ukraine to resist, save civilians people’s lives !
                    (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

                    1 Reply Last reply Reply Quote 0
                    • Sergei_ShablovskyS
                      Sergei_Shablovsky @johnpoz
                      last edited by

                      @johnpoz said in Adding extra repo for easy install 3rd party tool (like smokeping, LibreNMS...):

                      There is one thing like nano or dnstop or something really simple like those - both which were added to the pfsense repo upon request btw.

                      But something like libreNMS is big piece of software.. Lots of moving parts.. If you want to run something like that - run it on something other than your firewall.. That is my 2 cents..

                      BTW I am a little bit confused: why exist a lot (min 4 packages !) of SNMP monitoring on FW ?

                      All books with best practices for network engineers, architectors and SysAdmins strongly suggest to KEEP SNMP MONITORING ON SEPARATE STANDALONE SERVER.
                      (and better with 1Geth NIC, SSD drives and 48Gb of RAM, because SNMP - this is about REALTIME measurement), and NOT ON MAIN FW...

                      —
                      CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
                      Help Ukraine to resist, save civilians people’s lives !
                      (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        There are packages for sending snmp data, allowing external collectors to query the firewall, but not for using the firewall as a collector itself.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.