Packages wishlist?



  • Filebeat - https://www.elastic.co/products/beats/filebeat.

    Anyone working on this?



  • bacula-client so I can back up my configuration

    We once had it.



  • SAMBA!!



  • Oauth2 proxy for Captive Portal:

    A reverse proxy that provides authentication with Google, Github or other provider

    https://github.com/bitly/oauth2_proxy



  • Please, add allow or deny MAC Address on pfSense+Proxy Server.

    Thank you.



  • I miss BandwidthD  :'(



  • Updated Postfix please :)



  • @planetinse:

    Updated Postfix please :)

    • 1 for this


  • Samba.



  • @bbassotti:

    Oauth2 proxy for Captive Portal:

    A reverse proxy that provides authentication with Google, Github or other provider

    https://github.com/bitly/oauth2_proxy

    +1



  • @Tom7141:

    @planetinse:

    Updated Postfix please :)

    • 1 for this
    • 1 for this too


  • An updated postfix package isn't going to happen.  That was announced on GitHub.

    What I resorted to was creating a new FreeBSD VM and installing postfix on that - as suggested in the postfix thread.

    When that was working I put fail2ban on there as well.  I'd often thought about using those two together.  fail2ban updated a local pf table to block the spammers but I wasn't happy with the spammers getting past pfSense to the postfix/fail2ban server.

    Then I found that I could have fail2ban call OpenBGPD to update an alias table on pfSense.  A feedback loop.  Who knows why the authors of OpenBGPD put that feature in but I'm sure glad they did.

    In the end it's a better solution than postfix on pfSense but it was far from a trivial exercise for me  ;)



  • Would love to have DNSCrypt.

    Thanks!!!!!





  • @tdi:

    Filebeat - https://www.elastic.co/products/beats/filebeat.

    Anyone working on this?

    I though at one time that I wanted this too.

    Just now getting back to working on my Elk stack, and I'm not really sure what it would do for us that syslog-ng won't do already, as syslog-ng answers the issues of udp transport by offering tcp.

    We still have to parse the log entries to put them into a form we find useful.

    Was there some other factor I'm now forgetting?



  • nano
    dnscrypt-proxy
    rsync
    some kind of web server as I need to redirect ad/tracking/malware links to a local png file.

    I have decided to make these packages myself, although I am fluent with FreeBSD I need to learn the pfsense specifics in converting these to acceptable pfsense packages so bear with me.  I am also adding bash to the list.


  • Rebel Alliance Developer Netgate

    @chrcoluk:

    nano
    rsync

    These are already in the repository and do not require anything in the pfSense GUI. Just run "pkg install nano" for example and you can get them now.

    @chrcoluk:

    some kind of web server as I need to redirect ad/tracking/malware links to a local png file.

    You can run additional instances of nginx by hand with your own custom config files, no need to pull in another web server package.



  • this is interesting as they not listed on the packages page, is there a way to list whats in the cli repository?


  • Rebel Alliance Developer Netgate

    You can use "pkg search x" where "x" is a substring of what you want to find:

    : pkg search nano
    nano-2.7.0                     Nano's ANOther editor, an enhanced free Pico clone
    : pkg search rsync
    rsync-3.1.2_5                  Network file distribution/synchronization utility
    
    


  • A package that tracks ad domains and replaces ad pictures with cats. Like this but integrated into pfsense: http://www.makeuseof.com/tag/how-to-make-a-wifi-network-that-only-transmits-cat-pictures-with-a-raspberry-pi/



  • yara seems like a good idea for malware detection and may be a good fit for pfSense.

    http://virustotal.github.io/yara/



  • @averythomas:

    A package that tracks ad domains and replaces ad pictures with cats. Like this but integrated into pfsense: http://www.makeuseof.com/tag/how-to-make-a-wifi-network-that-only-transmits-cat-pictures-with-a-raspberry-pi/

    doesnt pfBlockerNG + Squid can already do this in pfsense.? not replace with Cats though



  • In pfSens to be able to see and delete packages using the webinterface, without the need to have an interne connection.

    I use pfSense in a private cloud en was used to add all possible needed packages in the pfSense template. Then after installation I remove the packages which are not needed. This wordked perfect in the 2.2.x release.

    But in the 2.3 release this is not possible anymore. Even worse, after manual removeing the package from the config.xml, after the reboot it keeps me asking that all packages must be reinstalled, and fails because the is (on purpose) no internet package source available.

    The deployed pfsense will never show its dashboard again. (I just don't have internet available here).

    So what do I wish:  remove the absolute need to have an interne connection just to show and delete installed packages.

    Is there a manual available how to create my own pfSense and pfsense package repository for pfSense 2.3?

    Thanks in advance!



  • @dvl:

    bacula-client so I can back up my configuration

    We once had it.

    Now I install this from my own poudriere repo.

    I still have to do this after every reboot:

    mkdir /var/db/bacula
    service bacula-client onestart

    But at least now I have backups.



  • How about Wireguard.

    https://www.wireguard.io/

    WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

    Looks very interesting & worth a look. attaching some perf. charts from their website




  • Another vote for Filebeat.

    Need it to ship the Snort log file to my ELK machine..



  • Is there anyway to bring back MailScanner for 2.3.*?



  • These packages are already available in FreeBSD,so there shouldn't be too much trouble porting into pfSense. Any work helping to create a free Internet will be much appreciated.

    1. shadowsocks-libev ,under GNU General Public License
    Intro

    Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes.
    It is a port of Shadowsocks created by @clowwindy, and maintained by @madeye and @linusyang.
    Current version: 3.0.2 | Changelog

    2. kcptun ,under MIT License

    Shadowsocks provides proxy,and Kcptun deals with packet loss.Ipset will also be needed to specify if a certain domain should go proxy or connect directly.The DNS query should go proxy as well to anti DNS pollution.



  • @borkov:

    Would love to have DNSCrypt.

    Thanks!!!!!

    would really like to see this as a package in pfsense, as well.



  • @tdhuck:

    @borkov:

    Would love to have DNSCrypt.

    Thanks!!!!!

    would really like to see this as a package in pfsense, as well.

    according to documentation, the native unbound dns service used on pfSense can be complied with DNSCrypt

    https://dnscrypt.org/#dnscrypt-server

    
    Running your own DNSCrypt server
    
    .
    .
    .
    unbound, a validating, recursive, and caching DNS resolver, can also act as a DNSCrypt server when compiled with --enable-dnscrypt.
    
    Refer to DNSCrypt Options section in unbound.conf(5) for configuration options.
    
    Deployment
    
    


  • @marcelloc:

    @tdhuck:

    @borkov:

    Would love to have DNSCrypt.

    Thanks!!!!!

    would really like to see this as a package in pfsense, as well.

    according to documentation, the native unbound dns service used on pfSense can be complied with DNSCrypt

    https://dnscrypt.org/#dnscrypt-server

    
    Running your own DNSCrypt server
    
    .
    .
    .
    unbound, a validating, recursive, and caching DNS resolver, can also act as a DNSCrypt server when compiled with --enable-dnscrypt.
    
    Refer to DNSCrypt Options section in unbound.conf(5) for configuration options.
    
    Deployment
    
    

    i was looking for a package that could be enabled in the GUI, i have no idea how to implement using the instructions you posted (i found that information, yesterday, while looking at their site).

    thank you for sharing.



  • @tdhuck:

    I was looking for a package that could be enabled in the GUI, i have no idea how to implement using the instructions you posted (i found that information, yesterday, while looking at their site).

    thank you for sharing.

    The first step is to compile and create unbound package with this feature on a Freebsd 10.3 to replace on you pfSense 2.3.3 testing machine.

    If the works, the next steps are findind the best way to run it(as a proxy + sever, just a proxy, just a server, etc…) and then create gui files that configure these extra steps, blacklist downloads, acls, etc....

    not that easy but not impossible too.

    EDIT: looks like de unbound source does not have the dnscrypt embedded but the wrapper looks like 'simple' to include
    https://github.com/Cofyc/dnscrypt-wrapper/



  • Hi,

    as for arpwatch, is it just a matter of converting current HTML/CSS to Boostrap?

    cheers



  • @borkov:

    Would love to have DNSCrypt.

    Thanks!!!!!

    +1 for DNScrypt as an installable under the GUI package manager with a services tab and entry on the services monitoring dashboard window.



  • The Xymon client would be nice for monitoring of pfsense. I see posts going back 5 years on the forums but no "official package" has ever been added.

    I went looking today, and I see zabbix is now in the packages, but still no xymon  :'(



  • Something along the lines of smokeping for ISP quality monitoring.



  • @RadOD:

    Something along the lines of smokeping for ISP quality monitoring.

    The Quality Graph, which offers much the same information as smoke ping, can be found in Status / Monitoring.



  • @dennypage:

    @RadOD:

    Something along the lines of smokeping for ISP quality monitoring.

    The Quality Graph, which offers much the same information as smoke ping, can be found in Status / Monitoring.

    Huh, I never realized it could be configured.  I thought it was just for CPU.

    Still, I like to monitor specific IP addresses such as my ISP gateway and VPN targets and compare to generic websites to find problems early.



  • Hello everyone, is there an opportunity to install package Virtual Box ? With web management as implemented in Nas4free.  In the photo example of management virtual box on Nas4free






  • @vagnyj:

    Virtual Box

    No.
    This is your firewall, not a hypervisor.
    However, you can install a virtual pfSense on a hypervisor.