Package Information

The package system in pfSense® software provides the ability to extend the functionality of the software without adding bloat and potential security vulnerabilities to the base distribution. To see the packages available for the current firewall platform being utilized, browse to System > Packages, on the Available Packages tab.

Some packages have been written by the pfSense community, and others directly developed by Netgate. The available packages vary quite widely, and some are more mature and well-maintained than others. There are packages which install and provide a GUI interface for third-party software, such as HAProxy, and others which extend the functionality of pfSense software, like the OpenVPN Client Export Utility package which automatically creates OpenVPN configuration files.

Some other examples of available packages are:

  • Additional filtering functionality (pfBlockerNG)

  • IDS/IPS software (Snort and Suricata)

  • Additional VPN technologies (WireGuard, Tinc)

  • Bandwidth monitors that show traffic by IP address such as ntopng, and Darkstat.

  • Extra services such as FreeRADIUS and BIND.

  • Reverse proxies for HTTP and HTTPS such as HAProxy

  • Proxies for other services such as SIP and FTP

  • System utilities such as NUT for monitoring a UPS.

  • Popular third-party utilities such as nmap, iperf, and arping.

  • BGP Routing, OSPF routing, Cron editing, Zabbix agent, and many others.

  • Features that were formerly in the base system but were moved to packages, such as RIP (routed)

As of this writing there are more than 60 different packages available; too many to cover them all in this documentation! The full list of packages that can be installed on a particular system is available from within the GUI at System > Packages on the Available Packages tab.

The packages screen takes longer to load than other pages in the web interface because the firewall fetches package information from the Netgate package repository servers before the page is rendered to provide the most up-to-date information. If the firewall does not have a functional Internet connection including DNS resolution, this will fail. This is usually caused by a missing or incorrect DNS server configuration, or a missing default gateway.