Package List¶
The following packages are available from the pfSense® software package repository.
Warning
Packages availability can change over time. Check System > Package Manager > Available Packages for an always up-to-date list of packages.
Tip
The package name in the list below links to documentation for the package, if it exists.
- ACME
The Automated Certificate Management Environment (ACME) package manages certificates from ACME providers such as Let’s Encrypt.
See also
- arping
Broadcasts a
who-hasARP packet on the network and prints answers.See also
- arpwatch
Monitors devices on directly attached networks and notifies when it detects new MAC addresses.
- apcupsd
Controls all APC UPS models. It can monitor and log the current power and battery status, perform automatic shutdown, and can run in network mode to power down other hosts over the network.
- aws-wizard (pfSense Plus Only)
AWS VPC VPN Connection Wizard. Automatically creates a VPN tunnel and BGP configuration to communicate with an Amazon AWS VPC.
- Avahi
Facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables clients to plug a laptop or computer into a network and instantly be able to view other people who they can chat with, find printers to print to or find files being shared. In addition it supports mDNS reflection across LAN segments. Compatible technology is found in Apple macOS (branded Bonjour and sometimes Zeroconf).
See also
- Backup
Backs up and restores arbitrary files and directories.
- bandwidthd
Tracks TCP/IP network usage and creates graphs of data consumption for individual IP addresses.
- BIND
Provides a GUI for BIND DNS server.
- cellular
Provides a GUI for cellular cards (e.g. 3G/4G/LTE), it currently supports certain Huawei models.
- Cron
Manages scheduled commands run periodically by the firewall.
- Darkstat
A network statistics gatherer that offers bandwidth graphs for interfaces, as well as traffic to/from specific IP addresses. Once installed, it appears under Services > darkstat.
- filer
Stores custom files persistently in the configuration.
- FreeRADIUS
A free implementation of the RADIUS protocol, used for Authentication, Authorization, and Accounting (AAA).
See also
- FRR
A GUI for the FRR routing daemon which supports BGP, OSPF, and OSPF6.
- FTP Client Proxy
A basic FTP client proxy using
ftp-proxyfrom FreeBSD.- HAproxy
A reliable, high performance TCP/HTTP(S) load balancer. This package implements the TCP, HTTP and HTTPS balancing features from haproxy and supports ACLs for smart backend switching. A good replacement when relayd is incapable of handling load balancing needs. Requires SSD/HDD.
See also
- HAproxy-devel
The development package for HAproxy.
- iperf
A tool for testing network throughput, loss, and jitter. Can act as a client or a server.
See also
- ipsec-profile-wizard (pfSense Plus Only)
Creates IPsec configuration profiles for Apple devices (iOS and macOS) and IPsec import script bundles for Windows devices.
- LADVD
Sends and decodes link layer advertisements.
Supports LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), EDP (Extreme Discovery Protocol) and NDP (Nortel Discovery Protocol).
See also
- LCDproc
LCD display drivers and service.
- Lightsquid
Danger
The add-on packages Squid, SquidGuard and Lightsquid are deprecated in pfSense Plus and pfSense CE software due to a large number of unfixed upstream security vulnerabilities. Netgate STRONGLY recommends that users uninstall these packages. The packages will no longer function in the next major release of pfSense Plus and pfSense CE software.
A high performance web proxy reporting tool. Includes realtime proxy statistics (SQStat). Requires the Squid package. Requires SSD/HDD.
- lldpd
Provides support for the 802.1ab Link Layer Discovery Protocol (LLDP), as well as support for several proprietary discovery protocols including Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP), Foundry Discovery Protocol (FDP), and Nortel Discovery Protocol (NDP / SONMP).
Similar to LADVD but a more modern implementation.
- Mailreport
Manages periodic e-mail reports containing command output and log file contents.
- MTR
An enhanced traceroute replacement.
mtrcombines the functionality of the traceroute and ping programs in a single network diagnostic tool.- Netgate Firmware Upgrade (pfSense Plus Only)
Provides a mechanism to update firmware on certain Netgate hardware models. Varies by hardware and may be Coreboot, Blinkboot, or other types of firmware.
- net-snmp
The NET-SNMP implementation of SNMP. More extensible than the built-in SNMP daemon (bsnmpd), and supports SNMPv3 authentication and TLS encryption.
- nmap
A utility for network exploration and security auditing. It supports scanning to determine active hosts, many port scanning techniques to determine services offered by hosts, version detection to determine what application/service is running on a port, and TCP/IP fingerprinting to identify the OS on remote hosts. It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.
See also
- node_exporter
Prometheus exporter for machine metrics.
- Notes
Maintains a list of noteworthy items for the system.
- NRPE
Provides a GUI for Nagios NRPE. It execute Nagios plugins on remote hosts and report the results to the main Nagios server.
It also allows Nagios to execute plugins like
check_disk,check_procs, etc. on remote hosts.- ntopng
A network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Requires SSD/HDD.
- Network UPS Tools (NUT)
Provides support for monitoring of Uninterruptible Power Supplies. It supports UPS units attached locally via USB or serial, and remote units via the SNMP protocol, the APCUPSD protocol or the NUT protocol.
See also
- Open-VM-Tools
A suite of open source utilities which enhance the performance of VMware virtual machine guest operating systems and improve management of virtual machines.
See also
- OpenVPN Client Export
Generates pre-configured OpenVPN configuration files for clients, Windows Client installers with configurations bundled, and macOS Viscosity configuration bundles, among others.
See also
- OpenVPN Client Import (pfSense Plus Only)
Imports a unified OpenVPN client configuration file as exported by an OpenVPN server, allowing clients to be easily configured without creating a client instance and adding settings manually.
- pfBlockerNG
Utility for controlling connections through the firewall based on more general criteria than firewall rules (e.g. by country, by domain name, etc). Manages IPv4/v6 List Sources into ‘Deny, Permit or Match’ formats. GeoIP database by MaxMind Inc. (GeoLite2 Free version). De-Duplication, Suppression, and Reputation enhancements. Provision to download from diverse List formats. Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources. Domain Name (DNSBL) blocking via Unbound DNS Resolver.
See also
- pfBlockerNG-devel
The development version of pfBlockerNG
See also
- PIMD
A GUI for
pimd, a multicast routing daemon. Primarily replaces the role of the built-in IGMP Proxy function to allow routing multicast traffic across multiple interfaces. Not a replacement for Avahi.- RRD Summary
Gives a total amount of traffic passed In/Out during this and the previous month. Set to be replaced by the Traffic totals package.
- Service Watchdog
Monitors for stopped services and restarts them.
- Shellcmd
Manages boot-time commands.
See also
- Siproxd
A proxy for handling multiple SIP devices using a single public IP address.
See also
- snmptt
SNMP Trap Translator for use with the Net-SNMP. Easy to setup and use.
- Snort
An open source network intrusion detection and prevention system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection. SSD/HDD is strongly recommended.
See also
- Softflowd
A flow-based network traffic analyzer capable of Cisco NetFlow data export. Tracks traffic flows and reports via NetFlow to a collecting host.
See also
- Squid
Danger
The add-on packages Squid, SquidGuard and Lightsquid are deprecated in pfSense Plus and pfSense CE software due to a large number of unfixed upstream security vulnerabilities. Netgate STRONGLY recommends that users uninstall these packages. The packages will no longer function in the next major release of pfSense Plus and pfSense CE software.
A high performance web proxy cache. It combines Squid as a proxy server with its capabilities of acting as a HTTP/HTTPS reverse proxy. It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. SSD/HDD recommended.
See also
- SquidGuard
Danger
The add-on packages Squid, SquidGuard and Lightsquid are deprecated in pfSense Plus and pfSense CE software due to a large number of unfixed upstream security vulnerabilities. Netgate STRONGLY recommends that users uninstall these packages. The packages will no longer function in the next major release of pfSense Plus and pfSense CE software.
A high performance web proxy URL filter. SSD/HDD recommended.
See also
- Status Traffic Totals
Calculates a total amount of traffic passed In/Out over the period of hours, days, and months. Uses vnStat for data collection. It shows up in the menu under Status > Traffic Totals.
See also
- Stunnel
A TLS encryption wrapper between a remote client and local or remote servers.
See also
- Sudo
Delegates privileges to users in the shell so commands can be run as other users, such as
root.See also
- Suricata
A high performance network IDS/IPS and security monitoring engine by OISF. SSD/HDD strongly recommended.
- Syslog-ng
A modern syslog server which supports TCP and TLS encryption, among other features.
Note
This service is not intended to replace the default syslog server on the firewall but rather acts as an independent syslog server.
- System Patches
Manages custom code patches to be applied and maintained to the system. These can be commits from Github, manual diffs, or loaded from URLs.
See also
- Telegraf
An agent written in Go for collecting, processing, aggregating, and writing metrics.
- TFTPD
GUI for a TFTP server, using the versatile tftp-hpa daemon.
- Tinc
A Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. A single tinc daemon can accept more than one connection at a time, thus making it possible to create larger virtual networks, because some limitations are circumvented. Instead of most other VPN implementations, tinc encapsulates each network packet in its own UDP packet, instead of encapsulating all into one TCP or even PPP over TCP stream. This results in lower latency, less overhead, and in general better responsiveness and throughput.
- UDP Broadcast Relay
A GUI for UDP Broadcast Relay. This program listens for UDP broadcast packets and retransmits them on additional interfaces.
- WireGuard®
WireGuard is a new VPN Layer 3 protocol designed for speed and simplicity. It performs nearly as fast as hardware-accelerated IPsec and has only a small number of options in its configuration.
- Zabbix-agent
Zabbix Monitoring agent. The agent gathers operational information locally and reports data to Zabbix server for further processing. The agent can also generate alerts in case of failures. Available in multiple versions.
- Zabbix-proxy
Zabbix Agent proxy. Collects performance and availability data on behalf of the Zabbix server, lowering the burden on the server. Available in multiple versions.