Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Package List

The following packages are available from the pfSense® software package repository.

Warning

Packages availability can change over time. Check System > Package Manager > Available Packages for an always up-to-date list of packages.

Tip

The package name in the list below links to documentation for the package, if it exists.

ACME

The Automated Certificate Management Environment (ACME) package manages certificates from ACME providers such as Let’s Encrypt.

See also

ACME package

arping

Broadcasts a who-has ARP packet on the network and prints answers.

See also

Arping Package

arpwatch

Monitors devices on directly attached networks and notifies when it detects new MAC addresses.

apcupsd

Controls all APC UPS models. It can monitor and log the current power and battery status, perform automatic shutdown, and can run in network mode to power down other hosts over the network.

aws-wizard (Factory Edition Only)

AWS VPC VPN Connection Wizard. Automatically creates a VPN tunnel and BGP configuration to communicate with an Amazon AWS VPC.

Avahi

Facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables clients to plug a laptop or computer into a network and instantly be able to view other people who they can chat with, find printers to print to or find files being shared. In addition it supports mDNS reflection across LAN segments. Compatible technology is found in Apple MacOS X (branded Bonjour and sometimes Zeroconf).

See also

Avahi package

Backup

Backs up and restores arbitrary files and directories.

bandwidthd

Tracks TCP/IP network usage and creates graphs of data consumption for individual IP addresses.

BIND

Provides a GUI for BIND DNS server.

blinkled

Allows the firewall to use LEDs for monitoring network activity on supported platforms.

cellular

Provides a GUI for cellular cards (e.g. 3G/4G/LTE), it currently supports certain Huawei models.

Cron

Manages scheduled commands run periodically by the firewall.

Darkstat

A network statistics gatherer that offers bandwidth graphs for an interface, as well as traffic to/from specific IP addresses. Once installed, it appears under Diagnostics > darkstat.

filer

Stores custom files persistently in the configuration.

FreeRADIUS

A free implementation of the RADIUS protocol, used for Authentication, Authorization, and Accounting (AAA).

frr

A GUI for the FRR routing daemon which supports BGP, OSPF, and OSPF6.

Warning

Conflicts with OpenBGPD and Quagga_OSPF; both packages cannot be installed at the same time.

FTP Client Proxy

A basic FTP client proxy using ftp-proxy from FreeBSD.

gwled

Allows the firewall to use LEDs for monitoring gateway status on supported platforms.

HAproxy

A reliable, high performance TCP/HTTP(S) load balancer. This package implements the TCP, HTTP and HTTPS balancing features from haproxy and supports ACLs for smart backend switching.

See also

HAProxy

HAproxy-devel

The development package for HAproxy.

iperf

A tool for testing network throughput, loss, and jitter. Can act as a client or a server.

See also

iperf package

ipsec-profile-wizard (Factory Edition Only)

Creates IPsec configuration profiles for Apple devices (iOS and OS X) and IPsec import script bundles for Windows devices.

LADVD

Sends and decodes link layer advertisements.

Supports LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), EDP (Extreme Discovery Protocol) and NDP (Nortel Discovery Protocol).

LCDproc

LCD display drivers and service.

Lightsquid

A high performance web proxy reporting tool. Includes realtime proxy statistics (SQStat). Requires the Squid package.

lldpd

Provides support for the 802.1ab Link Layer Discovery Protocol (LLDP), as well as support for several proprietary discovery protocols including Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP), Foundry Discovery Protocol (FDP), and Nortel Discovery Protocol (NDP / SONMP).

Similar to LADVD but a more modern implementation.

Mailreport

Manages periodic e-mail reports containing command output and log file contents.

MTR

An enhanced traceroute replacement. mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

Netgate Coreboot Upgrade

Provides a mechanism to update Coreboot on certain Netgate hardware models.

net-snmp

The NET-SNMP implementation of SNMP. More extensible than the built-in SNMP daemon (bsnmpd), and supports SNMPv3 authentication and TLS encryption.

nmap

A utility for network exploration and security auditing. It supports scanning to determine active hosts, many port scanning techniques to determine services offered by hosts, version detection to determine what application/service is running on a port, and TCP/IP fingerprinting to identify the OS on remote hosts. It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.

See also

Nmap package

node_exporter

Prometheus exporter for machine metrics.

Notes

Maintains a list of noteworthy items for the system.

NRPE

Provides a GUI for Nagios NRPE. It execute Nagios plugins on remote hosts and report the results to the main Nagios server.

It also allows Nagios to execute plugins like check_disk, check_procs, etc. on remote hosts.

ntopNG

A network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

Network UPS Tools (NUT)

Provides support for monitoring of Uninterruptible Power Supplies. It supports UPS units attached locally via USB or serial, and remote units via the SNMP protocol, the APCUPSD protocol or the NUT protocol.

See also

Nut package

OpenBGPD

A free implementation of the Border Gateway Protocol, version 4. Exchanges routes with other systems speaking the BGP protocol.

Warning

Deprecated. Use FRR for BGP.

Conflicts with FRR and Quagga_OSPF; both packages cannot be installed at the same time.

See also

OpenBGPD package

Open-VM-Tools

A suite of open source utilities which enhance the performance of VMware virtual machine guest operating systems and improve management of virtual machines.

OpenVPN Client Export

Generates pre-configured OpenVPN configuration files for clients, Windows Client installers with configurations bundled, and Mac OS X Viscosity configuration bundles, among others.

pfBlockerNG

Utility for controlling connections through the firewall based on more general criteria than firewall rules (e.g. by country, by domain name, etc). Manages IPv4/v6 List Sources into ‘Deny, Permit or Match’ formats. GeoIP database by MaxMind Inc. (GeoLite2 Free version). De-Duplication, Suppression, and Reputation enhancements. Provision to download from diverse List formats. Advanced Integration for Proofpoint ET IQRisk IP Reputation Threat Sources. Domain Name (DNSBL) blocking via Unbound DNS Resolver.

pfBlockerNG-devel

The development version of pfBlockerNG

PIMD

A GUI for pimd, a multicast routing daemon. Primarily replaces the role of the built-in IGMP Proxy function to allow routing multicast traffic across multiple interfaces. Not a replacement for Avahi.

Quagga_OSPF

GUI for the OSPF routing protocol using Quagga.

Warning

Deprecated. Use FRR for OSPF.

Conflicts with FRR and OpenBGPD; both packages cannot be installed at the same time.

Routed

A RIP v1 and v2 daemon.

RRD Summary

Gives a total amount of traffic passed In/Out during this and the previous month.

Service Watchdog

Monitors for stopped services and restarts them.

Shellcmd

Manages boot-time commands.

Siproxd

A proxy for handling multiple SIP devices using a single public IP address.

See also

Siproxd package

snmptt

SNMP Trap Translator for use with the Net-SNMP. Easy to setup and use.

Snort

An open source network intrusion detection and prevention system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.

See also

IDS / IPS

Softflowd

A flow-based network traffic analyzer capable of Cisco NetFlow data export. Tracks traffic flows and reports via NetFlow to a collecting host.

Squid

A high performance web proxy cache. It combines Squid as a proxy server with its capabilities of acting as a HTTP/HTTPS reverse proxy. It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.

See also

Squid

SquidGuard

A high performance web proxy URL filter.

Status Traffic Totals

Calculates a total amount of traffic passed In/Out over the period of hours, days, and months. Uses vnStat for data collection. It shows up in the menu under Status > Traffic Totals.

Stunnel

A TLS encryption wrapper between a remote client and local or remote servers.

See also

Stunnel package

Sudo

Delegates privileges to users in the shell so commands can be run as other users, such as root.

See also

Sudo Package

Suricata

A high performance network IDS/IPS and security monitoring engine by OISF.

Syslog-ng

A modern syslog server which supports TCP and TLS encryption, among other features.

Note

This service is not intended to replace the default syslog server on the firewall but rather acts as an independent syslog server.

System Patches

Manages custom code patches to be applied and maintained to the system. These can be commits from Github, manual diffs, or loaded from URLs.

Telegraf

An agent written in Go for collecting, processing, aggregating, and writing metrics.

TFTPD

GUI for a TFTP server, using the versatile tftp-hpa daemon.

Tinc

A Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. A single tinc daemon can accept more than one connection at a time, thus making it possible to create larger virtual networks, because some limitations are circumvented. Instead of most other VPN implementations, tinc encapsulates each network packet in its own UDP packet, instead of encapsulating all into one TCP or even PPP over TCP stream. This results in lower latency, less overhead, and in general better responsiveness and throughput.

Zabbix-agent

Zabbix Monitoring agent. The agent gathers operational information locally and reports data to Zabbix server for further processing. The agent can also generate alerts in case of failures. Available in multiple versions.

Zabbix-proxy

Zabbix Agent proxy. Collects performance and availability data on behalf of the Zabbix server, lowering the burden on the server. Available in multiple versions.