Netgate is offering COVID-19 aid for pfSense software users, learn more.

Sudo Package

The sudo package configures basic rules for allowing unprivileged shell users (read: anyone but root/admin) to run commands as root or another user/group.

Once the package is installed, use the pfSense® webGUI to navigate to System > sudo, and define commands and who may run them.

More information on the full command options may be found in the sudoers manual.

By default the command is ALL meaning the user can run any commands. Leaving the commands field blank assumes ALL. A comma-separated list of commands can be supplied to limit the user to individual binaries. Full paths to binaries must be used.

For example, to let bob run ping commands only as root without a password, set:

  • User/Group: User: bob

  • Run As: User: root

  • No Password: checked

  • Commands: /sbin/ping

To let anyone in the admins group run all commands as any user, but prompted for a password, set:

  • User/Group: Group: admins

  • Run As: User: ALL Users

  • No Password: Unchecked

  • Commands: ALL

Multiple commands may be specified in a comma-separated list. If parameters are specified after a command, they will be required. To disallow running a command with parameters, add "" after the command.


  • Run ping with any parameters:

  • Run ping only to

  • Run command blah without any parameters:

    /usr/local/bin/blah ""
  • Run ping and traceroute and their IPv6 variants with any parameters:

    /sbin/ping, /sbin/ping6, /usr/sbin/traceroute, /usr/sbin/traceroute6

Known issues

See also

The pfSense bug tracker contains a list of known issues with this package.

Package Support

This package is currently supported by Netgate TAC to those with an active support subscription.