Posted on

PFSense info

Access console menu from shell:

When you set che checkbox “Password protect the console menu”, you will not see any meny if you log in to pfsense from console.
To execute this meny simply run /etc/rc.initial
By the way if you’re not root, you won’t be able to modify any settings, but, at least you can SEE the current settings of pfsense.

Packets list:

https://wiki.lissyara.su/wiki/Packages_PFSense

Add nano to PFSense:

– Login as Admin
– pkg add https://pkg.freebsd.org/FreeBSD:11:amd64/release_1/All/nano-2.8.4.txz

Add rules to firewall to allow management via HTTPS:

in console: easyrule pass wan tcp XX.XX.XX.XX YY.YY.YY.YY 443
https://raymii.org/s/snippets/pfSense_allow_web_interface_access_on_WAN_from_specific_IP.html

Cycle reboot after panic: ffs_valloc: dup alloc:

– reboot
– choose Single Mode
– run fsck -yf (maybe few times)
– reboot

https://free-pc-help.ru/freebsd/panic-ffs_valoc-dup-alloc/

Allow access to web console from WAN:

Config WAN IP
Get to the CLI (option 8 )
Type “route add default <default-gw-ip>”
Type “pfctl -d” to temporarily disable the packet filter

Prevent DDoS:

https://salf-net.ru/?p=494

Google Authenticator on pfSense:

https://devopstales.github.io/linux/pfsense-2fa/

pfBlockerNG:

https://www.zenarmor.com/docs/network-security-tutorials/pfblockerng
For ASN:
https://forum.netgate.com/topic/149150/pfblocker-but-for-asn/5

Problems Installing or Upgrading:

Issue with going from 2.7.0 to 2.7.2
https://forum.netgate.com/topic/174905/update-problems/5

Do certctl rehash in console, than start update process from GUI.

Sometimes if situation is harder and re-hashing does not help:
Navigate to System > Update
Allow the update check to complete, even if it results in an error
Open an SSH connection to the firewall and start a shell (Option 8)
Force an update of pkg metadata:
pkg-static -o ABI=FreeBSD:14:amd64 -o IGNORE_OSVERSION=yes update
Update pkg:
pkg-static -o ABI=FreeBSD:14:amd64 -o IGNORE_OSVERSION=yes upgrade -fy pkg
Upgrade pfSense-upgrade:
pkg-static -o ABI=FreeBSD:14:amd64 -o IGNORE_OSVERSION=yes upgrade -fy pfSense-upgrade
Check for updates in debug mode:
pfSense-upgrade -dc
Run the upgrade in debug mode:
pfSense-upgrade -dy