It is possible de add additional features in pfSense with the installation of packages.
In this article, we present how the package system works, the management of packages (installation, update, removal).
Then we will present the main packages.
Table of contents
What is a “package” on pfSense?
How to install a package?
How to manage package updates?
Installing and upgrading packages for older versions of pfSense
How to uninstall or reinstall a package?
Presentation of the main packages on pfSense
What is a “package” on pfSense?
In its default installation, pfSense offers a wide range of features. It is also possible to add additional features by installing packages. These packages can offer additional services or advanced statistical information.
These packages are integrated in pfSense. This means that they are usually used via the pfSense webGUI.
Also, the list of available packages is maintained and checked by Netgate to ensure that the packages offered are properly updated and maintained.
Packages are the only additional tools that can be easily installed on an existing pfSense. Indeed, the pfSense software runs on a modified FreeBSD base, so all the packages or software usually available on FreeBSD (with pkg, for example, the FreeBSD package management tool) cannot generally be installed on pfSense (mainly because of dependency issues).
Finally, it is important to remember that the installation of packages on pfSense should be done in a pragmatic way; for security reasons, it is recommended to install only the packages that are strictly necessary.
How to install a package?
Package management is done from System > Package Manager:
Package management is organized in two tabs:
The first tab (Installed Packages) shows us the installed packages. On this tab, it is possible to reinstall a package or to update it.
The second tab (Available Packages) shows us the complete list of available and not yet installed packages.
For each package, the following information is shown:
- Name: the name of the package ; a link can be present on the name of the package in priority to the associated documentation page, to the dedicated category on the pfSense forum or to the editor’s site.
- Version: the installed or installable version.
- Description: a short description of the package.
From the “Available Packages” tab, it is also possible to start a search on a keyword.
To install a package, just click on the “Install” button located on the same line.
Then click on the “Confirm” button:
The installation process is displayed. Once the installation is done an information message is shown:
In the same way, in case of an error occurs during the installation of a package, an explicit error message is displayed.
How to manage package updates?
Packages have their own update frequency.
Also, when installing a package, it is important to keep it up to date.
When an update is available, the name of the package appears in yellow and the icon 
is also displayed:
To start the update, just click on the update icon .
For up-to-date packages, the icon displayed is the following: 
.
Attention point regarding updates: when a new version of pfSense is available, the repositories offered by default are updated to match the new version of pfSense; thus the packages (and updates) offered are those corresponding to the new version of pfSense.
If you are not using the latest version of pfSense and you want to install or update a package, you have to change the version branch used for the repositories. We detail the procedure in the next paragraph.
Finally, when updating pfSense, you must first update pfSense, before updating the packages. We present the complete procedure to update your pfSense in our article [pfSense] Upgrading pfSense (how-to).
Installing and upgrading packages for older versions of pfSense
If a new update of pfSense is available and you don’t want to upgrade to it, but you want to continue to be able to install or update your packages, you have to modify the target repositories.
To do this, go to the System> Update:
Go to the “Update Settings” tab and in the “Branch” drop-down list, choose the branch corresponding to your currently installed pfSense version:
Click on the “Save” button to validate the change.
How to uninstall or reinstall a package?
It can sometimes be useful to reinstall a package when it encounters stability problems or following an update that did not go well.
There are two possible approaches: reinstall the package or uninstall and then install the package again.
For this, two icons are proposed for each installed package; the first icon allows you to uninstall the package 
, the second to reinstall it 
.
Then confirm the chosen action by clicking on the “Confirm” button.
Presentation of the main packages on pfSense
There are more or less 60 packages. We propose here to briefly introduce the main ones:
ACME
The ACME (Automated Certificate Management Environment) package allows the management of certificates from providers supporting the ACME protocol, such as Let’s Encrypt for example.
arping and arpwatch
These two packages allow to send ARP requests like who-has and to monitor / alert as soon as a new MAC address is detected on the network.
apcupsd
This package allows to control all APC UPS models. It can monitor and record the current power and battery status, perform an automatic shutdown and can also operate in network mode to power down other hosts on the network.
BIND
This package provides a graphical interface for the BIND DNS server (allowing to set up an authoritative name server or DNS resolver).
Cron
Provides a graphical interface to manipulate the cron program (cron is a task scheduler).
HAproxy
Installs the HAProxy software which is a powerful reverse proxy and load balancer.
LADVD and lldpd
These two packages offer similar functionality and provide support for Link Layer Discovery Protocol (LLDP), Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP) and Nortel Discovery Protocol (NDP).
squid, squidGuard and Lightsquid
These packages allow you to install the squid proxy server, squidGuard URL or domain name filtering and Lightsquid log analyzer.
ntopNG
ntopNG acts as a network traffic probe that shows detailed network usage. ntopNG has a NetFlow/sFlow emitter/collector.
OpenVPN Client Export
This package generates pre-configured OpenVPN client configuration files, pre-configured Windows client installers and Viscosity configuration bundles.
pfBlockerNG
pfBlockerNG software is a very comprehensive utility for controlling connections through the firewall based on criteria more general than the firewall rules themselves (e.g. by country, by domain name, etc.).
pfBlockerNG manages IP address lists in “Deny, Permit or Match” formats, allows access to the GeoIP database, manages DNS blacklists (DNSBL), etc.
Siproxd
This package installs a SIP proxy for VoIP. For most modern SIP configurations, this type of software is not needed at all. The Siproxd package should therefore only be installed and used if it is really useful.
Snort and Suricata
These packages offer very similar functionality. They install an intrusion prevention system (i.e IDS/IPS).
System Patches
This package allows the installation of custom patches.
Zabbix-agent and Zabbix-proxy
These packages allow to collect monitoring information to a ​Zabbix server.
We have reviewed the management of packages under pfSense and listed the main ones.
In future articles, we will present some packages in more detail: their concrete interests and their detailed uses.
Related topics
[pfSense] Upgrading pfSense (how-to).
pfSense 2.5.0 bugs and fixes after upgrade
Take a look at our firewalls
French manufacturing & quality
3 year warranty
Free delivery to EU, UK, USA and Canada
