The Best pfSense Packages

Updated on January 15, 2018
skear profile image

Sam works as a Network Analyst for an algorithmic trading firm. He obtained his Bachelors Degree in Information Technology from UMKC.

One of the best features of pfSense is it's ability to be adapted to many different situations with packages. In this hub you'll find a list of the best pfSense packages. Along with each package is a brief summary of what the package does, and how it can help your network. In order to install packages you must be using the full version of pfSense, currently packages are not supported on embedded or live CD versions.

New to pfSense?

To learn more about pfSense and what it's capable of check out the introduction to pfSense.

Squid - Caching Proxy

Squid is by far the most popular package for pfSense. Squid is a caching proxy server that can improve the performance of your internet connection.

Squid builds a cache of commonly accessed web pages, images, or other files clients request from the internet. If a requested item is found in the cache Squid can deliver it directly to the requesting computer instead of using your internet connection.

The Squid package can be configured to run transparently, this means that traffic on your network will be automatically routed through the proxy without having to change any configuration on the workstation.

Another benefit to installing this package is that when combined with LightSquid you can view reports of web sites visited by computers on your network.

To learn more check out the pfSense transparent proxy guide.


SquidGuard - URL Filter

Another very useful package for pfSense is SquidGuard. SquidGuard is a high speed URL filter and redirector.

By uploading your own custom blacklist or using one of the freely available lists you can customize which sites users on your network are allowed to access. The package can also be configured with schedules to grant access based on time of day as well.

SquidGuard can also enforce the use of domain names which prevents users from bypassing the blacklist by simply entering the IP address. Blocked URLs can be redirected to an external web site or internal information page.

PfSense SquidGuard installation guide

SquidGuard URL Filter
SquidGuard URL Filter

Darkstat - Network Traffic Monitor

It's important to analyze the traffic usage on your network in order to optimize performance and look for potential problems. Darkstat runs in the background and captures network traffic which is used to generate usage statistics for your network.

The data collected by this package can be viewed using the web interface. The easy to use HTML interface allows you to view the top talkers and listeners on your network. You can drill down further into the charts to see which protocols and ports are taking up most of the bandwidth on your network.

This package provides a quick way to identify traffic to either block , or prioritize on your network.

Darkstat Traffic Graphs
Darkstat Traffic Graphs

Snort - Intrusion Detection

Snort is a very widely deployed open source intrusion detection and prevention system. Installing this package on pfSense allows network traffic to be analyzed to detect probes, attacks, buffer overflow attacks, port scans, and much more.

The Snort engine is based on rules which are regularly updated by the community. Snort can be configured to send an alert, block, or log the intrusion attempt automatically.

If you are concerned with the security of your network I would highly recommending installing Snort.

Snort IDS Package
Snort IDS Package

Country Block

Most of the spam and botnet traffic on the internet originates from a small group of countries which harbor hackers and spammers. By installing country block you can block unwanted traffic and spam from these countries automatically.

The package works by blocking countries using their CIDR ranges which are pulled directly from Country IP Blocks. The package has ranges for all of the different countries, and it also contains a list of the top spam sending countries.

If you are running a mail server on your network you can quickly eliminate a lot of spam by using the Country Block package.

Country Block Package
Country Block Package

How to Install Packages

Installing packages in pfSense is quick and easy to do. To add or remove packages open the package manager which can be found by clicking on the system menu in the web gui.

Click on the available packages tab to see a complete list of all packages available. When you locate the package you want to install simply click the plus symbol on the right side of the package description.

PfSense will automatically install the package for you and create a new menu entry. Most packages create an entry in the services menu but some will place their settings in a different category.

pfSense Packages list
pfSense Packages list

How to Update Packages

PfSense will automatically check to see if any updates are available for packages that you have installed. To check for updates click on the installed packages tab from within the package manager. If an update is available for a package the package version section will be displayed in red for the out of date package.

To automatically install the updated version of the package click the PKG button that is displayed to the right side of the package. PfSense will then remove the outdated version and install the update for you.

The package version field will turn red when a newer version of the package is available.
The package version field will turn red when a newer version of the package is available.

Additional Packages

PfSense has many other packages besides the ones I've listed in this hub. Since pfSense is open source you can also develop your own packages and submit them to be listed in the repository. Almost any normal FreeBSD package can be packaged to run in pfSense. If you are interested in learning more about package development visit


    0 of 8192 characters used
    Post Comment

    • profile image

      User 2 months ago

      Any news about L7 Application filter in pfsense with 2.4 , or use Ntopng as helper for pfsense to detect Application to catch it

    • profile image

      Chris 8 months ago

      Hi SAM, I would like to know more about the right configuration/setup for Loadbalancing/redundancy in pFSense. Would appreciate How-to guide.

    • profile image

      adamo 9 months ago

      ironically using pfblockerng i see several blocked ads on this page :)

    • profile image

      Savlong Kufeler 14 months ago

      Good Work ol chap best eye seeen yet!

    • profile image

      Kalvin 16 months ago

      Thanks buddy

    • profile image

      alejandrocf 4 years ago

      very good post, clear, short and precise!!

    • santhosh8611 profile image

      R K SANTHOSH 6 years ago from Bangalore

      good..thank you