pfSense Packages - Extensions and Additional Modules

pfSense Documentation - Configuration and Administration Guides

The pfSense package system extends the base firewall functionality without modifying the core operating system. Packages are installed through the built-in manager (System > Package Manager) and provide additional capabilities ranging from intrusion detection and DNS filtering to load balancing and monitoring. The official repository offers over 60 packages, each integrating with the pfSense web interface and receiving a dedicated configuration page. Installing packages from third-party repositories is not officially supported and may compromise system integrity.

When selecting packages, follow the principle of least privilege - install only the components genuinely required for the deployment. Each additional package increases the attack surface and resource consumption.

Section Contents

Package Management - installing, updating, and removing packages through Package Manager, dependencies, available packages list, and troubleshooting installation issues
Suricata IDS/IPS - intrusion detection and prevention system, rule configuration, signature sources, blocking modes, SIEM integration
pfBlockerNG - IP address and DNS request blocking, ad and malware domain filtering, GeoIP blocking, threat list management
HAProxy - reverse proxy and load balancer, SSL termination, backend health checks, ACL-based routing

Related Sections

Firewall Rules - configuring rules for interaction with Suricata and pfBlockerNG packages
pfSense Services - built-in network services complemented by packages
pfSense Wazuh Integration - forwarding Suricata logs and system events to SIEM

Last updated on 7, April 2026