I am unable to obtain a v6 IP on my WAN without having one of my LANs track it. I only want v6 on my WAN for haproxy to serve my websites via v6. Anyone know how to make it work? I've tried SLAAC as well.
@dgall said in PFBLOCKER DNSBL Shallalist not working when I click on google links:
Better solution yet trash shallalist use a list like this one https://github.com/StevenBlack/hosts it works just as good without enabling TLD and uses nowhere near the ram
Shallalist is a large database... YMMV on its use compared to other feeds. You need to do some research/testing to see what works best for your needs. I typically do not recommend using a "middleman" compilation of Feeds as "StevenBlack" does. You would be better off adding the feeds that are represented in that compilation directly. In pfBlockerNG-devel, there is a Feeds tab that had quite a few feeds to choose from and also research their support pages.
I'd also recommend to enable TLD, it does use more ram, but it will block subdomains for malicious sites, which will not be blocked when that feature if disabled. But up to you...
Bonjour à tous, Voila un schéma de mon réseau: cijUmXXUtQ.png Donc sur le serveur est installer le serveur OpenVPN. Pour le moment un client issu d'internet peu se connecter au serveur via le VPN. Ce serveur OpenVPN est en mode routé. Est-il possible de rendre accessible les "Postes client" pour le VPN? D'après mes recherches c'est possible. Mais comment? Au niveau de la LiveBox, les IPs de l'ensemble des poste (et du serveur) sont fixé, et commence 192.168.1.1. Pour le VPN les IPs attribué commence à 192.168.0.0. Je ne sait pas s'il manque des informations pour préciser mon problème, donc n'hésitez pas à me poser des questions! Merci.
I tweeked a few things and now have all the ram I need I have always found the using a swap file is slow this may not be the case on the sg-3100. I cant believe a board that cost me this much I cant put more ram in
So to add to @rainer_d comment, I've recently purchased the APU2C4 as my pfsense box and frankly considering the costs I'm rather impressed. I'm have a WAN\LAN setup running Squid, Squid Guard, Suricata, PFBlockerng, and ntopng - my main focus is keeping my kids from getting into too much trouble as they start exploring the internet. Looking at the performance to energy cost, I really feel this box hits a lot of check boxes. Sadly, I'm limited in my bandwidth so I can't speak to how it handles on 1Gbps, but I've hear you can get close but I don't know if would need to limit the packages your running.
If you do end up do end up looking at the APU2 setup, here is what I came up with so far to improve performance:
Get thermal grease and stand the box vertically - Reduced my CPU temp by 10C
Avoid ClamAV, it will eat the CPUs alive with large downloads
Suricata seems to perform better than Snort, but is twice as hard to setup... but twice the trouble is twice the fun in my book. Between the multi core support and the APU2 supported inline mode, you can get IDS on without to much impact to your system.
Get the 4GB version, it's not much more and gives you lots of RAM to play with.
