Categories

  • Discussions about TNSR

    459 Topics
    1k Posts
    D
    Hi @Tyronejackson839, Thanks for the awesome advice! Your ACL tips worked perfectly—enabling fragment-checking and lean rules secured my nginx webserver without sacrificing performance. Really appreciate your detailed help! Best, David James | Founder of The Yes No Button!

  • Discussions about pfSense Software, click a category below

    120k Topics
    764k Posts
    D
    I successfully upgraded my SG-1100. Before upgrading, I backed up the config, deleted all packages, and updated firmware via the GUI rather than the console. After upgrading my SG-1100 to firmware version 25.07, most of the resource overload issues that occurred with the previous version 24.11, were resolved, making it much more efficient. I had previously only been using the PFBlockerNG and Snort packages. When I used version 24.11 on my SG-1100, the load was extremely high, reaching 100% CPU and RAM usage, frequently resulting in performance degradation and crashes down. However, the current version 25.07 has reduced the load to about 30-70%. This appears to be a very successful upgrade. I'd like to thank the Netgate developers for their hard work.

  • Discussions about pfSense software packages

    20k Topics
    128k Posts
    GertjanG
    @rasputinthegreatest said in pfBlockerNG not logging anything by default?: This IP does exist on my LAN but why it resolves some weird random desktop-sdshdsd.local? Then it's time to visit that device "192.168.1.85", and inspect it. pfSense was just replies on a DNS request coming from it. Loads of DNS request is 'normal' these days. Btw : buy yourself a big collection of connected devices (preference : 'foreign origin") and you wind up with loads of bizarre DNS requests. For example, a classic "Windows 11 Home" PC is already considered as 'bloated', which means that the list of all these xbox, candy store and other 'essential' processes is quiet big? And they all call 'home'. And ask yourself this question : "do you really know what users actually do with their devices" ? @rasputinthegreatest said in pfBlockerNG not logging anything by default?: Also no 192.168.51.5 exists on my network either Is "192.168.51.5" a typo ? It doesn't show up in any logs ... If your pfSense LAN uses the 192168.1.1/24 network, and a device connected to that LAN using the 192.168.51.5, it can't communicate. A network with statically assigned IP info (IP, mask/network, gateways and DNS) is hard to manage. That's why DHCP was invented, and activated by default for every device you buy. @rasputinthegreatest said in pfBlockerNG not logging anything by default?: I assume it is related to time servers? Why do you presume that ? Look them up and you'll see. "ntpns.org" is probably the NS server of ntp.org A lot of devices want to know the exact time. Even when DHCP can propose a time server - you can set up pfSense as a time server for your LAN devices - many devices will disregard this info, an insist in using their own hard coded time server source. For example, a Microsoft PC will default to time.microsoft.com, but you can set it to 192.168.1.1 or pfsense.your-sense-domaine.tld (which will point to 192.168.1.1 = pfSense). You could to do this for every LAN device. @rasputinthegreatest said in pfBlockerNG not logging anything by default?: .local addresses What is your pfSense domain set to ? @rasputinthegreatest said in pfBlockerNG not logging anything by default?: Its very mysterious and I only see this now with pfblockerNG. Set : Services > DNS Resolver > Advanced Settings : Log Level to : [image: 1754468971160-b17dd7a5-9427-497e-a3d0-5936024787b0-image.png] and save, apply. Now have a loo here : Status > System Logs > System > DNS Resolver or better : console : tail -f /var/log/resolver.log Don't forget to set back the Log Level to 1 !! ( !! ) as the resolver.log will get very big very fast. Conclusion : there is a lot of DNS traffic. These are all small packets, and finally just a small percentage of the total traffic.

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    S
    Check mal die YT Videos von "Raspberry Pi Cloud" - der hatte kürzlich was zum Thema Fritz!Box und VPN gemacht...

  • Information about hardware available from Netgate

    3k Topics
    20k Posts
    F
    Wow... very interesting thread. I found this just yesterday and it takes me half the night to to read it from start to end . Actually I am using a SG-3100 device which I switched to SATA SSD abt. 3 years ago. I was thinking about replacing it with a newer appliance, i.e. a SG-4200, thats why I am looking around here. To be honest, there is no technical reason for that, it was just to keep pfSense at the latest. But just this days a new v25.07 was released so I will keep my SG-3100 for a while. And BTW: the SMART values shows the SSD is still at 94% lifetime, so I can run the device may be until a 4300/4400/4x00 is availabe . Regards

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA
    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    AndyRHA
    @dennypage PoE is definitely on our feature list.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.