Might be due to retransmission of packets to deal with lost, delayed or damaged packets during the file transfer. And there is overhead… The amount of data transferred and reported by BandwidthD will always be a little more than the size of the file transferred. --brock

You can use domain names and pfsense will resolve the domain name to the correct ip for you. Domain names can be set as aliases. If a domain name is dual stacked, pfsense will even return both v4 and v6 addresses I believe. You can add as many domain names, ip addressess and referenced aliases in an alias as you want. For instance, you could make an alias for all your mail servers and call that alias safe_mail. Then, you can reference that alias in another alias, for instance the alias Whitelist_snort. That way you can stack aliases on top of each other and have very fine grained control over your aliases and lists.

http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#Porting_Users.2FClients.2FSetting_from_FreeRADIUS_v1.x_to_v2.x

setting the disk cache system to null is also recommended.

@phil.davis: Maybe this functionality is already in the package system and packages just need to use it? IIRC, pfsense restart services on ip changes, but if the package does not has the "build config" on /usr/local/etc/rc.d/package.sh it will not work. You can check it with varnish, it rebuilds config every service restart.

After rewatching http://www.youtube.com/watch?v=uQ7OrxtiAes I was able recreate a suppression rule for the false positive.

Reading from this thread: http://forum.pfsense.org/index.php?topic=37305.0;prev_next=next It seems the won't-start issue is due to the x64 version. Would you suggest a quick fix to it without moving to a x86 pfsense? Thank you. Update: Or this is the cause for what I see now? http://redmine.pfsense.org/issues/999 ….....I am a bit confused with where my vain attempts are rooted.......

@jai23155: As I already mentioned, I did disable the rule. I stopped DG service with no luck. Luckily I never implemented in a production environment. Cheers On my production environment, I can stop and start dansguardian on any server on pool without problem.

Yes, i guessed that, but then i would reissue all packages/configs to users  :-[ Perhaps a warning in the gui helps to avoid this in the future to other pfSense users. Best,

@ptt: Read here: http://www.pfsense.org/index.php?option=com_content&task=view&id=43&Itemid=44 Thanks!

include "globals.inc"; include "config.inc"; $page_info = <<<eod<br># ---------------------------------------------------------------------------------------------------------------------- # SquidGuard error page generator # (C)2006-2007 Serg Dvoriancev # ---------------------------------------------------------------------------------------------------------------------- # This programm processed redirection to specified URL or generated error page for standart HTTP error code. # Redirection supported http and https protocols. # ---------------------------------------------------------------------------------------------------------------------- # Format: #        sgerror.php?url=[http://myurl]or[https://myurl]or[error_code[space_code]output-message][incoming SquidGuard variables] # Incoming SquidGuard variables: #        a=client_address #        n=client_name #        i=client_user #        s=client_group #        t=target_group #        u=client_url # Example: #        sgerror.php?url=http://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=https://myurl.com&a=..&n=..&i=..&s=..&t=..&u=.. #        sgerror.php?url=404%20output-message&a=..&n=..&i=..&s=..&t=..&u=.. # ---------------------------------------------------------------------------------------------------------------------- # Tags: #        myurl and output messages can include Tags #                [a] - client address #                [n] - client name #                [i] - client user #                [s] - client group #                [t] - target group #                [u] - client url # Example: #        sgerror.php?url=401 Unauthorized access to URL [u] for client [n] #      sgerror.php?url=http://my_error_page.php?cladr=%5Ba%5D&clname=%5Bn%5D // %5b=[ %d=] # ---------------------------------------------------------------------------------------------------------------------- # Special Tags: #      blank    - get blank page #        blank_img - get one-pixel transparent image (for replace banners and etc.) # Example: #        sgerror.php?url=blank #        sgerror.php?url=blank_img # ---------------------------------------------------------------------------------------------------------------------- EOD; define('ACTION_URL', 'url'); define('ACTION_RES', 'res'); define('ACTION_MSG', 'msg'); define('TAG_BLANK',    'blank'); define('TAG_BLANK_IMG', 'blank_img'); # ---------------------------------------------------------------------------------------------------------------------- # ?url=EMPTY_IMG #      Use this options for replace baners/ads to transparent picture. Thisbetter for viewing. # ---------------------------------------------------------------------------------------------------------------------- # NULL GIF file # HEX: 47 49 46 38 39 61 - - - # SYM: G  I  F  8  9  a  01 00 | 01 00 80 00 00 FF FF FF | 00 00 00 2C 00 00 00 00 | 01 00 01 00 00 02 02 44 | 01 00 3B # ---------------------------------------------------------------------------------------------------------------------- define(GIF_BODY, "GIF89a\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"); $url  = ''; $msg  = ''; $cl  = Array(); // squidGuard variables: %a %n %i %s %t %u $err_code = array(); $err_code[301] = "301 Moved Permanently"; $err_code[302] = "302 Found"; $err_code[303] = "303 See Other"; $err_code[305] = "305 Use Proxy"; $err_code[400] = "400 Bad Request"; $err_code[401] = "401 Unauthorized"; $err_code[402] = "402 Payment Required"; $err_code[403] = "403 Forbidden"; $err_code[404] = "404 Not Found"; $err_code[405] = "405 Method Not Allowed"; $err_code[406] = "406 Not Acceptable"; $err_code[407] = "407 Proxy Authentication Required"; $err_code[408] = "408 Request Time-out"; $err_code[409] = "409 Conflict"; $err_code[410] = "410 Gone"; $err_code[411] = "411 Length Required"; $err_code[412] = "412 Precondition Failed"; $err_code[413] = "413 Request Entity Too Large"; $err_code[414] = "414 Request-URI Too Large"; $err_code[415] = "415 Unsupported Media Type"; $err_code[416] = "416 Requested range not satisfiable"; $err_code[417] = "417 Expectation Failed"; $err_code[500] = "500 Internal Server Error"; $err_code[501] = "501 Not Implemented"; $err_code[502] = "502 Bad Gateway"; $err_code[503] = "503 Service Unavailable"; $err_code[504] = "504 Gateway Time-out"; $err_code[505] = "505 HTTP Version not supported"; # ---------------------------------------------------------------------------------------------------------------------- # check arg's # ---------------------------------------------------------------------------------------------------------------------- if (count($_POST)) {     $url  = trim($_POST['url']);     $msg  = $_POST['msg'];     $cl['a'] = $_POST['a'];     $cl['n'] = $_POST['n'];     $cl['i'] = $_POST['i'];     $cl['s'] = $_POST['s'];     $cl['t'] = $_POST['t'];     $cl['u'] = $_POST['u']; } elseif (count($_GET)) {     $url  = trim($_GET['url']);     $msg  = $_GET['msg'];     $cl['a'] = $_GET['a'];     $cl['n'] = $_GET['n'];     $cl['i'] = $_GET['i'];     $cl['s'] = $_GET['s'];     $cl['t'] = $_GET['t'];     $cl['u'] = $_GET['u']; } else {       # Show 'About page'         echo get_page(get_about());         exit(); } # ---------------------------------------------------------------------------------------------------------------------- # url's # ---------------------------------------------------------------------------------------------------------------------- if ($url) {     $err_id = 0;     // check error code     foreach ($err_code as $key => $val) {             if (strpos(strtolower($url), strval($key)) === 0) {               $err_id = $key;               break;             }     }     # blank page     if ($url === TAG_BLANK) {             echo get_page('');     }     # blank image     elseif ($url === TAG_BLANK_IMG) {           $msg = trim($msg);           if(strpos($msg, "maxlen_") !== false) {               $maxlen = intval(trim(str_replace("maxlen_", "", $url)));               filter_by_image_size($cl['u'], $maxlen);               exit();           }           else {               # --------------------------------------------------------------               # return blank image               # --------------------------------------------------------------               header("Content-Type: image/gif;"); //  charset=windows-1251");               echo GIF_BODY;           }     }     # error code     elseif ($err_id !== 0) {             $er_msg = strstr($_GET['url'], ' ');             echo get_error_page($err_id, $er_msg);     }     # redirect url     elseif ((strpos(strtolower($url), "http://") === 0) or (strpos(strtolower($url), "https://") === 0)) {             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             # redirect to specified url             # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~             header("HTTP/1.0");             header("Location: $url", '', 302);     }     // error arguments     else {         echo get_page("sgerror: error arguments $url");     } } else {         echo get_page($_SERVER['QUERY_STRING']); //$url . implode(" ", $_GET)); #        echo get_error_page(500); } # ~~~~~~~~~~ # Exit # ~~~~~~~~~~ exit(); # ---------------------------------------------------------------------------------------------------------------------- # functions # ---------------------------------------------------------------------------------------------------------------------- function get_page($body) {         $str = Array();         $str[] = '';         $str[] = "\n$body\n";         $str[] = '';         return implode("\n", $str); } # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # IE displayed self-page, if them size > 1024 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function get_error_page($er_code_id, $err_msg='') {         global $err_code;         global $cl;         global $g;         global $config;         $str = Array();         header("HTTP/1.1 " . $err_code[$er_code_id]);         $str[] = '';         $str[] = ''; if ($config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']) { $str[] = " ### {$config['installedpackages']['squidguarddefault']['config'][0]['deniedmessage']}: {$err_code[$er_code_id]} "; } else { $str[] = " ### Request denied by {$g['product_name']} proxy: {$err_code[$er_code_id]} "; }         if ($err_msg) $str[] = " **Reason:** $err_msg";         $str[] = ' * * * ';         if ($cl['a'])        $str[] = " **Client address:** {$cl['a']} ";         if ($cl['n'])        $str[] = " **Client name:** {$cl['n']} ";         if ($cl['i'])        $str[] = " **Client user:** {$cl['i']} ";         if ($cl['s'])        $str[] = " **Client group:** {$cl['s']} ";         if ($cl['t'])        $str[] = " **Target group:** {$cl['t']} ";         if ($cl['u'])        $str[] = " **URL:** {$cl['u']} ";         $str[] = ' * * * ';         $str[] = "";         $str[] = "";         return implode("\n", $str); } function get_about() {         global $err_code;         global $page_info;         $str = Array();         // about info         $s = str_replace("\n", " ", $page_info);         $str[] = $s;         $str[] = " ";         $str[] = '';         $str[] = ' **HTTP error codes (ERROR_CODE):';         foreach($err_code as $val) {                 $str []= "** | $val";       }         $str[] = ' | **';         return implode("\n", $str); } function filter_by_image_size($url, $val_size) {           # load url header           $ch = curl_init();           curl_setopt($ch, CURLOPT_URL, $url);           curl_setopt($ch, CURLOPT_HEADER, 1);           curl_setopt($ch, CURLOPT_NOBODY, 1);           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);           $hd = curl_exec($ch);           curl_close($ch);         $size = 0;         $SKEY = "content-length:";         $s_tmp = strtolower($hd);         $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n"         if (strpos($s_tmp, $SKEY) !== false) {             $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY)));             $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " ")));             if (is_numeric($s_tmp))                   $size = intval($s_tmp);             else $size = 0;         }         # === check url type and content size ===         # redirect to specified url         if (($size !== 0) && ($size < $val_size)) {               header("HTTP/1.0");               header("Location: $url", '', 302);         }         # return blank image         else {               header("Content-Type: image/gif;");               echo GIF_BODY;         } } ?> [/u][/u][/s][/i]**</eod<br>

The only way to solve this: I restored my old configuration in a Virtual Machine System, then I could copy my supress list from the webinterface

Thanks for the information here. i've now successfully got pfsense snort sending the logs via barnyard2 to security onion where i have snorby running.