Possibly the rewrite works as expected but then Google redirects the request to SSL, whereupon (without further tech) the rewrite isn't possible. You can workaround the SSL redirect by creating CNAME records for all Google domains you allow, pointing at nosslsearch.google.com.

Rumours are that there is known way to circumvent that method, so can also try accepting the SSL but using the CNAME record method to force safe search forcesafesearch.google.com.

Or just ban Google for being idiots and forcing SSL and use Bing instead.

Is no one having a clue?
:o

@fsansfil:

Hey there,

Thanks for the quick reply. Just tested it again, this time with a newly created modify.config, did checked rebuild in front of the interface (LAN), still nothing. Seems the check rebuild button dont save, every refresh it goes back to uncheck…

Thanks.

F.

BBcan177 is correct in describing the steps.  The new SID MGMT tab takes the configuration files and uses the instructions within to create a list of rules Suricata will use for inspecting traffic.  Literally, the primary purpose of the SID MGMT tab itself is to let you upload, edit and assign various text configuration files to your interfaces.  Saving simply does this part.  The actual creation of the new list of rules for Suricata to use for network traffic inspection happens in these three cases:

1.  You click the REBUILD checkbox next to the interface on the SID MGMT tab.  That will not only save the file assignments as described above, but will trigger the creation of a new list of rules for the interface.  Once the list is created, the running Suricata process is sent a "live rule reload" signal.  You will see this in the suricata.log file viewed in the LOGS VIEW tab for the interface.  As BBcan177 said, you can then go to the CATEGORIES or RULES tabs for the interface and see the new color-coded icons beside the impacted text rules.

2.  Once auto-SID management is enabled, every time you click SAVE on any other interface tabs, the list of rules is rebuilt using the logic in the assigned SID MGMT configuration files.

3.  Finally, when an automatic download of updated rules occurs via the scheduled update job, a new rules list is generated and Suricata is signaled to load it.

Bill

What mode is the server set for?

It was easier than I thought: pfSense now needs a Port Forward from LAN to 127.0.0.1.

Now works like a charm :)

Thx dear sir for your time, now i know that i can only wait for solution, because is over my knowledge.  :(

Hi Titus, could you please attach a few prints showing your configuration?
I'm still trying to do it :(

thanks.

Correct, 2.0.x is dead. Upgrade.

We cannot rebuild packages for it, if a security issue happens (as happened here), they will be removed from 2.0.x. If something breaks, they will be removed from 2.0.x. If a package maintainer doesn't want to maintain compatibility that far back, it can be removed from 2.0.x also. Eventually, all packages for 2.0.x will be gone.

There is little reason to stay on such an old version. The security issues alone that have been fixed since then should be enough of a motivator to upgrade.

@fsansfil:

Right now I dont have full control over $HOME_NET… for an example, I have suricata on WAN, LAN and not on OPT1. But no matter what I do, I end up with the OPT1 network in the $HOME_NET (white/pass list) of the LAN Suricata...Let us use aliases to fully define $HOME_NET, $EXTERNAL... etc.

Are you creating the custom HOME_NET list this way?

1.  Go to Firewall…Alias and create one or more aliases as necessary to define your custom HOME_NET.  You might have to create several sub-aliases, and then combine them into a single master alias.

2.  Create a Pass List on the PASS LIST tab.  Give it a name.  Maybe "my_homenet" or something.

3.  Within that Pass List, uncheck all the checkboxes.  Then assign the alias created in step #1 to the ADDRESS field.  Save the Pass List.

4.  Go to the INTERFACE SETTINGS tab for the interface you want to customize HOME_NET for.  In the HOME_NET drop-down, select the Pass List created in step #2.  Save the change.

5.  Restart Suricata on the interface to pick up the change in HOME_NET.

Following these steps should let you create a HOME_NET variable containing only exactly what you want.  You can also customize a number of the PORT_VARIABLEs on the VARIABLES tab.  Just first create one or more aliases to define your custom ports, then assign those aliases to the port variables on the VARIABLES tab.

@fsansfil:

Custom rules, It would be nice yo be able to invoke one of our list, not just copy-paste into the web interface (limited in numbers at this time)

Providing the ability to upload and use a custom file should be pretty easy to implement.  I will put that on my TODO list of new features.

Bill

I had posted up a long reply & got a error when I tried to post it & it got erased.

In short, I have a 42U server rack with the 8 UPS. I run VMs on the other machines & they don't support passthrough for devices, so I can't monitor UPS from each server. Also it seems it would be more of a mess to have each managed individually than all by one main server, my pfSense box.

My pfSense box is on dedicated hardware & I have two 4 port rs232 serial hubs hooked to it. It can relay when to shutdown via IP with WinNUT to my Windows VMs. Then I should be able to set ESXi to shutdown when it detects no running VMs.

For haproxy 1.4 the only valid acl for https traffic (that is available in the webgui) is the source ip acl. If you shortly can select other acls that is indeed a (small) bug..

If you want to do 'anything' with ssl then you should probably be switching to the haproxy-devel package that uses the haproxy 1.5.x release version. Then you can either use ssl-offloading on haproxy and have full http processing options, or use https with sni to select a backend.

Thanks for the suggestion I will , just have to find out the command :(

Ok found the problem freshclam can't write

getfile: Can't write 1448 bytes to /var/db/clamav/clamav-04e57fd99e8b1077eff2f11877c0cd60.tmp/clamav-8716b509fafdea26b5aa2d94dfd0f180.tmp

:(

In my case, the machine has 2GB RAM, 104GB SSD. RRD graphs show that during the last 30 days, Minimum free Memory was 40% (that also accounts for the OS Cache, which is not included in the regular memory usage, as it will be drropped immediarely if an application demand more Memory). Real memory usage was typically at 10%, with Peaks going up to 20%. Disk usage: 11%. Most of this are probably pfSense backups. Yes, I maninly use squid/squidGuard for filtering, only a very specific set of files gets ever cached.

On a third pfSense box, I has no SSH access, so I used a one-liner in the Daignostics : Command Prompt WebGUI:

After that, re-download of the blacklist. However, on the third box, squid does not run in transparent mode, and I am not aware if any users dook the option of manually configuring the proxy. As I received no complaints, most probably none.

the idea came to me from "when the internet become slow i just click save in the squid proxy page and it works flawless"

-k reconfigure Sends a HUP signal, which causes Squid to re-read its configuration files.

http://wiki.squid-cache.org/SquidFaq/InstallingSquid

Thanks Finalcut,

Unfortunately I've tried all that already with no luck.
I've got another office running it no problems, though the environment is much simpler.

Last time i had this problem I put it down to Squid not supporting multi-wan, though as squid monitors the LAN interface I can't see how this is a problem.

@robina80:

hi all,

i have postfix installed as a package on my pfsense firewall, i was wondering can i use this as a SMTP re layer/smart host connector for exchange

if so can you please show me how?

many thanks

rob

Works great and the setup is just straight forward, use the forum search for assistance….

Quick step by step

https://forum.pfsense.org/index.php?topic=46196.msg242056#msg242056

All you need is in this thread

https://forum.pfsense.org/index.php?topic=40622.0

Good luck.

Hello,

I'm facing the same problem. Will be grateful if anyone have the answer.

Best Regards,
Pressian