I may be wrong but I'm pretty sure Squid would only cache traffic that flows through it. I connect to my news reader on port 563 (or whatever it is) so squid would never seem my newsreader traffic as squid only has traffic from port 80 flowing through it!

Still was unable to get this to work. I ended up just setting up a web based (speedtest.net) mini client on a server behind the firewall works okay but I would prefer iperf if you find a solution.

Got it, thank you!

@bmeeks:

My suggestion would be to not run the fixed-IP list Emerging Threats rules in Snort if you are using them with pfBlocker.

Hi Bill,

The .txt Rulesets from ET are based on the Open ruleset. I have asked if there is a PRO .txt ruleset but waiting on an answer.

They also indicated that the RBN lists will be discontinued in a few weeks.

@bmeeks:

This has been fixed with an "unannounced" minor update I pushed the day after New Years.  Just reinstall the Snort package GUI and it should be OK.  The change was so minor that I did not bump the Snort package version.

To reinstall, go to System…Packages and the Installed Packages tab.  Click the XML icon beside the Snort entry to reinstall the GUI components.  Check and be sure you have clicked "save settings on de-install" on the Global Settings tab first to preserve your configuration.

Done and done… thank you  Bill for the quick response, that was it.

We know what you meant, but for those following, the (current) actual heading under Global Settings/General Settings is:  Keep Snort Settings after Deinstall

Rick

Please use suricata if you are looking for an IPS, snort inline support was dropped in favor of suricata.

@MikeX:

…
I'm looking for advice, nothing too detailed or specific on the technical part of deployment, but more so of... "use this rule set" or "maybe try this obscure setting".
…

http://forum.pfsense.org/index.php/topic,64674
Make sure you read every single post on that thread.

As for the locking yourself out, if you are on a dynamic ip (seen that you mentioned dynamic dns) then you just change your ip you are remoting in from. Or just whitelist it as mentioned above.

No help section available currently, sorry.

Every time the configuration is applied all existing configuration options are overwritten. (as is the case with most config files that are managed through pfSense gui.)

-import option, i don't think its easily possible to implement such a feature..

As a workaround you could probably put major parts of the old config file into the Setting page under: "Global Advanced pass thru" including listen/frontend/backend sections. Though that way it wont be 'nicely' visible in the webgui..

the haproxy-devel build uses some default options like a 'unix socket' that might be sufficient for haproxy to startup, instead of the almost 'empty' config you showed. Also when applying haproxy-devel settings if an error is detected in the config file it will show that at the top of the page.

As long as you have selected output_cdf and recover_cdf in the settings, then it should be reloading the data each time bandwidthd starts. On full installs, the data is on a real disk and so should survive a reboot. On nanoBSD the data is in the /var memory disk and is lost on reboot. So far there is no option to automatically save it to the CF card.

I think there is some error with authentication through captive portal, its working if I put static ip on terminals.

I believe the refresh is the same as the Firewall widget. But then again, it was back in 2012 I last changed the code…
If you haved fixed it, I will try see if I have some time this weekend.

thanks

I can't reproduce that in a VM. It installs fine and does not complain. Output from ldd shows that the expected libraries are all present. Something else you have installed must be conflicting.

Seriously consider moving to 2.1, otherwise you're in for a bunch of manual shell package cleanup if you hope to fix that. The package itself appears to be fine.

@gogol:

The default in the GUI is to automatically add all locally-attached networks to HOME_NET.  You can defeat this and configure your own HOME_NET, but the process is counterintuitive.

If I remember well as an alternative you can define your own HOME_NET also in the "Advanced configuration pass-through" section of the interface settings. The default HOME_NET will be overruled.

True, this method will also work.

Bill

@phil.davis:

e.g. if your postgreSQL password was "0.0" you would have had a problem getting that through to the conf file!

If that was your PostgreSQL password you have bigger problems than getting the value into the .conf file  ;)

Thanks for fixing that, it's always annoying to find things in PHP that are quirky with 0. Like $t = "0"; empty($t) being true.

If it is 30MB then maybe it runs out of space in /var (a memory disk on nanoBSD). These days you can change the size of /var (and /tmp) from the GUI (with reboots…), so you could increase /var just for the install, then put it back after. Alix 256MB are reasonably short on memory, so leaving /var bigger than the default might mean you run out of memory for real processes.

@abbey:

I am having trouble accessing certain sites, specifically ones containing proxy or proxies phrases. I have already added this sites to exception list, deselected proxy from weighted terms and even turned off Weighted phrase mode

But i still keep getting access denied Weight phrase: proxies

In checking logs i see dansguardian: Error connecting via IPC socket to log: No such file or directory

Not sure on your IPC error. However, if you've properly entered the exceptions,  you definitely should be able to get to the sites. What shows in your access.log? You should see an exception logged for every site you've entered into the exception list.