@whanksta:

How do I do that via the console interface?

Backup /conf/config.xml

And edit configuration carefully using viconfig.

Check this link for amd64 http://www.pfsense.org/packages/config/squidGuard/squidguard_acl.xml
Must be downloaded via browser.

Probably you have common problem with http://forum.pfsense.org/index.php/topic,58194.0.html

agree on that onhel and thanks for your reply.

facts

I can consistently count on a superduper working and smooth snort until next reboot from a new reinstalled snort + interface defining again.
I can consistently get snort up and running doing the package lock clear and reinstall packages method.
and I will get this paticular error after a reboot of the pfbox:

/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.18" not found, required by "snort" when trying to manually start snort. ofc cant start in in gui either when i see this.

does anyone have a workaround or a theory about why snort dont find / use this file…..its there allready i see when im finding for it?

snort was doing fine consistenly until i upgraded yesterday =)

Going to build a new vm later tonite for this. Will put only snort on it....and see what will happen.

Best Regards

Hi Gloom,

:) Thanks

I guess the problem was that I was mixed up with the fields and that 'localhost' would not be accepted at the 127.0.0.1 address.

Now it works:

If: LAN
Proto: TCP
Scr. addr/Ports: * / *
Dest Addr/Ports: 192.168.1.1/3493
NAT IP/Ports: 127.0.0.1/3493

Maybe the nut settings page should describe this a bit better.

Thanks all,

Alfredo.

I did not get quite the rest I would have liked. Now even having it update from a dropbox link I am having to constantly refresh the link to the file to get it to work.

ARGH…. OK. Alias setup, set as first rule in firewall, list auto updates every hour from an external linked file. What could I be missing?

From what I've seen the setup is the same as the settings on the other firewall in our other office, which is not having any issues.

What else can I look at to track down this issue?

EDIT: I did notice a warning on the server this morning. Filter Reloaded - Some unresovable aliases (or something like that).

@mikesamo:

just use layer 7 filter with limiter.

Thanks for the reply. I've set up the L7 filtering and it seems to be working well at keeping the videos down to a reasonable level. Is it possible to filter all binary downloads with the layer 7 filter on pfsense as well? I noticed ".EXE" in the list, and have it selected but I've noticed downloads from an adobe update site that cause our bandwidth to max out for a couple of minutes and at least in adobe reader there is no option to change update schedule.

There should already be a filterdns process running. It wakes up every 5 minutes, checks the IP address of the names in aliases, and updates the pf/ipfw tables. I can see it on both a 2.0.2 and 2.1-BETA1 system:

$ ps ax | grep filterdns 10168  ??  S      0:00.01 sh -c ps ax | grep filterdns 10550  ??  R      0:00.00 grep filterdns 50475  ??  INs    0:00.01 /usr/local/sbin/filterdns -p /tmp/filterdns.pid -i 30

If I understand correctly, what you need should already be happening.
Use Diagnostics->Tables to see the current IPs that are in each table to confirm that it is working.

Sorry I don't know how this thread is relevant, please indicate where to look for me, I don't get an Invalid return payload error and my settings doesn't sync at all.

Ah, sry. I didn´t read your error log correctly.

I think you have to add a static route, otherwise your box's can´t communicate through the IPSEC VPN - >
http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

@marcelloc:

@skipmed:

what is wrong? thanks in advance

what backend status you get on dashboard varnish widget?

both up with green arrow
no other value is shown in the fields "cache hits" etc., just shows the two backends with status

thanks

I am the author of the latest Snort changes, and I also saw the same error when I did a re-install versus an uninstall followed by a re-install.  Searching back through the forum messages, there is a thread about this being a problem with the package manager tools and not with any individual package.  The recommendation is to always do an uninstall and then a re-install, instead of just clicking the re-install icon.  It would be nice if the simple re-install would work, though.

As for the changes in this Snort package, probably the most important is the new auto-flowbits resolution feature.  However, in order to for this work properly after a full re-install; you need to first enable the feature in the CATEGORIES tab, update the rules files in the UPDATES tab, and then stop and restart Snort.  Otherwise, the new flowbit resolution won't be registered in the snort.conf file.  I just discovered this glitch during my uninstall and re-install testing today.  I have a fix in mind that I will submit in a day or two for Ermal to consider.  In the meantime, just remember to cycle Snort on your interfaces one more time AFTER doing the initial rules download/update with the UPDATES tab.  Thereafter, things will work fine.

Bill

Thanks all for fixing the update error, I will fix it tonight when I get home.

It is working now…THANK YOU !!!

However, I find it strange.  I looked at the link you sent and found that the filter config was missing the "within" clause which was simply a check box in the groups acl, however, the section that contains that check box was missing on some versions of the gui.  I had a snap-shot backup of the machine from three weeks ago when I re-formatted did a clean install of 2.02 and and there entire Time section is missing from the GUI config.

Anyway, after all current updates have been applied, the Time selection is there and all is well.  It must have been something I did, but THANK YOU again for your swift response !

pfSense RULES !

I don't know about dansguardian, but squid and squidguard can run on embedded units provided you disable caching (set a null cache type, and set to 0) and also make sure logging is off.

This should be fixed on current snapshots dated 1/21 or later.

Clicking an IP in Strikeback gives this error now

New site coming soon…
Visit orlando.dnstools.com or houston.dnstools.com for the old site.

I went into /usr/local/www/packages/strikeback/strikeback.php and changed all instances of

http://dnstools.com/...

into

http://orlando.dnstools.com/...

and that fixed it.

I also tested houston.dnstools.com; it works as well

Came across this when I switched from IPcop to Pfsense. In ipcop I used to use privoxy to block all ads globally. I never did find a howto on doing this so I created one. If it helps you or others hear is a link

http://www.howtoforge.com/node/7237

Note privoxy is not an official Pfsense package so you may not get support on hear if you run into problems

@Gabri.91:

@dvserg:

Need Enable blacklist.

Sorry I didn't see that flag, now it works ;D  ;D

General Settings tab.

Dansguardian will work on both. Choose what works better on you setup.