Thank you for the hint but there are no stupid questions as I have learned  ;)

The new release of PFSense will come in 2 weeks with new hardware.

Well I have read your post but I do not understand why these firewall rules
should help.
The rest is configured according to the manuals or posts in here but I
do not understand why it stopped working

@arushi:

It works, but this users that i block on "Banned host addresses" can open the web pages with https (port 443)
How can i close this port for this clients??
;)

Transparent proxy does not filter port 443. Create a firewall -> rule to block it.

thank you very much kev. that is very good information.

now to tweak everything.  :)

Oh I see.. Thanks!  :D

I've been doing a bit of digging around in the pfSense source code and I think locking the account using

And setting the user's shell to "/sbin/nologin" should be sufficient.

Does anyone know of an existing function / better way to do this? (guessing not as I stole my code from https://github.com/bsdperimeter/pfsense/blob/master/etc/inc/auth.inc#L457)

I've started using the Snort package a couple of days ago and this bug is really annoying… But I think I might found a semi-working solution for it. In /usr/local/etc/snort/rules are the categories such as snort_* and emerging-*. When I disable/enable specific rules in these files they will at least stay permanent for interface restart and updates when no new rules files are downloaded. But I guess these changes will be overwritten when new rules are actually downloaded (not just checked and no new files where found). But yeah... Not perfect, but at least the rules won't reset every 12 hour anymore.
For some reason I don't seem to have a oinkmaster.conf file on my system at all? 2.0.1-RELEASE (amd64) with Snort 2.9.1 pkg v. 2.1.1.
What's the current status of this bug btw?

i solve it but i need now to flush cache content and removw all cache and i want to know if cach is working and chaching or not
cause i have another prob.
i remove pfsense and reinstalled it many times and install squid and light squid and in every time i found that lightsquid report is reporting that i use cache and specify the content that cached before the removing pfsense
how does this work despite i was erase all hard disk content and reinstall pfsense from zero

it doesn't happen with many packages anymore as we take some precautions to prevent it as much as possible, but it does happen on some, have to be careful when messing with packages. 2.1 uses PBI packages to eliminate such dependency hell.

Uninstalled and reinstalled the Snort package, and now it works.  I can check under "Services" menu.  Service is running.

Hi all,

I've merged squid-rever and squid3 in only one package for pfsense 2.0 with reverse options in a brand new service-> reverse proxy menu.

Check screen shots on it's thread
http://forum.pfsense.org/index.php/topic,48347.0.html

att,
Marcello Coutinho

no worries pod ;D

Only thing i noticed still after restarting the server (Had to move the man cave about a bit) is what it was going to start HAVP, it still complains pw: unknown group havp, but when you go and look at the necessary file, the group is there

Weird

Should be done fairly shortly, I gotta head out shopping, so im gunna do some more work on this damn server after i get back

so any help plz

Ok discovered how i can be able to cache some of the youtube stuff, but need to know the best way to add what it says to squid:

http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube?highlight=%28ConfigExamples%2FIntercept%29%7C%28ConfigExamples%2FAuthenticate%29%7C%28ConfigExamples%2FChat%29%7C%28ConfigExamples%2FStreams%29%7C%28ConfigExamples%2FReverse%29%7C%28ConfigExamples%2FStrange%29%7C%28ConfigExamples%2FExtreme%29%7C%28ConfigExamples%2FPortal%29

Good call.  :)

Steve

Hi CMB and thanks for the reply.
I mean, both Squid and Dolphin are creatures from the sea, so they should get well along…. ;D
Why this doesn't happen with PHPBB3 which is running from exactly the same address (192.168.5.8  ), the parent folder is the same, they are in 2 different subfolder which i did even try to swap but the result was the same...the Squid is discriminating

Snort on pfsense is currently 2.9.0.5 which is now end of life. You will still get emergingthreats rules but until someone updates the snort package to ideally 2.9.2.2 you won't receive any new VRT rules I am afraid.

You can use the supress tab to filter the alerts and I would disable the ET-DROP, ET-TOR rules etc. You could use pfblocker and lists like emerging-blocklist and compromised etc .txt files in emergingthreats (firewall and block rules). You could set these to block outbound, inbound or both. Install pfblocker and enable these in the lists as .txt:

http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt (this is dsield, russian business network, botnet CnCs)
http://rules.emergingthreats.net/blockrules/compromised-ips.txt
http://rules.emergingthreats.net/blockrules/rbn-malvertisers-ips.txt
http://www.ciarmy.com/list/ci-badguys.txt

@marcelloc:

leave lightsquid/sarg on the second pfsense

firewall with squid in transparent mode on lan + upstream configuration

second pfsense with squid and report package

Thanks. I'll have to look into this. I have never used or heard of sarg.

As my pfSense main firewall is a VM, if i put the cache off onto anothe rbox like this, how much HDD space does pfSense actually need to work efficiently?

of course you need to make a cronjob with "/usr/local/sbin/squid -k reconfigure", got an pm to this, so, well you always need the full path in a cron job

You might have set 'block offenders'.
This option currently seems to break snort, at least for me.
Try to disable the option to automatically block offenders and see if snort starts normally.

Hi,

I'm also interested in being able to send email messages from my pfsense.

Since the pfsense webconfigurator already has configured a MTA with servername, addresses and authentication etc, I thought that everything needed were there and it was only a matter of knowing the commands and parameters to be able to send messages?

I don't mind using any command interpreter if I only know the syntax to use.  (Message subject, Message body and Send it…)

regards Tor