I am in the same situation.
Since that now we have pfsense plus at aws marketplace (and we pay for this), would be great that the mantainer of this AMI could provide the SSM agent as part of solution as a builtin package or available in packages list.

@bmeeks said in No available packages at all!:

older flavors of that hardware family having a really small boot partition or something that is too small to hold the most recent boot code from 23.01. Not sure I have all of those facts 100% correct, but that is the general flavor

That's about it. The criteria is not clear to me, whether it is age or UFS file system, but it was failing to write to the EFI partition with an out of space error, thus booting fails.

Older 1100/2100 devices with UFS had a small 800KB EFI partition. Newer with ZFS have a 200 MB EFI. I do not know if there was any overlap, or, technically, if Netgate officially confirmed the small partition as the only cause. The above was Netgate speculation in threads over the weekend of release.

Per those threads from a week ago, Netgate had been unable to replicate the issue, even "knowing" the conditions for it to happen. Makes it hard to detect in beta testing, or diagnose.

@john24634 said in Snort best practice to Unblock:

Does stop nort disables completelly the IDS?

No, Snort blocks by telling pfSense to place an IP address in a system-created pf table called snort2c. Once an IP is placed in that table, a hidden firewall rule created by pfSense at startup blocks that IP address until it is removed from the table. Stopping nor restarting Snort alters anything in that table once the IP is placed there initially. Stopping Snort prevents any additional IP addresses from being added to that table, but it does not remove any that are already present.

There are fours ways to clear an IP from that table and thus "unblock" that address.

Use the Remove Blocks button on the BLOCKS tab of Snort. Configure the Remove Blocked Hosts Interval setting on the GLOBAL SETTINGS tab of Snort. That will remove blocked hosts at the interval shown providing that host has produced no further traffic during the interval period. Clear the entire snort2 table contents using the option under DIAGNOSTICS > TABLES. Reboot the firewall. All pf tables are RAM constructs and are thus automatically cleared out when the firewall reboots.

@jimp
Uninstalling the nmap package and then editing the config.xml to remove the NMap entry fixed the duplicate entry in the menu.

Thanks for your help.

@vollans Thanks! I ended up thinking I could get just PIMD working, but apparently I still do need the Avahi running with PIMD. Chromecast and samsung speakers were not able to do discovery without Avahi running, and PIMD is doing the messages broadcasting for everything else. Still don't really understand fully PIMD vs Avahi, but I seem to need both running for things to work properly. I just flipped Avahi back on and everything is running fine now, and no more capabilities messages from the post I just submitted.

I recently read an article about why you should choose sports paramedics from Valhalla Medics for your events, and I must say that I am thoroughly impressed - https://www.valhallamedics.com/the-best-emt-set-medics-for-your-events/ . The article provided valuable information about the pros of hiring Valhalla Medics, including their highly skilled and experienced paramedics who are equipped to handle any medical emergency. The article also provided contact information for the company, making it easy to get in touch with them. I highly recommend Valhalla Medics for anyone in need of professional and reliable medical support for their event.

@jimp Perfect, thanks! :)

@gwaitsi fixed in 23.01

You likely have a pkg dependency problem. Either due to loading a package from a non-Netgate repository or mismatched packages from different versions (for example, if you are on 2.6.0 but have the update branch set for 2.7.0 snapshots). It can't make changes to the packages because in doing so it wants to remove a package upon which the base install of pfSense depends.

You'll need to remove any packages that came from repositories other than the pfSense 2.6.0 repository.

@rcoleman-netgate I did not know that. I checked the link today and changed my post to WOW!!!

@jimp Works fine on MacOS & IOS now 😀

Update: this issue has been solved for 22.05 (not yet for CE 2.6). Now the agent62 is properly installed.