pfSense 2.2 is a rather big change from 2.1, due to the change from FreeBSD 8.3 to 10.1.  This brings benefits of better hardware support.  2.2 has been fairly stable for me, but I don't use many packages or advanced features of pfSense.  If 2.1.5 is running and you're happy, stick with it.  If you have hardware not supported in 2.1.x, or you like to test and report issues as you find them, try out 2.2.

Keep a copy of your 2.1.5 configuration as a backup in case you need to downgrade; you can update 2.1.x -> 2.2, but AFAIK you can't use a 2.2 config to go back to 2.1.x

@lpallard:

Hey bmeeks, I PM'ed you!

I replied with a request and my e-mail address.

Bill

That IP is currently listed on a Threat Source called "Alienvault"

http://kb.bothunter.net/ipInfo/nowait.php?IP=93.184.220.20
–-------------------------------------------------------
      IP Address        = 93.184.220.20
      Threat Level      = Unverified
      Threat Category    = Malware Propagator
      Threat Description = Malware drive-by exploit site
      Hostname          =
      Service Provider  = EDGECAST NETWORKS INC
      Domain Name        = EDGECASTCDN.NET
      ASN Number        =
      ASN Name          =
      Network Speed      = DSL
      Country CC        = US
      Country            = UNITED STATES
      Region            = CALIFORNIA
      City              = LOS ANGELES
      Longitude          = -118.283996582031
      Latitude          = 34.0452003479004
      Zipcode            = 90001
      TimeZone          = -08:00
      BestAnswer        = 1
--------------- thank you for asking --------------------

Would be wise to use pfBlocker with that Threat source and block that from your network completely.

https://reputation.alienvault.com/reputation.snort

@zinzara:

I have some experience analyzing traffic and was wondering if there's a way (package or otherwise) to continuously capture and save packets. Reason is, I also have some experience writing snort signatures and would like to look through my traffic from time to time and if I find anything I don't like and it wasn't caught by snort, I could write a signature on it. So, is there a way to do this? I would prefer to save onto the pfsense box but if I have to setup an external server that would be ok too. I realize this would add up quickly in storage requirements but this is on my home network which I don't do a whole lot on and I have a big hard drive. Thanks.

There is a Solution Called "Security Onion" that will do Full Packet Capture and more…

http://blog.securityonion.net/p/securityonion.html
https://code.google.com/p/security-onion/wiki/IntroductionToSecurityOnion

The country Codes in pfBlocker has not been updated for two years. They are out of date.

@jay4linux:

I am trying to unblock an IP address in one of the pfblocker country lists.  Is this possible.

Hi Jay,

You can't remove one of those IPs from the Lists as each update it could come back into the list.

So what you should do is create a "Safe Pass List" and add all IPs that should not be Blocked by a List. This rule should be above the Blocked Rules to allow it thru.

See HERE for how to get Cache Manager stats. Select General Runtime Information from the menu to get the stats above.

Steve

@Bulldogg:

is your apu1c4 still running stable with HAVP antivirus, snort and squid3?
what kind of speed do you get?

Yes, still running stable since months now.

Speedtest reaches my provider limited bandwith maximum of 20 Mbps download and 2 Mbps upload.

Try latest version 9.9.5P1_5 pkg v 0.3.5 and let me know if you find any issues.

thats was so easy you just  put the file(which contain the list of ip's) inside  "/var/squid/acl"

why is that

[2.1.5-RELEASE][admin@******.localdomain]/root(69): ls -l /var/squid/acl/
total 4
-rw-r–r--  1 proxy  proxy  84 Sep 16 07:53 throttle_exts.acl
-rwxr-xr-x  1 proxy  proxy  992 Sep 15 12:47 youtube.acl

to make it read from the file the proxy user should have permissions

*Solved, I think

I was looking in the Log/Filter Config and found a syntax error

src Test {
192.168.2.7192.168.2.24
}

Edited the Group ACL "Test" client list by adding a space between IP Addresses.  Saved and applied the change, which modified the Log/Filter Config…

src Test {
ip    192.168.2.7
ip    192.168.2.24
}

Ads are blocked again
Both the Common ACL and Test ACL are behaving as expected

Thinking back, this started around the time I created a new VM 192.168.2.24.

When I added the VM to the Test group, I probably hit Enter in the Client IP address text box.

The Client UI either doesn't or can't check for Returns in the text box, so it read the entry as 192.168.2.7192.168.2.24 instead of
192.168.2.7
192.168.2.24

try to choose allow instead of whitelist
and make sure that website aren't in some of squidguard blocked list

@finalcut:

squidguard(web filtering) work with squid3 (as poxy)
after you install squidguard and choose which to block and which allow
you should then save
then go to the first tab of squidguard and click apply and then save

from squid3 you must add the allowed subnet for example
192.168.1.0/24
in addition to choose lan interface and 3128 as port

also there is tow type of proxy
non-transparent (you should add the ip and the port in each browser(firefox it be or any other flavor ) for user
transparent you shouldn't add the ip and port in the browser but you choose it from squid configuration

Cheers will test it soon.

Reset to factory defaults and started over before I saw your post. But thank you for the reply.

jclarkv

If you turn on DNS to listen on WAN, then you want to hide version as precaution to avoid targeted attacks. This would make it easier for attackers to figure out what your BIND is vulnerable to if vulnerable based on version number.

I recommend only listen on your internal networks. You don't want to expose your internal zones to the internet and/or get flooded by people using your DNS server.

Notify is used if your BIND is the primary DNS server and you have slave DNS servers configured in Zone(s). If notify is enabled, it will immediately notify the slave servers when changes occur to the zone(s). This will help keep your DNS servers in sync quicker. You will only need this if you are setting up DNS zones.