…. I just saw, that on the WAN interface UDP 16xxx is being blocked! Do I need to add a rule to pass it?

Jul 4 03:00:53 WAN 217.xx.xx.xx:18113 91.xx.xx.xx:16399 UDP

You had no rules at all configured!
What is my mistake?

regards
Guenther

Ah, I think I know what it is. The AP that I'm trying this on has "defective" firmware and I need to update it first. Turns out updating the firmware is causing me even more problems  :-\

Thanks!

So sorry with the delay to replying I will take a look at that be interesting it's not a big problem though really, just I think some might be using some to spam my blog I suspect.

Thanks any how.

Many thanks ! i was sure it's a bug…not it's working fine...but in this way: if that option is not enable and ip is not in list after authentification i got acess denied. It's working like this: ip in unrestricted list, option enable i got prompt for credentials authentification succesully and it's working !!! i assumed this is the good way working(for me it's fine like this) ? but still...local/others way of authentifications are made to bypass the ACLs list in particulary unrestricted ip's ? why it can not be a working proxy for whatever the ip is...and based on authentification ?

Another thing, my proxy is on wan and it's working fine but it's strange that is working also on lan ! :D of course with my dynamic dns adress entered, it should work like this if proxy interface selected is wan and i'm entering from lan

It's fine that is working now ! thanks a lot !!

Could you post screenshots of your
Common ACL (targets open)
Group ACL (targets open)
The target you created

squid can only block http websites when in transparent mode.
for https you need squid in non-transparent mode.

AJungleDog,

You will need to change your script to update dansguardian xml config using php instead of editing config files.

take a look on dansguardian.php, it could be a good start to understand how to read and change dansguardian xml conf.

att,
Marcello Coutinho.

ps: before any test, backup your config.

Does he have an easier way to get an authentication UserID in my reports ?

Thanks

oki dokie thanks for the answer. i will do just that.

Thinking, perhaps I just need to block broadcast or multicast or something? Is there an easy way to block broadcast traffic?

i also facing same problem,..

417 Expectation Failed

It's in the FreeBSD package repo, we don't have it on our site.

You might uninstall and reinstall this, at some point in the last week or so I rebuilt that package as it was pulling the wrong version of the code.

Alternately, there are instructions on the wiki for setting up softflowd.

@gregober:

In Squid, I think It is possible to use this configuration directive :

access_log syslog:local:4

or

access_log syslog:LOG_LOCAL4

This parameter has to be included in the configuration file…

I personally verified that it was perfectly feasible to include this configuration directive in the "Custom Options" field of the Services > Proxy server configuration page of PfSense. Thanks to to that the settings survives a reboot.

Once this is done, the messages are sent to a distant server provided you configured pfsense to do so (Status > System Logs > Settings)

The system log says:

... snort[3342]: WARNING: No dynamic libraries found in directory /usr/local/lib/snort/dynamicrules. ...

Currently it looks as if this is the reason why snort does not want to work properly. Obviously, reinstallation did not work.

After disabling the snort.org *.so rules and enabling the more or less corresponding emergingthreads.net rules, the system works as expected and offenders are blocked again. Does anybody know where the content from dynamicrules is supposed to come from? The packages from files.pfsense.org seem to contain only an example module.

tftpd just runs through inetd. That should get restarted if you edit/save under System > Advanced.

Or kill/restart inetd by hand

@dataking:

Is there a "standard" out there for building a package and how to do it?

this is the starting guide:
http://doc.pfsense.org/index.php/Developing_Packages

basically you build xml files to use pfsense framework and call a php script (package_name.inc) file to check options selected on gui and apply to package conf.

The package build options and location can be found on github.
https://github.com/bsdperimeter/pfsense-packages

This post from Jimp is also usefull
HEADS UP: Package Maintainers - ACTION REQUIRED - Packages Cleanup / PBI Prep

Just solve my problem;

never to check

Not to allow IP addresses in URL

This is to allow skype read the ip address in your internet browser

Thanks for the reply, I will have to look into the DNS solution. I am using the DNS forwarder to automatically use the DNS from my ISP. I have set the DNS in the proxy as well. I still get a proxy error when I type in Google instead of google.com

Error…

The requested URL could not be retrieved

While trying to retrieve the URL: http://google/

The following error was encountered:

Unable to determine IP address from host name for google

The dnsserver returned:

Name Error: The domain name does not exist.

This means that:

The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.

Your cache administrator is

… End Error

It is not that big of a deal but it would be nice if it just sent the request to Google on a bad spelling or out of date url. Oddly when I type in "Google website" it pulls up Google in a search.