Sorry, pFsense 2.0

I do not have any 2.0 running atm. Would try so in near future…

Does anyone have any idea about this?  This seems to be an important concept of Snort that I'd like to learn.  Once again, for all enabled rules, some only alert, while other alert and block.  What determines blocking?

Because relayd does not support udp in general, but does support DNS.

From the relayd.conf man page:

The protocol directive is available for a number of different application
    layer protocols.  There is no generic handler for UDP-based protocols
    because it is a stateless datagram-based protocol which has to look into
    the application layer protocol to find any possible state information.

And then:

dns protocol
            (UDP) Domain Name System (DNS) protocol.  The requested IDs in
            the DNS header will be used to match the state.  relayd(8)
            replaces these IDs with random values to compensate for
            predictable values generated by some hosts.

http protocol
            Handle the HyperText Transfer Protocol (HTTP, or "HTTPS" if
            encapsulated in an SSL tunnel).

[tcp] protocol
            Generic handler for TCP-based protocols.  This is the default.

Hi Marcelloc,

Thanks for your answer, but I did exactly that. I have serveral other suppressions and they work properly; they don't show up in the alert list and they don't get blocked…

With this one they don't show up in the alert list, but they get blocked(?)

hdparm -tT /dev/sda

It's a linux tool for hard disks.

Pfsense is build on freebsd platform.

@guano:

I installed them but i need some help to use.

I've being trying to INSTALL for at least one week… allways fails:```

Saving updated package information... done.
Downloading Zabbix Proxy and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/8/All/zabbix-proxy-1.8.5,2.tbz ...  (extracting)

Downloading http://files.pfsense.org/packages/8/All/iksemel-1.4_3.tbz ...  (extracting)

Downloading http://files.pfsense.org/packages/8/All/p11-kit-0.9.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/p11-kit-0.9.tbz.
of zabbix-proxy-1.8.5,2 failed!

Installation aborted.Backing up libraries...

I'll keep trying… I'm installing a new pfSense (my FIRST in production) and this is a nice addon, because I have a zabbix install to monitor anything but kitchen sink! :)

I too have the same problem.

Isn't it possible to allways block the destination ip on one interface? So I can block destination ip-s on my LAN and source ip-s on the WAN interface…

Squidguard has a gui option for it.

Without squidguard, include file extension/mime types custom acls in squid gui.

To find an acl that exclude some file types, just Google for squid +acl +file + extension

Ah yes, this is very nice thank you. Will be very handy :)

@darklogic:

update your postfix forwarder from 2.3.2 to 2.3.3. It resolved the same issue you are having.

as indicated in the link.  but thanks for taking the time to post.

-g

@aranel

Is LDAP working for you now ?

It would be greate to know if it is working now with the compiled module. I do not have any LDAP here to test with.

Thanks for your feedback!

Snort Suppression Tutorial . . .
https://www.youtube.com/watch?v=uQ7OrxtiAes

Add Snort Suppression for Error: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
suppress gen_id 120,sig_id 3

Go to Snort WAN interface edit; Scroll down to Suppression and filtering
Choose the Suppression just created
Click Save
Restart Service
Do a port scan to see if it would trigger an alert https://www.grc.com/x/ne.dll?rh1dkyd2

Good to Go Again  ;D  :D

One down one to go.. Only need to Upgrade to Pfsense 2.0.1 now
Cheers  8)

Problem Solved…can someone mark it as solved ??
I hope i dont have to repeat this process when i Upgrade to Pfsense 2.0.1

Ok that seems to have fixed it, now it listens on both lan and loop when both selected in the gui

Thanks!

But I did not see it download the actual package .tbz file – guess I could completely uninstall it and then check with pkg_info to see if unbound its gets removed and if it then download loads it.

But since it working and on current version I think will leave it until 1.4.15 comes out to test ;)

Thanks again for the fix!

But kind of curious still about the out of sync other packages.

So 1.4.14 says it needs expat-2.0.1_2, but have _1 installed -- can I force removal and then install _2 -- but could that break git, cuz I use that like once a week when new changes come out.

thank you so much , server up.

regards

Compress logs with tar then transfer file to another server using scp for example.

tar -cvzf backup.tar.gz  /path/to/squid/logs

even easier.. nice one.

Well, i have installed the previous and use the software i need it to run

;)

That works out for me!!

Thats a temp solution, of course when everything be back, i will update it and move forward :)

There are depedencies that will break using 8-stable packages on 8.1 systems.

Take a look on this update to see how you change it.
https://github.com/bsdperimeter/pfsense/commit/c70452506a0ab84a9d72547656b516f6e61578da

files.pfsense.org is offline, wait some time and try again.

related topic

http://forum.pfsense.org/index.php/topic,44242.msg229525.html#msg229525