Good time to share this absolutely cool post by Grünsfröschli: https://forum.pfsense.org/index.php?topic=107605.0 :-D

A long time ago, we had a quality specialist in to give a talk. His message went like this: Software engineers are engineers who design and implement software. They need to think like engineers. When software doesn't work as intended it doesn't have "bugs." Bugs are cute, bugs are quirky, even funny. When software doesn't work as intended, it has defects, just like any other engineered solution. Think of it this way: if the anti-lock brakes on your car fail, it's not a bug, it's a defect. It doesn't matter if the root cause is hardware or software. People die either way. Dramatically worded, but a great message nonetheless.

@phil.davis: AFAIK there is nothing for that. I am thinking that you are wanting something like: a) Daily, weekly or monthly check. b) Check if there is a new version of pfSense (core) available. c) Check if there are new version of any of the "real pfSense" packages available. d) If (b) or (d) then notify - e.g. use file_notice so that an email or growl notify is sent and it shows on the dashboard notices. That would help people with a lot of systems to find out automagically about systems they have not yet updated. You could add a feature request in https://redmine.pfsense.org/projects/pfsense/issues Spot, it's like any other system. why don't you wan't your system to be up to date? Thanks

If something was trying to connect out and there was an Internet issue and say your ISP's router was responding with an error like Route not Found, then that something could have gone into a tight loop that kept attempting to create new states to establish a connection.

It could be just random noise generated by script kiddies. After all, you don't have to ask anyone's permission to send random UDP traffic to random IP addresses, you just do it and the recipient of that traffic sees just random unrelated UDP packets hitting his firewall if he has logging on it.

It was a private bug (potential security issue), it's closed now.

It's fixed. We often don't set % on any bug tickets, so it stays at the default of 0. The status is the only thing that matters.

i think policy based routing need it

@thomaslsmith: sounds cool. I wonder if it works like a normal router when I am done with it No. It works better.  8)

the article doesn't say anything about other Atom lines, or the future replacements for Rangeley, either. I can't say what I know (CNDA), but Sofia, especially, looks like it was an Intel "science project" from here.

Amazing how culture can affect business, but it's hard to tell since we're all submersed in culture.

That or cygwin, msys, etc… The windows command prompt "terminal" itself sucks most though. Cygwin with mintty is much, much, much better to deal with than a standard cmd.exe window that has better commands...

Do you know this thread? I'll just leave this here (Hint: it's ARM)

Netgear was launching at the CeBit 2016 their first 802.3bz or NBase-T Switch, called M4200 series and later this year Q2 or Q3 they are going to launch the WLAN AP named WNDAP740 that is coming also together with this NBase-T ports. Would be nice to get better wireless ac performance. Core Switch for routing: M7300 + Layer3 license - Bigger Core Switch fully Layer3 routing static or dynamic (RIP,OSPF,VRRP,ECMP,ProxyARP,Multinetting) M4300 - smaller Core Switch fully Layer3 routing static or dynamic (VRRP,HRSP, RIP, OSPF, PIM, PBR) NBase-T: M4200 Layer2+, NBase-T Switch for Wave2 11ac wireless access points 8 x 2,5 GBit/s PoE+ Ports 2 x 5,0 GBit/s (Combo Ports 2,5 GBit/s or 5,0 GBit/s) 2 x SFP+ 10 GBit/s Slots

@Harvy66: There are a few possibilities that can explain what you saw University was doing something similar to pfBlockerNG v2.0 In order to block ads by inspecting the traffic, you have to man in the middle HTTPS. This may be the lesser of evils in some cases, but it is something very important to think about. Just as a note, pfBlockerNG, is not really MITM for HTTPS. It would be more DNS sinkholing then anything. MITM is evil, and should never be done for content filtering… :)

The default gateway target, which seems to be a DHCP server in my ISP While I didn't wireshark it this time, I have done so in the past. What I saw was a bunch of dup packet responses getting sent from my WAN. WAN ingress was 100Mb/s and LAN egress was about 70Mb/s. PFSense seems to have filtered out the already acknowledged traffic and responded on behalf of my computer. When I did a trace route to these target IP addresses, while I was still downloading from them, I saw normal 2ms ping here, 10ms ping there, 20ms ping there, then right before it got to the seeder, 2,000+ ms pings. I samples about 10 TCP connections that were causing all of those dup packet responses, and they all had the same large ping jump 1-2 hops away from reaching them, but otherwise good hop pings within their ISP's network. Just not the last 2. I do use HFSC and CoDel My ISP does also have some unidentified AQM. All I know is without any shaping on my end, DSLReports says I get about 20-30ms of buffer bloat. With shaping on my end, I get bloat down to about 1ms. This is also reflected when I had a DOS volume attack tested against my connection. I had a service send 110Mb/s at my 100Mb connection and I saw about 10% loss and typically 30ms-40ms of latency. Even when pushed to 200Mb flood, still 30ms-40ms, but something like 50%+ loss. I forget exactly how much, but my connection was dead.

The several crash reports from the IP you sent me are all indicative of a hardware problem.