@brunoguidone: Hi, you can explain how to do this ? thanks for your help.. Bruno Guidone Use this line while creating new Target Catogary (./..(asf|wm|wma|wmv|midi|mov|vob|cab|mkv|3gp|mp3|mp4|avi|mpg|swf|exe|mpeg|mp.|mpv|mp3|wm.|vpu)) Note : I had removed mov extention because I as not able to delete messeges from Hotmail, as it was found mov extention was blocking it. [image: ext.png] [image: ext.png_thumb]

Sounds like a good move. I don't think you would ever get that working as you wanted originally. You would need a switch that is able to talk FC but also extract the IP from IPoFC. Does such a switch exist? It looks as though the IPoFC protocol was put in place to allow high bandwidth between servers that are already on a FC network and not as a bridge between FC and Ethernet. If you were using pfSense to bridge 10Gbe interfaces then the limiting factor would be in software not the PCI-E bus. The bandwidth of PCIe varies by how many lanes what generation etc but say a x8 card in a v2 slot could, theoretically, support 32Gbps. However the limit in pfSense is, I believe, currently around 4Gbps. This is due to a single giant locked process coupled with a the maximum single core speed of current cpus. That is my limited understanding but I could easily be wrong!  ::) Steve

interesting can we know how they do it for each product maybe theres a free a way ?

http://pfsense.org/book explains that and lots more.

It wouldn't help with that really, since that would break them trying to reach anything else to other subnets. The static route is the best way there.

I don't think there is an easy way there. On the ACLs there is an "order" drop down that can be used to move their places around but I don't think that same function exists for the Categories. If it doesn't, you may have to make a backup, edit the xml by hand (moving the new one up), then restore the backup. Not simple, but it would get the job done, and it's probably less work than deleting your other categories. Or edit your first one, rename it and use it for this, and make a new one at the end with the old one's settings.

In your first post, you actually want to allow the audio-video stuff during leisure time, so in the left column, select "allow" for the categories you want to enable. In the right column (off-time) select "deny" for the categories that you want to deny outside of leisure time. Also note that various people are having trouble getting the time-based rules to actually work in real-time on 2.0.n, so you might find that sometimes your rule doesn't turn on and off as you expect - see http://forum.pfsense.org/index.php/topic,43352.0.html

Thanks!

If you have an older copy of glTail it can't interpret the log files from pfSense 2.0. I'm not sure if anyone has managed to get it working 100% with 2.0.

Not sure I would use firewall as NFS server. It also looks like you fstab is backwards. Should it not be: <ipaddress>:/data1 /zajedno1    nfs ….. Even if you did a reboot might and an upgrade certainly would reconfigure the exports for you. There are better things out there to do that with, like freeNAS or openNAS ...</ipaddress>

I'm not sure if that's in the version of relayd that FreeBSD/pfSense has. You could try it and see, the example there is fairly straigthforward. But I don't see any reference to ssl in the man page for our relayd, which is version 4.6 I think.

A flood of any type of traffic you're passing is bad news for every firewall. The lowest performance limit on anything any firewall does is new connections per second, and you'll hit that pretty quickly under a decent sized flood, or if the box is fast enough to handle that, you'll hit the state table limit quickly regardless of how high it is. Traffic you're blocking has little impact though. That's generically true of every firewall, they're almost always the most susceptible thing on any network to DDoS attacks (if you have adequate bandwidth to where you aren't knocked offline entirely and at the mercy of your provider).

itonmytips, You can save all reports LightSquid simply copying (via SFTP, for example) /var/lightsquid/report ;) []`s Jack

My UML290 works fine without changing anything on 4G, though from the sounds of it you don't have 4G coverage, which is probably why. I know that card has similar requirements on other routers with connectivity where no 4G exists.

Generally doesn't matter either way. OpenVPN is easier to deal with if you have multiple non-contiguous subnets. Aside from that, with always-on static IP connectivity it's a toss up. OpenVPN is better in general at dealing with changing public IPs seamlessly because its negotiation process is much less complex but that wouldn't apply in this scenario (I would expect at least). It's easier to do redundant connectivity with a routing protocol with OpenVPN, so I run all my site to site connections to our datacenters with OpenVPN, as I can have one tunnel up on each WAN on my side and automatically switch between them if one connection goes down.

@ptt: You can do this using Policy Route, just check the Docs: http://doc.pfsense.org/index.php/Multi-WAN_2.0 Do you have some  an example,please ? I am New in pfsense 2.0

It's worth searching the forum - this question has come up a few times before (look for things like second disk and so on).

It isn't really possible, at least not easily. You might be able to come up with an L7 pattern for it. Though it's easy for people to change their browser string so it's not really perfect protection either.