If your system wasn't shut down cleanly, fsck -y automatically runs at next boot. If you get thrown to a prompt where you have to manually run it (though I don't think that's even possible), running fsck -y manually will work.

I'm confused on exactly what you're seeing.

If you're to a point where fsck -y isn't fixing the file system problems, you have some serious issues that will probably require a reinstall.

microsoft has a section regarding known issues concerning KB939653.  it basically says to uninstall and reinstall your security software. i uninstalled McAfree Internet Security and my browser worked perfectly. i then reinstalled and everything was fine as well.  it has to do with changed file signatures after doing the update.

http://support.microsoft.com/kb/942818/

if uninstalling the update improved performance i probably wouldn't have gone any further, but my browser performance did not improve even after uninstalling.

Good grief! Wow, impressive. Considering those are pre-1.0 versions riddled with bugs (obviously not for the things you're using), that's quite impressive.  Cool to see.  I upgrade all mine way too much to come anywhere close to that.

The icons are GPL.  No thanks.

http://simoncpu.multiply.com/journal/item/1/pfSense_IPv6

Thanks mate, that was exactly what I was looking for. Have a great day :).

I would think of a GUI tool that modifies config.xml and restores it to the box.
Then there would be the demand to configure and control multiple devices all over the place and you end up with a full blown management system.

Either you misinterpret your customer's demand (a windows based GUI) or you diplomatically want to start a big project here    ;)

BTW: I cannot share your opinion on the look & feel.

No I didn't know that.  Thanks for telling me, thats pretty important.

http://forum.pfsense.org/index.php/board,43.0.html

@rafaelsantos:

sounds great tacfit… but can i obtain good pfsense performance using a box with VIA Eden 1GHz processor, PC133 512MB SoDIMM and 1gb Compact Flash???
think in a situation with throughput of a 200 hosts in lan, incoming external connection and 2 vpn´s tunneling with about 30 hosts in each one...
thanks

As cmd says, more details needed. First off, I don't know how the Eden compares with a Pentium III based Xeon, but if they're comparable, and those users are doing "typical" surfing, e-mail, downloading general stuff, I would say your performance will be fine.

BUT… again, this is a total guess on my part. I would say the first bottleneck you're going to run into is memory... and depending on the encryption used for your VPNs, CPU speed. Also, if you've got users download lots of torrents and other stuff like that, that'll throw things off. If this was for an office where you would restrict the types of traffic allowed, I think you wouldn't be far off the mark.

I've been VERY impressed with pfSense's performance, but bare in mind I'm running it on a full sized server. It sounds like you're using a smaller device, which may be just fine... but I can only speak from my own experience :)

On something like that you're probably restricted to DD-WRT, OpenWRT etc.

For a list of hardware pfSense supports, see the hardware page.

Forum search yields http://forum.pfsense.org/index.php/topic,1141.0.html

I hear clonezilla may have one up on g4u now, but I haven't been able to try it out yet.  I've been told you can do a raw copy but not have to copy the unused space.

http://sourceforge.net/projects/clonezilla/

The same after a reboot?

Your post inspired:
http://blog.pfsense.org/?p=114

Making this sticky. If you don't already have our blog in your RSS reader, you need to add it! I try to post something worthwhile at least once a week. If you have ideas for blog topics, email me (cbuechler@gmail.com).

New to firewalling in general? http://en.wikipedia.org/wiki/Firewall
If you know basic firewall concepts, it's not too hard to pick up. The docs are a bit rough, but look here:
http://www.pfsense.com/index.php?id=17

The default page does not do php.  You need to use a html meta redirect or javascript to redirect to a custom uploaded page that has been added from the file manager.

Did you google it??  http://www.thekelleys.org.uk/dnsmasq/doc.html

Yes I know "dnsmasq" is a DNS server, but I ask if pfsense use it.

If config file not exist, which is the best way to edit the DNS Server configuration in pfsense ?

cheers  :D

hello, my English is not very good, I have a pfsense, and have formed logs External syslog server, but the events of firewall are not regitrados in the server logs, the messages of authentication and messages of the system if, but what me intereza is really the messages of discarded or blocked packages, the server logs in freeBSD 6,1 Release, and syslog-ng 1.6,
some suggestion?

@sdale:

We are running 2.6.1.3

I look forward to playing with it  ;D

CVS Trac is the only option but there are some bugs that have been corrected without opening tickets for them. So only looking at the tickets won't help you unless you read the commit logs as well.

hey guys,
you are comparing a small linux box (200 MHz, 16 Mb RAM) to a computer with 256 or 512 Mb of RAM and a big processor.
so it is normal to have unstability problem with the small router when it handels a lot of connections, bittorent and P2P…. but DD-WRT have a X86 version that runs on PCs and it is really stable and faster than Pfsense.
I am using now many dd-wrt boxes as access points, and pfsense is doing the rest (DHCP, authentication...) pfsense never crash but it have a lot of bugs and missing futures.
it would be appreciated if pfsense have some of DD-WRT futures like

additionnal DHCP options / DNSmasq as DHCP server, windows networking is not working well in pfsense (from LAN to WAN, LAN clients cannot see PC connected on WAN domain for exemple in latest pfsense release). i think that this problem is related to a DNS / firewall bugs ? I prefer SPI firewall than pfsense, but it is a personal choice Access restrictions per IP or MAC address is also missed in actual Pfsense release. blocking P2P and other applications or website is easy with dd-wrt QoS, priority per IP, MAC, subnet or application... in VLANs also the hotspot options : DD-WRT can use chillispot, nocat, spuntik for authentications... it would be nice if chillispot can be add to pfsense via a package (it needs a package for chillispot, radius, webserver... MySQL is also preferable). a monitoring package like Rflow is also missed in pfsense, it is not perfect in dd-wrt but the best is to have a package or a small software that list all connected users (users, mac, ip, time and trafic) with the possibility to disconnect users
-finally a nice future that could be easy implemented in pfsense I thnik, is the possibility to define a user groups and to add (in captive portal) its static DHCP mapping

anyway pfsense is a very good firewall and the support on the forum is very fast and appreciable.

Chady

One additional mod to the pfctl form:

If you want to quickly pull out a single rule:

pfctl -vvs rules | grep "^@ <rulenum>"</rulenum>

Where is the rule number you are seeking.  The space before my closing double quote was on purpose to terminate the pattern so that ONLY the rule number being sought is returned.  Otherwise, the above might also match some other rule number that started off with the rule number you are seeking.  Ie, '77' and '77x' (x = 0 thru 9) would all match.

Without knowning more details (what server- and what firewall-arch) I would respond to

I want to avoid viruses on the server´s system files and in E-Mails, sent and received over the server

Scan e-Mails on their way to the server via a mailgateway. It wouldn't be the first time there was some strange side effect when doing the scanning on the same system having the normal mail service on. Get them out before they reach the final destination server (and the user) and run an additional AV on the normal filesystem of the server for file services.
But I would not run that kind of thing on the firewall itself. Keep the firewall architecture as clean as possible and don't mix it with further services if they don't have necessarily to do with it. E.g. split the fw-arch into three nets, WAN, DMZ and LAN and setup the mailgateway in the DMZ area. So you don't have any probably "bad things" in your LAN before it passes all your desired tests.

Just my thoughts on this :)

Not to mention that "dumb" switches are cheaper than manageable vlan capable switches.

Depending on what exactly you need I can do support for you too. You can reach me by mail at holger <dot>bauer <at>citec-ag <dot>de. Remote service shouldn't be any problem. If you need someone on site we could discuss this as well.</dot></at></dot>

Oh, just saw from the screenshot, it's even a livecd system  :o

Beta 2 is OLD. Please update to 1.0.1.

I am really looking forward to this package :)

Agree'd.  I am looking at mailing infrastructure scripts so that we can add email support to pfS.  Once this is completed we can e-mail all sorts of stuff, including this.

Do a nslookup on these sites. Then add all these IPs to a hosts alias and use policybased routing to send these connections out only through one of your wans. Alternatively you could just send out https protocol only one of your wans. At our office the https rule fixed 99% of all issues with onlinebanking sites (at least if they run as browsersession rather than using a special application).

Out head code has support for adding URLs as aliases btw but that version is not ready yet for productional use.

You may need to reflash then.

And in the future please do not hijack threads.