Have a look at schneier.com, iirc the bottom line was: NoScript kills it…

To add some more info… I was able to reproduce this on a second instance of pfSense 2.1.4-release.  I'm unable to reproduce the problem in two different instances of pfSense 2.1.2-release.  I enabled logging in the web server that handles the tests from the load balancer - I see them all and no errors.

This is starting to feel like a pfSense issue...

Thanks,
Steve

@PokerMunkee:

I've been using the ENDIAN Community firewall for the last 5 years.  Due to lack of development, I need to move forward with something else.  pfSense is my #1 choice and I'm just now diving into it.

I'm used to DansGuardian and being able to have profiles for different filter configs.  I can have a "Receptionist" profile that either uses MAC/IPs and applies a whitelist of URLs that are allowed.  Then I have a "Main" profile that all other computers fall under and I filter out porn, etc.

I have about 100 users.

Which packages should I be using that allow me to setup different profiles?  I'd also like to add HAVP for anti-virus.

I installed the squid package but don't see where to do the profiles.

Just need some direction, as this is a bit overwhelming for me at the moment.

hi there… try to watch this youtube video.. http://youtu.be/ybzQk-VZeac I think it could help you about the "content filtering"

the video is about installing SQUID and SQUIDGUARD official package of pfSense.. then configure it to filter web browsing, block pornsites or any category that is on the blacklist database, also blocking downloads...

in the later part, it show how to exclude/exempt some PC or IPs on your network...

hope thats what you need..somehow.. :)

It is disturbing, but not "late breaking news".
See:
https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe

It's one thing, letting another have physical access to your device…  With something like the "Rubber Ducky", you might never guess what's happening.

It's quite another, to be the unwitting agent of the undoing of your own security schema.

I would hope there would e a way to countermand such malicious firmware, and re-flash.

Yes, also, a few years ago, I bought a Sandisk U3 Cruzer flashdrive.  I didn't like what I found!:
http://www.google.com/search?lr=lang_en&hl=en&q=U3+AND+Sandisk+AND+evil

On Ubuntu Linux, I found package: u3-tool
@u3-tool:

tool for controlling the special features of a U3 USB flash disk

Tool for controlling USB flash devices that conform to the U3 specifications.
You can do the following with your U3 flash:

Replace the CD image Change the size of the virtual CD or completely remove it Enable and disable security Unlock and change the password of secured U3 device Obtain various device information

I believe I still have the demon seed, and need to run it through the u3-tool grinder.
http://packages.ubuntu.com/search?keywords=u3-tool

Here, see how THESE grab ya!!!

http://en.wikipedia.org/wiki/Splashtop_Remote 
http://en.wikipedia.org/wiki/Splashtop

I bought a used Dell XPS series desktop, without a hard drive.  On the top of the tower case, is an LCD screen, that had a game of MS Windows "Solitare" going.  Disabling the device in B.I.O.S. did NOT always mean this evil was vanquished and exorcised, not for EVERY boot.  I found where the ribbon cable header WAS attached to the motherboard, but I'm still not confident.  I also pulled the WiFi card & Bluetooth, because neither could be effectively and consistently managed, or killed/downed via software.

Maybe I'll convert to using a "Hipster PDA" ;)

https://en.wikipedia.org/wiki/Hipster_PDA

Ultimately, this was a bad SMC router. It was replaced and the problems ceased. Still very weird.

Lou

Untold number of years ago, I recall learning that No Such Agency selected a few "smiling faces", and commanded then to 'sheath thine dagger', and open cloaks, in a P.R. campaign, reaching out to corporations, great and small.  They had giveaways, such as frisbees, with logos like, 'You gotta trust someone.'  See, they were proffering digital "security" software products.  "Yeeeeaaaas!  'Welcome to my parlor!', said the spider, to the fly."  (Has anyone seen Pulp Fiction?)

Per this thread's weaving, and, as a newscaster might say, "In an 'unrelated' story"…  I've noticed my W.I.S.P.'s throttling, after issuing a vague policy...  But, if I say "Mesh Network", or "B.A.T.M.A.N." to anyone in my village of idiots, I might as well wear an overtly obvious Faraday Cage Hat.

Maybe I'll get lucky and a Google Balloon will get blown off course, subesequently becoming permanently snagged amidst some undergarments, strung out to dry, in a nearby mobile home/trailer park. I would have all the "free" internet access I'd want, "if the price is right!"; that is, if Google approved of my browsing habits.  ;)

How would I go about configuring the WAN to connect to the dlink?

Solution:

a 3D printer, that can drill holes, place integrated circuits, resistors, etcetera, and solder; plus many  clones of "The Woz"!

@BBcan177:

Here is a good recent article about a new form of Ransomware.

https://securelist.com/analysis/publications/64608/a-new-generation-of-ransomware/

Backup! Backup! Backup!  :)

How much of that 40TB of data do you actual use on a daily basis?

Take the bulk of it, and put it into a Read-Only Archive Folder. Back this up to multiple offline storage Devices.

Than implement "versioning" of the files as you change them and save those to a read/write folder. Then the daily backups become smaller and easier to manage.

Each Year, take those versioned files and put them into the Archive Folder.

ps- The net use command, was just to show you what shares are open on your machine.

You are once again right, BB  ;D

(TB's of HD movies of all my dogs. Valuable memories. That is the most important data. Static data. Business data, dynamic, is probably just 1 TB. The memories of my dogs are 28 TB now. That is a lot of removable drives. And I don't trust the cloud (let alone the data would be uploaded by the time I am long gone). It's complex.

Yep the draft V2 book is well worth a read if you have the gold subscription.
With a 5Mbps connection shared between 60 clients you may need to get some relatively complex shaping to keep things moving.
Is the connection symmetric, 5Mbps up also?
For example rather than specifying a bandwidth limit per user you can instead reserve some bandwidth for important tasks/users leaving the rest to be used by anyone. Again it depends what your users need. I have no idea what sort of business you're involved with but maybe most of those 60 clients only occasionally send emails.

Steve

Chrome browser has Flash built-in. Maybe that will work for you to access the ESXI Web UI.

Thanks mhab12

I will read the similar posts, and try the restart of service.  I think already test it that but to be sure it doing again. I hope we have some fix soon.

Thanks!

You need to send Accounting data to the radius server, and you need to "Reauthenticate users every 1 minute".
You'll find it's likely easier moving your radius server to a different machine with apache/mysql where you can use one of the web frontends to manage the users, and get group support within radius.
If you haven't configured a radius server from scratch, look into the book 'Freeradius beginner's guide'.

Have you looked at the developer shell?
https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell

Steve

Poster en anglais ici: https://forum.pfsense.org/index.php?board=44.0 or https://forum.pfsense.org/index.php?board=3.0

Poster en francais ici: https://forum.pfsense.org/index.php?board=7.0

The system log is distinct from the firewall log, they are on separate tabs in the webgui logs page.

If your traffic is not getting through it's not arriving at the firewall, it's being blocked by the firewall or it's not being routed out of the firewall.

Steve