Sorry for the late followup on this. Finally resolved the issue. The DNS was open to public, closed that and after a week it all went back to normal. Thanks everyone for the input and help. Learning as I go. ~ Tom

Your picture looks nice but the link is to a thumbnail so it's hard to appreciate it fully.  ;) 1: Is there any particular reason you are using the wifi APs for DHCP? In my opinion it would be much better to use pfSense for DHCP on each interface. Doing that makes it much easier to keep track of the leases or to hand out static addresses for filtering purposes. All your admin can be done in the one place rather than having to log in to each AP to change things. 2: Normally you would not bridge them. pfSense will route traffic between them if you have firewall rules in place to allow that so that you can access, say, the AP in zone 2 from a computer in zone 1. The only reason you would bridge the interfaces would be in you had software that needed to see machines in the same subnet. Many media player programs will only look for servers in the same subnet for example. By default all traffic from the additional interfaces will be blocked so you will need to add firewall rules to allow traffic that you want. Only the LAN interface has a default allow rule. 3: You can add a rule to allow traffic from Zone 2 to the printer but no other address. Better, you can restrict that rule to allow access only from specific clients in zone 2 if you have all static dhcp leases. 4: Squid with Squidguard is a lot more mature (in pfSense at least) but Dansguardian has more/better filtering options. 5: You could use VLANs to get more interfaces in pfSense without having to add further NICs however I don't believe you will need to. Do your switches support VLANs? Do your APs? Steve

We fixed m0n0wall's CSRF issues over 2 years ago with csrfmagic, same thing they implemented recently. 2.0.2 fixed a couple that were found more recently.

At (very long) last: http://www.freebsd.org/releases/9.1R/announce.html http://www.freebsd.org/releases/9.1R/relnotes-detailed.html

Thanks :-) Happy/Merry/Joyous $winter_solstice_holiday

You are currently running Double NAT, which is a very undesireable setup. See if you can get your modem/router to be in bridge mode so the real wan address goes to the pfsense box.

Thanks it worked, I wish you a Merry Christmas

Pffft i probably wont shut up as i mess everything up LOL its not live as i havent received my Intel dual nic, I have been messing around with the settings on the box with nothing but the realtec and an add on 10/100 old intel

Yes, I tried WebGUI, and indeed, when the cover is closed on the CPU load is less than when open. WiFi there is little used, and the load is too small. With him there is no such problem. No, I do not use QoS and Traffic Shaper.

rm is really the only way to do it, or using something else to pass data to rm (like find /somewhere -name "foo" -type f | xargs rm). If the system is blocking on I/O there may not be much you can do. If you can open multiple terminals, running 2+ rm's can sometimes be faster then one alone, but it's still bound by I/O limits on the drive.

This is great stuff. 'pfSense HQ' seems to have an excess of tote bins.  :) Steve

I just think pfsense is ace! Got no real massive complaints about it at all! I just really need to start getting more experimental like the good person that said I needed to add a rc.d script to check on if Snort was not running run it, but using the great service (I think Squid Guard is), I have not had one single bit of malware accidentally run like that annoying system cleaner is it on the web, that instantly causes havok with Windows and many more have never infected my computer. With my easy to configure wifi access point (which in the end was easier than I imagined to setup), I now have a flat thats fully capable of using wifi for my tablet and android phone! LOVE PFSENSE END OF! I decided to turn a feature off on one of the network cards or sorry pfsense's appreciation of it I think it was (so to avoid this) using interrupts, for some reason I don't think's supported on my cards, weird yea? Because the router kept crashing and creating loads of crash dumps ugh annoying, turned that feature back on and now is stable, I was gutted at the time I thought my routers (because it's an ancient machine, I mean going back to 1999ish date when this computer was made, maybe slightly earlier, I don't know) hardware was failing ugh! Oh well fixed that with a bit of power of knowing what I had done prior to these errors happening, I was sure though I had that sorted before, oh well probs didn't if its all working fine for me now, I just wanted to see if I'd speed up the network traffic but to be honest even when it didn't reboot/crash at the times between them, no increase in performance really, I think that's when you have allot of people demanding things off the router and it's just me on my network.