It wouldn't help with that really, since that would break them trying to reach anything else to other subnets. The static route is the best way there.

I don't think there is an easy way there. On the ACLs there is an "order" drop down that can be used to move their places around but I don't think that same function exists for the Categories.

If it doesn't, you may have to make a backup, edit the xml by hand (moving the new one up), then restore the backup. Not simple, but it would get the job done, and it's probably less work than deleting your other categories.

Or edit your first one, rename it and use it for this, and make a new one at the end with the old one's settings.

In your first post, you actually want to allow the audio-video stuff during leisure time, so in the left column, select "allow" for the categories you want to enable. In the right column (off-time) select "deny" for the categories that you want to deny outside of leisure time.
Also note that various people are having trouble getting the time-based rules to actually work in real-time on 2.0.n, so you might find that sometimes your rule doesn't turn on and off as you expect - see http://forum.pfsense.org/index.php/topic,43352.0.html

Thanks!

If you have an older copy of glTail it can't interpret the log files from pfSense 2.0. I'm not sure if anyone has managed to get it working 100% with 2.0.

Not sure I would use firewall as NFS server. It also looks like you fstab is backwards. Should it not be:

<ipaddress>:/data1 /zajedno1    nfs …..

Even if you did a reboot might and an upgrade certainly would reconfigure the exports for you. There are better things out there to do that with, like freeNAS or openNAS ...</ipaddress>

I'm not sure if that's in the version of relayd that FreeBSD/pfSense has.

You could try it and see, the example there is fairly straigthforward.

But I don't see any reference to ssl in the man page for our relayd, which is version 4.6 I think.

A flood of any type of traffic you're passing is bad news for every firewall. The lowest performance limit on anything any firewall does is new connections per second, and you'll hit that pretty quickly under a decent sized flood, or if the box is fast enough to handle that, you'll hit the state table limit quickly regardless of how high it is. Traffic you're blocking has little impact though. That's generically true of every firewall, they're almost always the most susceptible thing on any network to DDoS attacks (if you have adequate bandwidth to where you aren't knocked offline entirely and at the mercy of your provider).

itonmytips,

You can save all reports LightSquid simply copying (via SFTP, for example) /var/lightsquid/report ;)

[]`s
Jack

My UML290 works fine without changing anything on 4G, though from the sounds of it you don't have 4G coverage, which is probably why. I know that card has similar requirements on other routers with connectivity where no 4G exists.

Generally doesn't matter either way. OpenVPN is easier to deal with if you have multiple non-contiguous subnets. Aside from that, with always-on static IP connectivity it's a toss up. OpenVPN is better in general at dealing with changing public IPs seamlessly because its negotiation process is much less complex but that wouldn't apply in this scenario (I would expect at least). It's easier to do redundant connectivity with a routing protocol with OpenVPN, so I run all my site to site connections to our datacenters with OpenVPN, as I can have one tunnel up on each WAN on my side and automatically switch between them if one connection goes down.

@ptt:

You can do this using Policy Route, just check the Docs: http://doc.pfsense.org/index.php/Multi-WAN_2.0

Do you have some  an example,please ?
I am New in pfsense 2.0

It's worth searching the forum - this question has come up a few times before (look for things like second disk and so on).

It isn't really possible, at least not easily. You might be able to come up with an L7 pattern for it.

Though it's easy for people to change their browser string so it's not really perfect protection either.

The size of the address pool is only limited by the subnet mask. You could have a /16 on one interface if you wanted giving you 65000 addresses!
I would choose to have separate subnets on each interface because it gives you far more control on who sees what. Assuming you have sufficient computing power for your needs that is.

Look at the default LAN to any rule. That will allow traffic into the LAN interface as long as it is coming from an IP on the LAN subnet, pretty much all LAN traffic. It has no restriction on the destination. Traffic from the LAN subnet with destination of one of your other internal subnets will be allowed to pass. Once into the pfSense box there is no restriction on what interface it exits from so it will be routed to the correct interface for that subnet.

If you have similar rules on each interface then traffic will be routed between subnets in either direction.

This is a very permissive rule set though.  ;)

Steve

There is no gui from freebsd packages. You will need to configure them the same way you do on freebsd.

The available package with gui are listed on system -> packages