@stephenw10 I have just watched the video and its actually might help another issue with a raid card I have been having problems with as well so again extremely appreciated now

Ooops! 😉

@keyser said in IPS external logging:

but rather just have full monitoring and alerting of usage, issues and downtime.

I use a combination of Zabbix and Graylog for email notifications. You're right, pfelk was more for visualization as i had more than one pfsense out there and wanted a central dashboard. In the end, to be honest, its more cumbersome to get it all set up and sorted out.

There is a project out there that i use personally.
https://github.com/VictorRobellini/pfSense-Dashboard

I got a nice visualization in Grafana. My current dashboard

42b3c220-d41f-4b48-8d35-8977d05de613-image.png

@peterkrautle I suggest comparing the .xml config file backups from each to see if there’s a difference.

@danielayer said in DNS Whitelist Project:

DNS Whitelist project

Easy answer : you can't.
Making a list with allowed DNS hosts is impossible as it will take unimaginable resources to store this file (or even creating it).
And the moment you have it, it's already outdated, as thousands of new hosts have been created, and some have expired.
"whitelisting" the Internet is like managing a list with all the phone numbers on planet earth.

The way doing things is using lists with sites you don't want to access 😊
( I know, I knew you meant to do that )

The good news is : these lists already exist.
That's one of the reasons why the pfBlockerng-devel pfSense project has been created.

Btw : small detail :

3fb52aa8-ffba-4b1c-b3a4-87e5f4a3ec92-image.png

Go for "Null blocking (logging).
Like this :

ca458a55-7caa-40b1-a421-1508be5a35c2-image.png

The idea of showing a web page that informs the user he wanted to visit a site that is blocked doesn't work for 99,99 % of all cases.
The 0,001 % are the sites that are still http (not https). The number tells you : they don't exist anymore.

@michmoor said in Graylog server on a raspberry pi:

The 'count' in your charts. Should we assume thats how many sessions were created on the firewall, i.e. how many times a packet hit that rule?

Based on what I've observed so far, this would be the same thing you would see in System logs > Firewall in Pfsense logs.

Since its a game, it is probably using UDP, right? I never played Roblox.. So I can't tell.

You can click the play button inside this chart to take a look at each of those entries to check.

@nollipfsense

Merry Christmas and all the best!

I am having similar issue with EcoBee thermostat. It happens only after firmware updates. Unfortunately there is no means to disable it. If I try to reconnect ecobee back to AP it fails.
The fix for me is to reboot the AP and things start to work.

@joeseph said in Custom build or...:

Thank you for the reply.

Yes, definitely will support as reviews are great!

By managed do you mean this for example? "TP-Link 8 Port Gigabit Easy Smart Switch (TL-SG108E)"
And can you explain vlan, dmz or iot?

[https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU?th=1](link url)

Yes, a smart switch (managed) like that will do the trick :-)

@rcoleman-netgate I am exactly doing this for fun and education.
And at this point am curious why the drive does not come back.
If you can turn on/off hot swapping/plugging in the hardware's bios it us usually supported.

@rcoleman-netgate While I do agree that ZFS is the superior storage filesystem because of the many many features, I would like to argue it’s use for “small home installs”. In my book it has no use in home installs unless you max out the possible disk count from the very start.

THE most painfull thing is the fact you cannot expand ZFS pools with one disk at a time like with both software and hardware RAID if the filesystem on top supports it (which almost all filesystems does).
So small home NAS builds should only be using ZFS if ALL disk slots are filled from the beginning. Expanding is not possible unless you add a whole new vdev. And unless that consists of the same drive count, performance will suffer greatly because data is not migrated/leveled across vdevs.

So use ZFS with care in home builds. You need to know in advance what capacity you need and what performance you need. Expanding into more capacity and speed is VERY painfull for most small installs (involves whiping the intire layout and starting over).
But if your do know your capacity and speed needs and can buy it up front…. Then ZFS is top dog because of the massive amount of features it provides.

Thank you for the answers! It turned out to be unrelated to pfsense issue, which is now resolved.

Is that even available for ARM? Even if it is ARM is not like x86, you would need an image specifically for that platform or at least for something very close to it. I doubt it is possible but I'd check those things first.

Steve

@nollipfsense said in This 12yrs Old Boy:

https://twitter.com/CNET/status/1582763509623836673

I watched 22 seconds of this.
it's not a hack of the your WAP password.

It's decrypting the traffic after getting in. Which is usually due to poor SSID deployment, using weak passwords, etc.

I was asked last year (and still haven't completed) by a higher up here at Netgate to write a blog post about securing your home WiFi and why firmware updates are important for all devices... I should get back to that.

The issue here is manufacturers are building sub-par, poorly secured devices and selling them to consumers as a solution. Weak encryption is just that – weak.

I've been doing WiFi design for more than a decade and these are the things I design against.