It's specific to a configuration that seemingly only FreeBSD uses by default. It's really a non-issue, should disable password logins if you're opened to the Internet, and if your password is guessable in the amount of tries you could get through you're doing it wrong. We dropped the grace time to limit the potential impact in 2.2.4 and newer.  https://redmine.pfsense.org/issues/4875

1 YES - setup rule on LAN2 to allow traffic to go anywhere ( similar rule like in LAN1, but use interface LAN2 for rules that apply on LAN2 ) or if you want some restriction according to your design.

2 YES - you can also setup a pfSense in Virtual Machine if you don't have spare HW for test - firewall.

Fixed it.  I grabbed their bundle cert and used that instead of their class 1 intermediary server cert. When I looked up the chain of my cert when using their class 1 server cert, some of the intermediaries were SHA1-encoded.  Chrome seems happy now.

I keep things simple and don't require many features so don't experience many feature issues.

Not a FreeBSD guy at all until I came across pfSense. Actually a long-time OpenVMS guy.

I seem to learn a new language every year - Cobol, Fortran, Pascal, MUMPS (look that up!), C, C++ and nowadays I have to do HTML, PHP, JavaScript… and now Python is coming.

Actually it is all the same. If you make useful subroutines with proper parameters and don't just make everything a global variable then code "just works". OO forces you to do it a bit more, but actually you could write good code in those old languages also.

Idiot may be a strong word as well, but when you put pfSense in your title you are going to get looked at.. Obviously he sells off-lease firewalls and gets more hits with pfSense in his title. Maybe his version doesn't have the jumpers..I dunno.

@KOM:

I keep tight control over my networks and IP conflicts just don't happen here.

Somehow I just knew this claim would come back to haunt me.

Hey, I was being nice, I didn't even mention it  ;D
Just kidding. Relax, be happy that you figured it out…

10x for your advice

@jimp:

Ssshhhh… don't kill the mood. It's a rare day we get to practically ignore an OpenSSL SA. :-)

:)

You may say Linux is used by a lot of sysadmins, but most Linux servers are not properly maintained, so expect the "sysadmin" to only be one in title.

I never said any such thing.  I said that Linux was the dominant computing platform these days.  How it got there can be debated, but for backend infrastructure it is judged on its merits because it can do the job.  As for but most Linux servers are not properly maintained, I don't have any such knowledge, nor do I think it's relevant to anything we're talking about here.

the Linux kernel is far superior to the dev community that surrounds it. Linus has his hands full keeping people from ruining it.

I don't know where you're getting this information.  The vast majority of active Linux kernel devs (or at least the majority of commits) are on payroll at places like Intel and RedHat.  There are multiple levels of maintainers that are responsible for specific areas of Linux.  Bad patches don't usually get through.  The hierarchy is in place such that if Linus disappeared tomorrow, everything would carry on without him.

It is a republished EFF story: https://www.eff.org/deeplinks/2015/06/stupid-patent-month-wetro-lan-sues-entire-network-security-industry-expired

And the government thinks they can do better with backdoors. Security, it's a process and all it takes is one flaw.

Just upgraded my 2.2.3-development cluster to 2.2.3-release. All went smoothly. Super happy!