It is highly unlikely that squid would ever be in the base system. It is by far the most popular package, but I wouldn't go so far as to say the majority of installations have squid running.

The bandwidth limits you describe are already in 2.0, they're called limiters.

I only can confirm

I am a sysop for a small factory in Thailand and I have to use old hardware (386 !). The previous hardware was only able to support pfsense 1.2.2 (because of a memory mapping problem and how BSD is handling the memory) and it was working fine for over 1 year without a glitch. I encountered a problem when we switched to google apps (from exchange) as I needed a rule to allow the non internet users to get their mail … and voila the V2 beta 5 is doing the trick!!!

I did have to change the hardware : i got a newer (! year 2002) 386 board with 700something megabyte of ram and 40 gig harddisk, 2 nics and a cd player. It works great for a group of about 25 users of which 4 users are heavy internet users and about another 5 normal internet users. All have email accounts and antivirus installed.

Thanks team ... you are making a great product! (and my life easier)

Philip Van Cleven

I'll just add that this is your firewall we're talking about, it absolutely has to be rock solid. That means a lot of testing and long periods between releases. I'd say the forum has plenty of activity though.

Hey!

82.136.96.201 is my IP!!

It belongs to someone in Switzerland.

They could have been testing the waters to see how the password reset system works. If there are a lot of them the admins will now as everything is logged by IP.

Real numbers from a real setup seem to be so rare and yet every other post in the hardware forum is 'will box X support line speed Y'. Great job.  ;D
I'd love to see some some cpu usage figures from your box under load. I assume you don't have any packages installed?

Steve

thanks pfsense team too

I have a hard time thinking that many people here are looking to sell.  Most, from what I have seen, are asking questions about what to buy.  Those of us who have old 1u servers and other 'available' equipment have likely already re-purposed it into either pfSense or some other open source project.  Let's see what pops up in the hardware forum if it is made clear to post 'for sale' items there.

Well, the main way is by not allowing webGUI access using a hostname other than the one assigned to pfSense in version 2.0. There is an exception list for other hostnames used if needed, or IP address can be used without restriction, as that is not a security risk with DNS Rebinding attacks. These protections are on by default in 2.0 beta currently, even when upgrading from 1.x. It's always recommended to change the default administration password for the webGUI as well, and if you do this and are not logged into the webGUI (or are not logged into the same web browser used for other tasks), even attempts at DNS Rebinding attacks are unlikely to succeed because they would need to rely on a flaw in the LAN administration code to authenticate/change the firewall (this is the case even in 1.x). So the main recommendations beyond the build-in protections are: 1) use a different web browser for administration than for web browsing, and 2) change the default password to something secure (do this anyway!).

At least that's what I'm familiar with. I'm sure someone else may have information about additional precautions taken.

I just ordered mine from Amazon now. Can't wait for it to arrive.

wqqll was a spammer account.
He was banned and all posts deleted ;)

The interface names in HyperV are simply de0, de1, de2, etc.

I believe to have hit the maximum number of virtual NICs in HyperV for one virtual server instance once with 7 networking interfaces. Not too sure about it though.

Behind pfsense 1.2.3 with a default deny and lots of rules to pass everything I have run into.
Running Firefox 3.6.3 on Ubuntu 8.10.
This had not happened previously, including on this forum, including with the same firewall configuration.

We've been having a lot of trouble with it this week.

The problem is that, despite having a robots.txt that disallows crawling of the repository via redmine, several spiders (baidu, twiceler, and Yahoo) were crawling the repository and causing ruby/git to spin forever trying to pull all sorts of information.

I hope to have just cleared it up by blocking those specific spiders but if more come along I'll have to block them as I see them.

Assuming they all use the same protocol, which not all do.  Still, as before - if you want features added then raise a bounty.

HUGE thanks to all the packages developers out there.  I couldn't believe how simple it was to add functionality to pfSense my first time.

As far as the previous guy's comments - life happens.  We normally get what we pay for, but in the case of pfSense we're getting WAY more than we paid for, and we've got no basis on which to say "hey package developers - get back to work!"  If they're able, they're able.  If they're not, then they're not - that's that.

pfSense rocks, and the packages available for it are awesome.  Period.

Agreed - pfSense is marvelous, simply marvelous. 
Thank you to everyone on the team!

Ah very good, I will check this out.  And I didn't mean to trivialize the effort to do such a thing.
Thanks!