thanks pfsense team too

I have a hard time thinking that many people here are looking to sell.  Most, from what I have seen, are asking questions about what to buy.  Those of us who have old 1u servers and other 'available' equipment have likely already re-purposed it into either pfSense or some other open source project.  Let's see what pops up in the hardware forum if it is made clear to post 'for sale' items there.

Well, the main way is by not allowing webGUI access using a hostname other than the one assigned to pfSense in version 2.0. There is an exception list for other hostnames used if needed, or IP address can be used without restriction, as that is not a security risk with DNS Rebinding attacks. These protections are on by default in 2.0 beta currently, even when upgrading from 1.x. It's always recommended to change the default administration password for the webGUI as well, and if you do this and are not logged into the webGUI (or are not logged into the same web browser used for other tasks), even attempts at DNS Rebinding attacks are unlikely to succeed because they would need to rely on a flaw in the LAN administration code to authenticate/change the firewall (this is the case even in 1.x). So the main recommendations beyond the build-in protections are: 1) use a different web browser for administration than for web browsing, and 2) change the default password to something secure (do this anyway!).

At least that's what I'm familiar with. I'm sure someone else may have information about additional precautions taken.

I just ordered mine from Amazon now. Can't wait for it to arrive.

wqqll was a spammer account.
He was banned and all posts deleted ;)

The interface names in HyperV are simply de0, de1, de2, etc.

I believe to have hit the maximum number of virtual NICs in HyperV for one virtual server instance once with 7 networking interfaces. Not too sure about it though.

Behind pfsense 1.2.3 with a default deny and lots of rules to pass everything I have run into.
Running Firefox 3.6.3 on Ubuntu 8.10.
This had not happened previously, including on this forum, including with the same firewall configuration.

We've been having a lot of trouble with it this week.

The problem is that, despite having a robots.txt that disallows crawling of the repository via redmine, several spiders (baidu, twiceler, and Yahoo) were crawling the repository and causing ruby/git to spin forever trying to pull all sorts of information.

I hope to have just cleared it up by blocking those specific spiders but if more come along I'll have to block them as I see them.

Assuming they all use the same protocol, which not all do.  Still, as before - if you want features added then raise a bounty.

HUGE thanks to all the packages developers out there.  I couldn't believe how simple it was to add functionality to pfSense my first time.

As far as the previous guy's comments - life happens.  We normally get what we pay for, but in the case of pfSense we're getting WAY more than we paid for, and we've got no basis on which to say "hey package developers - get back to work!"  If they're able, they're able.  If they're not, then they're not - that's that.

pfSense rocks, and the packages available for it are awesome.  Period.

Agreed - pfSense is marvelous, simply marvelous. 
Thank you to everyone on the team!

Ah very good, I will check this out.  And I didn't mean to trivialize the effort to do such a thing.
Thanks!

Port knocking is considered 'security by obscurity' - which is no real protection. Just looks like it. The discussions about this have been lenghty here on the forum.
As for SSH, better disallow logon by name/password and hit the 'by certificate only' checkbox.
Personally I use RDC only through an OpenVPN tunnel. This way I avoid exposing my Windows server ports to the internet. This can be considered secure.

All the history is here. I think users can delete their own threads if they want for some reason, but I don't think that happens much or at all. The only thing that routinely gets deleted are posts and accounts that spam.

Thx :)

Is it possible to make "Show unread posts since last visit. " work like a subscription service??

So one could add the desired subsets to the subscription? Thereby only the markes subforums will show in the mainwindow…

:)